Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/NtKyDgbGesEe8awF15SqP0_3q5E.roa
File:                     NtKyDgbGesEe8awF15SqP0_3q5E.roa (raw, json)
Hash identifier:          5/QwTKhvWnKsc5Bc5M0m9rQLZKRH4InU93sknSCwHzs=
Subject key identifier:   36:D2:B2:0E:06:C6:7A:C1:1E:F1:AC:05:D7:94:AA:3F:4F:F7:AB:91
Certificate issuer:       /CN=3c2c854011140a10947da7b53bbb350f3c54b33e
Certificate serial:       019425220FE5A93A7C2B4493A66DB7BBCCEE
Authority key identifier: 3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/NtKyDgbGesEe8awF15SqP0_3q5E.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205873
IP address blocks:        193.35.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0f:e5:a9:3a:7c:2b:44:93:a6:6d:b7:bb:cc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c2c854011140a10947da7b53bbb350f3c54b33e
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36d2b20e06c67ac11ef1ac05d794aa3f4ff7ab91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7d:59:2e:2a:f3:c2:48:d1:8f:10:0b:93:77:
                    56:f1:b1:a3:3c:d3:24:6c:8d:d3:cb:f9:6c:c0:01:
                    5c:53:52:8d:52:0d:df:06:b0:35:8d:98:34:9a:26:
                    22:9c:70:b8:b6:b6:da:17:7a:f5:65:72:c1:7f:43:
                    6c:20:46:50:e9:fb:36:5b:15:fe:eb:45:27:9e:81:
                    92:43:32:1f:f5:76:0b:49:a2:a5:49:2d:fa:92:8b:
                    94:1a:ca:8c:ab:25:1b:d1:ff:70:c4:96:b3:fc:17:
                    b7:06:10:a1:9a:91:d7:2b:cc:fb:92:49:5d:c3:61:
                    3b:a3:7c:c5:46:05:4b:89:b5:45:f1:14:64:f0:58:
                    40:ec:7f:a2:2c:55:0d:c4:84:66:75:5d:a3:2a:a4:
                    46:4c:f9:3e:39:0a:ec:19:45:28:ae:a7:8b:1d:9a:
                    d1:29:aa:40:81:b5:3e:ae:ed:68:f5:c5:73:98:48:
                    03:ea:4d:44:e3:cc:59:4f:f8:e0:c3:05:70:c8:88:
                    f3:7f:f8:e7:0f:10:27:16:de:fb:bc:f7:10:9d:ac:
                    fc:43:d9:62:05:55:39:ac:c5:9e:9e:11:8d:f2:cc:
                    cf:3b:84:95:a7:9d:25:dc:29:40:15:ff:08:09:d3:
                    cd:62:e2:8b:c2:e5:4b:32:8c:c5:bb:70:7f:17:bb:
                    6c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:D2:B2:0E:06:C6:7A:C1:1E:F1:AC:05:D7:94:AA:3F:4F:F7:AB:91
            X509v3 Authority Key Identifier:
                keyid:3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/NtKyDgbGesEe8awF15SqP0_3q5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:01:f5:52:76:4e:c1:80:5f:db:fe:68:d5:d3:50:3c:50:2a:
         13:95:c1:ac:66:3b:9b:7c:93:20:99:5a:2c:72:3d:48:05:b6:
         66:b0:a6:cd:3f:d4:74:5f:6e:5c:56:7a:b3:6e:cf:22:02:91:
         d3:32:5d:90:b2:fd:0a:d2:e0:5b:80:83:9a:a8:c6:ea:4c:dd:
         77:69:5e:9a:5e:10:24:a0:85:d7:28:48:95:e3:f3:e6:67:c5:
         62:1e:92:54:6e:55:c4:d7:3f:e1:b9:8c:a5:df:61:66:4b:f5:
         11:1f:b9:3b:92:bd:0e:e9:c6:1d:87:3a:a4:9a:da:27:6a:11:
         13:03:87:48:d7:16:87:6b:53:96:86:c6:94:5f:4a:bb:03:23:
         6a:c4:fc:1a:db:35:41:59:41:cf:56:25:f8:32:3c:99:05:74:
         e6:59:35:b0:b0:b8:f4:84:49:e0:67:b2:9a:7d:bd:b3:9f:7b:
         75:53:3e:dc:e1:8c:c7:87:1a:64:82:76:c4:0d:b2:b0:64:3a:
         c9:0e:f8:8f:78:6f:79:40:88:ac:27:ab:4f:c4:5a:33:46:3a:
         af:75:4d:60:26:01:5d:2d:26:77:0e:7b:56:de:3f:34:1e:14:
         5c:a7:f8:ed:c7:86:4b:85:2f:71:b6:48:10:bd:7f:bd:bf:03:
         22:83:b7:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIg/lqTp8K0STpm23u8zuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMmM4NTQwMTExNDBhMTA5NDdkYTdiNTNiYmIzNTBmM2M1
NGIzM2UwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmQyYjIwZTA2YzY3YWMxMWVmMWFjMDVkNzk0YWEzZjRmZjdhYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX1ZLirzwkjRjxALk3dW8bGjPNMk
bI3Ty/lswAFcU1KNUg3fBrA1jZg0miYinHC4trbaF3r1ZXLBf0NsIEZQ6fs2WxX+
60UnnoGSQzIf9XYLSaKlSS36kouUGsqMqyUb0f9wxJaz/Be3BhChmpHXK8z7kkld
w2E7o3zFRgVLibVF8RRk8FhA7H+iLFUNxIRmdV2jKqRGTPk+OQrsGUUorqeLHZrR
KapAgbU+ru1o9cVzmEgD6k1E48xZT/jgwwVwyIjzf/jnDxAnFt77vPcQnaz8Q9li
BVU5rMWenhGN8szPO4SVp50l3ClAFf8ICdPNYuKLwuVLMozFu3B/F7ts2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbSsg4GxnrBHvGsBdeUqj9P96uRMB8GA1UdIwQY
MBaAFDwshUARFAoQlH2ntTu7NQ88VLM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYt
YjViYmQwYjVlMGFhLzEvTnRLeURnYkdlc0VlOGF3RjE1U3FQMF8zcTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYtYjViYmQwYjVlMGFh
LzEvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSM9MA0G
CSqGSIb3DQEBCwUAA4IBAQAEAfVSdk7BgF/b/mjV01A8UCoTlcGsZjubfJMgmVos
cj1IBbZmsKbNP9R0X25cVnqzbs8iApHTMl2Qsv0K0uBbgIOaqMbqTN13aV6aXhAk
oIXXKEiV4/PmZ8ViHpJUblXE1z/huYyl32FmS/URH7k7kr0O6cYdhzqkmtonahET
A4dI1xaHa1OWhsaUX0q7AyNqxPwa2zVBWUHPViX4MjyZBXTmWTWwsLj0hEngZ7Ka
fb2zn3t1Uz7c4YzHhxpkgnbEDbKwZDrJDviPeG95QIisJ6tPxFozRjqvdU1gJgFd
LSZ3DntW3j80HhRcp/jtx4ZLhS9xtkgQvX+9vwMig7fo
-----END CERTIFICATE-----