Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/N3VmvFOmqCre_Lx0IfYjn2v2b6w.roa
File:                     N3VmvFOmqCre_Lx0IfYjn2v2b6w.roa (raw, json)
Hash identifier:          bp1wfw2pyxZJdYCZm2jvav72UAXwLNhJfCLzE6u3iuo=
Subject key identifier:   37:75:66:BC:53:A6:A8:2A:DE:FC:BC:74:21:F6:23:9F:6B:F6:6F:AC
Certificate issuer:       /CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
Certificate serial:       01942827E669781303B65BD06D6A73A74FF1
Authority key identifier: 49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/N3VmvFOmqCre_Lx0IfYjn2v2b6w.roa
Signing time:             Thu 02 Jan 2025 17:54:51 +0000
ROA not before:           Thu 02 Jan 2025 17:54:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        45.81.232.0/22 maxlen: 24
                          2a0e:66c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:e6:69:78:13:03:b6:5b:d0:6d:6a:73:a7:4f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49722a0ca8bbc94d48a5cb48ccc92efef845a7e3
        Validity
            Not Before: Jan  2 17:54:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=377566bc53a6a82adefcbc7421f6239f6bf66fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:23:2b:d5:1f:42:b1:8c:1e:8e:c4:c7:54:c0:
                    4b:1a:6c:4a:eb:17:cc:0b:cc:8a:80:0d:e7:3a:e9:
                    48:c8:64:2a:e5:84:8b:72:42:39:c9:2c:9b:e9:f4:
                    7e:b3:42:ee:88:30:82:15:0a:8f:a3:e0:f7:30:cf:
                    6f:a2:45:36:8c:e0:55:c1:f8:dc:c9:9b:f2:7e:3a:
                    44:a4:66:bf:4f:fa:5e:42:2f:b2:a7:55:6b:bb:26:
                    8d:a8:75:d8:6b:1d:35:8f:77:a6:28:75:88:f4:b8:
                    de:9b:e9:d2:32:da:18:f5:e1:77:b7:b0:53:5b:ed:
                    04:6d:c8:42:fb:12:27:4f:a7:39:b4:22:d3:0c:1d:
                    b1:b1:94:a4:80:22:83:60:7e:d7:f6:26:52:95:b2:
                    4c:eb:54:94:d3:e2:c0:8e:2c:99:62:6b:1b:db:a3:
                    62:da:07:af:27:d7:75:d6:e0:03:f7:75:6f:71:eb:
                    07:68:2b:e6:7c:fe:31:9e:49:9f:26:32:ce:02:4b:
                    3a:fc:d8:dd:84:09:4f:b7:ef:fd:05:2c:ea:17:8f:
                    7e:bc:e5:6d:78:71:dd:4e:95:49:6a:e6:f8:a3:f2:
                    d0:e6:94:b9:de:db:5b:49:d7:d8:72:a4:e5:38:70:
                    06:71:83:6d:93:1f:59:34:c1:b7:95:98:25:b4:79:
                    75:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:75:66:BC:53:A6:A8:2A:DE:FC:BC:74:21:F6:23:9F:6B:F6:6F:AC
            X509v3 Authority Key Identifier:
                keyid:49:72:2A:0C:A8:BB:C9:4D:48:A5:CB:48:CC:C9:2E:FE:F8:45:A7:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SXIqDKi7yU1IpctIzMku_vhFp-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/N3VmvFOmqCre_Lx0IfYjn2v2b6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ec5208-f695-4bdb-9bb2-e18fa658055a/1/SXIqDKi7yU1IpctIzMku_vhFp-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.232.0/22
                IPv6:
                  2a0e:66c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:35:ab:5b:49:9d:ae:46:55:5a:c7:79:f2:51:4c:21:24:0b:
         55:f2:ed:f3:32:1f:3d:06:02:d2:21:51:25:a0:cd:6c:8b:cc:
         21:c8:3d:36:2a:08:4f:bd:10:09:4e:8f:99:17:45:e8:4e:36:
         ce:92:ce:da:1a:c5:e7:c7:76:96:69:c3:67:48:71:8d:17:f7:
         c4:1a:e4:87:b7:2e:b0:95:dd:78:ef:c6:1b:fe:aa:dc:81:aa:
         9c:ce:fd:13:2a:a0:a0:df:ae:87:92:67:04:22:1b:4e:3d:bb:
         70:3d:d1:b2:0b:21:b6:1f:33:80:17:97:2f:9d:ec:4c:77:9e:
         cd:21:61:3d:48:00:d0:db:41:26:c2:a9:b0:22:e6:d6:23:6f:
         fd:c7:a4:46:3e:60:f2:4b:08:47:41:cf:ef:e6:39:4d:d2:66:
         f5:f6:f2:d7:fa:85:be:cb:0d:cf:31:20:6a:45:38:fc:fc:61:
         a6:27:08:a0:bc:dc:5b:dd:b0:91:5b:2c:97:9c:56:02:e8:92:
         99:4d:26:4e:16:5d:d3:e8:f2:14:19:67:82:20:eb:38:4c:e1:
         5b:9f:eb:7a:66:8e:48:7a:91:93:9b:ec:97:ed:5a:6b:de:80:
         e2:e1:c9:e0:05:23:41:36:f6:7b:da:66:44:de:80:69:86:e5:
         88:9a:3e:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJ+ZpeBMDtlvQbWpzp0/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NzIyYTBjYThiYmM5NGQ0OGE1Y2I0OGNjYzkyZWZlZjg0
NWE3ZTMwHhcNMjUwMTAyMTc1NDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc1NjZiYzUzYTZhODJhZGVmY2JjNzQyMWY2MjM5ZjZiZjY2ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyMr1R9CsYwejsTHVMBLGmxK6xfM
C8yKgA3nOulIyGQq5YSLckI5ySyb6fR+s0LuiDCCFQqPo+D3MM9vokU2jOBVwfjc
yZvyfjpEpGa/T/peQi+yp1VruyaNqHXYax01j3emKHWI9Ljem+nSMtoY9eF3t7BT
W+0EbchC+xInT6c5tCLTDB2xsZSkgCKDYH7X9iZSlbJM61SU0+LAjiyZYmsb26Ni
2gevJ9d11uAD93VvcesHaCvmfP4xnkmfJjLOAks6/NjdhAlPt+/9BSzqF49+vOVt
eHHdTpVJaub4o/LQ5pS53ttbSdfYcqTlOHAGcYNtkx9ZNMG3lZgltHl1mwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDd1ZrxTpqgq3vy8dCH2I59r9m+sMB8GA1UdIwQY
MBaAFElyKgyou8lNSKXLSMzJLv74RafjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjIt
ZTE4ZmE2NTgwNTVhLzEvTjNWbXZGT21xQ3JlX0x4MElmWWpuMnYyYjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9lYzUyMDgtZjY5NS00YmRiLTliYjItZTE4ZmE2NTgwNTVh
LzEvU1hJcURLaTd5VTFJcGN0SXpNa3VfdmhGcC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVHoMA0E
AgACMAcDBQMqDmbAMA0GCSqGSIb3DQEBCwUAA4IBAQBgNatbSZ2uRlVax3nyUUwh
JAtV8u3zMh89BgLSIVEloM1si8whyD02KghPvRAJTo+ZF0XoTjbOks7aGsXnx3aW
acNnSHGNF/fEGuSHty6wld1478Yb/qrcgaqczv0TKqCg366HkmcEIhtOPbtwPdGy
CyG2HzOAF5cvnexMd57NIWE9SADQ20EmwqmwIubWI2/9x6RGPmDySwhHQc/v5jlN
0mb19vLX+oW+yw3PMSBqRTj8/GGmJwigvNxb3bCRWyyXnFYC6JKZTSZOFl3T6PIU
GWeCIOs4TOFbn+t6Zo5IepGTm+yX7Vpr3oDi4cngBSNBNvZ72mZE3oBphuWImj76
-----END CERTIFICATE-----