Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/N7hublTOfYyaohdc0KIKAT5_Zy4.roa
File:                     N7hublTOfYyaohdc0KIKAT5_Zy4.roa (raw, json)
Hash identifier:          qPuea/Md2EDGgpxwvDXOsrf6UA9Z1el3QOw972Z6X4I=
Subject key identifier:   37:B8:6E:6E:54:CE:7D:8C:9A:A2:17:5C:D0:A2:0A:01:3E:7F:67:2E
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       019505B9939DDFD41B6814DDF81BCC749473
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/N7hublTOfYyaohdc0KIKAT5_Zy4.roa
Signing time:             Fri 14 Feb 2025 18:30:02 +0000
ROA not before:           Fri 14 Feb 2025 18:30:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8781
IP address blocks:        46.244.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:05:b9:93:9d:df:d4:1b:68:14:dd:f8:1b:cc:74:94:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Feb 14 18:30:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37b86e6e54ce7d8c9aa2175cd0a20a013e7f672e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ac:f3:fd:f9:ba:a2:a4:c3:fe:bf:b4:ae:e8:
                    d5:63:7a:0d:bd:53:01:7e:4b:a8:08:89:ed:0b:d9:
                    a2:0a:69:e7:7d:eb:73:93:6c:e8:5a:4f:d2:2b:e1:
                    a3:a3:fc:b7:4f:a3:07:45:f8:33:fe:8e:dd:88:79:
                    e5:0e:87:fe:2f:87:64:ad:af:00:bc:fe:9a:0e:49:
                    3e:6b:bf:b1:5a:57:0a:2c:0d:24:48:1c:ed:56:65:
                    52:62:74:d1:43:87:f5:86:6b:62:5b:43:0a:4c:ac:
                    f2:0c:54:4f:3c:78:a6:8e:c2:92:43:19:8a:54:cd:
                    05:93:ec:b8:0c:52:8d:d4:b8:90:d1:59:94:72:5b:
                    e5:f2:69:e7:14:a0:5e:f9:9f:8b:3b:6d:e5:d0:f2:
                    eb:35:99:0f:fc:35:a1:6c:b2:e1:d0:56:2d:a9:30:
                    e9:4d:b8:ae:dc:81:2b:fb:db:0c:20:a8:79:30:66:
                    27:f4:49:93:ea:2e:c4:d6:1c:e5:56:23:fe:9c:c3:
                    09:07:13:b4:bd:4a:0f:c8:24:d9:86:04:5a:c7:d1:
                    3d:d8:a2:a7:52:9a:29:8a:7c:0d:c0:1b:48:7a:d4:
                    03:5e:13:71:46:19:fb:1b:c6:64:09:64:c3:e7:2f:
                    9f:57:ca:43:38:87:9a:7a:8b:ae:e8:49:f8:f7:69:
                    4e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B8:6E:6E:54:CE:7D:8C:9A:A2:17:5C:D0:A2:0A:01:3E:7F:67:2E
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/N7hublTOfYyaohdc0KIKAT5_Zy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:96:8f:72:df:13:c5:01:e8:06:60:a3:fd:ac:87:d5:45:5d:
         a4:b2:7e:e4:01:c8:89:21:11:3f:4d:19:f2:9c:f6:6a:f4:39:
         c5:be:8e:a3:42:ff:1b:28:be:f2:b5:61:2b:c6:00:6b:da:c4:
         16:d3:84:d6:a8:87:f4:23:25:75:9e:1b:e1:e4:c2:4a:3d:59:
         e7:39:27:43:46:d3:3d:d3:06:25:24:29:68:06:12:1d:1e:f4:
         2a:c5:f6:44:0f:64:8f:df:cf:37:0e:a8:66:60:a2:7f:2c:5f:
         a6:b0:9f:00:da:77:64:8c:8f:e4:7d:08:4b:d5:66:67:20:db:
         fc:d7:f6:89:f2:3e:22:7f:65:ff:e5:2f:48:c4:40:bd:66:35:
         98:0e:d3:12:db:da:76:90:16:84:c4:bb:67:04:39:8a:cb:10:
         66:6f:c7:e7:c3:07:dc:29:b2:4c:91:1f:25:73:cd:65:71:d0:
         1e:ae:dc:c2:2b:4f:c0:61:63:ca:46:23:0e:50:f1:56:f4:6e:
         02:22:83:9d:12:e9:a6:54:4a:79:3e:40:0a:1a:f5:90:f4:64:
         49:c3:13:8a:c8:3b:67:23:e3:cb:5c:0e:50:62:7d:7e:40:5d:
         c0:29:d8:ee:60:2e:c1:43:50:26:06:50:3e:3d:87:20:9f:46:
         b3:c4:85:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUFuZOd39QbaBTd+BvMdJRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjUwMjE0MTgzMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2I4NmU2ZTU0Y2U3ZDhjOWFhMjE3NWNkMGEyMGEwMTNlN2Y2NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Kzz/fm6oqTD/r+0rujVY3oNvVMB
fkuoCIntC9miCmnnfetzk2zoWk/SK+Gjo/y3T6MHRfgz/o7diHnlDof+L4dkra8A
vP6aDkk+a7+xWlcKLA0kSBztVmVSYnTRQ4f1hmtiW0MKTKzyDFRPPHimjsKSQxmK
VM0Fk+y4DFKN1LiQ0VmUclvl8mnnFKBe+Z+LO23l0PLrNZkP/DWhbLLh0FYtqTDp
Tbiu3IEr+9sMIKh5MGYn9EmT6i7E1hzlViP+nMMJBxO0vUoPyCTZhgRax9E92KKn
UpopinwNwBtIetQDXhNxRhn7G8ZkCWTD5y+fV8pDOIeaeouu6En492lOiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDe4bm5Uzn2MmqIXXNCiCgE+f2cuMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvTjdodWJsVE9mWXlhb2hkYzBLSUtBVDVfWnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvRiMA0G
CSqGSIb3DQEBCwUAA4IBAQA2lo9y3xPFAegGYKP9rIfVRV2ksn7kAciJIRE/TRny
nPZq9DnFvo6jQv8bKL7ytWErxgBr2sQW04TWqIf0IyV1nhvh5MJKPVnnOSdDRtM9
0wYlJCloBhIdHvQqxfZED2SP3883DqhmYKJ/LF+msJ8A2ndkjI/kfQhL1WZnINv8
1/aJ8j4if2X/5S9IxEC9ZjWYDtMS29p2kBaExLtnBDmKyxBmb8fnwwfcKbJMkR8l
c81lcdAertzCK0/AYWPKRiMOUPFW9G4CIoOdEummVEp5PkAKGvWQ9GRJwxOKyDtn
I+PLXA5QYn1+QF3AKdjuYC7BQ1AmBlA+PYcgn0azxIWT
-----END CERTIFICATE-----