Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/jeU3xqGrcmxdIS4lfaliQojmUd4.roa
File:                     jeU3xqGrcmxdIS4lfaliQojmUd4.roa (raw, json)
Hash identifier:          WoVvfzkH0PYO9V3NP53Pv15mZRXcsOzFbw+RGpI6V54=
Subject key identifier:   8D:E5:37:C6:A1:AB:72:6C:5D:21:2E:25:7D:A9:62:42:88:E6:51:DE
Certificate issuer:       /CN=37915673b28bdfadb2c2019ac68d0464fd21b71a
Certificate serial:       019425FCB06EB791240129F98499054A0D19
Authority key identifier: 37:91:56:73:B2:8B:DF:AD:B2:C2:01:9A:C6:8D:04:64:FD:21:B7:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/jeU3xqGrcmxdIS4lfaliQojmUd4.roa
Signing time:             Thu 02 Jan 2025 07:48:24 +0000
ROA not before:           Thu 02 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2830
IP address blocks:        145.32.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b0:6e:b7:91:24:01:29:f9:84:99:05:4a:0d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37915673b28bdfadb2c2019ac68d0464fd21b71a
        Validity
            Not Before: Jan  2 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8de537c6a1ab726c5d212e257da9624288e651de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8e:57:88:fc:64:8a:ea:da:f9:db:2b:32:50:
                    57:89:67:5e:a9:63:ce:08:01:d4:46:39:df:52:56:
                    f8:08:e2:2d:ee:df:1e:92:c9:38:86:97:e6:8c:49:
                    7e:22:71:6f:6b:a7:ed:75:65:dc:76:7d:ab:92:89:
                    51:31:fb:a6:7c:d8:ac:35:c2:7f:ee:75:88:61:58:
                    c8:77:6f:43:f5:a0:ca:8e:7e:b7:62:75:ff:87:9b:
                    d5:68:28:14:cd:99:a5:75:9f:ab:ea:22:7b:5b:0a:
                    23:e3:a9:e9:0b:3e:d8:00:e4:b7:e4:3c:04:7c:4f:
                    6a:11:8a:c8:5b:08:45:1c:a1:6f:41:8f:8a:f9:20:
                    64:d1:08:0c:f4:fd:fd:7d:98:b9:64:93:6d:54:dd:
                    21:1a:9d:7c:64:d1:c3:a6:72:31:36:eb:e0:32:c6:
                    eb:41:ce:15:b4:b7:4d:43:a5:c9:f2:9c:ce:60:6f:
                    b1:56:67:79:69:2b:33:d5:9e:92:0e:f2:4b:18:e2:
                    8e:a5:fc:9e:59:c8:a7:ca:f3:a8:aa:dc:0a:bb:26:
                    8e:c9:ef:b2:fb:46:2b:30:56:44:83:66:a0:e9:85:
                    48:5d:44:9f:fe:96:0a:d9:cf:79:11:39:f1:9a:ed:
                    bb:b0:c0:58:04:38:0b:85:20:0a:cf:25:0d:84:55:
                    fc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E5:37:C6:A1:AB:72:6C:5D:21:2E:25:7D:A9:62:42:88:E6:51:DE
            X509v3 Authority Key Identifier:
                keyid:37:91:56:73:B2:8B:DF:AD:B2:C2:01:9A:C6:8D:04:64:FD:21:B7:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/jeU3xqGrcmxdIS4lfaliQojmUd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.32.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:77:60:c4:47:14:60:11:11:be:46:ae:8c:a2:cb:e8:1f:8a:
         cf:cf:63:b1:77:14:de:e5:46:3d:70:43:2e:b0:0b:d7:d0:7e:
         f0:6c:41:e5:b5:9a:4e:c3:65:ad:99:c6:69:80:88:81:fb:af:
         c6:82:75:8a:52:7b:2e:21:25:49:4a:42:ff:f4:89:4f:19:c8:
         1b:d7:50:14:31:82:d8:dc:eb:af:a0:5b:a2:5f:d8:b7:9d:79:
         aa:b4:94:60:36:1d:d2:3b:af:35:4e:63:25:93:2e:52:12:d7:
         23:b1:1d:f5:19:fe:bb:76:8a:47:eb:9c:3a:bd:c0:5e:82:66:
         c7:75:8e:11:f9:86:91:0b:5e:12:ba:8b:4f:72:21:a9:24:c5:
         e9:c1:0a:33:37:63:92:c3:15:f7:72:c3:8e:04:25:1f:dd:95:
         6f:b9:6c:3c:38:1e:94:8e:99:e2:ef:15:59:c6:ca:e9:17:cb:
         a4:dd:53:e7:ec:0c:48:e2:fc:0a:44:3c:06:86:bb:b1:bf:ae:
         e2:7d:cf:32:a8:09:b8:97:18:fe:e4:c7:e3:d3:d8:44:34:7e:
         59:74:a8:5d:17:06:46:e5:2c:dd:49:82:af:70:4c:48:4d:f4:
         49:3a:4c:8d:2d:ea:5c:9e:b3:be:4f:2a:f3:1c:e9:7e:0e:a0:
         d5:fe:bb:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LBut5EkASn5hJkFSg0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTE1NjczYjI4YmRmYWRiMmMyMDE5YWM2OGQwNDY0ZmQy
MWI3MWEwHhcNMjUwMTAyMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGU1MzdjNmExYWI3MjZjNWQyMTJlMjU3ZGE5NjI0Mjg4ZTY1MWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro5XiPxkiura+dsrMlBXiWdeqWPO
CAHURjnfUlb4COIt7t8eksk4hpfmjEl+InFva6ftdWXcdn2rkolRMfumfNisNcJ/
7nWIYVjId29D9aDKjn63YnX/h5vVaCgUzZmldZ+r6iJ7Wwoj46npCz7YAOS35DwE
fE9qEYrIWwhFHKFvQY+K+SBk0QgM9P39fZi5ZJNtVN0hGp18ZNHDpnIxNuvgMsbr
Qc4VtLdNQ6XJ8pzOYG+xVmd5aSsz1Z6SDvJLGOKOpfyeWcinyvOoqtwKuyaOye+y
+0YrMFZEg2ag6YVIXUSf/pYK2c95ETnxmu27sMBYBDgLhSAKzyUNhFX8iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3lN8ahq3JsXSEuJX2pYkKI5lHeMB8GA1UdIwQY
MBaAFDeRVnOyi9+tssIBmsaNBGT9IbcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVGV2M3S0wzNjJ5d2dHYXhvMEVaUDBodHhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80ZWE0ZjctZDcwZS00MmEyLWFmZDct
M2UzYTE4OGY0OWRlLzEvamVVM3hxR3JjbXhkSVM0bGZhbGlRb2ptVWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80ZWE0ZjctZDcwZS00MmEyLWFmZDctM2UzYTE4OGY0OWRl
LzEvTjVGV2M3S0wzNjJ5d2dHYXhvMEVaUDBodHhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkSBkMA0G
CSqGSIb3DQEBCwUAA4IBAQAad2DERxRgERG+Rq6MosvoH4rPz2OxdxTe5UY9cEMu
sAvX0H7wbEHltZpOw2WtmcZpgIiB+6/GgnWKUnsuISVJSkL/9IlPGcgb11AUMYLY
3OuvoFuiX9i3nXmqtJRgNh3SO681TmMlky5SEtcjsR31Gf67dopH65w6vcBegmbH
dY4R+YaRC14SuotPciGpJMXpwQozN2OSwxX3csOOBCUf3ZVvuWw8OB6Ujpni7xVZ
xsrpF8uk3VPn7AxI4vwKRDwGhruxv67ifc8yqAm4lxj+5Mfj09hENH5ZdKhdFwZG
5SzdSYKvcExITfRJOkyNLepcnrO+TyrzHOl+DqDV/rvW
-----END CERTIFICATE-----