Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/549e4d-8dee-459b-9283-46bb3fa28b00/1/N3RhFZbfRfFlakkE1oKkv4idahs.roa
File:                     N3RhFZbfRfFlakkE1oKkv4idahs.roa (raw, json)
Hash identifier:          S19WQvJ0cwuBe3l5agvGw5hBi9jlwv6QitA6NIAiWl4=
Subject key identifier:   37:74:61:15:96:DF:45:F1:65:6A:49:04:D6:82:A4:BF:88:9D:6A:1B
Certificate issuer:       /CN=e041c85b474e8b6c00891d954124ff0c81200d8c
Certificate serial:       019426D9D1DAC6F013497C7684E760647AFB
Authority key identifier: E0:41:C8:5B:47:4E:8B:6C:00:89:1D:95:41:24:FF:0C:81:20:0D:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4EHIW0dOi2wAiR2VQST_DIEgDYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/549e4d-8dee-459b-9283-46bb3fa28b00/1/N3RhFZbfRfFlakkE1oKkv4idahs.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36184
IP address blocks:        194.126.150.0/23 maxlen: 24
                          217.10.225.0/24 maxlen: 24
                          217.10.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/549e4d-8dee-459b-9283-46bb3fa28b00/1/4EHIW0dOi2wAiR2VQST_DIEgDYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/549e4d-8dee-459b-9283-46bb3fa28b00/1/4EHIW0dOi2wAiR2VQST_DIEgDYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4EHIW0dOi2wAiR2VQST_DIEgDYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d1:da:c6:f0:13:49:7c:76:84:e7:60:64:7a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e041c85b474e8b6c00891d954124ff0c81200d8c
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3774611596df45f1656a4904d682a4bf889d6a1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:71:21:03:67:27:6a:61:e8:59:f9:a9:fb:73:
                    48:4c:28:1e:ec:74:29:cc:76:4e:4e:32:26:5a:3a:
                    eb:4d:48:d3:d2:72:91:41:6f:01:19:73:45:ec:02:
                    0b:de:ba:bd:b9:a5:96:e2:07:c8:7f:79:59:8e:f3:
                    d0:c1:d6:00:29:9b:24:eb:38:f8:66:6f:47:f6:dc:
                    22:e5:01:31:d0:4a:ce:5e:c8:a4:84:67:27:e7:65:
                    a2:21:fa:d0:8b:80:ea:33:a0:74:79:da:03:db:c1:
                    7a:4b:48:59:76:03:a3:11:df:3f:11:30:66:e2:e1:
                    ab:95:1e:bf:8b:30:c4:09:0e:14:47:09:77:7a:6b:
                    9e:aa:9b:c4:2b:87:9c:93:14:06:6f:ba:c0:bd:4e:
                    77:f6:5e:fc:f9:49:09:fb:b6:93:55:18:74:05:a1:
                    a1:15:3f:f1:c8:06:3d:22:b3:4c:5c:fd:f3:b7:f9:
                    b5:cd:22:3e:fa:80:05:44:c6:bf:9d:1c:98:e2:34:
                    d9:84:d5:9a:3b:07:71:f4:e2:0e:86:a4:b4:72:47:
                    80:36:87:d0:c0:aa:60:52:77:9e:30:2d:00:a8:e0:
                    16:cc:e3:fa:4f:e9:8e:f2:92:e2:1c:b0:38:29:a8:
                    5c:8c:e0:fa:4e:75:18:ae:0e:c2:6b:99:ce:59:d1:
                    e0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:74:61:15:96:DF:45:F1:65:6A:49:04:D6:82:A4:BF:88:9D:6A:1B
            X509v3 Authority Key Identifier:
                keyid:E0:41:C8:5B:47:4E:8B:6C:00:89:1D:95:41:24:FF:0C:81:20:0D:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4EHIW0dOi2wAiR2VQST_DIEgDYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/549e4d-8dee-459b-9283-46bb3fa28b00/1/N3RhFZbfRfFlakkE1oKkv4idahs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/549e4d-8dee-459b-9283-46bb3fa28b00/1/4EHIW0dOi2wAiR2VQST_DIEgDYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.150.0/23
                  217.10.225.0/24
                  217.10.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:a3:13:83:56:b5:7f:90:22:02:f7:d1:55:6d:8d:ff:c5:21:
         ad:84:fc:6a:1f:93:c4:51:d7:e0:7b:77:c6:66:79:30:f4:05:
         b7:ee:b0:42:a8:00:ef:e4:84:27:5a:8e:14:b8:3a:4a:3a:1c:
         46:0d:be:45:b0:5c:74:8b:cb:ba:eb:d7:f0:ef:31:0c:2c:10:
         4d:19:d8:40:62:09:2b:4a:26:18:b2:a6:45:12:e1:e9:c3:9a:
         d3:f7:68:88:58:13:b0:0b:11:e8:7f:40:9c:1f:ac:15:7c:e8:
         79:fa:86:0c:0d:96:b5:79:c0:14:c5:9c:cc:f2:e1:8a:1b:a3:
         88:41:32:f6:8a:ef:45:e7:e7:a8:ec:d2:c4:a1:c4:a7:7b:f3:
         c4:aa:26:6c:12:a1:f6:72:1b:77:a0:fc:b4:33:4a:14:7f:83:
         8c:ab:be:2b:8d:0c:04:ae:09:f1:35:63:98:4b:8b:ad:de:79:
         15:82:3e:ad:be:2d:5d:44:50:03:92:21:ac:5b:dd:c3:7a:93:
         a3:e8:c0:7e:dd:db:5f:1e:93:ec:b9:b1:a1:74:a5:11:0c:f7:
         9d:fc:72:57:74:d6:79:ce:c8:0c:4d:99:72:5a:cb:51:79:cd:
         81:bd:53:12:44:5f:50:0a:78:cb:3c:31:24:7c:96:9a:3c:54:
         fc:f6:88:9b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2dHaxvATSXx2hOdgZHr7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNDFjODViNDc0ZThiNmMwMDg5MWQ5NTQxMjRmZjBjODEy
MDBkOGMwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc0NjExNTk2ZGY0NWYxNjU2YTQ5MDRkNjgyYTRiZjg4OWQ2YTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nEhA2cnamHoWfmp+3NITCge7HQp
zHZOTjImWjrrTUjT0nKRQW8BGXNF7AIL3rq9uaWW4gfIf3lZjvPQwdYAKZsk6zj4
Zm9H9twi5QEx0ErOXsikhGcn52WiIfrQi4DqM6B0edoD28F6S0hZdgOjEd8/ETBm
4uGrlR6/izDECQ4URwl3emueqpvEK4eckxQGb7rAvU539l78+UkJ+7aTVRh0BaGh
FT/xyAY9IrNMXP3zt/m1zSI++oAFRMa/nRyY4jTZhNWaOwdx9OIOhqS0ckeANofQ
wKpgUneeMC0AqOAWzOP6T+mO8pLiHLA4KahcjOD6TnUYrg7Ca5nOWdHgTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDd0YRWW30XxZWpJBNaCpL+InWobMB8GA1UdIwQY
MBaAFOBByFtHTotsAIkdlUEk/wyBIA2MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEVISVcwZE9pMndBaVIyVlFTVF9ESUVnRFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81NDllNGQtOGRlZS00NTliLTkyODMt
NDZiYjNmYTI4YjAwLzEvTjNSaEZaYmZSZkZsYWtrRTFvS2t2NGlkYWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81NDllNGQtOGRlZS00NTliLTkyODMtNDZiYjNmYTI4YjAw
LzEvNEVISVcwZE9pMndBaVIyVlFTVF9ESUVnRFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwn6WAwQA
2QrhAwQD2QroMA0GCSqGSIb3DQEBCwUAA4IBAQAuoxODVrV/kCIC99FVbY3/xSGt
hPxqH5PEUdfge3fGZnkw9AW37rBCqADv5IQnWo4UuDpKOhxGDb5FsFx0i8u669fw
7zEMLBBNGdhAYgkrSiYYsqZFEuHpw5rT92iIWBOwCxHof0CcH6wVfOh5+oYMDZa1
ecAUxZzM8uGKG6OIQTL2iu9F5+eo7NLEocSne/PEqiZsEqH2cht3oPy0M0oUf4OM
q74rjQwErgnxNWOYS4ut3nkVgj6tvi1dRFADkiGsW93DepOj6MB+3dtfHpPsubGh
dKURDPed/HJXdNZ5zsgMTZlyWstRec2BvVMSRF9QCnjLPDEkfJaaPFT89oib
-----END CERTIFICATE-----