Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c213d4-3e4a-49e6-9b1f-ca6a1cc81a22/1/nTuk9GI5GZL6GaqD8YI_VNHNwd0.roa
File:                     nTuk9GI5GZL6GaqD8YI_VNHNwd0.roa (raw, json)
Hash identifier:          rxSabvmVUQAupTJLHZRfhiqBX7/10LGXXrYJdZo74MU=
Subject key identifier:   9D:3B:A4:F4:62:39:19:92:FA:19:AA:83:F1:82:3F:54:D1:CD:C1:DD
Certificate issuer:       /CN=d982791736cdddd1328d0dd0decae92c058d6f25
Certificate serial:       0194B3261B32AB6B469EBBE7BE8C2C6AF7BE
Authority key identifier: D9:82:79:17:36:CD:DD:D1:32:8D:0D:D0:DE:CA:E9:2C:05:8D:6F:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJ5FzbN3dEyjQ3Q3srpLAWNbyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c213d4-3e4a-49e6-9b1f-ca6a1cc81a22/1/nTuk9GI5GZL6GaqD8YI_VNHNwd0.roa
Signing time:             Wed 29 Jan 2025 17:40:06 +0000
ROA not before:           Wed 29 Jan 2025 17:40:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206389
IP address blocks:        185.173.216.0/22 maxlen: 22
                          185.173.216.0/24 maxlen: 24
                          185.173.217.0/24 maxlen: 24
                          185.173.218.0/24 maxlen: 24
                          185.173.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c213d4-3e4a-49e6-9b1f-ca6a1cc81a22/1/2YJ5FzbN3dEyjQ3Q3srpLAWNbyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c213d4-3e4a-49e6-9b1f-ca6a1cc81a22/1/2YJ5FzbN3dEyjQ3Q3srpLAWNbyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJ5FzbN3dEyjQ3Q3srpLAWNbyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b3:26:1b:32:ab:6b:46:9e:bb:e7:be:8c:2c:6a:f7:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d982791736cdddd1328d0dd0decae92c058d6f25
        Validity
            Not Before: Jan 29 17:40:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d3ba4f462391992fa19aa83f1823f54d1cdc1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:84:13:54:c2:0d:fd:5b:63:b5:49:95:60:
                    ec:92:ca:f6:5b:5f:bc:ac:92:99:d8:96:29:70:92:
                    da:e9:00:30:57:25:e9:d3:6d:5b:91:1b:06:04:a2:
                    9a:01:51:9b:cf:5a:0a:c8:92:7a:9c:23:5e:1a:fe:
                    78:e3:18:85:5b:0e:11:3e:b1:0b:73:75:a3:24:7c:
                    4a:47:67:8c:ff:44:c4:e7:19:fc:af:2e:34:4a:a0:
                    8f:da:2a:4b:5a:c8:42:30:6b:49:06:3c:a5:5e:55:
                    59:81:3d:ab:f1:c3:c2:40:2a:f3:20:0a:6d:dd:fd:
                    d6:80:b2:f0:de:4c:75:56:aa:f4:16:79:4f:35:63:
                    44:db:2b:54:85:16:97:06:1b:d6:0e:f9:35:9b:38:
                    1a:97:5c:95:16:b2:41:39:99:19:b8:50:c8:60:45:
                    ce:58:d9:94:dc:1e:1e:52:29:ce:52:5e:7d:ac:1e:
                    66:07:73:2e:3a:f1:02:a8:aa:4f:5b:43:26:f5:ef:
                    f4:77:4d:11:98:ee:92:bb:a4:e8:c9:dc:85:23:32:
                    d4:a7:d5:56:20:5d:eb:3e:8e:30:12:ef:dd:6e:ba:
                    fa:7c:27:47:c7:e1:ba:ef:1d:81:18:ed:60:a3:38:
                    f4:8e:46:e2:d4:00:0e:fc:07:54:c8:b4:6c:a2:df:
                    ed:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3B:A4:F4:62:39:19:92:FA:19:AA:83:F1:82:3F:54:D1:CD:C1:DD
            X509v3 Authority Key Identifier:
                keyid:D9:82:79:17:36:CD:DD:D1:32:8D:0D:D0:DE:CA:E9:2C:05:8D:6F:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJ5FzbN3dEyjQ3Q3srpLAWNbyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c213d4-3e4a-49e6-9b1f-ca6a1cc81a22/1/nTuk9GI5GZL6GaqD8YI_VNHNwd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c213d4-3e4a-49e6-9b1f-ca6a1cc81a22/1/2YJ5FzbN3dEyjQ3Q3srpLAWNbyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:35:64:a2:e5:2f:97:14:be:47:7a:d4:a6:b0:42:e6:22:2d:
         29:b3:cd:1c:0b:aa:2d:b2:5d:0d:b4:bf:21:e2:34:da:50:b9:
         0e:06:13:26:e0:a7:57:90:81:24:96:90:3e:8b:3e:ca:60:33:
         fb:9c:b6:43:f8:ef:69:f1:ee:b7:5c:f4:e5:7d:46:45:c5:21:
         a3:99:d8:40:dd:fa:9c:9e:d0:c4:fd:48:81:3f:d8:08:38:4f:
         49:9e:ae:f9:d6:31:6d:de:f7:9c:20:ff:2e:9b:e6:52:fb:d4:
         26:2e:80:cd:85:e4:a3:88:54:83:ca:3a:51:4b:95:49:31:ca:
         51:46:9e:e7:32:cf:56:5d:f6:99:ce:15:0f:62:52:32:bf:76:
         ad:25:96:ea:40:58:ae:a5:77:85:5a:61:2d:8c:86:46:a2:81:
         36:14:af:9d:54:e1:1f:88:0d:68:fc:96:d5:8c:21:58:6d:44:
         6f:99:79:48:08:33:b9:50:1f:fe:a1:8a:87:05:92:5b:3d:18:
         12:15:09:b9:93:1e:53:41:8a:45:19:a9:ae:89:66:14:8a:c5:
         42:9a:be:f7:c6:6c:db:47:f0:ee:f2:fe:b6:7f:7e:c9:68:4e:
         55:23:97:a4:5b:8c:09:85:87:ee:94:fb:b6:3f:67:14:70:55:
         22:a4:95:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSzJhsyq2tGnrvnvowsave+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI3OTE3MzZjZGRkZDEzMjhkMGRkMGRlY2FlOTJjMDU4
ZDZmMjUwHhcNMjUwMTI5MTc0MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNiYTRmNDYyMzkxOTkyZmExOWFhODNmMTgyM2Y1NGQxY2RjMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SEE1TCDf1bY7VJlWDsksr2W1+8
rJKZ2JYpcJLa6QAwVyXp021bkRsGBKKaAVGbz1oKyJJ6nCNeGv544xiFWw4RPrEL
c3WjJHxKR2eM/0TE5xn8ry40SqCP2ipLWshCMGtJBjylXlVZgT2r8cPCQCrzIApt
3f3WgLLw3kx1Vqr0FnlPNWNE2ytUhRaXBhvWDvk1mzgal1yVFrJBOZkZuFDIYEXO
WNmU3B4eUinOUl59rB5mB3MuOvECqKpPW0Mm9e/0d00RmO6Su6ToydyFIzLUp9VW
IF3rPo4wEu/dbrr6fCdHx+G67x2BGO1gozj0jkbi1AAO/AdUyLRsot/tawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ07pPRiORmS+hmqg/GCP1TRzcHdMB8GA1UdIwQY
MBaAFNmCeRc2zd3RMo0N0N7K6SwFjW8lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKNUZ6Yk4zZEV5alEzUTNzcnBMQVdOYnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jMjEzZDQtM2U0YS00OWU2LTliMWYt
Y2E2YTFjYzgxYTIyLzEvblR1azlHSTVHWkw2R2FxRDhZSV9WTkhOd2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jMjEzZDQtM2U0YS00OWU2LTliMWYtY2E2YTFjYzgxYTIy
LzEvMllKNUZ6Yk4zZEV5alEzUTNzcnBMQVdOYnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua3YMA0G
CSqGSIb3DQEBCwUAA4IBAQAmNWSi5S+XFL5HetSmsELmIi0ps80cC6otsl0NtL8h
4jTaULkOBhMm4KdXkIEklpA+iz7KYDP7nLZD+O9p8e63XPTlfUZFxSGjmdhA3fqc
ntDE/UiBP9gIOE9Jnq751jFt3vecIP8um+ZS+9QmLoDNheSjiFSDyjpRS5VJMcpR
Rp7nMs9WXfaZzhUPYlIyv3atJZbqQFiupXeFWmEtjIZGooE2FK+dVOEfiA1o/JbV
jCFYbURvmXlICDO5UB/+oYqHBZJbPRgSFQm5kx5TQYpFGamuiWYUisVCmr73xmzb
R/Du8v62f37JaE5VI5ekW4wJhYfulPu2P2cUcFUipJX4
-----END CERTIFICATE-----