Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/N_RvzAFo1FROr_CjpgMoL54Byzo.roa
File:                     N_RvzAFo1FROr_CjpgMoL54Byzo.roa (raw, json)
Hash identifier:          5jALOxwHrIhM1vr99wyMmjWkke8f5oaIu302Gl2uxRE=
Subject key identifier:   37:F4:6F:CC:01:68:D4:54:4E:AF:F0:A3:A6:03:28:2F:9E:01:CB:3A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190BC637B63C142880380DC707724314A32
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/N_RvzAFo1FROr_CjpgMoL54Byzo.roa
Signing time:             Tue 16 Jul 2024 16:32:34 +0000
ROA not before:           Tue 16 Jul 2024 16:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        82.153.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bc:63:7b:63:c1:42:88:03:80:dc:70:77:24:31:4a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 16 16:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37f46fcc0168d4544eaff0a3a603282f9e01cb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e9:6b:08:d5:7c:5a:da:18:45:0f:db:d4:8a:
                    19:a0:c7:fc:32:fc:0e:25:ee:a6:83:92:a9:f8:56:
                    be:0a:e9:d1:6d:b6:c2:1a:a4:9e:d5:f3:11:69:98:
                    ff:9b:ff:ce:d0:d7:5c:c5:5b:4c:81:45:d9:04:39:
                    33:a0:f3:6f:45:b9:34:87:2e:5a:04:7a:06:4b:55:
                    55:3a:96:c9:de:3e:5d:b7:e6:24:56:97:60:a8:b9:
                    7d:db:aa:80:00:92:a4:04:4a:c5:03:05:eb:26:7f:
                    ab:c6:64:12:c8:92:19:aa:db:3a:41:e1:6c:3a:02:
                    35:72:d6:e3:ca:cb:24:70:9a:37:22:f4:46:15:63:
                    91:7a:35:70:e9:95:8e:04:cc:23:bb:6b:c0:97:84:
                    70:fb:51:ce:d9:b4:81:23:d9:20:61:e8:ad:a4:e7:
                    16:1b:6c:45:89:3a:fc:e0:03:db:84:21:1f:f8:e9:
                    20:ca:3a:5b:c1:34:d1:26:25:a3:d8:aa:e9:ac:58:
                    95:11:00:d6:44:a9:5a:49:65:d3:ca:40:7d:dc:d8:
                    92:3b:86:99:ee:d9:77:d2:ad:17:0b:4d:d8:ee:fa:
                    b6:87:4c:7b:5c:69:ea:33:28:c5:94:7e:e7:cd:25:
                    f0:c9:f9:95:f3:7d:6e:b3:5c:79:5b:56:b7:1d:7f:
                    9e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F4:6F:CC:01:68:D4:54:4E:AF:F0:A3:A6:03:28:2F:9E:01:CB:3A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/N_RvzAFo1FROr_CjpgMoL54Byzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:db:12:30:59:cf:7d:51:b7:f9:d2:3d:ec:a3:47:cc:35:42:
         5a:15:c6:25:dc:7b:48:2c:e9:25:8e:78:a0:88:e0:0f:6a:4c:
         dc:5a:d0:39:d4:c8:5e:a2:d0:4d:f4:d5:1e:14:4f:bc:05:13:
         b5:ce:13:4e:4e:a8:0d:14:b7:c9:8e:7c:45:a5:bd:4f:ad:2f:
         39:bd:62:4e:ca:a4:a4:04:93:b3:cc:9a:b1:b4:65:bd:ef:33:
         0e:68:98:56:12:e8:fd:c2:83:0d:dc:80:f3:66:5d:89:87:a2:
         1f:f8:90:a2:ae:8c:4e:22:52:ac:6c:87:eb:1d:d2:9a:79:94:
         c2:ce:d2:3c:e7:77:bb:01:91:cf:26:4a:a2:8b:ab:81:cc:72:
         7c:92:b2:4c:af:51:ad:84:14:04:08:78:48:ef:4a:24:b2:fe:
         cc:2d:dd:09:a3:7c:35:4c:fe:12:5d:f4:48:90:af:7e:06:18:
         8b:0c:e9:47:79:84:a5:6f:0c:63:a6:48:60:0b:36:ea:93:9e:
         41:4c:08:af:f6:75:0f:6d:cd:e0:7d:45:00:fd:ca:4d:32:3d:
         53:25:4d:a6:be:47:03:f7:b8:53:dd:e4:65:09:d0:25:75:a9:
         8f:18:3c:bf:fa:f4:21:d6:63:5d:ce:da:83:a6:37:98:aa:54:
         a6:6f:5b:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC8Y3tjwUKIA4DccHckMUoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzE2MTYzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Y0NmZjYzAxNjhkNDU0NGVhZmYwYTNhNjAzMjgyZjllMDFjYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOlrCNV8WtoYRQ/b1IoZoMf8MvwO
Je6mg5Kp+Fa+CunRbbbCGqSe1fMRaZj/m//O0NdcxVtMgUXZBDkzoPNvRbk0hy5a
BHoGS1VVOpbJ3j5dt+YkVpdgqLl926qAAJKkBErFAwXrJn+rxmQSyJIZqts6QeFs
OgI1ctbjysskcJo3IvRGFWORejVw6ZWOBMwju2vAl4Rw+1HO2bSBI9kgYeitpOcW
G2xFiTr84APbhCEf+OkgyjpbwTTRJiWj2KrprFiVEQDWRKlaSWXTykB93NiSO4aZ
7tl30q0XC03Y7vq2h0x7XGnqMyjFlH7nzSXwyfmV831us1x5W1a3HX+eTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf0b8wBaNRUTq/wo6YDKC+eAcs6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTl9SdnpBRm8xRlJPcl9DanBnTW9MNTRCeXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUpnkMA0G
CSqGSIb3DQEBCwUAA4IBAQCO2xIwWc99Ubf50j3so0fMNUJaFcYl3HtILOkljnig
iOAPakzcWtA51MheotBN9NUeFE+8BRO1zhNOTqgNFLfJjnxFpb1PrS85vWJOyqSk
BJOzzJqxtGW97zMOaJhWEuj9woMN3IDzZl2Jh6If+JCiroxOIlKsbIfrHdKaeZTC
ztI853e7AZHPJkqii6uBzHJ8krJMr1GthBQECHhI70oksv7MLd0Jo3w1TP4SXfRI
kK9+BhiLDOlHeYSlbwxjpkhgCzbqk55BTAiv9nUPbc3gfUUA/cpNMj1TJU2mvkcD
97hT3eRlCdAldamPGDy/+vQh1mNdztqDpjeYqlSmb1uw
-----END CERTIFICATE-----