Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/042339-d03c-4636-9ec9-163222a719b5/1/nJtwSC-OZ-Smz_sZfs-hc-m0EuQ.roa
File:                     nJtwSC-OZ-Smz_sZfs-hc-m0EuQ.roa (raw, json)
Hash identifier:          TPYZpfCIEtspSFBIUZCXhe4Sd3FAryoOqoR+gBeCscc=
Subject key identifier:   9C:9B:70:48:2F:8E:67:E4:A6:CF:FB:19:7E:CF:A1:73:E9:B4:12:E4
Certificate issuer:       /CN=a9bda18fefb00e7e9c54733019c762bb2eb3a33c
Certificate serial:       01942143BD214BCC1232D3D7C23764CEAA65
Authority key identifier: A9:BD:A1:8F:EF:B0:0E:7E:9C:54:73:30:19:C7:62:BB:2E:B3:A3:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qb2hj--wDn6cVHMwGcdiuy6zozw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/042339-d03c-4636-9ec9-163222a719b5/1/nJtwSC-OZ-Smz_sZfs-hc-m0EuQ.roa
Signing time:             Wed 01 Jan 2025 09:47:54 +0000
ROA not before:           Wed 01 Jan 2025 09:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43268
IP address blocks:        185.239.152.0/22 maxlen: 22
                          185.239.152.0/24 maxlen: 24
                          185.239.153.0/24 maxlen: 24
                          185.239.154.0/24 maxlen: 24
                          185.239.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/042339-d03c-4636-9ec9-163222a719b5/1/qb2hj--wDn6cVHMwGcdiuy6zozw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/042339-d03c-4636-9ec9-163222a719b5/1/qb2hj--wDn6cVHMwGcdiuy6zozw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qb2hj--wDn6cVHMwGcdiuy6zozw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:bd:21:4b:cc:12:32:d3:d7:c2:37:64:ce:aa:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9bda18fefb00e7e9c54733019c762bb2eb3a33c
        Validity
            Not Before: Jan  1 09:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c9b70482f8e67e4a6cffb197ecfa173e9b412e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cb:28:00:b6:fe:5a:a3:8e:2f:aa:d8:a6:75:
                    0f:ae:c4:91:8d:00:cf:42:63:dc:80:e1:3c:ad:bd:
                    b7:52:6c:81:4f:8b:aa:b0:67:b4:de:9f:85:05:53:
                    26:b9:b5:a2:39:d8:0a:88:e4:46:a9:af:da:29:84:
                    f5:75:62:e7:ff:45:bb:70:5d:97:21:dc:4d:ab:4b:
                    6f:3e:77:50:f6:46:3d:18:80:84:e5:7b:e5:4d:a9:
                    40:4e:34:92:66:e5:eb:49:72:f8:c3:7b:65:a3:09:
                    35:ad:05:8b:02:21:53:f2:8e:db:e9:44:79:5f:b4:
                    e1:33:6d:07:f6:62:2d:c3:06:21:e4:78:92:0c:3c:
                    82:53:e3:03:07:89:b6:c8:7c:be:04:ef:0a:3a:cd:
                    58:d1:2a:9e:a4:f3:b0:e4:b3:cc:ab:6d:69:b1:53:
                    e2:19:eb:43:fa:29:06:13:3f:43:04:c9:d2:61:c0:
                    65:81:b0:ab:7e:bc:6f:07:4e:fb:a9:28:80:c6:a6:
                    34:d9:97:80:21:c0:0c:5d:e4:9e:e2:f0:c4:94:49:
                    46:c2:aa:74:67:dc:3b:34:21:e8:bb:68:18:4e:0f:
                    02:93:ac:f7:aa:8d:39:ae:28:e4:88:b4:e6:28:42:
                    7c:99:0d:17:43:c6:4b:b5:0a:12:6b:59:2d:f2:83:
                    59:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:9B:70:48:2F:8E:67:E4:A6:CF:FB:19:7E:CF:A1:73:E9:B4:12:E4
            X509v3 Authority Key Identifier:
                keyid:A9:BD:A1:8F:EF:B0:0E:7E:9C:54:73:30:19:C7:62:BB:2E:B3:A3:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qb2hj--wDn6cVHMwGcdiuy6zozw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/042339-d03c-4636-9ec9-163222a719b5/1/nJtwSC-OZ-Smz_sZfs-hc-m0EuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/042339-d03c-4636-9ec9-163222a719b5/1/qb2hj--wDn6cVHMwGcdiuy6zozw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:64:d5:90:dd:00:40:8a:79:8f:bd:99:68:0f:f2:15:40:b2:
         ba:4b:36:48:74:b3:4c:57:18:ee:25:37:e7:54:1f:5d:e5:f3:
         aa:e2:c9:d9:cd:1b:c6:ff:15:ca:f5:85:18:5f:bc:17:2d:46:
         7a:8f:34:41:30:4f:a2:bc:72:4f:88:c5:93:5c:c1:64:aa:22:
         9e:f3:a1:c6:c4:a7:99:d5:cc:9f:4c:65:fb:c9:f4:48:54:f0:
         e4:1a:f1:18:5f:f3:e8:9f:33:4c:e0:21:b0:cf:40:43:2d:f6:
         69:1c:58:77:08:4e:2b:fa:c9:30:56:cc:10:a4:6c:6b:f2:7a:
         37:ea:3a:2b:21:b4:19:28:31:cc:f1:c1:9a:0d:44:a5:90:c4:
         98:09:83:9d:e2:da:e2:52:83:50:dd:e3:02:1d:a1:4c:87:b8:
         7a:7b:b4:be:69:b4:86:44:fc:72:40:b6:3a:13:13:cf:a9:9a:
         f2:5a:6e:55:70:b7:01:69:49:20:f2:d8:9e:c3:49:30:a5:ab:
         fb:3e:7f:7c:44:4f:89:be:0c:2c:a5:11:e0:ab:9a:28:83:f4:
         15:fa:34:27:51:bc:56:d2:02:e4:a3:40:1a:86:ec:ec:a5:b1:
         df:6e:06:9e:33:6b:95:a1:97:de:8e:5f:6b:e2:de:32:69:f7:
         ea:8a:81:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ70hS8wSMtPXwjdkzqplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YmRhMThmZWZiMDBlN2U5YzU0NzMzMDE5Yzc2MmJiMmVi
M2EzM2MwHhcNMjUwMTAxMDk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzliNzA0ODJmOGU2N2U0YTZjZmZiMTk3ZWNmYTE3M2U5YjQxMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMsoALb+WqOOL6rYpnUPrsSRjQDP
QmPcgOE8rb23UmyBT4uqsGe03p+FBVMmubWiOdgKiORGqa/aKYT1dWLn/0W7cF2X
IdxNq0tvPndQ9kY9GICE5XvlTalATjSSZuXrSXL4w3tlowk1rQWLAiFT8o7b6UR5
X7ThM20H9mItwwYh5HiSDDyCU+MDB4m2yHy+BO8KOs1Y0SqepPOw5LPMq21psVPi
GetD+ikGEz9DBMnSYcBlgbCrfrxvB077qSiAxqY02ZeAIcAMXeSe4vDElElGwqp0
Z9w7NCHou2gYTg8Ck6z3qo05rijkiLTmKEJ8mQ0XQ8ZLtQoSa1kt8oNZ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJybcEgvjmfkps/7GX7PoXPptBLkMB8GA1UdIwQY
MBaAFKm9oY/vsA5+nFRzMBnHYrsus6M8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWIyaGotLXdEbjZjVkhNd0djZGl1eTZ6b3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8wNDIzMzktZDAzYy00NjM2LTllYzkt
MTYzMjIyYTcxOWI1LzEvbkp0d1NDLU9aLVNtel9zWmZzLWhjLW0wRXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8wNDIzMzktZDAzYy00NjM2LTllYzktMTYzMjIyYTcxOWI1
LzEvcWIyaGotLXdEbjZjVkhNd0djZGl1eTZ6b3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue+YMA0G
CSqGSIb3DQEBCwUAA4IBAQBOZNWQ3QBAinmPvZloD/IVQLK6SzZIdLNMVxjuJTfn
VB9d5fOq4snZzRvG/xXK9YUYX7wXLUZ6jzRBME+ivHJPiMWTXMFkqiKe86HGxKeZ
1cyfTGX7yfRIVPDkGvEYX/PonzNM4CGwz0BDLfZpHFh3CE4r+skwVswQpGxr8no3
6jorIbQZKDHM8cGaDUSlkMSYCYOd4triUoNQ3eMCHaFMh7h6e7S+abSGRPxyQLY6
ExPPqZryWm5VcLcBaUkg8tiew0kwpav7Pn98RE+JvgwspRHgq5oog/QV+jQnUbxW
0gLko0AahuzspbHfbgaeM2uVoZfejl9r4t4yaffqioET
-----END CERTIFICATE-----