Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/4d2928-c636-40c0-9c9b-7990e3d1ddaa/1/MiW57nOg30xLDqZY9OOUVNFKZQY.roa
File:                     MiW57nOg30xLDqZY9OOUVNFKZQY.roa (raw, json)
Hash identifier:          2YBiQuBVr6rbcdD+nTl7ci5JjnWlTA1kLFdMgjGPElQ=
Subject key identifier:   32:25:B9:EE:73:A0:DF:4C:4B:0E:A6:58:F4:E3:94:54:D1:4A:65:06
Certificate issuer:       /CN=e2bef18e4f70d08df3fb30fee507e5b5a9196f99
Certificate serial:       01942369D8C65D829C8510B52E65E018580F
Authority key identifier: E2:BE:F1:8E:4F:70:D0:8D:F3:FB:30:FE:E5:07:E5:B5:A9:19:6F:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4r7xjk9w0I3z-zD-5QfltakZb5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/4d2928-c636-40c0-9c9b-7990e3d1ddaa/1/MiW57nOg30xLDqZY9OOUVNFKZQY.roa
Signing time:             Wed 01 Jan 2025 19:48:46 +0000
ROA not before:           Wed 01 Jan 2025 19:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61102
IP address blocks:        185.136.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/4d2928-c636-40c0-9c9b-7990e3d1ddaa/1/4r7xjk9w0I3z-zD-5QfltakZb5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/4d2928-c636-40c0-9c9b-7990e3d1ddaa/1/4r7xjk9w0I3z-zD-5QfltakZb5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4r7xjk9w0I3z-zD-5QfltakZb5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d8:c6:5d:82:9c:85:10:b5:2e:65:e0:18:58:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2bef18e4f70d08df3fb30fee507e5b5a9196f99
        Validity
            Not Before: Jan  1 19:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3225b9ee73a0df4c4b0ea658f4e39454d14a6506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:99:8b:df:0f:9b:ba:88:c6:65:4f:c4:21:
                    cf:4f:fb:3d:46:b2:86:ef:e0:fd:d1:c6:b6:cf:05:
                    d5:35:20:60:81:ea:95:6a:b8:7e:74:f3:58:d8:f9:
                    2c:3f:65:1a:a5:28:71:41:61:ff:13:4e:1b:f0:d1:
                    a6:7e:20:eb:75:a9:6c:60:b3:0b:8c:3a:88:b2:a4:
                    81:d2:48:9e:12:93:bf:be:10:d9:56:a5:d9:52:95:
                    f8:3d:19:7b:ad:0f:47:16:36:5f:08:93:63:dd:54:
                    30:1c:4d:1e:c0:d0:77:e5:cd:97:54:c8:96:3c:1a:
                    3b:32:3e:49:94:1f:4d:70:99:16:f8:5f:7c:11:23:
                    5a:94:11:f0:16:a5:f3:fa:55:a9:a4:15:70:a3:df:
                    38:cd:be:ce:c9:5b:a5:30:15:73:f4:a0:90:2c:a6:
                    60:96:8a:cb:2d:cb:9e:d8:10:e4:e9:4c:13:66:75:
                    39:d4:e2:e1:ca:63:42:53:47:99:e0:2d:c0:d7:5c:
                    9d:54:01:68:e1:26:87:fb:4e:19:6c:bb:91:f1:82:
                    88:fe:ff:ef:15:13:0b:28:04:1a:79:13:59:b7:f9:
                    3a:9d:e8:b1:e4:5d:da:b9:f1:4f:16:48:be:de:ae:
                    2d:df:40:58:bb:30:f6:f7:b1:e9:51:c9:a9:c7:52:
                    de:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:25:B9:EE:73:A0:DF:4C:4B:0E:A6:58:F4:E3:94:54:D1:4A:65:06
            X509v3 Authority Key Identifier:
                keyid:E2:BE:F1:8E:4F:70:D0:8D:F3:FB:30:FE:E5:07:E5:B5:A9:19:6F:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4r7xjk9w0I3z-zD-5QfltakZb5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4d2928-c636-40c0-9c9b-7990e3d1ddaa/1/MiW57nOg30xLDqZY9OOUVNFKZQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4d2928-c636-40c0-9c9b-7990e3d1ddaa/1/4r7xjk9w0I3z-zD-5QfltakZb5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:7d:85:6c:0f:2f:32:6f:1e:42:5c:07:8c:13:30:34:9d:78:
         96:70:b4:3c:90:3b:ca:05:59:7c:7f:83:17:dc:66:80:97:8b:
         65:9f:af:f6:dc:34:c7:09:fe:4c:49:c4:9e:1e:4a:2c:f1:5e:
         d0:d8:d4:21:80:38:f0:f9:0d:34:15:67:31:57:7d:ad:2b:20:
         cf:8b:39:d6:00:d5:5f:06:de:be:68:e7:03:74:5c:7d:2f:88:
         ba:b9:fa:b2:37:e4:9a:7f:ca:5a:99:75:c9:5a:d2:e5:72:65:
         ac:00:a2:9a:06:26:00:c9:5c:7b:93:19:c0:c1:4a:1c:8e:c5:
         83:3e:d1:4e:c2:de:74:13:99:cf:2d:c2:99:1a:f6:a7:c3:24:
         c4:cf:17:27:36:b7:3b:e6:0b:bc:d5:32:f3:62:00:db:8e:9c:
         96:b2:cc:fc:66:14:3d:91:1c:b8:51:56:7e:fe:13:16:4a:b5:
         95:2e:9b:af:e7:8d:e9:0a:df:54:98:9f:a3:ee:54:b4:bb:c8:
         83:4d:bc:56:29:45:4b:65:6b:5f:49:c8:fa:c3:81:95:46:f6:
         d4:da:2a:16:5b:89:ff:24:71:ab:2d:c5:3b:76:e7:0b:0a:53:
         22:89:63:6c:3f:fc:a1:91:d7:24:e3:07:e8:b5:40:4d:a5:79:
         a2:3e:f0:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadjGXYKchRC1LmXgGFgPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYmVmMThlNGY3MGQwOGRmM2ZiMzBmZWU1MDdlNWI1YTkx
OTZmOTkwHhcNMjUwMTAxMTk0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjI1YjllZTczYTBkZjRjNGIwZWE2NThmNGUzOTQ1NGQxNGE2NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fOZi98Pm7qIxmVPxCHPT/s9RrKG
7+D90ca2zwXVNSBggeqVarh+dPNY2PksP2UapShxQWH/E04b8NGmfiDrdalsYLML
jDqIsqSB0kieEpO/vhDZVqXZUpX4PRl7rQ9HFjZfCJNj3VQwHE0ewNB35c2XVMiW
PBo7Mj5JlB9NcJkW+F98ESNalBHwFqXz+lWppBVwo984zb7OyVulMBVz9KCQLKZg
lorLLcue2BDk6UwTZnU51OLhymNCU0eZ4C3A11ydVAFo4SaH+04ZbLuR8YKI/v/v
FRMLKAQaeRNZt/k6neix5F3aufFPFki+3q4t30BYuzD297HpUcmpx1LejwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIlue5zoN9MSw6mWPTjlFTRSmUGMB8GA1UdIwQY
MBaAFOK+8Y5PcNCN8/sw/uUH5bWpGW+ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHI3eGprOXcwSTN6LXpELTVRZmx0YWtaYjVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80ZDI5MjgtYzYzNi00MGMwLTljOWIt
Nzk5MGUzZDFkZGFhLzEvTWlXNTduT2czMHhMRHFaWTlPT1VWTkZLWlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80ZDI5MjgtYzYzNi00MGMwLTljOWItNzk5MGUzZDFkZGFh
LzEvNHI3eGprOXcwSTN6LXpELTVRZmx0YWtaYjVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYiEMA0G
CSqGSIb3DQEBCwUAA4IBAQBWfYVsDy8ybx5CXAeMEzA0nXiWcLQ8kDvKBVl8f4MX
3GaAl4tln6/23DTHCf5MScSeHkos8V7Q2NQhgDjw+Q00FWcxV32tKyDPiznWANVf
Bt6+aOcDdFx9L4i6ufqyN+Saf8pamXXJWtLlcmWsAKKaBiYAyVx7kxnAwUocjsWD
PtFOwt50E5nPLcKZGvanwyTEzxcnNrc75gu81TLzYgDbjpyWssz8ZhQ9kRy4UVZ+
/hMWSrWVLpuv543pCt9UmJ+j7lS0u8iDTbxWKUVLZWtfScj6w4GVRvbU2ioWW4n/
JHGrLcU7ducLClMiiWNsP/yhkdck4wfotUBNpXmiPvCb
-----END CERTIFICATE-----