Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zwDpwzVjAEyOgp2Dx_UyOVgrJxI.roa
File:                     zwDpwzVjAEyOgp2Dx_UyOVgrJxI.roa (raw, json)
Hash identifier:          6cErlwgv7EtjQqOs59Wj9eUpbDYzxDz5lHxfbUUF4Dw=
Subject key identifier:   CF:00:E9:C3:35:63:00:4C:8E:82:9D:83:C7:F5:32:39:58:2B:27:12
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422202CF5086658DD70E1FB7D3E1EE579
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zwDpwzVjAEyOgp2Dx_UyOVgrJxI.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198080
IP address blocks:        92.114.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2c:f5:08:66:58:dd:70:e1:fb:7d:3e:1e:e5:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf00e9c33563004c8e829d83c7f53239582b2712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:86:05:cc:d3:30:4e:7b:b3:53:52:d8:a3:d9:
                    7a:52:58:9c:76:a9:b9:7e:5d:d7:83:08:23:80:29:
                    da:06:c3:0c:2a:dd:98:e6:fb:e7:96:b2:61:2b:51:
                    c0:3a:7e:76:24:ac:b3:aa:d1:ad:a4:e8:9a:6b:ed:
                    12:0d:86:4a:65:33:5f:c0:af:d7:d6:1b:07:a3:fa:
                    e6:aa:25:b9:7f:85:09:5f:f3:16:28:63:8b:07:d8:
                    4a:93:0e:ba:6a:87:0d:a3:73:01:f8:34:87:3e:43:
                    e2:68:db:4e:7f:cf:59:27:82:fe:aa:87:a1:01:c7:
                    1f:a1:7c:81:75:1a:e8:74:1e:52:a8:62:5f:54:2b:
                    5b:d7:69:28:b0:7d:71:39:6b:00:74:b3:4b:6d:88:
                    5f:6c:2e:e7:dc:66:a5:ef:64:2a:f5:b6:26:97:2a:
                    ee:8d:ed:3a:aa:06:87:2d:eb:bd:5c:14:89:8b:18:
                    e4:ef:76:6e:a4:69:8b:3b:65:76:97:ef:d1:48:ca:
                    f8:df:df:e3:80:d3:ae:da:c3:ab:8a:7b:de:df:f4:
                    b7:74:02:0a:74:7c:e7:22:86:e2:86:82:28:f8:0f:
                    0a:40:11:84:d5:48:e1:df:59:ec:85:fa:cd:d9:d3:
                    60:c4:e8:96:a0:79:ee:82:2c:dc:a5:1c:5d:4d:b9:
                    ee:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:00:E9:C3:35:63:00:4C:8E:82:9D:83:C7:F5:32:39:58:2B:27:12
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zwDpwzVjAEyOgp2Dx_UyOVgrJxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:4d:1f:69:9f:bb:2f:e9:0e:cf:69:3c:29:3e:e9:ea:e1:ee:
         20:d0:67:c2:15:c2:01:0c:45:c8:9a:a7:00:98:79:60:c3:b8:
         78:a8:81:8f:56:c4:39:31:9d:01:9f:e4:2d:ba:d0:08:7b:9b:
         c9:51:27:18:0b:48:31:21:c8:2b:ad:de:4f:05:27:03:6e:98:
         68:3b:2d:e9:fc:61:10:77:71:3b:62:98:58:13:79:f9:32:84:
         6f:e1:30:8a:ef:ac:6e:85:8b:0d:eb:86:68:2b:09:bf:fc:5f:
         12:02:35:40:71:8a:fa:2c:8b:96:75:da:fa:0e:5f:95:11:f6:
         64:f3:e7:ea:f5:c1:f6:ce:a9:e6:a6:43:cb:13:ee:4a:a4:d6:
         0e:c1:ec:d2:0b:8c:6e:02:d8:18:4f:b2:94:87:62:4e:6e:eb:
         77:e3:4f:c2:4b:a5:58:de:56:7d:ef:24:93:3b:16:ad:d2:a2:
         4e:03:1e:4e:f2:0c:c9:b2:1d:fc:96:0c:68:f9:a8:56:06:ff:
         59:18:a6:fe:af:91:98:69:41:7d:8c:99:36:e6:08:3b:5b:9b:
         21:4e:c3:b6:62:0b:f0:57:ce:d2:9d:00:3d:2b:6b:d4:5a:74:
         09:64:06:b4:7e:68:b5:20:70:cc:b1:89:db:85:3f:fa:ab:6c:
         73:b0:44:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICz1CGZY3XDh+30+HuV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjAwZTljMzM1NjMwMDRjOGU4MjlkODNjN2Y1MzIzOTU4MmIyNzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYYFzNMwTnuzU1LYo9l6Ulicdqm5
fl3XgwgjgCnaBsMMKt2Y5vvnlrJhK1HAOn52JKyzqtGtpOiaa+0SDYZKZTNfwK/X
1hsHo/rmqiW5f4UJX/MWKGOLB9hKkw66aocNo3MB+DSHPkPiaNtOf89ZJ4L+qoeh
AccfoXyBdRrodB5SqGJfVCtb12kosH1xOWsAdLNLbYhfbC7n3Gal72Qq9bYmlyru
je06qgaHLeu9XBSJixjk73ZupGmLO2V2l+/RSMr439/jgNOu2sOrinve3/S3dAIK
dHznIobihoIo+A8KQBGE1Ujh31nshfrN2dNgxOiWoHnugizcpRxdTbnuXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8A6cM1YwBMjoKdg8f1MjlYKycSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvendEcHd6VmpBRXlPZ3AyRHhfVXlPVmdySnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHJUMA0G
CSqGSIb3DQEBCwUAA4IBAQCETR9pn7sv6Q7PaTwpPunq4e4g0GfCFcIBDEXImqcA
mHlgw7h4qIGPVsQ5MZ0Bn+QtutAIe5vJUScYC0gxIcgrrd5PBScDbphoOy3p/GEQ
d3E7YphYE3n5MoRv4TCK76xuhYsN64ZoKwm//F8SAjVAcYr6LIuWddr6Dl+VEfZk
8+fq9cH2zqnmpkPLE+5KpNYOwezSC4xuAtgYT7KUh2JObut340/CS6VY3lZ97yST
Oxat0qJOAx5O8gzJsh38lgxo+ahWBv9ZGKb+r5GYaUF9jJk25gg7W5shTsO2Ygvw
V87SnQA9K2vUWnQJZAa0fmi1IHDMsYnbhT/6q2xzsESU
-----END CERTIFICATE-----