Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/P-qDcpUjUWgiMApBb5BbPbEUdus.roa
File:                     P-qDcpUjUWgiMApBb5BbPbEUdus.roa (raw, json)
Hash identifier:          S9R1fM6ee5L0InXw/97Mdsuva54hJaVpgqKQTLiB5Tw=
Subject key identifier:   3F:EA:83:72:95:23:51:68:22:30:0A:41:6F:90:5B:3D:B1:14:76:EB
Certificate issuer:       /CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
Certificate serial:       019424B3BAE4940E4056758F640273CC145E
Authority key identifier: 38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/P-qDcpUjUWgiMApBb5BbPbEUdus.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     906
IP address blocks:        45.88.192.0/22 maxlen: 24
                          2a07:aec0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ba:e4:94:0e:40:56:75:8f:64:02:73:cc:14:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38bd6d8ebb82404d5709351bc2329a0ee43a9a43
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fea83729523516822300a416f905b3db11476eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b4:8b:7b:b7:12:94:b4:10:a3:fd:fe:ff:07:
                    3f:36:e9:f3:2d:0f:3f:1a:4c:8e:b0:97:de:5f:8c:
                    30:40:97:89:a3:37:c8:20:f6:27:11:da:6e:5e:05:
                    73:34:6e:7b:e3:ac:29:e2:a1:cf:7b:01:e4:65:8b:
                    08:25:1f:ab:1b:6a:49:73:7b:a3:e1:b5:ca:b8:c1:
                    39:26:b4:22:cb:9d:5c:80:69:44:d5:7b:8b:77:1e:
                    75:d0:a2:54:50:33:43:bf:89:dd:48:dc:d0:8b:67:
                    00:4d:73:59:88:0b:f8:57:e2:bf:a9:89:87:38:e2:
                    4f:de:a4:15:eb:3f:3d:50:2e:f1:5b:b0:8a:71:61:
                    9b:03:b3:d6:ec:55:08:c3:2f:23:67:e3:cd:6c:de:
                    a3:82:d1:2b:ff:a0:63:5b:dc:4a:ce:dd:96:f5:f7:
                    6b:dd:73:9d:80:af:08:e7:fb:af:d9:ad:ad:05:fa:
                    5f:ee:5e:77:ab:8d:f9:08:45:ab:d1:9b:f0:59:68:
                    fb:d1:b3:7d:19:64:9b:fb:0c:29:f2:63:23:5d:23:
                    fb:06:da:97:e0:df:f1:07:ce:de:81:fa:ce:09:62:
                    bb:75:b6:be:0c:b5:5a:26:aa:45:71:5c:8f:42:a5:
                    75:44:60:9f:1b:9b:d0:61:ab:8f:98:1f:a8:58:28:
                    8c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:EA:83:72:95:23:51:68:22:30:0A:41:6F:90:5B:3D:B1:14:76:EB
            X509v3 Authority Key Identifier:
                keyid:38:BD:6D:8E:BB:82:40:4D:57:09:35:1B:C2:32:9A:0E:E4:3A:9A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OL1tjruCQE1XCTUbwjKaDuQ6mkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/P-qDcpUjUWgiMApBb5BbPbEUdus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bb3b49-62d0-497c-bd1e-8c9539f444c6/1/OL1tjruCQE1XCTUbwjKaDuQ6mkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.192.0/22
                IPv6:
                  2a07:aec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:56:55:d4:30:58:bb:06:ac:d4:26:59:92:d9:e5:d2:f3:c0:
         0f:a3:4e:a4:a6:fe:f0:d6:72:52:26:28:8b:ce:79:5e:d1:47:
         06:e6:50:0c:3c:e7:50:0f:62:c4:99:75:1d:d5:5d:46:52:b9:
         51:15:0c:0d:ef:1a:91:0e:6b:8d:a3:19:00:82:ba:a4:09:a0:
         fe:b2:16:f9:f3:dd:e0:73:15:fd:f4:9d:76:73:43:a2:19:52:
         d6:6b:bf:85:64:b8:2e:d9:c1:ca:87:81:bf:14:c4:43:b2:16:
         0b:63:80:50:2f:82:4b:01:3e:52:05:46:33:09:24:51:9e:7e:
         5b:bb:8d:b9:07:15:96:20:30:97:cb:4c:e6:9b:ef:30:24:85:
         86:80:10:55:2a:37:23:ba:c1:6a:b7:c5:e5:26:de:12:49:a2:
         95:6b:a8:a0:bb:de:20:e8:34:af:60:fb:f4:fc:fc:da:5a:6b:
         b0:c2:a4:15:55:b9:d0:db:a2:b9:0c:97:ab:16:6b:34:14:23:
         1d:7a:f8:1b:22:0c:ac:ab:cd:3d:6e:6f:01:72:52:36:99:7b:
         5d:79:7c:16:0e:c3:d9:42:dc:1e:79:95:91:5b:92:5b:7a:4f:
         b7:6f:a1:d4:a2:52:0d:aa:f4:c8:52:68:ba:8f:57:3c:22:69:
         8c:9c:10:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks7rklA5AVnWPZAJzzBReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YmQ2ZDhlYmI4MjQwNGQ1NzA5MzUxYmMyMzI5YTBlZTQz
YTlhNDMwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmVhODM3Mjk1MjM1MTY4MjIzMDBhNDE2ZjkwNWIzZGIxMTQ3NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLSLe7cSlLQQo/3+/wc/NunzLQ8/
GkyOsJfeX4wwQJeJozfIIPYnEdpuXgVzNG5746wp4qHPewHkZYsIJR+rG2pJc3uj
4bXKuME5JrQiy51cgGlE1XuLdx510KJUUDNDv4ndSNzQi2cATXNZiAv4V+K/qYmH
OOJP3qQV6z89UC7xW7CKcWGbA7PW7FUIwy8jZ+PNbN6jgtEr/6BjW9xKzt2W9fdr
3XOdgK8I5/uv2a2tBfpf7l53q435CEWr0ZvwWWj70bN9GWSb+wwp8mMjXSP7BtqX
4N/xB87egfrOCWK7dba+DLVaJqpFcVyPQqV1RGCfG5vQYauPmB+oWCiM6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD/qg3KVI1FoIjAKQW+QWz2xFHbrMB8GA1UdIwQY
MBaAFDi9bY67gkBNVwk1G8Iymg7kOppDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUt
OGM5NTM5ZjQ0NGM2LzEvUC1xRGNwVWpVV2dpTUFwQmI1QmJQYkVVZHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iYjNiNDktNjJkMC00OTdjLWJkMWUtOGM5NTM5ZjQ0NGM2
LzEvT0wxdGpydUNRRTFYQ1RVYndqS2FEdVE2bWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVjAMA0E
AgACMAcDBQMqB67AMA0GCSqGSIb3DQEBCwUAA4IBAQAuVlXUMFi7BqzUJlmS2eXS
88APo06kpv7w1nJSJiiLznle0UcG5lAMPOdQD2LEmXUd1V1GUrlRFQwN7xqRDmuN
oxkAgrqkCaD+shb5893gcxX99J12c0OiGVLWa7+FZLgu2cHKh4G/FMRDshYLY4BQ
L4JLAT5SBUYzCSRRnn5bu425BxWWIDCXy0zmm+8wJIWGgBBVKjcjusFqt8XlJt4S
SaKVa6igu94g6DSvYPv0/PzaWmuwwqQVVbnQ26K5DJerFms0FCMdevgbIgysq809
bm8BclI2mXtdeXwWDsPZQtweeZWRW5Jbek+3b6HUolINqvTIUmi6j1c8ImmMnBDA
-----END CERTIFICATE-----