Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qSNcpJcEf15fKZR2QsLgqZcCdR0.roa
File:                     qSNcpJcEf15fKZR2QsLgqZcCdR0.roa (raw, json)
Hash identifier:          jpPLf/f+6Bk/iUISoVJGGHfkNDDICo0Xl+xEwA0o1Nk=
Subject key identifier:   A9:23:5C:A4:97:04:7F:5E:5F:29:94:76:42:C2:E0:A9:97:02:75:1D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222014A656687632F182FE97BB3DDD50
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qSNcpJcEf15fKZR2QsLgqZcCdR0.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31034
IP address blocks:        194.242.14.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:14:a6:56:68:76:32:f1:82:fe:97:bb:3d:dd:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9235ca497047f5e5f29947642c2e0a99702751d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:85:fc:7a:c9:aa:25:93:33:2a:f6:1c:b4:91:
                    6d:07:d5:f5:7c:8b:18:fb:f4:da:cd:ee:09:a1:38:
                    92:1f:3a:04:96:d8:3f:c0:8f:42:8e:68:9d:dd:65:
                    94:40:05:7f:d2:d3:dc:35:37:26:b0:53:06:94:0a:
                    e9:6b:0a:1b:ba:0b:86:38:a5:74:a4:7b:fc:e8:b4:
                    2c:c9:e9:5f:3e:56:29:ae:7b:13:e2:89:06:81:19:
                    c1:04:4e:ed:c2:e9:93:6d:33:c1:5f:b2:29:c5:3f:
                    b2:c8:d7:f8:0a:c2:8b:cb:2b:17:e6:f1:6f:8e:4a:
                    4a:b9:ff:9e:17:0c:94:da:ce:15:2d:ba:20:58:db:
                    6c:9b:79:83:cb:98:1c:49:e5:c6:38:32:cb:2b:ef:
                    e7:48:f4:1e:6d:a2:57:bc:b2:a4:1d:4b:f8:b2:d1:
                    a3:05:65:4d:6f:24:e9:db:55:a5:4b:30:02:c0:cc:
                    8c:4a:af:62:21:81:51:c3:38:6e:1a:54:e0:b6:dd:
                    ab:83:ae:f3:92:f6:fb:ad:6f:37:95:50:b1:01:c6:
                    06:2a:97:72:4e:3c:86:d3:1b:4d:6c:38:17:5a:20:
                    18:d5:0c:d0:c8:f8:d7:36:fc:eb:3a:13:b9:18:69:
                    50:4f:49:60:54:1d:e9:96:dd:e5:2b:5f:86:95:48:
                    25:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:23:5C:A4:97:04:7F:5E:5F:29:94:76:42:C2:E0:A9:97:02:75:1D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qSNcpJcEf15fKZR2QsLgqZcCdR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:48:3b:4d:fe:ce:9b:4a:9a:d7:2b:a7:07:91:92:40:8f:2b:
         bb:02:cb:b8:72:97:d3:a7:c0:63:b6:c2:5c:2f:9b:2a:5b:23:
         f2:f8:d6:61:f9:74:d5:fe:5d:d2:b8:3e:bc:01:5f:dc:7f:fc:
         fe:4a:c8:b5:36:ac:e8:9e:a1:2c:5b:a3:e6:ab:a8:94:0c:22:
         df:4f:d2:86:b3:74:1a:a0:93:91:29:a6:fe:29:a1:3b:03:f2:
         36:60:d5:d2:46:b4:d7:9b:f4:77:52:c3:26:f5:6f:be:e4:fc:
         7f:2c:3c:82:77:c3:39:ba:49:43:15:37:8b:4b:b8:e6:82:cb:
         de:ba:7a:0e:6b:8a:61:e8:52:5e:af:af:f1:82:72:01:9f:8a:
         6a:9e:94:1c:5e:13:1a:56:15:17:3f:a9:3b:4d:73:f2:ad:0f:
         97:6c:d3:86:8e:22:ca:fe:c7:b1:b6:e7:39:26:0a:3b:08:63:
         c6:1f:b3:da:19:7a:99:c5:ba:44:0b:77:7f:dc:40:83:18:df:
         b3:f2:3b:c1:08:e2:12:6c:9e:3f:fc:bc:28:bf:4e:65:7a:a9:
         a6:42:8d:8c:09:ab:0f:3d:2c:12:e7:40:70:2b:7a:8a:90:65:
         6f:91:8c:d5:df:81:6e:86:8d:8e:c0:e6:a0:a6:f4:d4:8f:5e:
         9d:b8:78:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBSmVmh2MvGC/pe7Pd1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIzNWNhNDk3MDQ3ZjVlNWYyOTk0NzY0MmMyZTBhOTk3MDI3NTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIX8esmqJZMzKvYctJFtB9X1fIsY
+/Taze4JoTiSHzoEltg/wI9Cjmid3WWUQAV/0tPcNTcmsFMGlArpawobuguGOKV0
pHv86LQsyelfPlYprnsT4okGgRnBBE7twumTbTPBX7IpxT+yyNf4CsKLyysX5vFv
jkpKuf+eFwyU2s4VLbogWNtsm3mDy5gcSeXGODLLK+/nSPQebaJXvLKkHUv4stGj
BWVNbyTp21WlSzACwMyMSq9iIYFRwzhuGlTgtt2rg67zkvb7rW83lVCxAcYGKpdy
TjyG0xtNbDgXWiAY1QzQyPjXNvzrOhO5GGlQT0lgVB3plt3lK1+GlUglEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkjXKSXBH9eXymUdkLC4KmXAnUdMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcVNOY3BKY0VmMTVmS1pSMlFzTGdxWmNDZFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvIOMA0G
CSqGSIb3DQEBCwUAA4IBAQB3SDtN/s6bSprXK6cHkZJAjyu7Asu4cpfTp8BjtsJc
L5sqWyPy+NZh+XTV/l3SuD68AV/cf/z+Ssi1NqzonqEsW6Pmq6iUDCLfT9KGs3Qa
oJORKab+KaE7A/I2YNXSRrTXm/R3UsMm9W++5Px/LDyCd8M5uklDFTeLS7jmgsve
unoOa4ph6FJer6/xgnIBn4pqnpQcXhMaVhUXP6k7TXPyrQ+XbNOGjiLK/sextuc5
Jgo7CGPGH7PaGXqZxbpEC3d/3ECDGN+z8jvBCOISbJ4//Lwov05leqmmQo2MCasP
PSwS50BwK3qKkGVvkYzV34Fuho2OwOagpvTUj16duHhG
-----END CERTIFICATE-----