Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pD-X6ViffciljmxBiUNgADm8dNU.roa
File:                     pD-X6ViffciljmxBiUNgADm8dNU.roa (raw, json)
Hash identifier:          hgHHHt/JE22osFzrj5rGGmlQu9uWEEs937uoXeU/za4=
Subject key identifier:   A4:3F:97:E9:58:9F:7D:C8:A5:8E:6C:41:89:43:60:00:39:BC:74:D5
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422201266EBD39727ABF6E86738798894
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pD-X6ViffciljmxBiUNgADm8dNU.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22168
IP address blocks:        162.249.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:12:66:eb:d3:97:27:ab:f6:e8:67:38:79:88:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a43f97e9589f7dc8a58e6c418943600039bc74d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:57:7f:c9:42:ea:db:a2:21:6d:f7:96:62:6a:
                    5a:7a:ad:dc:81:25:81:08:e1:41:df:38:f5:78:db:
                    c8:7e:40:44:3b:39:7f:64:74:33:38:55:cc:a8:23:
                    e7:52:16:42:6f:20:55:23:e8:63:95:ab:9a:9e:88:
                    08:28:33:dd:78:45:ba:47:cc:33:2e:69:fe:cc:77:
                    48:81:16:28:94:ad:ab:0e:ca:7a:63:71:07:d8:59:
                    5b:a6:89:fb:7e:49:c2:07:17:48:b0:ca:33:f5:70:
                    56:8d:a5:c1:7c:84:39:b8:a1:73:04:74:d4:1c:a1:
                    3d:70:d2:cb:f3:9a:24:3e:11:9f:3c:1a:64:e7:58:
                    bc:94:d7:e1:5b:66:2e:e9:26:20:7a:d1:5f:24:e2:
                    98:c6:10:cb:b2:d5:41:4e:82:73:6d:b8:1b:46:e4:
                    00:fe:30:e4:e5:4c:4e:38:be:32:a2:80:a4:ba:ed:
                    9d:a8:04:ca:f4:09:ff:a2:14:9a:18:eb:04:bc:22:
                    d7:dd:eb:a8:86:51:e4:da:81:bf:1e:ea:17:33:2c:
                    bc:13:1d:05:26:6d:9a:03:be:bc:6c:3f:53:c1:b8:
                    42:29:8a:86:93:b7:68:60:60:24:ce:a0:48:bb:ff:
                    c3:c6:76:13:29:04:9a:9c:ba:0a:23:d6:0c:94:75:
                    1d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3F:97:E9:58:9F:7D:C8:A5:8E:6C:41:89:43:60:00:39:BC:74:D5
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pD-X6ViffciljmxBiUNgADm8dNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.249.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4a:2e:85:5e:13:76:ac:eb:09:80:ff:55:b7:21:98:0b:60:7b:
         0b:be:b8:eb:cf:e1:79:ae:29:85:1f:57:b2:2d:b1:e4:b6:c2:
         70:b5:c5:e5:1b:50:e0:40:bd:17:7f:d4:bc:5f:ca:4d:ff:27:
         4e:fa:43:0d:33:dd:3f:d5:00:6e:e7:88:7a:0a:f7:d7:dd:48:
         d3:4f:c0:c2:82:16:28:ac:95:ed:74:26:2e:5c:5c:56:47:5f:
         eb:ef:33:5c:09:6a:dd:ac:72:5e:e6:d3:93:5e:8e:76:8c:55:
         84:02:73:bf:1e:80:b8:73:00:e3:2f:0b:19:2c:a2:7a:c0:23:
         a8:d2:26:97:16:09:c4:e2:ee:7d:7c:e7:fe:b6:e5:61:71:32:
         de:f7:39:13:15:2c:a9:cb:3f:36:ef:fd:ae:07:b6:67:69:b1:
         8f:ef:88:b6:f4:cd:a7:71:8c:e1:5c:74:24:2a:0c:f8:6e:b4:
         a6:bd:35:f9:b7:42:25:ba:aa:a9:3b:bd:91:e6:cc:eb:97:2b:
         0f:d1:b8:1a:24:66:64:e6:74:83:4d:02:54:1a:b7:88:3f:fb:
         0e:07:96:3b:a8:b2:f9:bd:60:e9:1f:93:7b:9d:11:09:63:c5:
         07:5d:81:93:d6:a1:b3:b2:8e:07:f5:96:4a:1f:b1:5f:1f:cd:
         30:f8:fa:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBJm69OXJ6v26Gc4eYiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNmOTdlOTU4OWY3ZGM4YTU4ZTZjNDE4OTQzNjAwMDM5YmM3NGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Fd/yULq26IhbfeWYmpaeq3cgSWB
COFB3zj1eNvIfkBEOzl/ZHQzOFXMqCPnUhZCbyBVI+hjlauanogIKDPdeEW6R8wz
Lmn+zHdIgRYolK2rDsp6Y3EH2Flbpon7fknCBxdIsMoz9XBWjaXBfIQ5uKFzBHTU
HKE9cNLL85okPhGfPBpk51i8lNfhW2Yu6SYgetFfJOKYxhDLstVBToJzbbgbRuQA
/jDk5UxOOL4yooCkuu2dqATK9An/ohSaGOsEvCLX3euohlHk2oG/HuoXMyy8Ex0F
Jm2aA768bD9TwbhCKYqGk7doYGAkzqBIu//DxnYTKQSanLoKI9YMlHUdgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQ/l+lYn33IpY5sQYlDYAA5vHTVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcEQtWDZWaWZmY2lsam14QmlVTmdBRG04ZE5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDovlAMA0G
CSqGSIb3DQEBCwUAA4IBAQBKLoVeE3as6wmA/1W3IZgLYHsLvrjrz+F5rimFH1ey
LbHktsJwtcXlG1DgQL0Xf9S8X8pN/ydO+kMNM90/1QBu54h6CvfX3UjTT8DCghYo
rJXtdCYuXFxWR1/r7zNcCWrdrHJe5tOTXo52jFWEAnO/HoC4cwDjLwsZLKJ6wCOo
0iaXFgnE4u59fOf+tuVhcTLe9zkTFSypyz827/2uB7ZnabGP74i29M2ncYzhXHQk
Kgz4brSmvTX5t0IluqqpO72R5szrlysP0bgaJGZk5nSDTQJUGreIP/sOB5Y7qLL5
vWDpH5N7nREJY8UHXYGT1qGzso4H9ZZKH7FfH80w+Pp7
-----END CERTIFICATE-----