Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/7Pzqe98aO4BoBrbjEM8VyT6sS1M.roa
File:                     7Pzqe98aO4BoBrbjEM8VyT6sS1M.roa (raw, json)
Hash identifier:          njNZ21C9pluyh9z/aL31IWofBM1v+N+fPmyvHPndCq0=
Subject key identifier:   EC:FC:EA:7B:DF:1A:3B:80:68:06:B6:E3:10:CF:15:C9:3E:AC:4B:53
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       0194228DE40935E6901EF07AA3B9D00FE99D
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/7Pzqe98aO4BoBrbjEM8VyT6sS1M.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215421
IP address blocks:        46.36.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e4:09:35:e6:90:1e:f0:7a:a3:b9:d0:0f:e9:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecfcea7bdf1a3b806806b6e310cf15c93eac4b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:96:f8:0c:79:ff:e9:30:4e:d0:ee:23:10:1e:
                    af:d2:30:f6:fe:44:ba:54:02:8d:ea:15:c3:d4:f4:
                    f3:59:84:98:a0:1a:c0:13:2f:78:b5:97:4a:68:c6:
                    94:f4:f9:74:51:48:ec:ab:bf:28:79:32:01:f3:6d:
                    b0:40:7f:71:ce:00:02:15:3b:a6:1d:7b:32:e3:04:
                    2a:a0:5e:91:58:fb:87:ce:c0:0e:26:d6:35:77:94:
                    9a:3d:d6:21:5a:a7:9a:c8:57:94:2e:81:01:b4:af:
                    99:ce:11:f8:35:17:45:f6:fc:d8:c2:80:4d:6b:45:
                    65:fb:d4:18:ee:68:b9:a3:ae:60:7a:f5:09:e2:fc:
                    10:33:b3:50:ba:00:89:63:73:c3:59:07:84:f6:8e:
                    aa:3e:6c:0f:8c:41:4a:85:8d:f7:ff:c5:c3:c7:8c:
                    9a:c8:4e:72:a4:e8:29:bc:3d:21:3b:65:e1:f5:e2:
                    94:b0:9e:a1:ce:a4:c3:34:bc:b1:42:ad:71:c8:25:
                    26:96:7f:d5:ba:d0:54:db:e3:2a:42:0c:f7:b0:98:
                    2d:63:51:21:7e:c5:6a:92:cc:97:d8:8b:ea:dd:b1:
                    e0:f3:22:d5:fe:5f:b6:0a:74:a6:a0:1f:1c:d3:c6:
                    39:86:f2:26:72:73:99:bb:1c:eb:9c:e1:39:e8:27:
                    f7:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FC:EA:7B:DF:1A:3B:80:68:06:B6:E3:10:CF:15:C9:3E:AC:4B:53
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/7Pzqe98aO4BoBrbjEM8VyT6sS1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:06:9c:d2:05:85:00:ee:54:bd:76:e8:84:9c:5f:47:12:37:
         13:bd:be:07:f0:d7:9d:95:b8:c4:5d:4d:0b:2a:79:d5:9b:df:
         0e:13:76:3b:25:08:a4:92:e6:e1:50:3b:20:34:81:8e:cd:45:
         1e:2b:c1:20:df:b5:0f:58:f5:b8:c1:55:8e:e3:6f:6e:c9:be:
         d9:62:95:d4:2a:ee:4b:44:de:97:06:0a:74:ca:00:6f:48:86:
         21:69:34:ed:7d:8f:6b:36:c1:3c:f5:05:85:af:fb:a1:95:48:
         4b:5a:fd:72:98:53:a4:3b:22:39:d3:a5:b0:54:f5:05:d2:a0:
         02:e4:c6:0b:96:2e:f0:bb:40:b4:6b:de:f5:19:04:ec:5b:ef:
         e3:3e:78:86:c6:58:b4:73:15:2e:15:e1:11:45:e5:3b:e1:4f:
         97:28:f2:c0:7a:5f:72:f2:d7:d8:28:7f:6c:c3:aa:b8:a9:67:
         21:3f:cf:2b:97:0b:4f:ad:c1:cc:ec:5e:53:f2:4e:15:47:46:
         be:9b:fa:2b:71:13:c4:12:30:8b:5c:62:c1:01:2e:1a:ea:fd:
         fc:bf:bf:70:0a:43:74:7d:56:ea:26:79:ac:81:37:a7:19:8d:
         8a:a2:a3:3f:a1:35:c4:ae:68:c9:0d:1a:3e:20:73:4c:7f:f5:
         af:d5:31:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijeQJNeaQHvB6o7nQD+mdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ZjZWE3YmRmMWEzYjgwNjgwNmI2ZTMxMGNmMTVjOTNlYWM0YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJb4DHn/6TBO0O4jEB6v0jD2/kS6
VAKN6hXD1PTzWYSYoBrAEy94tZdKaMaU9Pl0UUjsq78oeTIB822wQH9xzgACFTum
HXsy4wQqoF6RWPuHzsAOJtY1d5SaPdYhWqeayFeULoEBtK+ZzhH4NRdF9vzYwoBN
a0Vl+9QY7mi5o65gevUJ4vwQM7NQugCJY3PDWQeE9o6qPmwPjEFKhY33/8XDx4ya
yE5ypOgpvD0hO2Xh9eKUsJ6hzqTDNLyxQq1xyCUmln/VutBU2+MqQgz3sJgtY1Eh
fsVqksyX2Ivq3bHg8yLV/l+2CnSmoB8c08Y5hvImcnOZuxzrnOE56Cf3UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz86nvfGjuAaAa24xDPFck+rEtTMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvN1B6cWU5OGFPNEJvQnJiakVNOFZ5VDZzUzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLiR6MA0G
CSqGSIb3DQEBCwUAA4IBAQCQBpzSBYUA7lS9duiEnF9HEjcTvb4H8NedlbjEXU0L
KnnVm98OE3Y7JQikkubhUDsgNIGOzUUeK8Eg37UPWPW4wVWO429uyb7ZYpXUKu5L
RN6XBgp0ygBvSIYhaTTtfY9rNsE89QWFr/uhlUhLWv1ymFOkOyI506WwVPUF0qAC
5MYLli7wu0C0a971GQTsW+/jPniGxli0cxUuFeERReU74U+XKPLAel9y8tfYKH9s
w6q4qWchP88rlwtPrcHM7F5T8k4VR0a+m/orcRPEEjCLXGLBAS4a6v38v79wCkN0
fVbqJnmsgTenGY2KoqM/oTXErmjJDRo+IHNMf/Wv1TG1
-----END CERTIFICATE-----