Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/252718-8025-43c3-b871-7fd9adf08030/1/N9zcYe5ReKGYCwNwcNWVqIdGiS0.roa
File:                     N9zcYe5ReKGYCwNwcNWVqIdGiS0.roa (raw, json)
Hash identifier:          VpzrJQRuZQfy5BAF/SwMEyOY3wzqdR1C+GvTYF7gE24=
Subject key identifier:   37:DC:DC:61:EE:51:78:A1:98:0B:03:70:70:D5:95:A8:87:46:89:2D
Certificate issuer:       /CN=122a541caf138341bd32798940de206052910341
Certificate serial:       019420D633659F6BA3D6F435A6276FD6F6F7
Authority key identifier: 12:2A:54:1C:AF:13:83:41:BD:32:79:89:40:DE:20:60:52:91:03:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EipUHK8Tg0G9MnmJQN4gYFKRA0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/252718-8025-43c3-b871-7fd9adf08030/1/N9zcYe5ReKGYCwNwcNWVqIdGiS0.roa
Signing time:             Wed 01 Jan 2025 07:48:16 +0000
ROA not before:           Wed 01 Jan 2025 07:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48508
IP address blocks:        195.162.22.0/23 maxlen: 23
                          195.162.22.0/24 maxlen: 24
                          195.162.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/252718-8025-43c3-b871-7fd9adf08030/1/EipUHK8Tg0G9MnmJQN4gYFKRA0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/252718-8025-43c3-b871-7fd9adf08030/1/EipUHK8Tg0G9MnmJQN4gYFKRA0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EipUHK8Tg0G9MnmJQN4gYFKRA0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:33:65:9f:6b:a3:d6:f4:35:a6:27:6f:d6:f6:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a541caf138341bd32798940de206052910341
        Validity
            Not Before: Jan  1 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37dcdc61ee5178a1980b037070d595a88746892d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:98:88:47:7d:07:2a:48:b7:bd:50:66:c4:03:
                    78:b4:32:cc:d0:9a:4a:59:7d:3e:96:5b:d5:4e:58:
                    f2:96:1b:03:c9:2f:fb:d0:e6:09:1e:a4:10:76:3b:
                    2c:ce:d0:43:4e:53:1b:0d:3c:19:1a:6a:d2:42:a1:
                    25:af:a0:0f:e3:ff:cd:21:38:d0:b3:2d:aa:cf:ba:
                    7b:67:1d:b6:30:85:54:7b:df:9d:58:0e:fc:49:83:
                    c6:4d:62:7b:04:51:7d:96:7c:93:87:12:af:fd:41:
                    30:a4:da:93:2d:32:0f:66:85:99:6c:88:e5:f5:08:
                    1c:5f:9c:4e:4c:f3:a8:20:e5:c5:55:ee:4c:d0:a0:
                    4c:68:df:3d:ae:21:8f:3d:b5:5e:3b:f3:08:96:0a:
                    cc:9d:42:10:32:58:95:35:b0:b0:44:51:ad:61:3f:
                    40:d6:a0:fc:75:6b:d9:9b:f7:59:4a:4b:23:c9:32:
                    27:b2:2a:9c:e3:60:ef:1d:f3:76:65:75:c4:7b:5c:
                    ab:0f:f8:05:70:97:f3:14:90:5d:68:46:fd:78:74:
                    8d:49:2f:08:bf:1a:73:b6:be:09:5d:5b:a4:09:ed:
                    b8:d8:bc:a6:6e:fe:44:2e:67:6c:06:88:c9:eb:59:
                    87:e4:d5:55:85:f8:6c:f7:e1:c1:8e:d4:9b:ee:df:
                    69:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DC:DC:61:EE:51:78:A1:98:0B:03:70:70:D5:95:A8:87:46:89:2D
            X509v3 Authority Key Identifier:
                keyid:12:2A:54:1C:AF:13:83:41:BD:32:79:89:40:DE:20:60:52:91:03:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EipUHK8Tg0G9MnmJQN4gYFKRA0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/252718-8025-43c3-b871-7fd9adf08030/1/N9zcYe5ReKGYCwNwcNWVqIdGiS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/252718-8025-43c3-b871-7fd9adf08030/1/EipUHK8Tg0G9MnmJQN4gYFKRA0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:07:50:51:f1:54:61:fa:5d:f8:9a:ef:65:81:ba:5d:a5:9b:
         23:d0:ae:d2:b1:16:2a:cf:da:21:f2:cd:75:ae:e6:9d:b8:ec:
         25:fe:20:55:4b:36:31:1a:64:30:04:e8:88:2d:d3:57:40:2d:
         ac:19:7f:f7:f7:79:f7:9e:51:a1:8e:a5:41:b8:92:12:42:29:
         2f:e3:38:3d:c7:33:17:0b:21:a0:86:8a:58:c9:ff:c4:11:de:
         2c:c7:1a:cc:be:dd:82:d6:48:7c:eb:c2:5b:05:85:8f:45:94:
         85:84:dc:af:c4:72:a3:bc:23:89:8e:a1:17:a5:23:76:a7:28:
         34:42:59:23:cb:fd:17:e6:50:3c:c8:d4:68:46:d3:99:d8:89:
         29:97:aa:ff:bc:da:d3:1b:77:c9:5f:e5:2c:48:02:c4:d3:0b:
         80:5f:10:a9:ef:8b:c7:2a:f1:6a:47:ab:e7:4c:62:50:b4:2c:
         39:bf:4a:f1:95:4b:c6:ea:41:d5:28:b7:93:89:e7:8f:04:87:
         c2:6c:83:fa:b0:64:04:30:7f:a4:b4:cf:46:b6:5f:b6:9f:fb:
         3c:89:0f:b8:62:03:60:1d:2b:61:1c:53:0c:82:43:a9:a5:19:
         8a:8a:63:f1:d3:17:fc:5d:71:5e:df:8b:ef:27:9e:99:d5:54:
         0b:2f:6d:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1jNln2uj1vQ1pidv1vb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE1NDFjYWYxMzgzNDFiZDMyNzk4OTQwZGUyMDYwNTI5
MTAzNDEwHhcNMjUwMTAxMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RjZGM2MWVlNTE3OGExOTgwYjAzNzA3MGQ1OTVhODg3NDY4OTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJiIR30HKki3vVBmxAN4tDLM0JpK
WX0+llvVTljylhsDyS/70OYJHqQQdjssztBDTlMbDTwZGmrSQqElr6AP4//NITjQ
sy2qz7p7Zx22MIVUe9+dWA78SYPGTWJ7BFF9lnyThxKv/UEwpNqTLTIPZoWZbIjl
9QgcX5xOTPOoIOXFVe5M0KBMaN89riGPPbVeO/MIlgrMnUIQMliVNbCwRFGtYT9A
1qD8dWvZm/dZSksjyTInsiqc42DvHfN2ZXXEe1yrD/gFcJfzFJBdaEb9eHSNSS8I
vxpztr4JXVukCe242Lymbv5ELmdsBojJ61mH5NVVhfhs9+HBjtSb7t9pWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfc3GHuUXihmAsDcHDVlaiHRoktMB8GA1UdIwQY
MBaAFBIqVByvE4NBvTJ5iUDeIGBSkQNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwVUhLOFRnMEc5TW5tSlFONGdZRktSQTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8yNTI3MTgtODAyNS00M2MzLWI4NzEt
N2ZkOWFkZjA4MDMwLzEvTjl6Y1llNVJlS0dZQ3dOd2NOV1ZxSWRHaVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8yNTI3MTgtODAyNS00M2MzLWI4NzEtN2ZkOWFkZjA4MDMw
LzEvRWlwVUhLOFRnMEc5TW5tSlFONGdZRktSQTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6IWMA0G
CSqGSIb3DQEBCwUAA4IBAQA2B1BR8VRh+l34mu9lgbpdpZsj0K7SsRYqz9oh8s11
ruaduOwl/iBVSzYxGmQwBOiILdNXQC2sGX/393n3nlGhjqVBuJISQikv4zg9xzMX
CyGghopYyf/EEd4sxxrMvt2C1kh868JbBYWPRZSFhNyvxHKjvCOJjqEXpSN2pyg0
Qlkjy/0X5lA8yNRoRtOZ2Ikpl6r/vNrTG3fJX+UsSALE0wuAXxCp74vHKvFqR6vn
TGJQtCw5v0rxlUvG6kHVKLeTieePBIfCbIP6sGQEMH+ktM9Gtl+2n/s8iQ+4YgNg
HSthHFMMgkOppRmKimPx0xf8XXFe34vvJ56Z1VQLL21H
-----END CERTIFICATE-----