Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/239a8e-90d8-43bd-90ed-3e34d00732a3/1/NJyfKGT7eHHPjQOAXKwVNKCjCYs.roa
File:                     NJyfKGT7eHHPjQOAXKwVNKCjCYs.roa (raw, json)
Hash identifier:          XDn/F11FiIWe6mjWs24N5BRlzAoQS5rK8vutFukkZcU=
Subject key identifier:   34:9C:9F:28:64:FB:78:71:CF:8D:03:80:5C:AC:15:34:A0:A3:09:8B
Certificate issuer:       /CN=3cb1cc975c218f16686b0841edfc309cca746a7b
Certificate serial:       01942067F5DCF0F4DFB806F5EC5789BEEF21
Authority key identifier: 3C:B1:CC:97:5C:21:8F:16:68:6B:08:41:ED:FC:30:9C:CA:74:6A:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PLHMl1whjxZoawhB7fwwnMp0ans.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/239a8e-90d8-43bd-90ed-3e34d00732a3/1/NJyfKGT7eHHPjQOAXKwVNKCjCYs.roa
Signing time:             Wed 01 Jan 2025 05:47:51 +0000
ROA not before:           Wed 01 Jan 2025 05:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198984
IP address blocks:        45.155.148.0/22 maxlen: 22
                          91.239.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/239a8e-90d8-43bd-90ed-3e34d00732a3/1/PLHMl1whjxZoawhB7fwwnMp0ans.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/239a8e-90d8-43bd-90ed-3e34d00732a3/1/PLHMl1whjxZoawhB7fwwnMp0ans.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PLHMl1whjxZoawhB7fwwnMp0ans.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 08:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f5:dc:f0:f4:df:b8:06:f5:ec:57:89:be:ef:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cb1cc975c218f16686b0841edfc309cca746a7b
        Validity
            Not Before: Jan  1 05:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=349c9f2864fb7871cf8d03805cac1534a0a3098b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:44:92:72:ef:49:a5:8b:bf:a2:aa:bb:92:02:
                    a3:5f:6b:b9:dc:4d:7b:80:aa:95:f9:99:7b:78:c0:
                    9c:bb:c2:39:4a:33:fb:6b:f1:a9:01:d3:0d:a3:05:
                    a7:1b:48:4b:6b:94:89:29:11:1a:4b:19:0b:e0:02:
                    b9:4c:0f:33:d5:6b:0a:71:ac:ad:fd:99:3e:88:26:
                    dd:2e:83:05:3a:f6:40:1b:7a:7a:7a:31:57:81:52:
                    0c:9e:f3:89:7f:ed:2f:0c:98:98:53:98:26:43:ea:
                    81:a6:f1:a7:e6:58:50:e9:f9:4c:71:51:e7:87:ed:
                    c7:ad:d3:2a:5b:a0:91:98:f1:be:7b:65:54:65:8d:
                    b7:60:aa:28:0a:05:47:ae:3c:b2:73:43:b7:84:1e:
                    b1:17:9a:b8:5a:ff:ad:0f:91:f8:47:97:f2:93:30:
                    21:4e:d1:e3:9a:36:d2:be:d0:21:e9:78:4a:d4:f3:
                    fb:cd:24:c2:5f:46:7f:46:69:3a:e2:51:f8:81:5b:
                    78:0a:3f:77:d4:52:97:06:48:2f:dd:3e:20:cb:33:
                    a0:58:69:6a:11:06:a0:3a:3a:1d:2b:45:63:50:3c:
                    bf:a6:aa:09:90:77:e0:e6:ae:77:64:a6:57:1a:03:
                    83:cd:27:9a:75:cb:13:2f:fc:30:94:91:e9:7d:a6:
                    dd:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:9C:9F:28:64:FB:78:71:CF:8D:03:80:5C:AC:15:34:A0:A3:09:8B
            X509v3 Authority Key Identifier:
                keyid:3C:B1:CC:97:5C:21:8F:16:68:6B:08:41:ED:FC:30:9C:CA:74:6A:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PLHMl1whjxZoawhB7fwwnMp0ans.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/239a8e-90d8-43bd-90ed-3e34d00732a3/1/NJyfKGT7eHHPjQOAXKwVNKCjCYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/239a8e-90d8-43bd-90ed-3e34d00732a3/1/PLHMl1whjxZoawhB7fwwnMp0ans.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.148.0/22
                  91.239.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:00:2f:3c:34:84:62:be:00:cd:49:5b:57:cf:6f:9f:24:e5:
         c6:63:75:7d:9b:b3:50:64:0e:5c:80:28:0f:08:e9:d2:a7:35:
         a9:26:c9:fd:6f:ac:c6:19:64:33:5b:5e:a9:68:ba:97:60:4e:
         6e:f0:5e:15:5a:06:c7:ed:a8:3f:19:00:a1:32:18:ec:e7:fb:
         50:e6:be:4a:98:49:07:4c:64:6c:0d:16:42:ef:5f:3e:c0:46:
         70:a0:45:9a:5c:34:c5:f6:ed:89:8a:83:5a:f1:97:23:88:f0:
         a3:84:3a:37:a6:6e:b1:bc:92:63:8f:be:2c:13:a2:69:d6:a8:
         07:98:58:3a:e1:00:42:a5:8a:c4:f4:f4:55:d4:c7:6c:6b:32:
         ce:6b:1d:f0:cf:f1:a4:2c:b1:11:13:e5:c2:82:fa:58:92:00:
         b9:f3:3c:b7:6b:42:0d:cf:f2:99:23:a2:cf:e7:f8:dd:ec:cb:
         f0:b7:db:b8:d4:34:67:ba:38:8e:f4:5f:53:cc:3d:da:77:d4:
         8f:f0:c9:22:04:79:70:af:ad:a3:5a:6a:4f:8d:05:99:40:10:
         6d:d8:f3:41:96:87:34:34:3a:10:d1:da:df:9b:1d:96:94:92:
         07:e5:14:f1:5e:d1:9a:5d:0b:cc:32:b3:c0:30:e8:81:db:80:
         93:41:42:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgZ/Xc8PTfuAb17FeJvu8hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYjFjYzk3NWMyMThmMTY2ODZiMDg0MWVkZmMzMDljY2E3
NDZhN2IwHhcNMjUwMTAxMDU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDljOWYyODY0ZmI3ODcxY2Y4ZDAzODA1Y2FjMTUzNGEwYTMwOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ESScu9JpYu/oqq7kgKjX2u53E17
gKqV+Zl7eMCcu8I5SjP7a/GpAdMNowWnG0hLa5SJKREaSxkL4AK5TA8z1WsKcayt
/Zk+iCbdLoMFOvZAG3p6ejFXgVIMnvOJf+0vDJiYU5gmQ+qBpvGn5lhQ6flMcVHn
h+3HrdMqW6CRmPG+e2VUZY23YKooCgVHrjyyc0O3hB6xF5q4Wv+tD5H4R5fykzAh
TtHjmjbSvtAh6XhK1PP7zSTCX0Z/Rmk64lH4gVt4Cj931FKXBkgv3T4gyzOgWGlq
EQagOjodK0VjUDy/pqoJkHfg5q53ZKZXGgODzSeadcsTL/wwlJHpfabdJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDScnyhk+3hxz40DgFysFTSgowmLMB8GA1UdIwQY
MBaAFDyxzJdcIY8WaGsIQe38MJzKdGp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUExITWwxd2hqeFpvYXdoQjdmd3duTXAwYW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8yMzlhOGUtOTBkOC00M2JkLTkwZWQt
M2UzNGQwMDczMmEzLzEvTkp5ZktHVDdlSEhQalFPQVhLd1ZOS0NqQ1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8yMzlhOGUtOTBkOC00M2JkLTkwZWQtM2UzNGQwMDczMmEz
LzEvUExITWwxd2hqeFpvYXdoQjdmd3duTXAwYW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZuUAwQC
W++YMA0GCSqGSIb3DQEBCwUAA4IBAQAOAC88NIRivgDNSVtXz2+fJOXGY3V9m7NQ
ZA5cgCgPCOnSpzWpJsn9b6zGGWQzW16paLqXYE5u8F4VWgbH7ag/GQChMhjs5/tQ
5r5KmEkHTGRsDRZC718+wEZwoEWaXDTF9u2JioNa8ZcjiPCjhDo3pm6xvJJjj74s
E6Jp1qgHmFg64QBCpYrE9PRV1MdsazLOax3wz/GkLLERE+XCgvpYkgC58zy3a0IN
z/KZI6LP5/jd7Mvwt9u41DRnujiO9F9TzD3ad9SP8MkiBHlwr62jWmpPjQWZQBBt
2PNBloc0NDoQ0drfmx2WlJIH5RTxXtGaXQvMMrPAMOiB24CTQUIy
-----END CERTIFICATE-----