Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/NmG_HXr74xhss_g6667RcEUKRLI.roa
File:                     NmG_HXr74xhss_g6667RcEUKRLI.roa (raw, json)
Hash identifier:          w4iJzBXqF4+nBtbBp9H18XsHRW5050KpbO/LhdFePIo=
Subject key identifier:   36:61:BF:1D:7A:FB:E3:18:6C:B3:F8:3A:EB:AE:D1:70:45:0A:44:B2
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0194228DA923DF5EE099CADD561FB977B182
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/NmG_HXr74xhss_g6667RcEUKRLI.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60252
IP address blocks:        185.33.196.0/22 maxlen: 22
                          2a00:cfe0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a9:23:df:5e:e0:99:ca:dd:56:1f:b9:77:b1:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3661bf1d7afbe3186cb3f83aebaed170450a44b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cb:cc:cf:df:cd:73:0d:5f:98:73:a3:23:98:
                    3f:d2:21:92:a4:42:d1:9a:65:f2:df:a7:83:b3:bb:
                    ff:26:53:d7:3c:a8:20:97:22:80:4c:2d:eb:14:2a:
                    72:1b:5a:8a:15:e0:55:f5:27:c2:09:df:c4:49:bb:
                    be:a5:01:df:8a:fb:38:c1:c5:01:a6:93:79:9a:da:
                    ed:98:33:41:3d:0a:19:60:c2:32:ee:56:02:25:00:
                    69:e5:fb:e3:f7:c3:b7:a5:b7:0e:ed:10:97:89:57:
                    c9:be:29:0b:04:52:ba:83:0d:0a:fa:7b:b8:f1:54:
                    e6:10:b0:9b:79:95:9d:62:f8:8d:6a:b8:a2:e0:04:
                    f4:98:d8:db:1f:9d:92:b1:a2:1c:50:3e:da:b2:0a:
                    70:4c:4c:b3:ff:9a:96:a4:d1:c0:e0:56:5e:b3:c0:
                    21:4c:97:f5:7b:04:b2:4f:df:47:44:55:8f:49:32:
                    af:40:1e:d2:4c:b2:a6:30:f8:4f:d9:4b:66:d3:96:
                    99:25:a0:a1:af:b5:41:bb:e8:54:c3:0a:be:83:d7:
                    21:04:f0:b0:af:66:17:7e:74:04:96:41:64:eb:1a:
                    29:ef:ba:0e:91:39:f0:58:d9:9b:fd:ec:fb:b3:32:
                    3b:36:9f:79:b5:47:ea:c5:9b:5e:df:12:51:6e:1e:
                    7e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:61:BF:1D:7A:FB:E3:18:6C:B3:F8:3A:EB:AE:D1:70:45:0A:44:B2
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/NmG_HXr74xhss_g6667RcEUKRLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.196.0/22
                IPv6:
                  2a00:cfe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:1b:20:9c:6f:a8:d9:ab:1e:4e:f8:3b:94:77:ba:17:09:da:
         15:b5:eb:fb:27:0a:73:cd:bb:1f:66:c1:df:9a:e5:ec:7d:f1:
         fa:4b:70:93:cd:80:8d:5f:9e:f8:ee:50:c6:01:0b:bd:ab:f6:
         77:9b:32:f9:56:40:8c:c1:8e:3b:c5:68:46:8a:bd:e5:bc:e2:
         b7:41:82:03:b8:45:9c:87:4b:a1:75:c5:33:cd:23:6d:a5:bb:
         e3:3d:05:3e:37:52:78:81:e3:4e:6b:c5:f3:21:7e:49:e4:27:
         51:ff:bc:8d:46:54:c3:4f:95:7f:7d:e0:f2:bf:cd:89:ac:91:
         53:bd:0d:5c:03:09:92:c4:3a:b4:98:a5:01:cb:c9:7e:e0:ef:
         cd:4d:53:89:69:b5:80:f2:cb:bf:27:bd:c5:bb:79:97:03:1c:
         7a:e4:ca:2b:3d:f9:b6:7a:6c:7a:72:d9:13:6a:a3:46:5e:85:
         67:9e:a8:9e:45:aa:21:a6:f9:da:d8:78:b8:6a:1c:65:5a:ee:
         f7:1b:06:2c:a7:75:aa:25:2a:32:58:57:78:d7:f3:14:8d:91:
         6b:65:3d:39:b2:41:53:b7:73:57:d6:c0:ea:88:9a:72:3a:56:
         90:c2:5c:06:41:9f:1a:c8:d8:8f:07:50:03:6c:a8:96:34:dc:
         6c:8d:bd:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijakj317gmcrdVh+5d7GCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjYxYmYxZDdhZmJlMzE4NmNiM2Y4M2FlYmFlZDE3MDQ1MGE0NGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMvMz9/Ncw1fmHOjI5g/0iGSpELR
mmXy36eDs7v/JlPXPKgglyKATC3rFCpyG1qKFeBV9SfCCd/ESbu+pQHfivs4wcUB
ppN5mtrtmDNBPQoZYMIy7lYCJQBp5fvj98O3pbcO7RCXiVfJvikLBFK6gw0K+nu4
8VTmELCbeZWdYviNarii4AT0mNjbH52SsaIcUD7asgpwTEyz/5qWpNHA4FZes8Ah
TJf1ewSyT99HRFWPSTKvQB7STLKmMPhP2Utm05aZJaChr7VBu+hUwwq+g9chBPCw
r2YXfnQElkFk6xop77oOkTnwWNmb/ez7szI7Np95tUfqxZte3xJRbh5+GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDZhvx16++MYbLP4Ouuu0XBFCkSyMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvTm1HX0hYcjc0eGhzc19nNjY2N1JjRVVLUkxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSHEMA0E
AgACMAcDBQAqAM/gMA0GCSqGSIb3DQEBCwUAA4IBAQC0GyCcb6jZqx5O+DuUd7oX
CdoVtev7JwpzzbsfZsHfmuXsffH6S3CTzYCNX5747lDGAQu9q/Z3mzL5VkCMwY47
xWhGir3lvOK3QYIDuEWch0uhdcUzzSNtpbvjPQU+N1J4geNOa8XzIX5J5CdR/7yN
RlTDT5V/feDyv82JrJFTvQ1cAwmSxDq0mKUBy8l+4O/NTVOJabWA8su/J73Fu3mX
Axx65MorPfm2emx6ctkTaqNGXoVnnqieRaohpvna2Hi4ahxlWu73GwYsp3WqJSoy
WFd41/MUjZFrZT05skFTt3NX1sDqiJpyOlaQwlwGQZ8ayNiPB1ADbKiWNNxsjb1g
-----END CERTIFICATE-----