Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/3c3da0-d3f8-4aa2-8334-26d759365402/1/zIR-Nz3H2D4s_KM8Bm98PoR8Mws.roa
File:                     zIR-Nz3H2D4s_KM8Bm98PoR8Mws.roa (raw, json)
Hash identifier:          vxeo0iUuDX5Ze9Stf4uTh6KeWV+Vu5qvbWwTZuqVEFY=
Subject key identifier:   CC:84:7E:37:3D:C7:D8:3E:2C:FC:A3:3C:06:6F:7C:3E:84:7C:33:0B
Certificate issuer:       /CN=36242148e3e636a90343f3e95044b8dfdb9d1cd9
Certificate serial:       0195C943AAA386D077BB8FE7E3DD7595DEA0
Authority key identifier: 36:24:21:48:E3:E6:36:A9:03:43:F3:E9:50:44:B8:DF:DB:9D:1C:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiQhSOPmNqkDQ_PpUES439udHNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/3c3da0-d3f8-4aa2-8334-26d759365402/1/zIR-Nz3H2D4s_KM8Bm98PoR8Mws.roa
Signing time:             Mon 24 Mar 2025 17:46:49 +0000
ROA not before:           Mon 24 Mar 2025 17:46:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198432
IP address blocks:        185.164.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/3c3da0-d3f8-4aa2-8334-26d759365402/1/NiQhSOPmNqkDQ_PpUES439udHNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/3c3da0-d3f8-4aa2-8334-26d759365402/1/NiQhSOPmNqkDQ_PpUES439udHNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiQhSOPmNqkDQ_PpUES439udHNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c9:43:aa:a3:86:d0:77:bb:8f:e7:e3:dd:75:95:de:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36242148e3e636a90343f3e95044b8dfdb9d1cd9
        Validity
            Not Before: Mar 24 17:46:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc847e373dc7d83e2cfca33c066f7c3e847c330b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:44:15:d2:d9:2e:c2:23:ef:be:3f:75:75:
                    a8:dd:5a:62:c1:16:ac:cc:ac:03:0f:ec:27:b4:37:
                    de:29:b9:bb:b6:0b:1e:f2:98:19:33:9f:7e:96:85:
                    20:e7:ec:83:a0:a5:12:25:0c:fc:c0:25:6f:d6:ab:
                    0c:cb:ef:02:86:9a:e7:3a:14:4a:74:6a:ec:45:1e:
                    fd:79:1a:97:d8:54:e2:b4:22:3a:c6:d1:d0:05:5a:
                    d4:69:dc:17:7b:a1:a9:52:ed:e4:5d:21:80:42:4c:
                    e9:8b:d9:3f:e5:f7:1f:0c:a3:19:c9:53:83:57:a4:
                    a2:4f:04:7e:a7:e3:ec:00:71:9b:ed:e3:b7:31:a8:
                    92:61:fc:d1:a7:d3:57:8c:2f:72:31:55:5b:45:07:
                    5c:d6:a0:83:67:cb:77:b5:68:54:8a:79:2e:5a:e6:
                    7c:87:e2:0e:38:c9:1c:40:40:b9:99:8c:6a:cf:cd:
                    3f:55:55:1a:0f:61:78:ae:a3:48:6e:61:8d:6b:5a:
                    0a:83:ed:0a:1a:6b:cd:59:ea:05:ba:99:ea:b9:eb:
                    07:2e:4a:9b:37:8d:a3:ef:ec:20:af:c0:26:1c:d5:
                    e3:8e:72:06:e5:19:41:7a:e6:ef:f6:9c:65:1f:87:
                    9f:47:26:7f:8a:c6:d2:bb:0a:4c:3e:17:9e:fe:c3:
                    34:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:84:7E:37:3D:C7:D8:3E:2C:FC:A3:3C:06:6F:7C:3E:84:7C:33:0B
            X509v3 Authority Key Identifier:
                keyid:36:24:21:48:E3:E6:36:A9:03:43:F3:E9:50:44:B8:DF:DB:9D:1C:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiQhSOPmNqkDQ_PpUES439udHNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3c3da0-d3f8-4aa2-8334-26d759365402/1/zIR-Nz3H2D4s_KM8Bm98PoR8Mws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3c3da0-d3f8-4aa2-8334-26d759365402/1/NiQhSOPmNqkDQ_PpUES439udHNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:88:ae:f7:61:a4:69:2f:be:d3:50:c5:9e:80:f2:9b:bd:5a:
         dd:0e:90:9b:c3:4e:5a:9f:d9:db:1c:51:99:72:ba:b8:cd:d3:
         07:e7:c4:d9:3b:22:5c:ec:14:99:d6:6a:8b:04:76:d2:de:76:
         e5:42:76:dc:50:9d:45:c3:df:03:93:1a:f1:8e:eb:c7:3d:cb:
         fa:1c:ba:4f:b9:59:05:a4:26:57:f2:73:99:c0:86:ff:1e:3e:
         2b:ac:1f:6e:92:02:ab:a0:e3:6a:f7:3e:15:82:0c:4a:b8:a4:
         dd:07:79:7e:ef:80:0d:a9:4a:bf:ad:6d:16:0d:64:50:84:b4:
         32:2c:12:85:97:72:aa:b3:d5:88:5e:f0:4b:6f:b5:42:bb:c8:
         01:cc:af:5c:66:3c:d9:33:f9:52:50:c9:d8:05:92:72:38:4e:
         ab:a9:b1:59:05:e5:4d:2d:83:ab:e3:d7:45:ce:da:92:10:94:
         60:60:37:30:7a:b5:e8:a1:22:da:b7:9b:86:f0:eb:90:2e:57:
         ec:0c:a6:10:f0:29:1f:7d:52:b5:12:0f:0c:37:01:3f:3c:af:
         8b:4d:d0:58:d4:7a:6a:dd:f2:e8:d0:40:c7:c3:4e:f9:12:7f:
         a6:51:4d:0d:90:f7:45:73:da:b0:da:aa:1b:b0:a6:27:42:7c:
         41:e9:dc:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXJQ6qjhtB3u4/n4911ld6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjQyMTQ4ZTNlNjM2YTkwMzQzZjNlOTUwNDRiOGRmZGI5
ZDFjZDkwHhcNMjUwMzI0MTc0NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg0N2UzNzNkYzdkODNlMmNmY2EzM2MwNjZmN2MzZTg0N2MzMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGlEFdLZLsIj774/dXWo3VpiwRas
zKwDD+wntDfeKbm7tgse8pgZM59+loUg5+yDoKUSJQz8wCVv1qsMy+8ChprnOhRK
dGrsRR79eRqX2FTitCI6xtHQBVrUadwXe6GpUu3kXSGAQkzpi9k/5fcfDKMZyVOD
V6SiTwR+p+PsAHGb7eO3MaiSYfzRp9NXjC9yMVVbRQdc1qCDZ8t3tWhUinkuWuZ8
h+IOOMkcQEC5mYxqz80/VVUaD2F4rqNIbmGNa1oKg+0KGmvNWeoFupnquesHLkqb
N42j7+wgr8AmHNXjjnIG5RlBeubv9pxlH4efRyZ/isbSuwpMPhee/sM0ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyEfjc9x9g+LPyjPAZvfD6EfDMLMB8GA1UdIwQY
MBaAFDYkIUjj5japA0Pz6VBEuN/bnRzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlRaFNPUG1OcWtEUV9QcFVFUzQzOXVkSE5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zYzNkYTAtZDNmOC00YWEyLTgzMzQt
MjZkNzU5MzY1NDAyLzEveklSLU56M0gyRDRzX0tNOEJtOThQb1I4TXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zYzNkYTAtZDNmOC00YWEyLTgzMzQtMjZkNzU5MzY1NDAy
LzEvTmlRaFNPUG1OcWtEUV9QcFVFUzQzOXVkSE5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaS4MA0G
CSqGSIb3DQEBCwUAA4IBAQDOiK73YaRpL77TUMWegPKbvVrdDpCbw05an9nbHFGZ
crq4zdMH58TZOyJc7BSZ1mqLBHbS3nblQnbcUJ1Fw98DkxrxjuvHPcv6HLpPuVkF
pCZX8nOZwIb/Hj4rrB9ukgKroONq9z4VggxKuKTdB3l+74ANqUq/rW0WDWRQhLQy
LBKFl3Kqs9WIXvBLb7VCu8gBzK9cZjzZM/lSUMnYBZJyOE6rqbFZBeVNLYOr49dF
ztqSEJRgYDcwerXooSLat5uG8OuQLlfsDKYQ8CkffVK1Eg8MNwE/PK+LTdBY1Hpq
3fLo0EDHw075En+mUU0NkPdFc9qw2qobsKYnQnxB6dze
-----END CERTIFICATE-----