Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/AwF9Po4WusYXHbCN28Vi4N0vdXM.roa
File:                     AwF9Po4WusYXHbCN28Vi4N0vdXM.roa (raw, json)
Hash identifier:          BrxeSv8ZT8qhQ9aNAuI1FMulPWTfztWj80JkUewf8Ps=
Subject key identifier:   03:01:7D:3E:8E:16:BA:C6:17:1D:B0:8D:DB:C5:62:E0:DD:2F:75:73
Certificate issuer:       /CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
Certificate serial:       019427B696F20182B5E7C9CF0364261DD58B
Authority key identifier: 5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/AwF9Po4WusYXHbCN28Vi4N0vdXM.roa
Signing time:             Thu 02 Jan 2025 15:51:05 +0000
ROA not before:           Thu 02 Jan 2025 15:51:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197690
IP address blocks:        185.197.36.0/22 maxlen: 22
                          2a0a:75c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:96:f2:01:82:b5:e7:c9:cf:03:64:26:1d:d5:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
        Validity
            Not Before: Jan  2 15:51:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03017d3e8e16bac6171db08ddbc562e0dd2f7573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b3:8f:80:3f:69:b1:ba:36:ef:ac:f3:c9:96:
                    44:f9:88:9f:0f:12:a2:da:a8:a0:6d:ad:20:ed:bf:
                    af:12:22:f8:8b:5c:10:d8:c1:a8:63:f5:d7:98:99:
                    cb:a9:82:6a:7e:cd:73:70:72:e3:09:ce:dd:d8:03:
                    7a:a6:1b:67:12:5c:21:9c:fa:da:af:81:c5:96:2c:
                    d6:45:c8:cd:39:cd:68:1d:c9:09:ae:51:7d:17:8b:
                    8d:63:33:c2:58:2f:d1:fb:48:e6:0f:4f:c0:96:c2:
                    74:3e:ce:38:40:1b:76:dd:1f:ef:32:77:ce:71:4c:
                    c5:66:79:99:a2:d3:a2:ef:72:cb:e0:11:a2:42:06:
                    fc:45:07:e0:35:ab:3e:1b:2d:0f:5c:58:94:e6:aa:
                    9a:12:7a:2e:1c:f4:3c:38:e6:31:f6:a7:f3:c0:19:
                    71:34:c7:8c:9f:32:d3:21:5a:46:f2:b1:c1:68:a0:
                    13:0e:f7:c6:72:a6:a8:36:ee:b2:77:55:e1:77:99:
                    bb:71:b5:b7:d1:61:5e:19:0b:ec:6a:a9:bf:c2:ca:
                    53:b7:f2:0a:36:1b:f1:f3:6c:4e:47:72:ba:ee:3c:
                    53:8d:64:f6:24:8d:47:39:3d:6c:27:08:c8:04:fc:
                    bd:9c:d3:9a:4f:d1:19:25:67:1a:19:5b:93:22:9f:
                    8b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:01:7D:3E:8E:16:BA:C6:17:1D:B0:8D:DB:C5:62:E0:DD:2F:75:73
            X509v3 Authority Key Identifier:
                keyid:5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/AwF9Po4WusYXHbCN28Vi4N0vdXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.36.0/22
                IPv6:
                  2a0a:75c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:b4:f7:7b:26:ff:71:77:2c:43:34:8c:01:c6:27:02:8b:c0:
         e1:5d:b0:95:8a:3b:12:1c:cb:52:9c:7e:97:76:b1:45:0d:3e:
         56:6b:19:51:f0:b4:a0:3c:52:62:33:4c:da:0b:05:b1:88:ee:
         82:86:11:17:71:ef:66:a0:ab:75:ee:fe:df:a6:1b:99:fa:e3:
         47:04:6d:b2:9c:29:ed:de:a7:77:9c:98:21:69:fd:09:5a:3f:
         d2:6d:cd:0f:e3:02:25:73:44:a1:95:e4:bc:02:8c:97:7b:2d:
         70:c0:0e:f4:3a:b9:d3:9f:98:09:3b:21:c5:7c:06:10:04:9a:
         72:ff:62:d0:48:0c:0d:fc:27:3c:b1:e5:3e:f2:b3:e9:bf:73:
         f9:62:10:6f:1f:ac:44:5d:df:d2:8a:e6:62:68:1c:85:e6:83:
         71:60:34:d6:b2:59:fb:16:5e:0b:b9:3c:a5:97:e3:19:f0:c3:
         97:2f:f0:5b:f1:62:06:9c:a0:0d:c4:97:d3:20:58:91:8f:75:
         f8:d3:07:4f:93:fb:ff:9b:1c:da:57:94:05:d0:5b:4f:28:54:
         cd:2a:c2:0f:a8:82:a5:d7:12:0c:c8:35:0e:df:ed:ae:c9:bd:
         9a:f5:31:6f:61:04:ca:73:32:a5:63:8e:91:5f:fc:09:08:1d:
         99:94:1c:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntpbyAYK158nPA2QmHdWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDM5ZTFkZTE4NTE0YmFjMmY1YTIzOTEwZjhjN2Q0Njcy
YTBmZDgwHhcNMjUwMTAyMTU1MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzAxN2QzZThlMTZiYWM2MTcxZGIwOGRkYmM1NjJlMGRkMmY3NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7OPgD9psbo276zzyZZE+YifDxKi
2qigba0g7b+vEiL4i1wQ2MGoY/XXmJnLqYJqfs1zcHLjCc7d2AN6phtnElwhnPra
r4HFlizWRcjNOc1oHckJrlF9F4uNYzPCWC/R+0jmD0/AlsJ0Ps44QBt23R/vMnfO
cUzFZnmZotOi73LL4BGiQgb8RQfgNas+Gy0PXFiU5qqaEnouHPQ8OOYx9qfzwBlx
NMeMnzLTIVpG8rHBaKATDvfGcqaoNu6yd1Xhd5m7cbW30WFeGQvsaqm/wspTt/IK
Nhvx82xOR3K67jxTjWT2JI1HOT1sJwjIBPy9nNOaT9EZJWcaGVuTIp+LYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAMBfT6OFrrGFx2wjdvFYuDdL3VzMB8GA1UdIwQY
MBaAFF3Tnh3hhRS6wvWiORD4x9RnKg/YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMt
OWMyNmIwN2I3MThiLzEvQXdGOVBvNFd1c1lYSGJDTjI4Vmk0TjB2ZFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMtOWMyNmIwN2I3MThi
LzEvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucUkMA0E
AgACMAcDBQAqCnXAMA0GCSqGSIb3DQEBCwUAA4IBAQAjtPd7Jv9xdyxDNIwBxicC
i8DhXbCVijsSHMtSnH6XdrFFDT5WaxlR8LSgPFJiM0zaCwWxiO6ChhEXce9moKt1
7v7fphuZ+uNHBG2ynCnt3qd3nJghaf0JWj/Sbc0P4wIlc0ShleS8AoyXey1wwA70
OrnTn5gJOyHFfAYQBJpy/2LQSAwN/Cc8seU+8rPpv3P5YhBvH6xEXd/SiuZiaByF
5oNxYDTWsln7Fl4LuTyll+MZ8MOXL/Bb8WIGnKANxJfTIFiRj3X40wdPk/v/mxza
V5QF0FtPKFTNKsIPqIKl1xIMyDUO3+2uyb2a9TFvYQTKczKlY46RX/wJCB2ZlByN
-----END CERTIFICATE-----