Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/N3mBX31xSmCq_tM0gfd6lZ1us6k.roa
File:                     N3mBX31xSmCq_tM0gfd6lZ1us6k.roa (raw, json)
Hash identifier:          GliCJRFu9z0OCc1WcDokPshOvDwH62vd0NYvzFgYjwA=
Subject key identifier:   37:79:81:5F:7D:71:4A:60:AA:FE:D3:34:81:F7:7A:95:9D:6E:B3:A9
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018DA1F6FA9A35C2EFBF26582F421280FFF2
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/N3mBX31xSmCq_tM0gfd6lZ1us6k.roa
Signing time:             Tue 13 Feb 2024 10:15:34 +0000
ROA not before:           Tue 13 Feb 2024 10:15:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        138.188.174.0/23 maxlen: 24
                          193.247.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a1:f6:fa:9a:35:c2:ef:bf:26:58:2f:42:12:80:ff:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Feb 13 10:15:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3779815f7d714a60aafed33481f77a959d6eb3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7c:12:e0:35:c7:88:5e:eb:9b:30:e8:89:25:
                    5c:ad:70:35:aa:37:d3:d1:df:2a:69:36:dd:cc:58:
                    2b:ac:ce:fe:a2:9c:5e:c4:bc:bf:82:1f:66:2d:0b:
                    0b:02:35:6a:9c:6f:b7:ab:37:00:4d:d4:2f:8b:7b:
                    79:8c:a8:d2:c7:13:b1:8c:e6:f5:70:f7:58:8d:4b:
                    ec:4e:cf:dd:2a:6c:dc:f6:f6:2f:4e:a4:31:35:1c:
                    c1:e3:22:59:af:7a:0d:df:96:fa:43:47:d5:20:88:
                    15:d3:c0:7f:31:38:33:23:6e:87:a8:43:64:6a:d5:
                    b4:00:ec:3f:19:67:69:eb:04:e3:25:41:5b:4f:ea:
                    86:46:f0:d2:c5:c2:75:f8:8a:0c:25:58:a4:04:d8:
                    0f:2a:f5:cb:93:10:69:58:8f:ae:f1:01:5d:bf:b1:
                    22:d4:dd:27:fa:a3:31:0e:6b:da:fa:a9:fc:3a:cb:
                    3d:74:4b:f1:16:22:93:1e:19:ba:53:f6:2e:04:54:
                    b4:af:db:97:ec:52:e8:05:62:89:3f:c5:65:37:85:
                    57:bf:2f:51:81:d9:6a:91:ec:0c:1e:aa:83:b5:6f:
                    5f:a2:03:f1:d4:e7:2e:60:ad:e7:e4:a5:96:82:dd:
                    04:46:00:f1:33:7c:10:a7:a9:41:91:1f:17:bc:17:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:79:81:5F:7D:71:4A:60:AA:FE:D3:34:81:F7:7A:95:9D:6E:B3:A9
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/N3mBX31xSmCq_tM0gfd6lZ1us6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.188.174.0/23
                  193.247.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:83:59:4c:77:db:77:d6:de:c7:fe:c4:bb:6b:ec:4b:60:df:
         d2:99:df:b2:99:99:e3:e1:d0:96:1b:ad:21:52:ba:e7:67:fc:
         ec:92:0d:12:c9:da:c3:df:a1:e4:df:12:a6:65:85:a4:32:4b:
         4b:29:69:4a:9a:df:57:0e:3b:31:07:fe:f8:43:c4:d8:fb:1b:
         5e:1d:bf:63:69:ea:25:42:c7:3e:56:94:e1:ea:ae:86:57:14:
         62:bc:02:f3:5d:fb:33:c3:88:25:4e:51:f7:07:5d:d3:8e:e6:
         de:ed:a6:27:48:84:5a:cf:dc:ef:8b:98:c6:46:5b:52:a9:2a:
         81:f5:74:d8:a3:10:f4:af:ec:af:13:89:86:95:45:5c:b4:c1:
         5e:0a:18:25:87:d0:68:e6:68:d6:a4:48:50:ad:9e:97:c2:f8:
         5c:a3:f4:54:92:30:58:e4:64:0c:68:f0:70:e5:39:87:6a:e7:
         4e:97:99:3b:6c:63:18:ac:3b:bb:16:bf:6d:f8:3c:d6:71:fe:
         23:5b:45:87:df:1e:6e:67:67:59:2e:d9:94:e1:13:1e:24:a6:
         49:0a:88:da:e8:10:a0:52:08:ac:8e:5a:7b:58:36:5f:72:33:
         ef:88:ad:fa:03:76:15:eb:01:ae:86:d9:47:fe:b8:a9:33:39:
         53:de:ce:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2h9vqaNcLvvyZYL0ISgP/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMjEzMTAxNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc5ODE1ZjdkNzE0YTYwYWFmZWQzMzQ4MWY3N2E5NTlkNmViM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHwS4DXHiF7rmzDoiSVcrXA1qjfT
0d8qaTbdzFgrrM7+opxexLy/gh9mLQsLAjVqnG+3qzcATdQvi3t5jKjSxxOxjOb1
cPdYjUvsTs/dKmzc9vYvTqQxNRzB4yJZr3oN35b6Q0fVIIgV08B/MTgzI26HqENk
atW0AOw/GWdp6wTjJUFbT+qGRvDSxcJ1+IoMJVikBNgPKvXLkxBpWI+u8QFdv7Ei
1N0n+qMxDmva+qn8Oss9dEvxFiKTHhm6U/YuBFS0r9uX7FLoBWKJP8VlN4VXvy9R
gdlqkewMHqqDtW9fogPx1OcuYK3n5KWWgt0ERgDxM3wQp6lBkR8XvBeozwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDd5gV99cUpgqv7TNIH3epWdbrOpMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvTjNtQlgzMXhTbUNxX3RNMGdmZDZsWjF1czZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBiryuAwQA
wff2MA0GCSqGSIb3DQEBCwUAA4IBAQBEg1lMd9t31t7H/sS7a+xLYN/Smd+ymZnj
4dCWG60hUrrnZ/zskg0SydrD36Hk3xKmZYWkMktLKWlKmt9XDjsxB/74Q8TY+xte
Hb9jaeolQsc+VpTh6q6GVxRivALzXfszw4glTlH3B13Tjube7aYnSIRaz9zvi5jG
RltSqSqB9XTYoxD0r+yvE4mGlUVctMFeChglh9Bo5mjWpEhQrZ6Xwvhco/RUkjBY
5GQMaPBw5TmHaudOl5k7bGMYrDu7Fr9t+DzWcf4jW0WH3x5uZ2dZLtmU4RMeJKZJ
Coja6BCgUgisjlp7WDZfcjPviK36A3YV6wGuhtlH/ripMzlT3s7A
-----END CERTIFICATE-----