Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/x_EubJIedCZLAcQtdIa25nYyDrk.roa
File:                     x_EubJIedCZLAcQtdIa25nYyDrk.roa (raw, json)
Hash identifier:          PgJOT+273yMa8SLFUPwyR3K64DEc4yPVquyOKHNI560=
Subject key identifier:   C7:F1:2E:6C:92:1E:74:26:4B:01:C4:2D:74:86:B6:E6:76:32:0E:B9
Certificate issuer:       /CN=3a5ec28e841f29f380a7ce2cb5cd5673700821fd
Certificate serial:       0194244541138298DDBBC845F6494ED22E61
Authority key identifier: 3A:5E:C2:8E:84:1F:29:F3:80:A7:CE:2C:B5:CD:56:73:70:08:21:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/x_EubJIedCZLAcQtdIa25nYyDrk.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        185.161.150.0/24 maxlen: 24
                          185.180.193.0/24 maxlen: 24
                          185.238.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:41:13:82:98:dd:bb:c8:45:f6:49:4e:d2:2e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a5ec28e841f29f380a7ce2cb5cd5673700821fd
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7f12e6c921e74264b01c42d7486b6e676320eb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:83:7e:6e:7a:4e:15:86:25:6e:ad:08:c6:87:
                    30:06:37:b9:61:77:ea:60:49:29:34:4f:b9:68:9f:
                    b8:4b:99:c5:c6:80:d5:e1:d3:f5:0e:9a:ab:e0:86:
                    de:c9:54:2c:be:08:e8:8b:8b:3c:1a:99:23:9b:7f:
                    7f:23:2a:2d:93:1f:7e:44:0a:72:eb:69:f0:b1:84:
                    fc:f1:39:c5:c7:58:6e:6b:49:c5:0c:44:4a:78:12:
                    48:89:c0:c2:4d:17:4a:69:6f:f2:db:c9:2a:c4:cd:
                    2b:a0:5a:a3:fa:ef:6a:a7:bd:dd:bf:b0:80:9b:0a:
                    32:2c:1e:41:a5:29:a9:23:00:ed:cf:7f:7f:60:3c:
                    7b:2d:a6:58:65:43:6c:08:70:70:1c:5f:2b:24:5c:
                    87:62:47:6a:8e:39:0d:48:c8:2e:40:25:56:4d:fe:
                    eb:5a:d1:33:b2:4e:76:5f:cc:21:1e:f2:b9:48:80:
                    d3:b1:da:eb:a3:70:fc:cc:9a:93:6b:6f:c2:21:15:
                    d8:c5:71:1d:6d:95:f5:81:02:e2:09:79:87:08:b2:
                    c2:af:68:0e:72:90:0c:98:1b:a9:84:44:65:8c:90:
                    ed:90:44:31:fd:21:ca:21:ef:90:e0:f1:d9:f6:ce:
                    87:74:f0:11:c5:67:4a:7b:8d:0d:2c:9e:f2:be:1f:
                    59:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F1:2E:6C:92:1E:74:26:4B:01:C4:2D:74:86:B6:E6:76:32:0E:B9
            X509v3 Authority Key Identifier:
                keyid:3A:5E:C2:8E:84:1F:29:F3:80:A7:CE:2C:B5:CD:56:73:70:08:21:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/x_EubJIedCZLAcQtdIa25nYyDrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.150.0/24
                  185.180.193.0/24
                  185.238.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:e1:cc:c8:0f:0b:77:0c:70:10:af:95:7f:69:70:1c:e9:6f:
         db:af:6e:bf:30:38:38:34:1a:5b:81:95:d4:7f:7e:78:57:2b:
         18:15:55:a8:c8:0e:d3:e7:59:d7:d6:0e:fa:52:b1:a0:95:15:
         18:ee:9e:cf:38:a3:91:fd:fa:5c:a8:e4:50:29:13:2d:4a:c0:
         eb:6f:d1:e4:56:b8:be:bf:01:53:b4:dc:25:f6:ff:90:7e:8e:
         e2:d4:72:72:25:bc:02:c2:b6:e0:3e:e7:df:f1:59:bc:07:ee:
         48:6e:3f:c7:82:5e:56:40:76:26:38:d3:ae:ff:70:2a:7d:fa:
         41:3e:9d:4d:b0:7f:52:93:bd:b3:88:48:db:36:9c:e6:a8:c0:
         7c:0c:3f:4c:ef:5e:19:a7:ea:8b:7a:50:91:80:52:d1:be:5c:
         25:14:ba:54:93:9b:ff:00:82:43:c5:9a:3f:fe:5e:5a:74:0c:
         49:6b:bc:88:9b:b1:0d:b3:31:58:92:1e:5d:c3:1d:b7:a8:45:
         f9:0f:4d:07:e6:8e:1e:e8:99:3e:2d:29:c2:6b:98:66:95:6a:
         f7:0c:14:da:42:2b:d0:4b:55:cd:a4:73:d0:ea:fd:ac:fa:12:
         51:71:9c:83:19:47:1a:c6:81:18:be:c6:50:f0:7e:ad:c8:45:
         84:d2:8c:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQkRUETgpjdu8hF9klO0i5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWVjMjhlODQxZjI5ZjM4MGE3Y2UyY2I1Y2Q1NjczNzAw
ODIxZmQwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2YxMmU2YzkyMWU3NDI2NGIwMWM0MmQ3NDg2YjZlNjc2MzIwZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIN+bnpOFYYlbq0IxocwBje5YXfq
YEkpNE+5aJ+4S5nFxoDV4dP1Dpqr4IbeyVQsvgjoi4s8Gpkjm39/Iyotkx9+RApy
62nwsYT88TnFx1hua0nFDERKeBJIicDCTRdKaW/y28kqxM0roFqj+u9qp73dv7CA
mwoyLB5BpSmpIwDtz39/YDx7LaZYZUNsCHBwHF8rJFyHYkdqjjkNSMguQCVWTf7r
WtEzsk52X8whHvK5SIDTsdrro3D8zJqTa2/CIRXYxXEdbZX1gQLiCXmHCLLCr2gO
cpAMmBuphERljJDtkEQx/SHKIe+Q4PHZ9s6HdPARxWdKe40NLJ7yvh9ZqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMfxLmySHnQmSwHELXSGtuZ2Mg65MB8GA1UdIwQY
MBaAFDpewo6EHynzgKfOLLXNVnNwCCH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2w3Q2pvUWZLZk9BcDg0c3RjMVdjM0FJSWYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9jMTIwMjAtYTFhMS00MDBlLTkxZjMt
ODM1NTk5MjYwZmY2LzEveF9FdWJKSWVkQ1pMQWNRdGRJYTI1bll5RHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9jMTIwMjAtYTFhMS00MDBlLTkxZjMtODM1NTk5MjYwZmY2
LzEvT2w3Q2pvUWZLZk9BcDg0c3RjMVdjM0FJSWYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuaGWAwQA
ubTBAwQAue6wMA0GCSqGSIb3DQEBCwUAA4IBAQB94czIDwt3DHAQr5V/aXAc6W/b
r26/MDg4NBpbgZXUf354VysYFVWoyA7T51nX1g76UrGglRUY7p7POKOR/fpcqORQ
KRMtSsDrb9HkVri+vwFTtNwl9v+Qfo7i1HJyJbwCwrbgPuff8Vm8B+5Ibj/Hgl5W
QHYmONOu/3AqffpBPp1NsH9Sk72ziEjbNpzmqMB8DD9M714Zp+qLelCRgFLRvlwl
FLpUk5v/AIJDxZo//l5adAxJa7yIm7ENszFYkh5dwx23qEX5D00H5o4e6Jk+LSnC
a5hmlWr3DBTaQivQS1XNpHPQ6v2s+hJRcZyDGUcaxoEYvsZQ8H6tyEWE0oyI
-----END CERTIFICATE-----