Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/246466-607a-44da-9cbf-c417442eff93/1/NW7G420E0Tk7pMi-UVKL9EO5zTA.roa
File:                     NW7G420E0Tk7pMi-UVKL9EO5zTA.roa (raw, json)
Hash identifier:          Q3IRZsTEhDqe1ExEIgIekgobeYaG4FmT5pyujXNfnVk=
Subject key identifier:   35:6E:C6:E3:6D:04:D1:39:3B:A4:C8:BE:51:52:8B:F4:43:B9:CD:30
Certificate issuer:       /CN=1d3d044c091e88b80b4b269ebb796b3f24544b5f
Certificate serial:       019427B512A2D02E13D48FB75C51FE49AE7D
Authority key identifier: 1D:3D:04:4C:09:1E:88:B8:0B:4B:26:9E:BB:79:6B:3F:24:54:4B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HT0ETAkeiLgLSyaeu3lrPyRUS18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/246466-607a-44da-9cbf-c417442eff93/1/NW7G420E0Tk7pMi-UVKL9EO5zTA.roa
Signing time:             Thu 02 Jan 2025 15:49:25 +0000
ROA not before:           Thu 02 Jan 2025 15:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51257
IP address blocks:        171.22.146.0/24 maxlen: 24
                          2a05:d80::/29 maxlen: 29
                          2a05:d80:4000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/246466-607a-44da-9cbf-c417442eff93/1/HT0ETAkeiLgLSyaeu3lrPyRUS18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/246466-607a-44da-9cbf-c417442eff93/1/HT0ETAkeiLgLSyaeu3lrPyRUS18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HT0ETAkeiLgLSyaeu3lrPyRUS18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:12:a2:d0:2e:13:d4:8f:b7:5c:51:fe:49:ae:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d3d044c091e88b80b4b269ebb796b3f24544b5f
        Validity
            Not Before: Jan  2 15:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=356ec6e36d04d1393ba4c8be51528bf443b9cd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a2:39:9b:08:36:fe:7c:ef:14:92:7a:78:64:
                    51:79:ad:bf:60:59:c2:4e:e5:a6:40:c0:59:39:ec:
                    52:dd:70:bf:34:3c:e7:4a:76:66:19:72:ab:d7:f5:
                    58:75:99:d7:8d:56:6e:26:be:1f:dd:bd:9c:64:01:
                    ee:7f:d0:18:92:7c:4f:03:26:10:87:1c:55:f3:5f:
                    ec:4e:ee:8e:d3:b9:e0:34:93:36:78:1a:fd:98:7f:
                    4b:f6:bd:7b:62:2d:7d:0a:13:99:ca:d7:9b:65:b5:
                    cd:7b:bc:e2:20:57:44:9e:c2:fc:69:01:06:21:72:
                    70:f6:8b:19:85:1e:db:42:c4:00:1f:e4:a9:9a:ec:
                    32:06:eb:09:44:86:55:39:91:36:2a:ce:43:7c:a5:
                    93:a0:62:5e:a0:b4:47:f0:a5:c6:71:2e:53:1a:10:
                    e8:3d:e8:db:a0:f4:29:98:a6:65:f0:93:6d:3e:eb:
                    87:87:ea:76:6d:65:04:af:87:d7:62:b8:c2:cb:6f:
                    17:9c:53:cd:b7:fc:09:36:87:04:02:17:ee:06:2e:
                    9a:ab:18:af:1d:30:bd:2a:00:d6:0c:7a:a6:00:70:
                    3b:a2:2f:66:24:d6:6b:cb:2c:07:ac:3e:db:5a:5e:
                    e2:50:21:00:58:54:4b:b7:dd:ce:e5:f7:eb:28:5c:
                    b8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:6E:C6:E3:6D:04:D1:39:3B:A4:C8:BE:51:52:8B:F4:43:B9:CD:30
            X509v3 Authority Key Identifier:
                keyid:1D:3D:04:4C:09:1E:88:B8:0B:4B:26:9E:BB:79:6B:3F:24:54:4B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HT0ETAkeiLgLSyaeu3lrPyRUS18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/246466-607a-44da-9cbf-c417442eff93/1/NW7G420E0Tk7pMi-UVKL9EO5zTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/246466-607a-44da-9cbf-c417442eff93/1/HT0ETAkeiLgLSyaeu3lrPyRUS18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.146.0/24
                IPv6:
                  2a05:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:8f:64:d7:e0:e0:4c:3b:67:ce:04:2c:6e:14:8b:bc:b1:7d:
         50:ea:17:56:38:f0:35:ac:3a:d7:83:c1:a8:84:a7:50:fa:f3:
         71:05:4a:4f:81:93:61:b4:4f:a8:d5:cc:25:60:9c:7b:f4:b8:
         41:d5:ba:fa:ea:7c:bf:40:48:33:64:94:05:ca:cb:82:5f:18:
         11:03:7b:36:7e:1c:6e:70:ca:90:3a:8f:7a:5f:a5:31:93:15:
         25:a6:f3:e2:5e:df:30:77:c0:83:51:b4:fd:c9:d2:c1:7f:dc:
         8f:33:11:b0:03:d2:9d:35:1c:ce:e5:ed:e6:cb:30:dc:52:0a:
         0c:f4:73:fd:4f:75:54:96:26:7f:04:e7:bd:c5:79:ee:37:d3:
         e0:d5:c3:6c:c0:6e:61:f3:cd:d4:b4:cd:ee:e5:81:00:91:ac:
         0c:01:d6:63:2d:1e:7b:f9:3c:99:6b:f7:b8:80:9c:60:e7:0d:
         6b:d6:10:1c:94:eb:04:a0:89:db:c4:fe:17:4a:62:80:b2:ba:
         36:e3:5f:42:3b:df:a4:e3:ab:5b:4b:58:26:8c:40:a2:96:1c:
         50:a0:20:5c:94:dd:8c:75:30:5d:fb:02:e0:29:bb:5b:a0:bd:
         1a:3f:2a:24:fb:fb:9e:27:b2:5d:d6:4d:3d:d1:8b:b1:97:63:
         88:c1:00:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntRKi0C4T1I+3XFH+Sa59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkM2QwNDRjMDkxZTg4YjgwYjRiMjY5ZWJiNzk2YjNmMjQ1
NDRiNWYwHhcNMjUwMTAyMTU0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTZlYzZlMzZkMDRkMTM5M2JhNGM4YmU1MTUyOGJmNDQzYjljZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKI5mwg2/nzvFJJ6eGRRea2/YFnC
TuWmQMBZOexS3XC/NDznSnZmGXKr1/VYdZnXjVZuJr4f3b2cZAHuf9AYknxPAyYQ
hxxV81/sTu6O07ngNJM2eBr9mH9L9r17Yi19ChOZytebZbXNe7ziIFdEnsL8aQEG
IXJw9osZhR7bQsQAH+SpmuwyBusJRIZVOZE2Ks5DfKWToGJeoLRH8KXGcS5TGhDo
PejboPQpmKZl8JNtPuuHh+p2bWUEr4fXYrjCy28XnFPNt/wJNocEAhfuBi6aqxiv
HTC9KgDWDHqmAHA7oi9mJNZryywHrD7bWl7iUCEAWFRLt93O5ffrKFy4swIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDVuxuNtBNE5O6TIvlFSi/RDuc0wMB8GA1UdIwQY
MBaAFB09BEwJHoi4C0smnrt5az8kVEtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFQwRVRBa2VpTGdMU3lhZXUzbHJQeVJVUzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8yNDY0NjYtNjA3YS00NGRhLTljYmYt
YzQxNzQ0MmVmZjkzLzEvTlc3RzQyMEUwVGs3cE1pLVVWS0w5RU81elRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8yNDY0NjYtNjA3YS00NGRhLTljYmYtYzQxNzQ0MmVmZjkz
LzEvSFQwRVRBa2VpTGdMU3lhZXUzbHJQeVJVUzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAqxaSMA0E
AgACMAcDBQMqBQ2AMA0GCSqGSIb3DQEBCwUAA4IBAQAej2TX4OBMO2fOBCxuFIu8
sX1Q6hdWOPA1rDrXg8GohKdQ+vNxBUpPgZNhtE+o1cwlYJx79LhB1br66ny/QEgz
ZJQFysuCXxgRA3s2fhxucMqQOo96X6UxkxUlpvPiXt8wd8CDUbT9ydLBf9yPMxGw
A9KdNRzO5e3myzDcUgoM9HP9T3VUliZ/BOe9xXnuN9Pg1cNswG5h883UtM3u5YEA
kawMAdZjLR57+TyZa/e4gJxg5w1r1hAclOsEoInbxP4XSmKAsro2419CO9+k46tb
S1gmjECilhxQoCBclN2MdTBd+wLgKbtboL0aPyok+/ueJ7Jd1k090Yuxl2OIwQD3
-----END CERTIFICATE-----