Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/N3q6u0fJAm5cfueMeHqWslOkGeg.roa
File:                     N3q6u0fJAm5cfueMeHqWslOkGeg.roa (raw, json)
Hash identifier:          PA7XmdPesUmpMNoT7zqJAR9d7u3yrzJY6Ip8rCLxobU=
Subject key identifier:   37:7A:BA:BB:47:C9:02:6E:5C:7E:E7:8C:78:7A:96:B2:53:A4:19:E8
Certificate issuer:       /CN=b83b5cdb65ecc5bd746d8b74982831a6d8dc1053
Certificate serial:       0194236A0C80765A8B616FEE6D870B001902
Authority key identifier: B8:3B:5C:DB:65:EC:C5:BD:74:6D:8B:74:98:28:31:A6:D8:DC:10:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uDtc22Xsxb10bYt0mCgxptjcEFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/N3q6u0fJAm5cfueMeHqWslOkGeg.roa
Signing time:             Wed 01 Jan 2025 19:49:00 +0000
ROA not before:           Wed 01 Jan 2025 19:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60111
IP address blocks:        185.193.236.0/22 maxlen: 22
                          2a0a:4140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/uDtc22Xsxb10bYt0mCgxptjcEFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/uDtc22Xsxb10bYt0mCgxptjcEFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uDtc22Xsxb10bYt0mCgxptjcEFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:0c:80:76:5a:8b:61:6f:ee:6d:87:0b:00:19:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b83b5cdb65ecc5bd746d8b74982831a6d8dc1053
        Validity
            Not Before: Jan  1 19:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=377ababb47c9026e5c7ee78c787a96b253a419e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:4b:21:f4:02:32:9e:c9:84:30:37:75:36:68:
                    4d:42:eb:0f:1e:e9:b2:75:1d:96:11:dd:7c:84:96:
                    68:d7:41:9d:31:2d:08:c6:8c:b7:3e:65:29:43:f3:
                    43:9f:0d:12:34:56:b8:72:86:00:0d:2d:9d:3c:b7:
                    a5:50:98:89:1b:37:30:18:e2:49:59:ef:04:3e:ac:
                    5e:1a:f6:c4:dc:c4:71:e7:ac:9d:f7:30:d5:ae:26:
                    c9:91:e5:3f:68:6f:a5:c8:a0:5c:ca:3b:a9:13:07:
                    50:3b:c1:a4:e7:4b:68:31:4d:59:49:8b:39:95:43:
                    0d:d5:43:76:de:d5:14:21:46:bf:9c:f2:df:c5:12:
                    5c:52:dd:1d:d8:22:39:d4:a7:ad:76:ab:bd:71:ac:
                    c0:1c:0f:93:6f:dc:a2:09:bf:ee:2a:7b:e5:4c:95:
                    cf:f1:6d:1f:6b:43:8c:31:33:dd:19:02:45:ce:32:
                    9c:e1:a1:6a:d4:39:46:e2:47:83:c0:cf:73:d8:84:
                    79:d8:73:ab:97:0c:af:83:f3:1d:83:76:f6:75:01:
                    d4:76:e4:1f:f1:19:77:47:55:94:d0:84:31:49:0a:
                    e6:88:60:3c:39:0d:82:97:de:15:25:53:77:fa:09:
                    19:7d:55:ab:4f:2e:8a:a4:c3:b6:77:17:3a:0a:aa:
                    40:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:7A:BA:BB:47:C9:02:6E:5C:7E:E7:8C:78:7A:96:B2:53:A4:19:E8
            X509v3 Authority Key Identifier:
                keyid:B8:3B:5C:DB:65:EC:C5:BD:74:6D:8B:74:98:28:31:A6:D8:DC:10:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uDtc22Xsxb10bYt0mCgxptjcEFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/N3q6u0fJAm5cfueMeHqWslOkGeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/uDtc22Xsxb10bYt0mCgxptjcEFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.236.0/22
                IPv6:
                  2a0a:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:2a:88:f3:2e:d5:12:c7:39:88:52:ff:2a:7f:2f:3d:80:8d:
         d1:bb:9f:48:48:d6:1a:f9:06:19:2a:5d:a0:93:8e:67:90:0a:
         ea:6b:e4:c2:42:31:b9:15:93:93:54:9f:ab:1f:0e:62:02:fc:
         46:f0:8c:7d:00:63:e7:af:db:14:66:99:1e:ea:d6:12:92:93:
         20:8c:45:41:54:08:8f:bc:1a:c9:04:f6:41:83:f5:0c:1f:11:
         a7:36:c9:ee:a4:2e:d1:c3:84:9c:0f:bf:39:92:1c:36:da:32:
         9d:81:70:b9:47:66:a0:d5:73:de:90:64:32:7d:cb:ac:ab:ec:
         6b:19:ef:3b:82:f4:e7:05:ac:80:2f:91:99:a9:37:04:f7:cb:
         22:8b:99:c3:49:25:7d:3e:a7:cb:57:bf:ab:d2:72:50:df:15:
         bd:e7:ca:d6:b2:91:d5:90:51:bd:41:7c:63:48:a5:10:ac:16:
         fa:d5:c5:9a:5f:b1:d8:5d:44:4c:ea:a5:fe:fb:8e:df:6c:a9:
         12:46:fc:05:b1:00:58:cb:4c:c4:83:a0:c6:2b:65:37:d9:c0:
         11:d8:ef:0a:59:f4:18:06:71:12:da:26:9c:83:cd:e9:94:bc:
         8c:91:fc:7f:c1:fd:7d:d7:0d:70:13:e7:0b:a8:b5:55:dd:82:
         58:d3:0c:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjagyAdlqLYW/ubYcLABkCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4M2I1Y2RiNjVlY2M1YmQ3NDZkOGI3NDk4MjgzMWE2ZDhk
YzEwNTMwHhcNMjUwMTAxMTk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzdhYmFiYjQ3YzkwMjZlNWM3ZWU3OGM3ODdhOTZiMjUzYTQxOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhksh9AIynsmEMDd1NmhNQusPHumy
dR2WEd18hJZo10GdMS0Ixoy3PmUpQ/NDnw0SNFa4coYADS2dPLelUJiJGzcwGOJJ
We8EPqxeGvbE3MRx56yd9zDVribJkeU/aG+lyKBcyjupEwdQO8Gk50toMU1ZSYs5
lUMN1UN23tUUIUa/nPLfxRJcUt0d2CI51Ketdqu9cazAHA+Tb9yiCb/uKnvlTJXP
8W0fa0OMMTPdGQJFzjKc4aFq1DlG4keDwM9z2IR52HOrlwyvg/Mdg3b2dQHUduQf
8Rl3R1WU0IQxSQrmiGA8OQ2Cl94VJVN3+gkZfVWrTy6KpMO2dxc6CqpANwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDd6urtHyQJuXH7njHh6lrJTpBnoMB8GA1UdIwQY
MBaAFLg7XNtl7MW9dG2LdJgoMabY3BBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUR0YzIyWHN4YjEwYll0MG1DZ3hwdGpjRUZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80YjhmNWEtMjRlMC00ZWRlLWE0YWIt
NTBjNzg5MTZmOGUzLzEvTjNxNnUwZkpBbTVjZnVlTWVIcVdzbE9rR2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80YjhmNWEtMjRlMC00ZWRlLWE0YWItNTBjNzg5MTZmOGUz
LzEvdUR0YzIyWHN4YjEwYll0MG1DZ3hwdGpjRUZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucHsMA0E
AgACMAcDBQMqCkFAMA0GCSqGSIb3DQEBCwUAA4IBAQA2KojzLtUSxzmIUv8qfy89
gI3Ru59ISNYa+QYZKl2gk45nkArqa+TCQjG5FZOTVJ+rHw5iAvxG8Ix9AGPnr9sU
Zpke6tYSkpMgjEVBVAiPvBrJBPZBg/UMHxGnNsnupC7Rw4ScD785khw22jKdgXC5
R2ag1XPekGQyfcusq+xrGe87gvTnBayAL5GZqTcE98sii5nDSSV9PqfLV7+r0nJQ
3xW958rWspHVkFG9QXxjSKUQrBb61cWaX7HYXURM6qX++47fbKkSRvwFsQBYy0zE
g6DGK2U32cAR2O8KWfQYBnES2iacg83plLyMkfx/wf191w1wE+cLqLVV3YJY0wy3
-----END CERTIFICATE-----