Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/7183af-67b8-4a6c-ba1a-adaefbdefac9/1/E3L5dg5X3rqNLqYU8O9X1WsszW4.roa
File:                     E3L5dg5X3rqNLqYU8O9X1WsszW4.roa (raw, json)
Hash identifier:          OcbMuDrIfD/A7RNsLFSYw+FRN5f4hK+YArdJTnwQdlk=
Subject key identifier:   13:72:F9:76:0E:57:DE:BA:8D:2E:A6:14:F0:EF:57:D5:6B:2C:CD:6E
Certificate issuer:       /CN=14336c78d52ba8115741002b6b070d117ae9bfcd
Certificate serial:       01942444CCEC57E6B56D0FE15CC313EE9E2B
Authority key identifier: 14:33:6C:78:D5:2B:A8:11:57:41:00:2B:6B:07:0D:11:7A:E9:BF:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDNseNUrqBFXQQArawcNEXrpv80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/7183af-67b8-4a6c-ba1a-adaefbdefac9/1/E3L5dg5X3rqNLqYU8O9X1WsszW4.roa
Signing time:             Wed 01 Jan 2025 23:47:56 +0000
ROA not before:           Wed 01 Jan 2025 23:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203021
IP address blocks:        185.147.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/7183af-67b8-4a6c-ba1a-adaefbdefac9/1/FDNseNUrqBFXQQArawcNEXrpv80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/7183af-67b8-4a6c-ba1a-adaefbdefac9/1/FDNseNUrqBFXQQArawcNEXrpv80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDNseNUrqBFXQQArawcNEXrpv80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:cc:ec:57:e6:b5:6d:0f:e1:5c:c3:13:ee:9e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14336c78d52ba8115741002b6b070d117ae9bfcd
        Validity
            Not Before: Jan  1 23:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1372f9760e57deba8d2ea614f0ef57d56b2ccd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4c:ea:0d:52:c2:3a:5d:47:61:4c:29:e7:99:
                    7c:e4:07:fa:b9:d2:1a:b1:06:5b:42:6f:c5:01:ab:
                    65:72:91:af:f6:f7:51:0f:f3:84:e2:cc:75:d0:f7:
                    f7:59:f3:e8:6a:26:3b:72:97:06:bb:cc:3f:99:34:
                    6a:f1:40:bf:d2:c7:fe:f8:64:d6:ec:70:92:97:94:
                    1f:37:40:29:bf:9d:f6:cd:03:30:e2:bf:54:f8:17:
                    48:47:fc:09:dc:ad:08:26:c1:b1:f3:0b:d4:d9:ac:
                    ff:b4:fe:21:30:a1:27:bb:6e:e2:32:2d:86:8a:7c:
                    f5:d1:04:83:1f:80:3e:01:e6:82:0d:05:2f:62:a0:
                    15:45:68:f5:3d:88:99:de:e3:63:47:6a:18:2a:45:
                    be:a4:04:42:11:80:49:e9:7b:97:2f:04:1e:fe:86:
                    d6:a5:2b:59:a4:79:49:5d:2f:07:c0:f9:f1:36:12:
                    30:81:f7:4b:ff:da:7a:eb:98:ea:74:fd:7c:dc:0a:
                    e6:b7:ab:78:d9:34:38:8d:0e:a2:55:b7:cd:b5:64:
                    d6:41:f6:3e:fd:cd:06:2e:c9:db:46:5c:4a:56:58:
                    98:cf:26:e3:48:d4:db:b6:a9:68:92:96:66:20:3c:
                    11:b6:4a:6f:7c:ac:f6:2a:e7:20:d7:30:a7:02:75:
                    8d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:72:F9:76:0E:57:DE:BA:8D:2E:A6:14:F0:EF:57:D5:6B:2C:CD:6E
            X509v3 Authority Key Identifier:
                keyid:14:33:6C:78:D5:2B:A8:11:57:41:00:2B:6B:07:0D:11:7A:E9:BF:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDNseNUrqBFXQQArawcNEXrpv80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/7183af-67b8-4a6c-ba1a-adaefbdefac9/1/E3L5dg5X3rqNLqYU8O9X1WsszW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/7183af-67b8-4a6c-ba1a-adaefbdefac9/1/FDNseNUrqBFXQQArawcNEXrpv80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:b3:3b:67:12:1f:29:f2:59:8e:75:b8:aa:0c:7c:5c:61:7f:
         41:7d:40:7d:3d:17:d7:1e:16:30:70:30:26:f2:37:85:60:0c:
         df:d2:48:7f:89:9f:8c:9c:c0:1f:41:fe:26:b9:20:35:5d:04:
         c9:bb:1d:cd:4c:92:91:9a:a8:77:8c:cf:3a:58:9b:aa:60:ff:
         ce:71:32:3c:eb:1f:21:f4:6f:6f:aa:14:28:92:c8:a5:e8:dc:
         1e:0a:4d:2d:09:4c:70:1f:1d:53:f3:06:bc:6e:3e:32:62:44:
         04:de:53:8f:ec:8a:07:c4:7e:32:cb:66:30:42:86:43:f1:91:
         18:64:17:21:39:cc:db:f7:47:8e:0b:9d:5b:95:0e:df:13:1f:
         a6:78:2b:17:24:0c:5f:99:75:ef:d4:4c:f3:20:ba:51:41:b3:
         85:fd:15:06:72:e1:b7:e8:93:2e:69:77:9b:d0:37:ab:41:6d:
         9d:1d:d7:77:fc:17:2b:cf:1e:aa:93:ef:ae:fd:9d:b2:28:05:
         db:41:99:86:2f:64:f7:eb:96:f3:f3:d3:07:df:a7:db:32:27:
         f7:d2:e1:85:93:c7:25:45:57:c8:20:c1:4f:ce:2c:10:94:14:
         4d:df:86:1f:a0:16:cf:30:fe:a5:a7:7d:a7:9b:e7:d9:32:e6:
         6d:bd:a3:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRMzsV+a1bQ/hXMMT7p4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MzM2Yzc4ZDUyYmE4MTE1NzQxMDAyYjZiMDcwZDExN2Fl
OWJmY2QwHhcNMjUwMTAxMjM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzcyZjk3NjBlNTdkZWJhOGQyZWE2MTRmMGVmNTdkNTZiMmNjZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEzqDVLCOl1HYUwp55l85Af6udIa
sQZbQm/FAatlcpGv9vdRD/OE4sx10Pf3WfPoaiY7cpcGu8w/mTRq8UC/0sf++GTW
7HCSl5QfN0Apv532zQMw4r9U+BdIR/wJ3K0IJsGx8wvU2az/tP4hMKEnu27iMi2G
inz10QSDH4A+AeaCDQUvYqAVRWj1PYiZ3uNjR2oYKkW+pARCEYBJ6XuXLwQe/obW
pStZpHlJXS8HwPnxNhIwgfdL/9p665jqdP183Armt6t42TQ4jQ6iVbfNtWTWQfY+
/c0GLsnbRlxKVliYzybjSNTbtqlokpZmIDwRtkpvfKz2Kucg1zCnAnWN0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBNy+XYOV966jS6mFPDvV9VrLM1uMB8GA1UdIwQY
MBaAFBQzbHjVK6gRV0EAK2sHDRF66b/NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkROc2VOVXJxQkZYUVFBcmF3Y05FWHJwdjgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83MTgzYWYtNjdiOC00YTZjLWJhMWEt
YWRhZWZiZGVmYWM5LzEvRTNMNWRnNVgzcnFOTHFZVThPOVgxV3Nzelc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83MTgzYWYtNjdiOC00YTZjLWJhMWEtYWRhZWZiZGVmYWM5
LzEvRkROc2VOVXJxQkZYUVFBcmF3Y05FWHJwdjgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZN4MA0G
CSqGSIb3DQEBCwUAA4IBAQAdsztnEh8p8lmOdbiqDHxcYX9BfUB9PRfXHhYwcDAm
8jeFYAzf0kh/iZ+MnMAfQf4muSA1XQTJux3NTJKRmqh3jM86WJuqYP/OcTI86x8h
9G9vqhQoksil6NweCk0tCUxwHx1T8wa8bj4yYkQE3lOP7IoHxH4yy2YwQoZD8ZEY
ZBchOczb90eOC51blQ7fEx+meCsXJAxfmXXv1EzzILpRQbOF/RUGcuG36JMuaXeb
0DerQW2dHdd3/Bcrzx6qk++u/Z2yKAXbQZmGL2T365bz89MH36fbMif30uGFk8cl
RVfIIMFPziwQlBRN34YfoBbPMP6lp32nm+fZMuZtvaMC
-----END CERTIFICATE-----