Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mdtG2cj57T624-TRLqUNs1vd-VU.roa
File:                     mdtG2cj57T624-TRLqUNs1vd-VU.roa (raw, json)
Hash identifier:          o6VU92dNYLPhjt9fr0EXb7zlmnwKgGPZmdsR6YB7a3E=
Subject key identifier:   99:DB:46:D9:C8:F9:ED:3E:B6:E3:E4:D1:2E:A5:0D:B3:5B:DD:F9:55
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220407BB67CDB3DCCFE576C054416B8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mdtG2cj57T624-TRLqUNs1vd-VU.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216025
IP address blocks:        45.92.0.0/24 maxlen: 24
                          2a10:7402::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:40:7b:b6:7c:db:3d:cc:fe:57:6c:05:44:16:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99db46d9c8f9ed3eb6e3e4d12ea50db35bddf955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f4:63:ba:84:c5:85:cb:89:fd:86:d4:f0:43:
                    7b:ce:f4:be:14:f3:d2:64:a9:fb:f0:b7:e6:cd:fd:
                    b7:0f:ad:0a:28:fe:a8:bf:72:9c:51:a6:ac:3d:16:
                    45:6a:da:f1:18:d8:d1:29:ef:fe:e9:73:ca:7b:af:
                    4a:f6:87:01:18:d5:6f:b3:ea:27:5b:64:c6:3e:82:
                    7e:d7:73:07:97:75:95:95:3b:4f:a0:d8:e3:4e:d5:
                    b1:f6:2e:a0:3f:db:db:1a:cf:f9:b4:e6:8d:2a:7a:
                    eb:24:48:62:bd:ab:97:a7:4a:7e:a5:4a:c7:bf:40:
                    71:fc:13:de:af:5b:c3:83:53:0e:46:53:80:0e:95:
                    d3:9a:89:b7:92:e1:ed:09:51:1e:57:55:92:a8:e0:
                    d8:66:0d:77:79:9a:02:a8:38:ea:0f:31:53:97:82:
                    2d:ce:61:4b:52:76:dd:e4:d4:d5:5d:32:7f:e0:d1:
                    2e:da:07:65:b8:7f:b1:09:c7:f9:89:47:84:4d:53:
                    30:80:bc:a6:ad:ef:b4:f7:64:fa:71:fa:9f:e4:68:
                    d8:7c:13:8b:c3:96:30:af:36:1c:db:96:49:a0:a6:
                    a0:47:dc:fb:39:c2:55:30:ee:38:5c:8b:b6:0e:64:
                    3c:62:dd:e8:12:2a:fc:2c:eb:32:35:17:a1:2d:db:
                    5e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:DB:46:D9:C8:F9:ED:3E:B6:E3:E4:D1:2E:A5:0D:B3:5B:DD:F9:55
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mdtG2cj57T624-TRLqUNs1vd-VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.0.0/24
                IPv6:
                  2a10:7402::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:e5:89:e9:90:11:e9:99:9e:e7:e4:82:0f:e0:03:46:c2:d5:
         1b:7c:ec:20:02:16:33:fb:e2:89:27:7d:e7:6a:8c:83:b2:6f:
         20:d4:7b:8b:36:e0:83:30:ca:7a:32:f0:c2:ff:e7:92:84:9e:
         63:55:04:b3:81:b7:4a:65:4b:07:d6:33:28:cc:bb:70:25:a9:
         c1:05:16:21:05:66:4f:a3:38:76:e5:b7:a1:6d:d5:1d:e9:27:
         e6:36:51:63:cb:7f:7f:17:7b:a2:95:f1:ab:86:99:98:c0:3f:
         7e:22:6d:f1:da:40:ea:03:6c:7a:ea:c4:73:4e:2c:4b:a6:f9:
         84:60:85:bd:7c:46:77:f8:b1:8e:af:a7:1c:5e:44:62:08:86:
         38:3c:ec:1f:cf:d9:1a:34:70:92:96:fb:2b:3a:0d:5a:43:47:
         97:53:09:2c:d4:c8:dc:66:ba:56:09:ae:d4:4a:69:71:c0:a2:
         76:d4:8b:fa:40:94:eb:5a:8f:19:65:d7:74:f1:ad:89:f0:07:
         f6:aa:4e:dc:3f:87:d3:30:36:a1:b6:8f:79:26:9f:60:55:d9:
         2a:b9:0d:0d:de:aa:98:58:47:92:04:84:89:92:94:1d:e6:f7:
         b9:d1:70:1a:04:89:41:fb:8c:3c:cb:74:b7:81:6d:44:16:4d:
         d3:dc:fc:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiIEB7tnzbPcz+V2wFRBa4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWRiNDZkOWM4ZjllZDNlYjZlM2U0ZDEyZWE1MGRiMzViZGRmOTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfRjuoTFhcuJ/YbU8EN7zvS+FPPS
ZKn78Lfmzf23D60KKP6ov3KcUaasPRZFatrxGNjRKe/+6XPKe69K9ocBGNVvs+on
W2TGPoJ+13MHl3WVlTtPoNjjTtWx9i6gP9vbGs/5tOaNKnrrJEhivauXp0p+pUrH
v0Bx/BPer1vDg1MORlOADpXTmom3kuHtCVEeV1WSqODYZg13eZoCqDjqDzFTl4It
zmFLUnbd5NTVXTJ/4NEu2gdluH+xCcf5iUeETVMwgLymre+092T6cfqf5GjYfBOL
w5YwrzYc25ZJoKagR9z7OcJVMO44XIu2DmQ8Yt3oEir8LOsyNRehLdtewQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJnbRtnI+e0+tuPk0S6lDbNb3flVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbWR0RzJjajU3VDYyNC1UUkxxVU5zMXZkLVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVwAMA0E
AgACMAcDBQAqEHQCMA0GCSqGSIb3DQEBCwUAA4IBAQAP5YnpkBHpmZ7n5IIP4ANG
wtUbfOwgAhYz++KJJ33naoyDsm8g1HuLNuCDMMp6MvDC/+eShJ5jVQSzgbdKZUsH
1jMozLtwJanBBRYhBWZPozh25behbdUd6SfmNlFjy39/F3uilfGrhpmYwD9+Im3x
2kDqA2x66sRzTixLpvmEYIW9fEZ3+LGOr6ccXkRiCIY4POwfz9kaNHCSlvsrOg1a
Q0eXUwks1MjcZrpWCa7USmlxwKJ21Iv6QJTrWo8ZZdd08a2J8Af2qk7cP4fTMDah
to95Jp9gVdkquQ0N3qqYWEeSBISJkpQd5ve50XAaBIlB+4w8y3S3gW1EFk3T3Pyj
-----END CERTIFICATE-----