Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/4AhKQoLmAk1YQIBQspZfyfaiu0s.roa
File:                     4AhKQoLmAk1YQIBQspZfyfaiu0s.roa (raw, json)
Hash identifier:          1kEaOXNNkPEAuTvrZqrQmCGg/Uu08f1ofkHwiva1rBk=
Subject key identifier:   E0:08:4A:42:82:E6:02:4D:58:40:80:50:B2:96:5F:C9:F6:A2:BB:4B
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7E6FEC4CC41739F4AFBAE19604904
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/4AhKQoLmAk1YQIBQspZfyfaiu0s.roa
Signing time:             Wed 01 Jan 2025 21:48:59 +0000
ROA not before:           Wed 01 Jan 2025 21:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        194.124.36.0/24 maxlen: 24
                          194.124.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e6:fe:c4:cc:41:73:9f:4a:fb:ae:19:60:49:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0084a4282e6024d58408050b2965fc9f6a2bb4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5c:ec:c0:cf:e3:23:6b:f7:35:38:f6:c6:c1:
                    55:98:83:d7:bb:29:fc:4d:95:42:01:14:40:b4:62:
                    c5:70:5e:9e:95:0e:5e:dc:df:54:92:90:5a:8a:59:
                    6d:98:6d:8e:81:c0:eb:6a:a9:d4:4f:85:0f:21:84:
                    43:46:3f:1d:44:ad:1e:0a:05:c0:37:35:9b:87:e8:
                    31:d6:13:72:57:f8:79:d2:57:c2:99:f9:1e:11:4c:
                    fd:67:a6:97:4a:ed:fc:0d:9d:14:aa:d9:aa:fd:93:
                    30:e5:e6:02:20:9e:31:d4:16:6b:1e:c6:74:9b:7f:
                    f2:c6:ac:68:3f:89:21:03:17:5a:68:ca:08:3d:e8:
                    2a:0b:04:d3:68:55:f2:63:34:34:8d:2e:30:43:01:
                    5a:74:d0:06:e0:af:21:03:00:98:3b:72:c1:c8:35:
                    6b:25:ca:64:30:5a:e3:fd:fc:1c:21:e6:09:4b:c2:
                    54:b2:fa:ad:d9:d5:6b:c4:b1:bc:50:94:13:88:47:
                    08:01:b9:36:66:20:47:1f:56:ae:85:b4:ea:70:76:
                    6b:a4:73:1d:5b:27:23:b7:4e:7b:8f:25:63:80:66:
                    fc:37:1d:34:41:bc:a0:f6:2c:20:ba:89:08:6f:e1:
                    8c:3b:87:77:5c:b5:ee:03:61:c2:cd:e3:76:fa:d9:
                    11:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:08:4A:42:82:E6:02:4D:58:40:80:50:B2:96:5F:C9:F6:A2:BB:4B
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/4AhKQoLmAk1YQIBQspZfyfaiu0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:ec:de:f9:de:d3:cb:51:6f:ab:71:06:50:90:c5:01:9e:37:
         9c:1f:e1:91:ac:a4:9a:48:01:f5:b3:0f:66:f0:54:cf:ce:ce:
         df:52:02:10:5d:2f:b0:a9:29:8b:bf:91:5e:9e:9a:50:ee:73:
         ac:e5:55:6f:06:98:a0:7f:71:82:25:46:cf:ec:19:63:c2:63:
         65:b7:8a:97:90:5b:00:58:1c:aa:62:c9:fb:4b:b2:55:a6:dc:
         6c:49:63:9c:32:87:e8:28:cd:6e:0b:db:dd:4e:70:0f:a2:04:
         07:0d:39:aa:e8:f1:06:08:50:b7:5b:9b:8e:c5:b3:b1:e5:55:
         89:4d:79:1a:88:25:1d:33:af:1c:37:ab:31:4e:ad:16:70:50:
         5a:ba:18:dc:1a:37:93:cf:84:cf:29:28:d9:31:56:a4:bf:ed:
         12:d6:1b:d4:ca:ac:52:af:24:f7:4a:2a:95:93:68:78:f5:c4:
         75:c4:10:f7:a0:fc:f9:b5:19:07:60:39:fa:02:06:31:77:69:
         b6:65:f7:3d:7e:4a:62:77:b9:5a:45:a8:ea:fb:41:15:c3:13:
         ac:e7:fb:3e:e2:51:01:4a:ad:5d:3c:a3:25:ed:a6:ee:33:ff:
         74:b6:8e:6a:a1:03:7d:be:7d:28:cc:2e:0e:65:54:bf:bb:84:
         45:fc:ab:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+b+xMxBc59K+64ZYEkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDA4NGE0MjgyZTYwMjRkNTg0MDgwNTBiMjk2NWZjOWY2YTJiYjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVzswM/jI2v3NTj2xsFVmIPXuyn8
TZVCARRAtGLFcF6elQ5e3N9UkpBailltmG2OgcDraqnUT4UPIYRDRj8dRK0eCgXA
NzWbh+gx1hNyV/h50lfCmfkeEUz9Z6aXSu38DZ0Uqtmq/ZMw5eYCIJ4x1BZrHsZ0
m3/yxqxoP4khAxdaaMoIPegqCwTTaFXyYzQ0jS4wQwFadNAG4K8hAwCYO3LByDVr
JcpkMFrj/fwcIeYJS8JUsvqt2dVrxLG8UJQTiEcIAbk2ZiBHH1auhbTqcHZrpHMd
Wycjt057jyVjgGb8Nx00Qbyg9iwguokIb+GMO4d3XLXuA2HCzeN2+tkRmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAISkKC5gJNWECAULKWX8n2ortLMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvNEFoS1FvTG1BazFZUUlCUXNwWmZ5ZmFpdTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnwkMA0G
CSqGSIb3DQEBCwUAA4IBAQCy7N753tPLUW+rcQZQkMUBnjecH+GRrKSaSAH1sw9m
8FTPzs7fUgIQXS+wqSmLv5FenppQ7nOs5VVvBpigf3GCJUbP7BljwmNlt4qXkFsA
WByqYsn7S7JVptxsSWOcMofoKM1uC9vdTnAPogQHDTmq6PEGCFC3W5uOxbOx5VWJ
TXkaiCUdM68cN6sxTq0WcFBauhjcGjeTz4TPKSjZMVakv+0S1hvUyqxSryT3SiqV
k2h49cR1xBD3oPz5tRkHYDn6AgYxd2m2Zfc9fkpid7laRajq+0EVwxOs5/s+4lEB
Sq1dPKMl7abuM/90to5qoQN9vn0ozC4OZVS/u4RF/Kvl
-----END CERTIFICATE-----