Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/N7C2a3H5ML3ydyNI5IDIoJ6m-6U.roa
File:                     N7C2a3H5ML3ydyNI5IDIoJ6m-6U.roa (raw, json)
Hash identifier:          FJm0Nzs6ME/1+LojcQZMLdUu/cBqlxKE16Bs75fFFLw=
Subject key identifier:   37:B0:B6:6B:71:F9:30:BD:F2:77:23:48:E4:80:C8:A0:9E:A6:FB:A5
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       01955B06FEAA496BBA0BD25E9E545D9ED601
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/N7C2a3H5ML3ydyNI5IDIoJ6m-6U.roa
Signing time:             Mon 03 Mar 2025 08:02:19 +0000
ROA not before:           Mon 03 Mar 2025 08:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        81.19.135.0/24 maxlen: 24
                          81.19.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:06:fe:aa:49:6b:ba:0b:d2:5e:9e:54:5d:9e:d6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Mar  3 08:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37b0b66b71f930bdf2772348e480c8a09ea6fba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:28:c5:7c:a0:c2:8c:b3:45:1d:1f:d1:ea:c0:
                    82:0e:23:59:07:f6:c8:f1:bb:ba:67:c3:10:8e:46:
                    48:08:8d:c0:6b:73:22:b0:47:9c:fb:87:ee:2a:6e:
                    ed:b3:f7:c4:ea:d3:5c:50:dd:2f:00:87:d6:d7:69:
                    20:24:ed:c6:6c:52:03:ee:98:db:30:b5:14:78:74:
                    a0:f7:4c:3e:3a:59:1d:81:b7:ce:c1:00:9e:f8:87:
                    36:59:84:00:3d:24:2b:52:63:3b:05:87:a0:a2:f0:
                    43:d7:b5:fc:d5:47:6f:de:8c:64:2a:ac:c1:cc:cd:
                    ed:f3:de:bf:e1:a5:ca:6b:f6:22:d8:05:84:9b:bd:
                    85:ce:bb:03:38:9a:d1:5a:69:b7:43:41:5f:01:f5:
                    31:4c:4c:b5:28:48:83:fe:12:93:d2:e3:e7:90:c1:
                    4f:28:9a:fb:76:76:fc:05:4c:d2:b7:4b:00:25:80:
                    05:ce:47:af:08:a1:ce:dc:e6:26:4c:80:e1:30:0f:
                    f9:09:d2:13:6a:5a:7f:00:6b:f2:fa:cd:5a:cd:73:
                    41:40:48:8a:cb:42:39:01:bf:60:c4:bd:e7:d1:06:
                    34:c0:57:fd:16:76:14:d4:e7:a4:c5:15:83:a3:29:
                    4f:17:bb:ff:ad:55:4e:ee:a1:39:fc:bf:b7:f5:e7:
                    0c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B0:B6:6B:71:F9:30:BD:F2:77:23:48:E4:80:C8:A0:9E:A6:FB:A5
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/N7C2a3H5ML3ydyNI5IDIoJ6m-6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.135.0-81.19.136.255

    Signature Algorithm: sha256WithRSAEncryption
         bf:fe:64:bf:eb:bf:5d:b8:55:25:8b:97:69:9a:19:6d:8c:9b:
         62:d3:96:de:e9:d5:0a:a9:cf:53:e9:bd:aa:d7:31:a9:62:2e:
         69:46:d6:38:d2:3d:89:64:bc:b6:c7:ef:41:3b:6d:24:c5:f5:
         a3:61:b7:22:96:49:b5:de:c7:b2:12:38:f9:a8:86:7a:48:a7:
         ed:b8:37:83:a6:66:20:75:35:ac:a7:92:9b:83:da:a3:bc:dc:
         72:a1:e8:5d:fa:91:69:2b:d2:98:ae:48:26:f7:b9:4b:01:c2:
         e3:68:7e:58:ab:dd:ad:fb:d3:62:c5:f6:9f:5e:3f:a9:ba:da:
         2a:f3:1e:8a:c9:c3:ec:cc:60:6c:13:65:57:34:66:f5:63:a6:
         b5:c3:1e:bd:f6:f1:6a:44:d5:30:53:98:98:68:50:d5:0a:86:
         ef:86:a4:b7:de:02:7f:46:e1:aa:c1:b3:b3:dc:94:96:f1:9b:
         ff:c5:fe:6e:db:22:fb:45:e9:1e:4f:1c:84:4e:ad:c9:1a:04:
         bc:96:a9:ec:ad:dd:2d:0e:f1:bd:ed:3c:32:c2:75:53:2f:9a:
         d7:d6:8a:9a:74:be:9a:24:0f:c9:a0:91:8e:3e:d3:59:3e:81:
         69:ab:21:1a:60:56:e3:1c:d8:32:ff:13:8a:ba:aa:9e:aa:02:
         57:b8:66:38
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZVbBv6qSWu6C9JenlRdntYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjUwMzAzMDgwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2IwYjY2YjcxZjkzMGJkZjI3NzIzNDhlNDgwYzhhMDllYTZmYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSjFfKDCjLNFHR/R6sCCDiNZB/bI
8bu6Z8MQjkZICI3Aa3MisEec+4fuKm7ts/fE6tNcUN0vAIfW12kgJO3GbFID7pjb
MLUUeHSg90w+OlkdgbfOwQCe+Ic2WYQAPSQrUmM7BYegovBD17X81Udv3oxkKqzB
zM3t896/4aXKa/Yi2AWEm72FzrsDOJrRWmm3Q0FfAfUxTEy1KEiD/hKT0uPnkMFP
KJr7dnb8BUzSt0sAJYAFzkevCKHO3OYmTIDhMA/5CdITalp/AGvy+s1azXNBQEiK
y0I5Ab9gxL3n0QY0wFf9FnYU1OekxRWDoylPF7v/rVVO7qE5/L+39ecMxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDewtmtx+TC98ncjSOSAyKCepvulMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvTjdDMmEzSDVNTDN5ZHlOSTVJRElvSjZtLTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABRE4cD
BABRE4gwDQYJKoZIhvcNAQELBQADggEBAL/+ZL/rv124VSWLl2maGW2Mm2LTlt7p
1Qqpz1PpvarXMaliLmlG1jjSPYlkvLbH70E7bSTF9aNhtyKWSbXex7ISOPmohnpI
p+24N4OmZiB1NaynkpuD2qO83HKh6F36kWkr0piuSCb3uUsBwuNoflir3a3702LF
9p9eP6m62irzHorJw+zMYGwTZVc0ZvVjprXDHr328WpE1TBTmJhoUNUKhu+GpLfe
An9G4arBs7PclJbxm//F/m7bIvtF6R5PHIROrckaBLyWqeyt3S0O8b3tPDLCdVMv
mtfWipp0vpokD8mgkY4+01k+gWmrIRpgVuMc2DL/E4q6qp6qAle4Zjg=
-----END CERTIFICATE-----