Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/cewoho2AOnulAKHkgJPfFfaGNTs.roa
File:                     cewoho2AOnulAKHkgJPfFfaGNTs.roa (raw, json)
Hash identifier:          h6GQ0NWMY4P5SejGL0LHJGgldSFcjeMqktSbinLYCko=
Subject key identifier:   71:EC:28:86:8D:80:3A:7B:A5:00:A1:E4:80:93:DF:15:F6:86:35:3B
Certificate issuer:       /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial:       019425FDCD0D0A1B573689C124F638449F48
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/cewoho2AOnulAKHkgJPfFfaGNTs.roa
Signing time:             Thu 02 Jan 2025 07:49:37 +0000
ROA not before:           Thu 02 Jan 2025 07:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44125
IP address blocks:        185.149.196.0/24 maxlen: 24
                          185.149.197.0/24 maxlen: 24
                          185.149.198.0/24 maxlen: 24
                          185.149.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:cd:0d:0a:1b:57:36:89:c1:24:f6:38:44:9f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
        Validity
            Not Before: Jan  2 07:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71ec28868d803a7ba500a1e48093df15f686353b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:cc:61:c4:18:2a:dd:e3:a1:bf:be:f3:ad:39:
                    6b:49:c3:f3:11:41:bd:ae:45:81:93:81:2e:89:67:
                    6d:3a:8e:87:47:29:92:dd:39:79:da:44:81:3c:55:
                    4e:bb:33:3a:59:04:93:56:27:28:54:07:4a:80:49:
                    a5:8c:50:48:c6:79:4c:91:e6:b8:45:e7:23:84:67:
                    ec:81:54:c2:4a:6b:11:43:61:03:bf:10:61:aa:c1:
                    9c:d0:14:9e:23:06:ec:ee:c9:29:34:09:b7:05:b0:
                    af:91:4d:d0:bf:48:92:92:41:96:b9:64:61:1d:ba:
                    62:5c:37:b4:3e:7e:2d:c3:d6:70:5e:b0:c7:aa:6b:
                    89:71:88:f8:5c:7d:6f:7e:5d:d8:36:f6:85:38:b1:
                    a1:22:1e:2d:e0:3a:97:c5:54:70:0c:a8:cd:5d:e7:
                    a7:be:cb:a2:7d:21:26:70:b0:cd:25:db:44:c7:ad:
                    2c:63:e5:42:1f:b7:1f:ba:d8:24:64:23:88:b0:ff:
                    da:79:0b:8a:34:b7:d7:8c:df:18:47:f2:85:cc:be:
                    34:c9:84:ed:3e:7e:b7:ea:3c:f3:32:80:6d:30:da:
                    86:0b:8c:42:1d:9b:73:1a:41:c4:25:39:ff:dd:78:
                    d6:74:97:ee:37:6f:77:23:25:8d:39:d5:c4:00:09:
                    c1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:EC:28:86:8D:80:3A:7B:A5:00:A1:E4:80:93:DF:15:F6:86:35:3B
            X509v3 Authority Key Identifier:
                keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/cewoho2AOnulAKHkgJPfFfaGNTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:ee:b0:b0:e2:fc:91:f6:96:77:9e:b9:57:6c:db:f2:25:60:
         e6:ab:d9:25:30:0e:23:88:a3:05:6e:ee:a2:61:4e:05:23:a0:
         2f:a4:df:d6:24:6f:7e:41:29:55:87:a1:0c:2a:18:03:33:86:
         75:1a:57:89:c1:ba:b1:ec:21:3a:f6:8a:d1:d3:42:a8:77:6f:
         71:33:e7:7f:75:9d:f6:d9:de:d5:76:20:f1:d6:2c:de:88:05:
         25:fe:a7:1b:98:62:dc:87:8d:70:4d:23:c3:5c:31:1f:2a:a4:
         bb:86:ce:ee:53:ee:ed:b4:dd:ba:7d:7e:f0:d6:cd:6e:2e:0a:
         54:c1:61:eb:2f:e7:f4:f5:0e:f9:ad:01:9c:08:a1:9a:73:a7:
         15:0e:fe:13:0f:71:54:6c:9d:9e:47:b7:5c:67:74:c4:95:59:
         91:b8:14:b8:6a:ff:56:02:28:36:4f:5b:94:43:9c:6f:22:45:
         9e:f2:65:fa:c0:4c:38:3c:e7:ff:19:9f:c0:5f:76:28:42:d6:
         9e:2a:e8:62:fa:6b:fa:3a:ab:5f:46:1b:a6:5f:fc:4e:6a:bb:
         84:d5:d6:6b:ee:04:87:94:f6:b8:ee:f9:91:84:64:74:a4:00:
         c4:19:62:14:48:cb:f2:d1:12:9a:84:bf:64:b0:ee:78:07:da:
         29:11:ec:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/c0NChtXNonBJPY4RJ9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWVjMjg4NjhkODAzYTdiYTUwMGExZTQ4MDkzZGYxNWY2ODYzNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78xhxBgq3eOhv77zrTlrScPzEUG9
rkWBk4EuiWdtOo6HRymS3Tl52kSBPFVOuzM6WQSTVicoVAdKgEmljFBIxnlMkea4
RecjhGfsgVTCSmsRQ2EDvxBhqsGc0BSeIwbs7skpNAm3BbCvkU3Qv0iSkkGWuWRh
HbpiXDe0Pn4tw9ZwXrDHqmuJcYj4XH1vfl3YNvaFOLGhIh4t4DqXxVRwDKjNXeen
vsuifSEmcLDNJdtEx60sY+VCH7cfutgkZCOIsP/aeQuKNLfXjN8YR/KFzL40yYTt
Pn636jzzMoBtMNqGC4xCHZtzGkHEJTn/3XjWdJfuN293IyWNOdXEAAnBmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHsKIaNgDp7pQCh5ICT3xX2hjU7MB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvY2V3b2hvMkFPbnVsQUtIa2dKUGZGZmFHTlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAo7rCw4vyR9pZ3nrlXbNvyJWDmq9klMA4jiKMFbu6i
YU4FI6AvpN/WJG9+QSlVh6EMKhgDM4Z1GleJwbqx7CE69orR00Kod29xM+d/dZ32
2d7VdiDx1izeiAUl/qcbmGLch41wTSPDXDEfKqS7hs7uU+7ttN26fX7w1s1uLgpU
wWHrL+f09Q75rQGcCKGac6cVDv4TD3FUbJ2eR7dcZ3TElVmRuBS4av9WAig2T1uU
Q5xvIkWe8mX6wEw4POf/GZ/AX3YoQtaeKuhi+mv6OqtfRhumX/xOaruE1dZr7gSH
lPa47vmRhGR0pADEGWIUSMvy0RKahL9ksO54B9opEewj
-----END CERTIFICATE-----