Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fUiJtt9RMbBLT9hmufI0mryV7-c.roa
File:                     fUiJtt9RMbBLT9hmufI0mryV7-c.roa (raw, json)
Hash identifier:          m6lqa7s0cO5ZCX5tIw1EGexWSBis40yomG4Dy2YQYgU=
Subject key identifier:   7D:48:89:B6:DF:51:31:B0:4B:4F:D8:66:B9:F2:34:9A:BC:95:EF:E7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422201D23052B8699D76DA33A7EF7E0B3
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fUiJtt9RMbBLT9hmufI0mryV7-c.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49321
IP address blocks:        185.192.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1d:23:05:2b:86:99:d7:6d:a3:3a:7e:f7:e0:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d4889b6df5131b04b4fd866b9f2349abc95efe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:92:3c:b7:5a:2f:db:82:8d:10:09:4b:cf:f9:
                    c5:08:95:53:c1:0f:8f:9b:13:95:28:6f:b4:ed:32:
                    8b:e3:72:6c:26:4b:2e:4f:6a:40:b3:f4:99:e6:40:
                    9b:0f:a3:81:f1:c9:c0:34:81:d8:72:25:a5:40:a0:
                    9a:df:b8:3f:3c:d6:e5:da:77:5e:a7:ea:53:90:46:
                    f6:ef:d6:49:08:c3:d4:50:36:cf:50:48:ea:b4:7c:
                    d7:88:3a:4f:7c:17:d0:cc:e7:f5:83:da:01:1c:ee:
                    40:c2:e2:eb:a9:7b:b0:fb:6f:1a:2c:b7:ce:7d:97:
                    53:cf:ee:df:6e:2b:00:68:ee:85:8f:99:b8:4d:f3:
                    a3:4e:8d:0e:f4:f6:e1:e1:d8:11:97:a6:63:cc:5c:
                    4d:9e:7b:4e:f6:61:d7:27:ca:02:d5:3d:b2:5b:ac:
                    61:60:fd:0a:99:a6:bb:bf:26:c3:99:c2:74:8b:de:
                    14:51:dd:cd:c5:c1:da:df:4d:90:d7:1d:26:67:40:
                    28:0e:4c:80:14:9d:bf:3e:7a:a6:66:43:9e:1f:be:
                    c8:48:11:c5:1a:24:69:81:11:42:3e:15:83:4d:bc:
                    7f:5f:1b:25:d9:79:61:23:37:81:61:0d:c1:de:61:
                    da:74:9c:3e:0a:d8:67:c5:27:35:ce:dc:ec:67:68:
                    f4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:48:89:B6:DF:51:31:B0:4B:4F:D8:66:B9:F2:34:9A:BC:95:EF:E7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fUiJtt9RMbBLT9hmufI0mryV7-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c6:0b:e8:c7:99:19:cc:4d:4f:26:b0:62:1e:de:b6:91:40:
         d0:79:d1:cb:b8:5a:30:35:12:da:56:6d:12:72:36:10:47:be:
         17:d5:6c:6c:c1:1b:3c:c1:9a:76:0b:48:bf:f0:e1:20:65:e1:
         53:b9:ed:43:47:a4:61:34:c8:e7:30:82:b7:19:45:90:7d:b8:
         21:97:00:ea:9a:45:c8:72:b5:93:bb:8f:32:9a:83:13:81:89:
         f4:ef:37:11:a7:c6:97:01:f4:d6:77:bb:91:c6:e1:90:d7:f1:
         0e:ae:07:51:76:46:cd:de:e1:74:db:7e:b5:5a:cc:62:6b:e8:
         4d:cf:d4:ad:92:3b:72:be:91:e2:22:8d:24:5d:c2:5b:c7:d9:
         bb:7b:99:34:32:8e:4b:d8:a3:3f:68:57:34:6a:d0:09:db:9f:
         65:46:8a:3a:fa:78:21:cf:bf:b1:69:bd:2b:96:8b:32:69:91:
         43:ee:b4:f7:a1:02:dd:f3:d3:c1:6a:51:bb:b3:d8:08:97:37:
         08:77:0b:26:92:80:90:85:dd:b9:9c:d8:5f:3e:a6:c3:b2:4f:
         0f:91:33:25:7d:fb:96:36:3d:24:91:9a:a4:a3:46:9f:b2:ed:
         7e:51:f3:ee:3f:42:8d:04:5a:61:d9:f7:e8:26:c7:5c:fd:ca:
         25:48:c8:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIB0jBSuGmddtozp+9+CzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDQ4ODliNmRmNTEzMWIwNGI0ZmQ4NjZiOWYyMzQ5YWJjOTVlZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpI8t1ov24KNEAlLz/nFCJVTwQ+P
mxOVKG+07TKL43JsJksuT2pAs/SZ5kCbD6OB8cnANIHYciWlQKCa37g/PNbl2nde
p+pTkEb279ZJCMPUUDbPUEjqtHzXiDpPfBfQzOf1g9oBHO5AwuLrqXuw+28aLLfO
fZdTz+7fbisAaO6Fj5m4TfOjTo0O9Pbh4dgRl6ZjzFxNnntO9mHXJ8oC1T2yW6xh
YP0Kmaa7vybDmcJ0i94UUd3NxcHa302Q1x0mZ0AoDkyAFJ2/PnqmZkOeH77ISBHF
GiRpgRFCPhWDTbx/Xxsl2XlhIzeBYQ3B3mHadJw+CthnxSc1ztzsZ2j0VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1IibbfUTGwS0/YZrnyNJq8le/nMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZlVpSnR0OVJNYkJMVDlobXVmSTBtcnlWNy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucARMA0G
CSqGSIb3DQEBCwUAA4IBAQByxgvox5kZzE1PJrBiHt62kUDQedHLuFowNRLaVm0S
cjYQR74X1WxswRs8wZp2C0i/8OEgZeFTue1DR6RhNMjnMIK3GUWQfbghlwDqmkXI
crWTu48ymoMTgYn07zcRp8aXAfTWd7uRxuGQ1/EOrgdRdkbN3uF02361Wsxia+hN
z9StkjtyvpHiIo0kXcJbx9m7e5k0Mo5L2KM/aFc0atAJ259lRoo6+nghz7+xab0r
losyaZFD7rT3oQLd89PBalG7s9gIlzcIdwsmkoCQhd25nNhfPqbDsk8PkTMlffuW
Nj0kkZqko0afsu1+UfPuP0KNBFph2ffoJsdc/colSMi1
-----END CERTIFICATE-----