Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k4nByyfbnScX_QFKAa8YuAocNdI.roa
File:                     k4nByyfbnScX_QFKAa8YuAocNdI.roa (raw, json)
Hash identifier:          9T9grggHuCsq+phhcJtgL3O1I5IcCBJsdtSmD2rNjcY=
Subject key identifier:   93:89:C1:CB:27:DB:9D:27:17:FD:01:4A:01:AF:18:B8:0A:1C:35:D2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422203C4D85D17D908B8BFA34D56C8820
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k4nByyfbnScX_QFKAa8YuAocNdI.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212042
IP address blocks:        217.74.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3c:4d:85:d1:7d:90:8b:8b:fa:34:d5:6c:88:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9389c1cb27db9d2717fd014a01af18b80a1c35d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:06:0f:19:ca:cc:f7:67:b6:b8:e3:25:8e:50:
                    dc:a8:72:51:21:19:3e:84:bc:0d:6a:c6:a9:13:f8:
                    99:b5:fb:dd:da:7a:2f:03:2e:df:66:07:1d:b4:0c:
                    e7:2c:28:d5:b8:35:a3:32:a5:23:60:cb:96:4e:8c:
                    9b:c8:15:49:56:57:90:a5:1f:64:94:b7:9c:47:d3:
                    a7:84:ec:7e:69:95:9b:c7:ab:d6:9b:7f:f6:85:3d:
                    fb:3a:14:09:2f:f5:48:17:b7:01:92:17:00:a9:ba:
                    dc:4a:c2:a1:c5:18:f9:06:05:d0:1f:45:29:44:4e:
                    24:a3:74:1f:4c:f7:bb:26:8d:65:56:84:a3:48:55:
                    9d:15:4e:61:dd:91:71:c3:b9:e3:90:b2:81:01:18:
                    a1:fe:f7:94:e0:bd:fc:1d:36:18:f0:ea:8e:a3:7c:
                    00:0d:09:6c:71:1d:c0:f2:9a:aa:e1:3a:72:27:de:
                    cc:67:0b:17:70:26:70:a2:c8:ef:24:b4:ce:08:0d:
                    ac:ae:85:43:7e:c3:2c:3f:ea:c6:50:82:60:6d:d3:
                    73:f8:4e:26:63:3c:8f:9a:a9:7f:7f:d5:5b:45:d5:
                    97:eb:1a:0d:9d:8c:d1:ff:f6:c7:71:b1:f0:e6:43:
                    84:1c:f1:8f:80:44:b1:59:df:0b:2e:d0:d5:0c:e2:
                    af:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:89:C1:CB:27:DB:9D:27:17:FD:01:4A:01:AF:18:B8:0A:1C:35:D2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k4nByyfbnScX_QFKAa8YuAocNdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.74.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:1f:f5:e5:a6:14:e7:fd:ff:b4:01:0c:2c:62:4d:86:2e:c5:
         51:4a:4c:c6:dd:7a:ed:88:11:fc:8b:c8:e6:d2:a8:d8:9c:c8:
         50:8e:5e:81:76:3b:03:f0:52:80:3f:25:bc:82:43:70:35:27:
         dc:4b:fb:9a:f8:6b:3e:dd:fb:02:da:57:c0:c0:cc:62:ad:64:
         fd:f7:3c:b1:2b:93:12:41:0a:50:3a:ed:31:65:42:f2:95:ec:
         37:67:86:4c:43:92:ce:89:10:6c:dd:8d:f2:bd:6b:10:55:8e:
         13:1d:58:74:85:46:32:80:1d:3a:10:53:72:44:e4:68:33:47:
         9d:69:cb:0d:f2:64:65:32:9a:8d:53:ce:2c:28:a5:2f:4b:f8:
         f4:33:41:52:90:dc:c2:01:05:ea:8b:33:35:62:4c:4d:5a:ad:
         76:ec:8d:d6:6e:a1:55:80:77:10:30:d0:81:6a:53:a2:e6:55:
         f0:47:34:3d:9a:d0:0e:83:00:ba:54:43:29:52:e8:07:65:8c:
         28:8c:49:c8:eb:6d:9b:99:fc:26:18:0e:cd:c7:cd:db:0e:18:
         6e:e5:68:d3:4f:ca:4e:96:b5:57:ad:a9:e4:03:75:15:ca:82:
         27:91:a9:cd:d8:6a:79:8d:81:aa:c4:8e:56:c4:26:0c:c2:0d:
         6b:b5:45:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDxNhdF9kIuL+jTVbIggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg5YzFjYjI3ZGI5ZDI3MTdmZDAxNGEwMWFmMThiODBhMWMzNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QYPGcrM92e2uOMljlDcqHJRIRk+
hLwNasapE/iZtfvd2novAy7fZgcdtAznLCjVuDWjMqUjYMuWToybyBVJVleQpR9k
lLecR9OnhOx+aZWbx6vWm3/2hT37OhQJL/VIF7cBkhcAqbrcSsKhxRj5BgXQH0Up
RE4ko3QfTPe7Jo1lVoSjSFWdFU5h3ZFxw7njkLKBARih/veU4L38HTYY8OqOo3wA
DQlscR3A8pqq4TpyJ97MZwsXcCZwosjvJLTOCA2sroVDfsMsP+rGUIJgbdNz+E4m
YzyPmql/f9VbRdWX6xoNnYzR//bHcbHw5kOEHPGPgESxWd8LLtDVDOKv3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOJwcsn250nF/0BSgGvGLgKHDXSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvazRuQnl5ZmJuU2NYX1FGS0FhOFl1QW9jTmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UoRMA0G
CSqGSIb3DQEBCwUAA4IBAQA3H/XlphTn/f+0AQwsYk2GLsVRSkzG3XrtiBH8i8jm
0qjYnMhQjl6BdjsD8FKAPyW8gkNwNSfcS/ua+Gs+3fsC2lfAwMxirWT99zyxK5MS
QQpQOu0xZULylew3Z4ZMQ5LOiRBs3Y3yvWsQVY4THVh0hUYygB06EFNyRORoM0ed
acsN8mRlMpqNU84sKKUvS/j0M0FSkNzCAQXqizM1YkxNWq127I3WbqFVgHcQMNCB
alOi5lXwRzQ9mtAOgwC6VEMpUugHZYwojEnI622bmfwmGA7Nx83bDhhu5WjTT8pO
lrVXrankA3UVyoInkanN2Gp5jYGqxI5WxCYMwg1rtUUb
-----END CERTIFICATE-----