Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/p3XdrM1LQ9XqyfVrm7fP-i3Q7aw.roa
File:                     p3XdrM1LQ9XqyfVrm7fP-i3Q7aw.roa (raw, json)
Hash identifier:          Q5GHn+Nm++2BXn2n62q1sF6L73/25KHVKG3Ema4LXNU=
Subject key identifier:   A7:75:DD:AC:CD:4B:43:D5:EA:C9:F5:6B:9B:B7:CF:FA:2D:D0:ED:AC
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5ABFF6BB8ECE7D4073A438E40FF5A
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/p3XdrM1LQ9XqyfVrm7fP-i3Q7aw.roa
Signing time:             Thu 02 Jan 2025 15:50:04 +0000
ROA not before:           Thu 02 Jan 2025 15:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60172
IP address blocks:        37.9.51.0/24 maxlen: 24
                          146.185.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ab:ff:6b:b8:ec:e7:d4:07:3a:43:8e:40:ff:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a775ddaccd4b43d5eac9f56b9bb7cffa2dd0edac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:94:ec:b3:82:4f:b4:c7:bb:4a:47:4c:e9:ff:
                    e4:a3:07:84:fe:d9:19:d3:fb:01:72:8d:66:aa:a8:
                    d2:36:35:95:9b:41:b2:45:3d:80:84:00:73:1e:d8:
                    55:22:62:c8:f9:ab:10:d4:3d:3e:8c:cf:95:b9:40:
                    c2:da:f7:8f:45:a9:95:84:60:e4:8a:74:8c:3a:ef:
                    1e:0d:e3:0a:28:52:a0:94:2a:b3:c8:26:72:b1:48:
                    b9:68:bb:78:cf:fa:e4:f3:08:e2:a8:22:83:08:3c:
                    1a:95:b0:11:22:11:a6:17:35:6b:d3:49:7a:12:42:
                    57:ca:9c:8c:5e:3b:13:0c:39:14:0f:c5:07:d8:eb:
                    09:31:4f:86:cd:43:a0:a9:73:17:20:f5:a4:54:9b:
                    9d:92:5d:b1:93:af:6c:15:2a:ff:6c:37:52:c3:c2:
                    b7:41:6a:59:bb:86:15:dd:87:0f:28:3a:dc:9a:be:
                    c2:5b:ae:3a:40:33:da:fd:97:6a:a6:4a:22:13:08:
                    cb:47:86:6b:88:fe:db:92:e9:4a:7c:3d:ac:40:bd:
                    63:1c:38:02:a5:ca:34:bf:10:dc:b3:cd:23:7d:9d:
                    f5:30:a4:7f:4e:08:fc:7d:19:48:5d:64:de:f7:a1:
                    97:74:74:df:04:ff:b5:48:55:2f:f3:7f:21:8d:7e:
                    45:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:75:DD:AC:CD:4B:43:D5:EA:C9:F5:6B:9B:B7:CF:FA:2D:D0:ED:AC
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/p3XdrM1LQ9XqyfVrm7fP-i3Q7aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.9.51.0/24
                  146.185.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e9:c1:88:4d:03:37:b0:e3:d2:7b:ea:2e:79:56:3b:a0:65:
         ff:7f:e2:b5:a5:3a:ef:07:02:81:1e:50:da:63:c4:58:c9:82:
         58:16:98:8a:a7:f9:3e:90:4e:07:41:8f:f0:20:79:0f:0d:2d:
         89:0d:6a:f9:2f:c0:45:8c:14:58:35:94:e2:f8:d0:a4:a1:e4:
         9a:b9:6d:67:3c:ea:ab:5b:2f:ae:4a:19:a0:9a:a0:39:44:21:
         78:f7:cb:0e:9c:41:dd:05:20:b6:b2:a5:61:f8:ff:b8:36:61:
         7a:e5:4c:3d:b7:5a:69:ff:33:e7:a3:89:33:ae:ca:1c:90:ad:
         31:28:09:40:d3:63:87:a9:b9:b8:b3:44:e3:7c:d7:e1:e8:63:
         e3:08:81:ae:30:21:b0:08:11:6f:e1:10:29:3e:e1:ad:25:13:
         ab:ca:74:93:81:6f:34:54:26:c9:fd:95:c4:b5:35:c6:98:6b:
         f9:b1:ab:fc:7e:e7:e9:76:18:d2:53:f5:ca:65:f9:c5:0f:65:
         3b:d8:a1:06:b8:67:d2:86:5e:19:c0:e1:e8:91:b2:c9:8c:88:
         88:02:b1:db:5d:55:b1:6c:26:29:20:66:eb:60:8a:0e:1a:08:
         a7:4f:58:e6:4e:8f:2c:a7:0d:07:e6:00:9e:13:ec:0b:90:e9:
         61:2e:88:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntav/a7js59QHOkOOQP9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzc1ZGRhY2NkNGI0M2Q1ZWFjOWY1NmI5YmI3Y2ZmYTJkZDBlZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5Tss4JPtMe7SkdM6f/koweE/tkZ
0/sBco1mqqjSNjWVm0GyRT2AhABzHthVImLI+asQ1D0+jM+VuUDC2vePRamVhGDk
inSMOu8eDeMKKFKglCqzyCZysUi5aLt4z/rk8wjiqCKDCDwalbARIhGmFzVr00l6
EkJXypyMXjsTDDkUD8UH2OsJMU+GzUOgqXMXIPWkVJudkl2xk69sFSr/bDdSw8K3
QWpZu4YV3YcPKDrcmr7CW646QDPa/ZdqpkoiEwjLR4ZriP7bkulKfD2sQL1jHDgC
pco0vxDcs80jfZ31MKR/Tgj8fRlIXWTe96GXdHTfBP+1SFUv838hjX5FwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKd13azNS0PV6sn1a5u3z/ot0O2sMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvcDNYZHJNMUxROVhxeWZWcm03ZlAtaTNRN2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJQkzAwQA
krnoMA0GCSqGSIb3DQEBCwUAA4IBAQCO6cGITQM3sOPSe+oueVY7oGX/f+K1pTrv
BwKBHlDaY8RYyYJYFpiKp/k+kE4HQY/wIHkPDS2JDWr5L8BFjBRYNZTi+NCkoeSa
uW1nPOqrWy+uShmgmqA5RCF498sOnEHdBSC2sqVh+P+4NmF65Uw9t1pp/zPno4kz
rsockK0xKAlA02OHqbm4s0TjfNfh6GPjCIGuMCGwCBFv4RApPuGtJROrynSTgW80
VCbJ/ZXEtTXGmGv5sav8fufpdhjSU/XKZfnFD2U72KEGuGfShl4ZwOHokbLJjIiI
ArHbXVWxbCYpIGbrYIoOGginT1jmTo8spw0H5gCeE+wLkOlhLoh0
-----END CERTIFICATE-----