Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/d-_LN9mtbkZ5L0gY3-u_-hrKp8E.roa
File:                     d-_LN9mtbkZ5L0gY3-u_-hrKp8E.roa (raw, json)
Hash identifier:          89JrF9teQwQCjIz5iOu+cz3y3VXGKephngjqyXkS+uQ=
Subject key identifier:   77:EF:CB:37:D9:AD:6E:46:79:2F:48:18:DF:EB:BF:FA:1A:CA:A7:C1
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222027461CF3AE0F70952CA01D363C7E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/d-_LN9mtbkZ5L0gY3-u_-hrKp8E.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133900
IP address blocks:        171.22.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:27:46:1c:f3:ae:0f:70:95:2c:a0:1d:36:3c:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77efcb37d9ad6e46792f4818dfebbffa1acaa7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:04:92:df:49:fe:aa:da:31:a8:f2:fb:89:c3:
                    d1:e0:c0:7d:30:ca:e3:46:c6:98:de:71:0b:37:40:
                    f6:5c:80:23:93:c1:77:48:c2:4b:aa:c5:0a:b7:26:
                    ba:af:b4:ba:f2:5a:b5:6f:f8:bf:6c:18:f7:29:db:
                    56:f3:e5:f7:4e:52:23:e4:c3:74:28:dd:65:f6:9a:
                    e7:bd:f9:b5:56:b7:ea:04:e9:8f:58:60:ed:91:6f:
                    be:ec:2a:a3:31:24:e4:c3:40:cf:eb:07:c9:48:36:
                    3b:d0:87:67:9a:7f:09:2f:49:34:99:f4:f8:c7:00:
                    1a:59:d0:34:18:65:f2:80:bc:23:7f:65:78:a4:ca:
                    37:97:e2:08:a6:6c:b7:91:f6:42:ac:ae:82:ad:ed:
                    7d:e7:c6:ef:c9:77:73:3f:ba:2e:06:d5:24:b5:f5:
                    af:93:f0:72:74:ed:94:98:68:af:74:c3:1f:1b:b4:
                    4a:42:cd:e1:90:6c:14:2d:56:91:6c:fa:42:9b:de:
                    6f:0f:5a:e7:13:2a:db:ff:5e:27:2b:92:25:13:c8:
                    b7:8f:eb:f1:fb:b8:b4:90:90:75:b6:b8:fe:c6:2a:
                    d4:19:83:e2:d4:b3:e5:f8:21:6a:88:bf:21:de:3b:
                    ce:ff:df:c0:55:98:5b:7b:73:3b:ba:1c:56:56:78:
                    af:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:EF:CB:37:D9:AD:6E:46:79:2F:48:18:DF:EB:BF:FA:1A:CA:A7:C1
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/d-_LN9mtbkZ5L0gY3-u_-hrKp8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:27:1b:61:15:2f:c9:38:57:14:0d:57:01:00:67:be:6a:0b:
         b5:7b:8e:e4:61:c9:9a:8f:30:9a:33:c9:c2:0b:dc:ad:b4:ba:
         b3:80:85:46:4e:33:d2:31:c2:1c:d4:28:a0:a4:3a:fd:77:ff:
         77:5b:92:d2:a2:bc:0f:86:20:ab:fc:42:70:05:df:d8:53:29:
         ec:4f:5f:04:8b:fc:c8:cb:88:20:08:05:36:95:17:c2:21:dc:
         d8:02:a3:ca:0a:44:e9:16:34:f9:97:4b:11:c9:aa:cd:6a:b0:
         4c:5a:a6:74:37:49:f9:dc:fc:86:b3:39:7d:2d:77:a6:50:32:
         b7:bb:3d:50:da:f8:75:1d:b5:fa:ea:6d:12:12:7d:a4:ec:8f:
         75:80:09:aa:44:57:bf:0a:a5:a3:11:5a:40:b3:04:d3:bb:65:
         51:b4:7b:5e:c3:9b:14:47:67:f5:83:cf:ed:ca:e5:50:88:e9:
         1f:b2:b8:c8:6a:c1:43:a3:28:46:71:19:a2:ca:7f:33:12:d2:
         54:2a:cb:05:4b:7e:97:57:c0:1a:06:35:13:3b:dc:15:5f:74:
         25:a1:16:a5:31:9a:9b:08:5b:b3:af:43:23:df:41:e3:12:b6:
         bd:05:f3:aa:aa:a2:ec:0d:75:3a:1d:26:c7:1a:6b:84:f3:34:
         33:55:20:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICdGHPOuD3CVLKAdNjx+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VmY2IzN2Q5YWQ2ZTQ2NzkyZjQ4MThkZmViYmZmYTFhY2FhN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQSS30n+qtoxqPL7icPR4MB9MMrj
RsaY3nELN0D2XIAjk8F3SMJLqsUKtya6r7S68lq1b/i/bBj3KdtW8+X3TlIj5MN0
KN1l9prnvfm1VrfqBOmPWGDtkW++7CqjMSTkw0DP6wfJSDY70Idnmn8JL0k0mfT4
xwAaWdA0GGXygLwjf2V4pMo3l+IIpmy3kfZCrK6Cre1958bvyXdzP7ouBtUktfWv
k/BydO2UmGivdMMfG7RKQs3hkGwULVaRbPpCm95vD1rnEyrb/14nK5IlE8i3j+vx
+7i0kJB1trj+xirUGYPi1LPl+CFqiL8h3jvO/9/AVZhbe3M7uhxWVnivgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfvyzfZrW5GeS9IGN/rv/oayqfBMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZC1fTE45bXRia1o1TDBnWTMtdV8taHJLcDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxZkMA0G
CSqGSIb3DQEBCwUAA4IBAQCMJxthFS/JOFcUDVcBAGe+agu1e47kYcmajzCaM8nC
C9yttLqzgIVGTjPSMcIc1CigpDr9d/93W5LSorwPhiCr/EJwBd/YUynsT18Ei/zI
y4ggCAU2lRfCIdzYAqPKCkTpFjT5l0sRyarNarBMWqZ0N0n53PyGszl9LXemUDK3
uz1Q2vh1HbX66m0SEn2k7I91gAmqRFe/CqWjEVpAswTTu2VRtHtew5sUR2f1g8/t
yuVQiOkfsrjIasFDoyhGcRmiyn8zEtJUKssFS36XV8AaBjUTO9wVX3QloRalMZqb
CFuzr0Mj30HjEra9BfOqqqLsDXU6HSbHGmuE8zQzVSDx
-----END CERTIFICATE-----