Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/3qRTh1P9OF6YOqHXqOqHDoBD8eg.roa
File:                     3qRTh1P9OF6YOqHXqOqHDoBD8eg.roa (raw, json)
Hash identifier:          nQAh302ZIgG0KfyPwfrx+gnhB19jlHvyVNBKKuKcDas=
Subject key identifier:   DE:A4:53:87:53:FD:38:5E:98:3A:A1:D7:A8:EA:87:0E:80:43:F1:E8
Certificate issuer:       /CN=4268a4cfb6b1b6447da93833321dd315061193d4
Certificate serial:       019611DA2051BF7D30AA4D24430491D2DA3D
Authority key identifier: 42:68:A4:CF:B6:B1:B6:44:7D:A9:38:33:32:1D:D3:15:06:11:93:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qmikz7axtkR9qTgzMh3TFQYRk9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/3qRTh1P9OF6YOqHXqOqHDoBD8eg.roa
Signing time:             Mon 07 Apr 2025 20:03:49 +0000
ROA not before:           Mon 07 Apr 2025 20:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8648
IP address blocks:        185.105.252.0/24 maxlen: 24
                          185.105.253.0/24 maxlen: 24
                          185.105.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/Qmikz7axtkR9qTgzMh3TFQYRk9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/Qmikz7axtkR9qTgzMh3TFQYRk9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qmikz7axtkR9qTgzMh3TFQYRk9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:11:da:20:51:bf:7d:30:aa:4d:24:43:04:91:d2:da:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4268a4cfb6b1b6447da93833321dd315061193d4
        Validity
            Not Before: Apr  7 20:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dea4538753fd385e983aa1d7a8ea870e8043f1e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0b:d8:ef:24:82:5d:2e:4f:1b:98:de:55:fb:
                    3e:34:b1:43:e9:81:90:ff:3d:5e:32:45:83:1f:12:
                    eb:57:ea:9d:b4:80:c5:6b:3e:17:03:76:4d:77:d8:
                    d5:b7:7f:c2:bb:e7:31:48:9b:4d:d2:69:c6:3b:f9:
                    6f:4d:64:dc:f7:41:f4:66:be:e7:60:45:21:3f:77:
                    c4:f0:12:3c:9a:04:5e:97:40:26:ae:19:15:99:ee:
                    2e:8a:8e:2c:c4:09:ba:fa:0f:8c:9a:70:7a:55:35:
                    ff:40:6f:ed:b4:1e:8b:9a:fa:f9:df:f3:de:87:5a:
                    7d:4b:e3:02:9a:56:1e:19:34:68:37:4a:7a:39:be:
                    f6:21:a5:c4:aa:82:1f:ca:72:3d:ad:46:8f:a7:41:
                    64:d6:9e:9b:cd:91:71:ff:35:87:b3:d2:6a:9f:ce:
                    21:62:bb:14:ff:ee:af:99:c0:9f:e2:84:f5:cd:76:
                    59:48:7a:34:e5:9e:a3:d6:5d:63:55:0f:b8:0c:67:
                    1c:11:bf:21:41:78:2e:f4:a9:d5:8e:2a:77:f9:ed:
                    1f:a3:a4:25:b3:ee:d7:7b:c3:46:80:40:27:e0:35:
                    df:b6:60:74:a0:db:2a:c3:04:b7:19:a1:02:3a:5a:
                    03:f1:ec:6f:39:da:c0:3b:60:58:d8:76:ce:71:2b:
                    38:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:A4:53:87:53:FD:38:5E:98:3A:A1:D7:A8:EA:87:0E:80:43:F1:E8
            X509v3 Authority Key Identifier:
                keyid:42:68:A4:CF:B6:B1:B6:44:7D:A9:38:33:32:1D:D3:15:06:11:93:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qmikz7axtkR9qTgzMh3TFQYRk9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/3qRTh1P9OF6YOqHXqOqHDoBD8eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/Qmikz7axtkR9qTgzMh3TFQYRk9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.252.0-185.105.254.255

    Signature Algorithm: sha256WithRSAEncryption
         8c:33:53:73:2d:66:af:fe:f9:97:37:fd:40:15:8f:42:c5:81:
         8f:f1:96:51:9f:54:f4:fa:fb:63:c5:12:14:f7:41:f7:08:55:
         41:a8:bc:8a:74:44:64:9e:d4:ff:b4:b8:c9:8a:f9:8e:b5:d8:
         6b:c9:ad:a8:13:4a:37:88:6c:ef:78:c9:fb:64:b0:1b:0a:5d:
         fe:8f:91:7b:1d:bd:6f:67:4f:7b:ce:7d:c3:12:cd:22:e0:99:
         83:fd:bd:4b:f2:a6:98:be:9d:a3:de:1d:ea:b0:8d:93:ea:ec:
         88:ed:f4:64:63:37:9f:fb:10:6a:9c:af:e9:a4:fd:2f:aa:8c:
         a3:72:ee:6e:9b:3b:41:9c:6e:ae:65:bb:f8:d5:0e:f3:96:68:
         d4:27:e8:60:15:09:c8:01:1b:ff:bd:64:92:4f:ec:a3:fe:e9:
         53:55:89:ae:c1:15:f7:df:26:d1:f9:e6:b2:1e:34:29:a6:11:
         30:1e:75:81:63:2c:fb:1b:44:55:d7:cb:5a:02:5a:c2:67:48:
         9a:35:b4:71:6b:82:66:92:b5:b4:1a:49:cd:49:63:71:d2:73:
         3e:f7:b7:81:4a:e8:12:57:92:64:9a:d0:12:c1:ba:77:89:c4:
         96:fc:43:e5:f9:16:24:77:e2:a1:8a:c1:bf:7f:7e:a6:29:2d:
         5e:5d:d6:7a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZYR2iBRv30wqk0kQwSR0to9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNjhhNGNmYjZiMWI2NDQ3ZGE5MzgzMzMyMWRkMzE1MDYx
MTkzZDQwHhcNMjUwNDA3MjAwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWE0NTM4NzUzZmQzODVlOTgzYWExZDdhOGVhODcwZTgwNDNmMWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QvY7ySCXS5PG5jeVfs+NLFD6YGQ
/z1eMkWDHxLrV+qdtIDFaz4XA3ZNd9jVt3/Cu+cxSJtN0mnGO/lvTWTc90H0Zr7n
YEUhP3fE8BI8mgRel0AmrhkVme4uio4sxAm6+g+MmnB6VTX/QG/ttB6Lmvr53/Pe
h1p9S+MCmlYeGTRoN0p6Ob72IaXEqoIfynI9rUaPp0Fk1p6bzZFx/zWHs9Jqn84h
YrsU/+6vmcCf4oT1zXZZSHo05Z6j1l1jVQ+4DGccEb8hQXgu9KnVjip3+e0fo6Ql
s+7Xe8NGgEAn4DXftmB0oNsqwwS3GaECOloD8exvOdrAO2BY2HbOcSs4XwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN6kU4dT/ThemDqh16jqhw6AQ/HoMB8GA1UdIwQY
MBaAFEJopM+2sbZEfak4MzId0xUGEZPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW1pa3o3YXh0a1I5cVRnek1oM1RGUVlSazlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS83ZDQzYmItYTFjNi00MDU1LThjNTMt
MmZlZThiNjMwOWNiLzEvM3FSVGgxUDlPRjZZT3FIWHFPcUhEb0JEOGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS83ZDQzYmItYTFjNi00MDU1LThjNTMtMmZlZThiNjMwOWNi
LzEvUW1pa3o3YXh0a1I5cVRnek1oM1RGUVlSazlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5afwD
BAC5af4wDQYJKoZIhvcNAQELBQADggEBAIwzU3MtZq/++Zc3/UAVj0LFgY/xllGf
VPT6+2PFEhT3QfcIVUGovIp0RGSe1P+0uMmK+Y612GvJragTSjeIbO94yftksBsK
Xf6PkXsdvW9nT3vOfcMSzSLgmYP9vUvyppi+naPeHeqwjZPq7Ijt9GRjN5/7EGqc
r+mk/S+qjKNy7m6bO0Gcbq5lu/jVDvOWaNQn6GAVCcgBG/+9ZJJP7KP+6VNVia7B
FfffJtH55rIeNCmmETAedYFjLPsbRFXXy1oCWsJnSJo1tHFrgmaStbQaSc1JY3HS
cz73t4FK6BJXkmSa0BLBuneJxJb8Q+X5FiR34qGKwb9/fqYpLV5d1no=
-----END CERTIFICATE-----