Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YNbMG-s6Bni5T4RGlGfqt5_zwJ0.roa
File:                     YNbMG-s6Bni5T4RGlGfqt5_zwJ0.roa (raw, json)
Hash identifier:          qga1k8t8AMOUpadvD2TtKtxsK4Of23jSmsdVAMlSLjg=
Subject key identifier:   60:D6:CC:1B:EB:3A:06:78:B9:4F:84:46:94:67:EA:B7:9F:F3:C0:9D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220348DCEA957306AD3CE3ECCA3561B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YNbMG-s6Bni5T4RGlGfqt5_zwJ0.roa
Signing time:             Wed 01 Jan 2025 13:48:43 +0000
ROA not before:           Wed 01 Jan 2025 13:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206238
IP address blocks:        45.83.232.0/22 maxlen: 24
                          45.142.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:34:8d:ce:a9:57:30:6a:d3:ce:3e:cc:a3:56:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60d6cc1beb3a0678b94f84469467eab79ff3c09d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:82:55:60:af:dc:e5:aa:df:bc:97:36:c3:76:
                    87:17:11:cc:43:4c:a5:ed:d1:bf:64:52:18:cf:cb:
                    68:1c:65:1f:85:ee:7c:22:26:ea:a1:30:ca:43:65:
                    ed:fa:c3:8d:9c:b7:0d:34:13:33:ab:15:5f:76:52:
                    76:c8:b8:af:ce:e6:39:74:d6:a5:9a:d9:71:5c:af:
                    99:a2:b5:7c:9b:ad:c9:2b:d7:90:ea:0c:d1:59:ec:
                    86:99:c6:1b:a9:b3:2b:d8:39:60:b8:4c:08:84:34:
                    86:f5:00:3e:a0:a2:0a:d6:6c:14:dd:bc:f5:78:e8:
                    39:b3:46:f4:b4:cf:a0:69:80:1c:ca:8f:29:6d:fc:
                    c8:c9:91:ec:ed:69:a2:72:ba:00:2e:d0:1c:0d:bd:
                    e1:0b:4f:fd:d1:fa:b7:2c:21:96:ad:cf:9b:ae:d7:
                    1a:d8:2f:18:20:cf:9c:70:17:df:8a:73:f6:06:e3:
                    00:38:18:ba:69:a9:1a:65:0d:05:99:1f:b1:f9:44:
                    9c:4b:f1:b8:44:c3:c8:6f:39:e6:b7:74:a4:7b:ac:
                    df:62:b2:57:f3:5c:d3:a3:36:fd:00:cf:84:f2:fe:
                    fc:90:50:40:95:79:30:43:33:30:78:f3:76:05:0a:
                    67:26:0c:fc:88:2b:4d:b0:ce:57:69:13:9d:6d:e1:
                    4a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:D6:CC:1B:EB:3A:06:78:B9:4F:84:46:94:67:EA:B7:9F:F3:C0:9D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YNbMG-s6Bni5T4RGlGfqt5_zwJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.232.0/22
                  45.142.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:af:ec:37:ef:8e:07:2b:6e:15:af:f3:c1:57:21:9b:fd:35:
         a7:fc:d5:3b:d7:43:66:01:f5:5e:13:65:cf:43:44:0b:5b:e9:
         d9:26:d2:09:42:26:70:48:2d:c2:b1:74:8a:c0:7f:69:29:9b:
         ac:83:14:68:8c:c5:4b:bd:53:ca:22:ce:03:4d:df:27:d5:c9:
         24:7a:1f:aa:13:3a:a5:57:d3:8d:44:bc:1d:83:db:77:2f:ad:
         d6:07:bc:df:27:c1:c4:b3:f3:d8:ea:69:59:8b:93:b0:ef:5e:
         df:b8:f5:87:91:63:f2:d5:1b:47:97:7e:de:fc:97:f1:2a:62:
         97:a3:55:c6:7f:2b:ee:6d:77:33:6d:ca:e8:de:62:ee:76:e2:
         91:36:3f:b1:da:05:21:6f:d4:4e:d8:48:67:5f:4d:73:fa:fa:
         5a:92:c8:7d:69:ba:16:99:30:09:e9:ee:90:cd:9f:d4:60:d9:
         98:72:6c:aa:5d:d3:41:ec:f4:26:29:78:73:85:c8:ca:07:d1:
         2b:3c:43:3e:74:52:18:97:93:d5:87:d6:09:94:88:e1:14:2e:
         db:5d:9d:fa:8a:d0:14:61:4d:4d:05:a6:32:2e:01:0c:a0:8b:
         49:a8:f0:a6:34:65:3a:c5:20:0c:a7:f7:9c:37:60:37:17:92:
         58:0a:9b:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIDSNzqlXMGrTzj7Mo1YbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGQ2Y2MxYmViM2EwNjc4Yjk0Zjg0NDY5NDY3ZWFiNzlmZjNjMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIJVYK/c5arfvJc2w3aHFxHMQ0yl
7dG/ZFIYz8toHGUfhe58IibqoTDKQ2Xt+sONnLcNNBMzqxVfdlJ2yLivzuY5dNal
mtlxXK+ZorV8m63JK9eQ6gzRWeyGmcYbqbMr2DlguEwIhDSG9QA+oKIK1mwU3bz1
eOg5s0b0tM+gaYAcyo8pbfzIyZHs7WmicroALtAcDb3hC0/90fq3LCGWrc+brtca
2C8YIM+ccBffinP2BuMAOBi6aakaZQ0FmR+x+UScS/G4RMPIbznmt3Ske6zfYrJX
81zTozb9AM+E8v78kFBAlXkwQzMwePN2BQpnJgz8iCtNsM5XaROdbeFKxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGDWzBvrOgZ4uU+ERpRn6ref88CdMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWU5iTUctczZCbmk1VDRSR2xHZnF0NV96d0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVPoAwQC
LY7oMA0GCSqGSIb3DQEBCwUAA4IBAQAQr+w3744HK24Vr/PBVyGb/TWn/NU710Nm
AfVeE2XPQ0QLW+nZJtIJQiZwSC3CsXSKwH9pKZusgxRojMVLvVPKIs4DTd8n1ckk
eh+qEzqlV9ONRLwdg9t3L63WB7zfJ8HEs/PY6mlZi5Ow717fuPWHkWPy1RtHl37e
/JfxKmKXo1XGfyvubXczbcro3mLuduKRNj+x2gUhb9RO2EhnX01z+vpaksh9aboW
mTAJ6e6QzZ/UYNmYcmyqXdNB7PQmKXhzhcjKB9ErPEM+dFIYl5PVh9YJlIjhFC7b
XZ36itAUYU1NBaYyLgEMoItJqPCmNGU6xSAMp/ecN2A3F5JYCptM
-----END CERTIFICATE-----