Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/wO1lQH1pcQt59Bkv3RYHwWhpV0A.roa
File:                     wO1lQH1pcQt59Bkv3RYHwWhpV0A.roa (raw, json)
Hash identifier:          Nh7v5I/DEBZkGeKvDuv1ebXyDnVsWlHD4l4/sRLwMbs=
Subject key identifier:   C0:ED:65:40:7D:69:71:0B:79:F4:19:2F:DD:16:07:C1:68:69:57:40
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266BA879CEBAAF3E6A4953361B84F544
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/wO1lQH1pcQt59Bkv3RYHwWhpV0A.roa
Signing time:             Thu 02 Jan 2025 09:49:37 +0000
ROA not before:           Thu 02 Jan 2025 09:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        185.177.78.0/23 maxlen: 24
                          194.104.4.0/24 maxlen: 24
                          212.69.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a8:79:ce:ba:af:3e:6a:49:53:36:1b:84:f5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0ed65407d69710b79f4192fdd1607c168695740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4d:96:08:90:3f:ab:80:f5:66:dc:40:5c:4a:
                    9f:51:12:df:28:d3:55:84:a7:cd:50:a9:d8:00:f5:
                    b4:85:64:65:ba:81:ad:8c:58:f9:f8:65:77:9d:ca:
                    a3:9f:cd:6c:c4:dc:c1:c7:91:99:c5:fe:72:34:69:
                    84:74:3f:40:02:42:96:a1:48:27:78:db:ae:4e:a8:
                    7f:af:1f:52:f4:d8:27:2c:7f:76:62:75:68:25:cc:
                    76:15:2a:76:db:5e:af:bb:81:c4:ef:22:de:b0:bd:
                    21:97:26:95:42:c0:14:e1:62:4e:a9:63:6d:f5:67:
                    b7:28:d6:77:1c:eb:e9:4c:93:fe:4c:54:65:b2:12:
                    5f:90:50:4b:30:c2:6d:9f:b8:2f:6c:10:33:eb:6d:
                    dd:8d:75:84:34:eb:2c:d2:be:e4:fa:65:1f:ba:82:
                    8c:f7:7a:ce:e5:74:44:6c:89:b5:18:80:aa:30:e3:
                    6f:c1:9b:29:bf:fb:42:ce:89:f8:58:55:18:99:77:
                    33:9e:26:84:8a:4c:7a:84:30:51:66:ab:b5:4c:af:
                    15:e6:2b:35:43:cf:2e:9c:e8:aa:c4:df:25:0c:4c:
                    7d:a0:24:30:9b:7d:a7:28:6e:9d:2f:f8:a2:77:fd:
                    e2:ce:7d:92:c7:bc:a1:af:7f:55:55:2c:9e:13:53:
                    d3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:ED:65:40:7D:69:71:0B:79:F4:19:2F:DD:16:07:C1:68:69:57:40
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/wO1lQH1pcQt59Bkv3RYHwWhpV0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.78.0/23
                  194.104.4.0/24
                  212.69.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:7f:df:af:82:4f:e8:f7:26:a8:b4:ca:db:83:a6:6c:46:a0:
         e0:22:18:f5:90:e5:8e:ce:c6:d4:60:c2:7e:f6:2e:2c:82:c7:
         58:cc:6d:3a:27:69:0f:ef:15:9c:80:4a:d3:9a:42:c7:c1:64:
         17:4f:e5:1e:6d:98:19:8f:b2:56:bb:20:f1:18:a0:5b:be:30:
         f0:81:ff:a1:16:64:75:07:57:90:68:8b:ed:90:d0:62:73:13:
         da:53:4c:7d:5c:a4:0a:2a:16:e1:fe:a9:28:13:5d:1c:bb:04:
         31:b0:f8:a0:b5:25:02:ea:5b:f2:51:00:3a:98:ea:8a:6f:3a:
         e3:25:8f:36:94:f5:3a:36:5d:46:1c:4c:44:2d:a1:f8:30:fd:
         2f:bd:5a:6a:9b:d4:0f:0a:e7:5b:6e:7c:06:c1:29:9f:f4:67:
         42:92:86:73:41:70:0e:47:92:06:68:d8:44:51:c8:40:aa:0d:
         4d:48:76:03:90:fb:2a:01:3d:3f:2e:89:d2:4e:8e:c8:e5:6b:
         5a:ed:63:e6:82:3c:ee:16:88:02:03:f8:b9:77:83:bd:61:51:
         52:1d:cf:3e:21:5d:7c:3a:9c:a3:95:91:80:36:dc:d6:6a:b4:
         07:5c:72:d0:c8:d1:01:f3:5e:b2:be:21:82:50:0c:f6:15:f6:
         c3:c4:4e:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma6h5zrqvPmpJUzYbhPVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGVkNjU0MDdkNjk3MTBiNzlmNDE5MmZkZDE2MDdjMTY4Njk1NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApk2WCJA/q4D1ZtxAXEqfURLfKNNV
hKfNUKnYAPW0hWRluoGtjFj5+GV3ncqjn81sxNzBx5GZxf5yNGmEdD9AAkKWoUgn
eNuuTqh/rx9S9NgnLH92YnVoJcx2FSp2216vu4HE7yLesL0hlyaVQsAU4WJOqWNt
9We3KNZ3HOvpTJP+TFRlshJfkFBLMMJtn7gvbBAz623djXWENOss0r7k+mUfuoKM
93rO5XREbIm1GICqMONvwZspv/tCzon4WFUYmXczniaEikx6hDBRZqu1TK8V5is1
Q88unOiqxN8lDEx9oCQwm32nKG6dL/iid/3izn2Sx7yhr39VVSyeE1PTlwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMDtZUB9aXELefQZL90WB8FoaVdAMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvd08xbFFIMXBjUXQ1OUJrdjNSWUh3V2hwVjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBubFOAwQA
wmgEAwQA1EWFMA0GCSqGSIb3DQEBCwUAA4IBAQANf9+vgk/o9yaotMrbg6ZsRqDg
Ihj1kOWOzsbUYMJ+9i4sgsdYzG06J2kP7xWcgErTmkLHwWQXT+UebZgZj7JWuyDx
GKBbvjDwgf+hFmR1B1eQaIvtkNBicxPaU0x9XKQKKhbh/qkoE10cuwQxsPigtSUC
6lvyUQA6mOqKbzrjJY82lPU6Nl1GHExELaH4MP0vvVpqm9QPCudbbnwGwSmf9GdC
koZzQXAOR5IGaNhEUchAqg1NSHYDkPsqAT0/LonSTo7I5Wta7WPmgjzuFogCA/i5
d4O9YVFSHc8+IV18OpyjlZGANtzWarQHXHLQyNEB816yviGCUAz2FfbDxE4b
-----END CERTIFICATE-----