Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/0cf7b9-938f-4c17-8ec7-d18d1ea568f5/1/n3Rb7e4leVAV_P84v_-RNrezbUU.roa
File:                     n3Rb7e4leVAV_P84v_-RNrezbUU.roa (raw, json)
Hash identifier:          nU0WMWHhxMdmntA6B1n8DiXNUPiYR3E/XJsxM+pnKTc=
Subject key identifier:   9F:74:5B:ED:EE:25:79:50:15:FC:FF:38:BF:FF:91:36:B7:B3:6D:45
Certificate issuer:       /CN=e4202a3fc1a8e85c9dfd2d65d319a80dd1fb917d
Certificate serial:       019426D9B13293369159689B1D2842302660
Authority key identifier: E4:20:2A:3F:C1:A8:E8:5C:9D:FD:2D:65:D3:19:A8:0D:D1:FB:91:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5CAqP8Go6Fyd_S1l0xmoDdH7kX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/0cf7b9-938f-4c17-8ec7-d18d1ea568f5/1/n3Rb7e4leVAV_P84v_-RNrezbUU.roa
Signing time:             Thu 02 Jan 2025 11:49:48 +0000
ROA not before:           Thu 02 Jan 2025 11:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208348
IP address blocks:        45.142.160.0/22 maxlen: 22
                          193.3.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/0cf7b9-938f-4c17-8ec7-d18d1ea568f5/1/5CAqP8Go6Fyd_S1l0xmoDdH7kX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/0cf7b9-938f-4c17-8ec7-d18d1ea568f5/1/5CAqP8Go6Fyd_S1l0xmoDdH7kX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5CAqP8Go6Fyd_S1l0xmoDdH7kX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b1:32:93:36:91:59:68:9b:1d:28:42:30:26:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4202a3fc1a8e85c9dfd2d65d319a80dd1fb917d
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f745bedee25795015fcff38bfff9136b7b36d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:40:38:0c:60:3c:9b:e9:91:72:ba:27:30:7d:
                    4a:dd:4c:66:69:8c:c5:e1:2b:92:ab:78:f2:bc:de:
                    29:73:f7:a7:76:4d:58:08:ff:dd:ea:d9:4a:3b:ce:
                    59:9c:52:12:a1:d9:68:40:46:fe:56:f9:e3:a4:3b:
                    3d:26:38:06:40:7e:3d:03:2a:66:5b:07:16:38:e2:
                    37:e4:1b:81:d1:ba:2d:cf:ba:15:36:3a:0f:01:58:
                    d2:ca:cd:62:3b:56:3e:00:b2:a1:85:97:51:3a:43:
                    13:cd:f7:5d:01:61:71:e3:d5:97:f6:f1:e9:90:16:
                    fd:3c:b8:ac:60:e1:c0:5c:0c:4f:00:97:f2:c7:df:
                    ba:1b:0d:6e:54:99:3a:f3:a5:5a:47:79:75:d8:5f:
                    9e:4c:f7:24:7b:d1:17:22:ef:e9:17:28:3b:c5:36:
                    a5:58:d9:5e:df:1b:92:e2:ab:40:e2:f8:80:1e:e6:
                    65:9e:8e:04:91:ac:8b:04:08:94:e9:33:91:bf:0b:
                    a7:da:6f:df:e6:c2:b7:63:29:b2:58:85:7c:e4:f3:
                    3c:78:7b:1b:1a:a0:2e:04:18:59:10:16:e3:45:3d:
                    e1:c5:85:50:b7:a6:60:23:10:12:69:48:a7:6f:86:
                    ea:1f:d5:c1:6a:fd:3e:a4:d8:ed:68:39:31:19:88:
                    8d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:74:5B:ED:EE:25:79:50:15:FC:FF:38:BF:FF:91:36:B7:B3:6D:45
            X509v3 Authority Key Identifier:
                keyid:E4:20:2A:3F:C1:A8:E8:5C:9D:FD:2D:65:D3:19:A8:0D:D1:FB:91:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5CAqP8Go6Fyd_S1l0xmoDdH7kX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/0cf7b9-938f-4c17-8ec7-d18d1ea568f5/1/n3Rb7e4leVAV_P84v_-RNrezbUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/0cf7b9-938f-4c17-8ec7-d18d1ea568f5/1/5CAqP8Go6Fyd_S1l0xmoDdH7kX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.160.0/22
                  193.3.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:bf:d8:f5:a1:47:09:70:54:29:9f:3b:9a:e8:19:c4:ca:a1:
         7e:5c:08:c5:b4:28:06:39:6b:d4:bd:a0:a3:3e:3f:49:a0:c3:
         2b:c5:fb:b9:5d:8f:e2:f7:8c:9f:00:cf:41:6d:60:b1:ba:52:
         1c:bc:ab:0f:50:03:6f:b3:da:0d:43:d0:42:77:b0:04:1d:cf:
         fe:16:36:39:6b:74:b1:33:74:f0:21:d2:90:65:be:81:3d:b2:
         f4:ca:33:01:ae:18:6a:44:ef:52:e5:1d:ce:7b:f8:d2:76:a8:
         b9:9d:81:65:a8:5a:46:8f:02:59:80:8e:e1:ba:a5:e8:1f:74:
         22:f8:89:6e:ff:f1:d4:bd:25:c0:f2:f6:45:e9:a2:a2:8f:1b:
         79:05:49:d5:4d:54:f4:89:d7:7d:45:c6:28:eb:db:94:f6:c5:
         79:3e:ef:07:92:9f:de:7e:13:37:9f:c4:9d:78:6d:6c:47:48:
         4c:38:b1:cc:f8:30:3d:40:8e:3f:28:02:f1:fe:84:eb:32:ae:
         bf:71:bc:bf:1d:4b:b5:12:d4:47:10:55:47:d2:8f:38:d3:0f:
         28:d8:44:f3:5e:d4:2d:80:4f:ff:f4:d0:9d:0e:14:39:8d:3e:
         49:cb:8d:77:6e:2a:64:ac:83:5d:b8:f3:a5:a3:56:b0:1f:a5:
         22:1c:80:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2bEykzaRWWibHShCMCZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MjAyYTNmYzFhOGU4NWM5ZGZkMmQ2NWQzMTlhODBkZDFm
YjkxN2QwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc0NWJlZGVlMjU3OTUwMTVmY2ZmMzhiZmZmOTEzNmI3YjM2ZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0A4DGA8m+mRcronMH1K3UxmaYzF
4SuSq3jyvN4pc/endk1YCP/d6tlKO85ZnFISodloQEb+VvnjpDs9JjgGQH49Aypm
WwcWOOI35BuB0botz7oVNjoPAVjSys1iO1Y+ALKhhZdROkMTzfddAWFx49WX9vHp
kBb9PLisYOHAXAxPAJfyx9+6Gw1uVJk686VaR3l12F+eTPcke9EXIu/pFyg7xTal
WNle3xuS4qtA4viAHuZlno4EkayLBAiU6TORvwun2m/f5sK3YymyWIV85PM8eHsb
GqAuBBhZEBbjRT3hxYVQt6ZgIxASaUinb4bqH9XBav0+pNjtaDkxGYiNOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ90W+3uJXlQFfz/OL//kTa3s21FMB8GA1UdIwQY
MBaAFOQgKj/BqOhcnf0tZdMZqA3R+5F9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUNBcVA4R282RnlkX1MxbDB4bW9EZEg3a1gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8wY2Y3YjktOTM4Zi00YzE3LThlYzct
ZDE4ZDFlYTU2OGY1LzEvbjNSYjdlNGxlVkFWX1A4NHZfLVJOcmV6YlVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8wY2Y3YjktOTM4Zi00YzE3LThlYzctZDE4ZDFlYTU2OGY1
LzEvNUNBcVA4R282RnlkX1MxbDB4bW9EZEg3a1gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY6gAwQA
wQPxMA0GCSqGSIb3DQEBCwUAA4IBAQCIv9j1oUcJcFQpnzua6BnEyqF+XAjFtCgG
OWvUvaCjPj9JoMMrxfu5XY/i94yfAM9BbWCxulIcvKsPUANvs9oNQ9BCd7AEHc/+
FjY5a3SxM3TwIdKQZb6BPbL0yjMBrhhqRO9S5R3Oe/jSdqi5nYFlqFpGjwJZgI7h
uqXoH3Qi+Ilu//HUvSXA8vZF6aKijxt5BUnVTVT0idd9RcYo69uU9sV5Pu8Hkp/e
fhM3n8SdeG1sR0hMOLHM+DA9QI4/KALx/oTrMq6/cby/HUu1EtRHEFVH0o840w8o
2ETzXtQtgE//9NCdDhQ5jT5Jy413bipkrINduPOlo1awH6UiHIDH
-----END CERTIFICATE-----