Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/N3PjDdJrYM1FVFo04Ip1b5eQZW0.roa
File:                     N3PjDdJrYM1FVFo04Ip1b5eQZW0.roa (raw, json)
Hash identifier:          FTVDxFm/f2bB9P32nRvrWrQgUauRWuZLwkfT6UFe2oM=
Subject key identifier:   37:73:E3:0D:D2:6B:60:CD:45:54:5A:34:E0:8A:75:6F:97:90:65:6D
Certificate issuer:       /CN=32ad80d411acb93685f558aa7e12f46bd170a7fb
Certificate serial:       018CC3B6D7C3AE61FEB7FB8A0CB5549FE381
Authority key identifier: 32:AD:80:D4:11:AC:B9:36:85:F5:58:AA:7E:12:F4:6B:D1:70:A7:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/N3PjDdJrYM1FVFo04Ip1b5eQZW0.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        147.189.19.0/24 maxlen: 24
                          147.189.20.0/24 maxlen: 24
                          147.189.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d7:c3:ae:61:fe:b7:fb:8a:0c:b5:54:9f:e3:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ad80d411acb93685f558aa7e12f46bd170a7fb
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3773e30dd26b60cd45545a34e08a756f9790656d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:59:9d:4f:0d:c9:d0:2d:d5:8d:56:2f:a9:5d:
                    6a:9b:95:70:c9:c6:38:c1:83:61:e8:8a:0e:d1:8f:
                    11:01:1f:98:40:2d:08:fc:3b:68:60:f9:5f:5a:57:
                    37:a2:d5:f0:db:a3:de:72:f4:01:1d:eb:f8:41:8c:
                    99:21:eb:2c:4b:f5:99:46:a8:15:f6:b8:0e:26:67:
                    05:b5:a3:1c:96:71:1b:aa:26:12:a7:9e:6c:a5:80:
                    d7:d7:e9:4a:b3:e8:59:8b:96:6b:7b:89:14:05:f1:
                    54:a0:ec:43:ff:71:9e:cc:d4:45:49:96:82:d8:d3:
                    7f:cf:e6:1f:0a:9d:1a:3a:59:66:83:81:44:96:68:
                    d0:3f:03:7b:49:c1:45:81:14:bc:f6:7e:bd:00:77:
                    ce:30:16:fc:56:6b:56:40:0e:0b:95:23:95:fb:f2:
                    e2:e5:81:0f:62:ae:94:60:6f:92:c8:00:aa:e1:09:
                    a4:fd:e3:cc:75:f7:56:2a:76:6c:7d:fc:de:a3:e8:
                    c9:b4:91:0d:a3:e8:86:03:ec:a4:2e:d2:e8:f9:28:
                    b3:66:bd:d6:4d:50:de:32:f0:91:2d:7b:a6:89:0a:
                    49:b5:5d:84:60:5c:89:44:61:b8:51:43:47:86:27:
                    c4:63:99:0b:8a:65:9c:e7:11:fc:ac:05:8a:48:c3:
                    9c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:73:E3:0D:D2:6B:60:CD:45:54:5A:34:E0:8A:75:6F:97:90:65:6D
            X509v3 Authority Key Identifier:
                keyid:32:AD:80:D4:11:AC:B9:36:85:F5:58:AA:7E:12:F4:6B:D1:70:A7:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/N3PjDdJrYM1FVFo04Ip1b5eQZW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/9c2508-f69b-444b-b860-dc0e81a9d7b4/1/Mq2A1BGsuTaF9ViqfhL0a9Fwp_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.18.0-147.189.20.255

    Signature Algorithm: sha256WithRSAEncryption
         56:14:51:4c:1a:aa:54:98:94:e4:23:87:94:68:cc:13:4e:84:
         63:d4:2b:6a:e6:52:c1:73:dd:91:39:51:cb:4f:0b:b9:71:03:
         64:5b:4a:e1:67:e6:b5:be:b4:57:f1:b3:72:fe:f7:c1:dc:a2:
         4a:01:e6:82:02:f0:1c:88:ac:a7:a8:de:c6:29:73:2b:c7:28:
         14:b6:c0:08:58:8d:b0:8b:d0:7a:77:f5:be:b7:37:82:ab:f7:
         af:a2:af:b7:82:ec:17:b0:64:d9:4f:b1:2b:20:3a:be:05:0e:
         40:99:2a:a8:70:f0:69:12:cb:22:a2:3d:96:4a:e0:3e:d9:ce:
         1c:2b:c0:50:62:9c:86:b5:52:8a:e4:2d:8e:9a:05:a3:a2:df:
         33:a0:9b:b6:c3:e3:28:19:bb:b4:b0:94:f8:b4:5d:b7:6f:94:
         32:4d:85:ea:db:23:e7:a8:5d:c2:d0:b0:32:e1:df:62:49:7c:
         68:67:40:34:93:bd:78:2c:24:92:af:01:0e:7f:a6:b4:ae:7f:
         14:de:d7:2f:4b:18:45:60:9a:79:f0:4c:1d:49:1c:be:73:84:
         15:40:6a:80:c0:d0:c0:1f:88:4a:99:c5:61:12:6e:d5:50:6f:
         2e:bf:03:ea:79:13:03:a8:2c:0e:7c:7f:b2:77:ce:dd:fa:27:
         8f:dc:5b:ce
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDttfDrmH+t/uKDLVUn+OBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYWQ4MGQ0MTFhY2I5MzY4NWY1NThhYTdlMTJmNDZiZDE3
MGE3ZmIwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzczZTMwZGQyNmI2MGNkNDU1NDVhMzRlMDhhNzU2Zjk3OTA2NTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1mdTw3J0C3VjVYvqV1qm5VwycY4
wYNh6IoO0Y8RAR+YQC0I/DtoYPlfWlc3otXw26PecvQBHev4QYyZIessS/WZRqgV
9rgOJmcFtaMclnEbqiYSp55spYDX1+lKs+hZi5Zre4kUBfFUoOxD/3GezNRFSZaC
2NN/z+YfCp0aOllmg4FElmjQPwN7ScFFgRS89n69AHfOMBb8VmtWQA4LlSOV+/Li
5YEPYq6UYG+SyACq4Qmk/ePMdfdWKnZsffzeo+jJtJENo+iGA+ykLtLo+SizZr3W
TVDeMvCRLXumiQpJtV2EYFyJRGG4UUNHhifEY5kLimWc5xH8rAWKSMOczwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDdz4w3Sa2DNRVRaNOCKdW+XkGVtMB8GA1UdIwQY
MBaAFDKtgNQRrLk2hfVYqn4S9GvRcKf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXEyQTFCR3N1VGFGOVZpcWZoTDBhOUZ3cF9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS85YzI1MDgtZjY5Yi00NDRiLWI4NjAt
ZGMwZTgxYTlkN2I0LzEvTjNQakRkSnJZTTFGVkZvMDRJcDFiNWVRWlcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS85YzI1MDgtZjY5Yi00NDRiLWI4NjAtZGMwZTgxYTlkN2I0
LzEvTXEyQTFCR3N1VGFGOVZpcWZoTDBhOUZ3cF9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGTvRID
BACTvRQwDQYJKoZIhvcNAQELBQADggEBAFYUUUwaqlSYlOQjh5RozBNOhGPUK2rm
UsFz3ZE5UctPC7lxA2RbSuFn5rW+tFfxs3L+98HcokoB5oIC8ByIrKeo3sYpcyvH
KBS2wAhYjbCL0Hp39b63N4Kr96+ir7eC7BewZNlPsSsgOr4FDkCZKqhw8GkSyyKi
PZZK4D7ZzhwrwFBinIa1UorkLY6aBaOi3zOgm7bD4ygZu7SwlPi0XbdvlDJNherb
I+eoXcLQsDLh32JJfGhnQDSTvXgsJJKvAQ5/prSufxTe1y9LGEVgmnnwTB1JHL5z
hBVAaoDA0MAfiEqZxWESbtVQby6/A+p5EwOoLA58f7J3zt36J4/cW84=
-----END CERTIFICATE-----