Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/btX-zAe_zEJQ3ltM7sZKTKWNtzU.roa
File:                     btX-zAe_zEJQ3ltM7sZKTKWNtzU.roa (raw, json)
Hash identifier:          FXQNguGpvehosedHQRjCf06rJkvh5KY35ySN2Wig1dE=
Subject key identifier:   6E:D5:FE:CC:07:BF:CC:42:50:DE:5B:4C:EE:C6:4A:4C:A5:8D:B7:35
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       01948366E63D478608C3CBB871D337BAF5B3
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/btX-zAe_zEJQ3ltM7sZKTKWNtzU.roa
Signing time:             Mon 20 Jan 2025 11:09:06 +0000
ROA not before:           Mon 20 Jan 2025 11:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.192.216.0/24 maxlen: 24
                          185.192.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:66:e6:3d:47:86:08:c3:cb:b8:71:d3:37:ba:f5:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan 20 11:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ed5fecc07bfcc4250de5b4ceec64a4ca58db735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7c:41:02:4c:17:cb:1c:60:09:29:22:09:9f:
                    b7:e3:b4:85:23:5e:53:dc:74:e5:55:ec:3f:14:fb:
                    bc:ba:04:64:8d:66:19:8d:ae:db:6b:d9:5a:f2:4a:
                    f0:c5:df:c0:b3:e3:46:30:39:37:09:d1:dc:01:40:
                    6a:8d:8e:7d:13:43:e2:68:a1:14:0d:55:b8:06:86:
                    d4:f2:ca:aa:cf:ba:84:df:76:b5:a5:e4:ed:49:64:
                    9f:5e:43:b8:3d:ce:c5:11:f0:fa:fe:d0:18:c3:14:
                    9d:8a:d5:ed:a6:47:ea:d3:f6:80:54:75:7a:0a:6e:
                    e3:2f:f3:5b:ad:ab:e1:02:36:c9:47:19:84:11:d0:
                    a8:71:8e:ea:a9:4b:62:5c:c2:ac:f4:bf:2c:44:15:
                    c8:d0:45:92:58:dc:8a:41:fe:33:d5:fc:63:e1:5a:
                    ce:fe:61:14:b6:14:94:39:63:05:bd:84:6c:be:52:
                    20:0d:1c:d4:ca:34:b5:b3:25:03:79:ec:d2:ae:45:
                    0a:ae:7a:35:04:61:d6:8a:4c:da:ca:18:d5:08:91:
                    80:0a:39:64:ed:5f:c9:c1:c0:38:6d:79:c9:cb:2c:
                    c3:da:e6:b3:c8:db:11:ef:fe:6b:01:a3:d3:e0:98:
                    d4:4f:dc:67:e6:df:37:eb:01:a3:eb:ce:c0:ec:73:
                    91:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D5:FE:CC:07:BF:CC:42:50:DE:5B:4C:EE:C6:4A:4C:A5:8D:B7:35
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/btX-zAe_zEJQ3ltM7sZKTKWNtzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:ea:9c:22:63:3d:6a:c4:f4:2f:dc:22:93:20:27:8d:5e:7d:
         2d:d0:8e:5c:b6:9f:90:d0:d7:1f:63:7a:29:2e:91:05:3a:be:
         68:89:43:e5:ae:1d:b6:cd:60:a3:5e:cf:c1:b6:d3:29:44:cc:
         a4:57:aa:08:a2:18:98:72:4c:96:47:2e:81:71:22:e2:3b:a1:
         34:e0:57:75:30:38:b9:3d:70:a4:7c:32:02:0d:b9:98:d7:f3:
         a9:bd:72:e5:60:ce:0f:00:e6:e3:4f:e1:4b:86:0f:87:c3:c6:
         5e:62:d7:29:03:4a:7b:5e:eb:48:d0:14:ae:3b:24:28:46:97:
         39:fb:7c:02:d2:a3:f9:c6:e2:28:91:17:a8:c3:c0:41:69:cb:
         45:d8:94:01:07:ed:93:ff:20:19:85:d2:96:4e:b2:31:47:20:
         ea:55:ae:8f:d9:94:c6:61:96:0c:a8:bb:69:ad:15:6c:bc:0c:
         d0:70:38:14:09:26:ac:4d:9e:67:7d:e9:95:d6:e0:a0:81:a7:
         a1:56:14:0f:80:ee:c2:fc:db:02:f2:db:94:fb:36:7f:29:22:
         08:87:f1:2b:9e:ef:77:8d:c8:de:33:cb:90:49:97:a8:0b:db:
         ca:c9:40:7c:0d:7e:08:6a:79:7b:eb:83:67:5c:0a:73:54:f8:
         b0:f6:10:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSDZuY9R4YIw8u4cdM3uvWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjUwMTIwMTEwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ1ZmVjYzA3YmZjYzQyNTBkZTViNGNlZWM2NGE0Y2E1OGRiNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XxBAkwXyxxgCSkiCZ+347SFI15T
3HTlVew/FPu8ugRkjWYZja7ba9la8krwxd/As+NGMDk3CdHcAUBqjY59E0PiaKEU
DVW4BobU8sqqz7qE33a1peTtSWSfXkO4Pc7FEfD6/tAYwxSditXtpkfq0/aAVHV6
Cm7jL/NbravhAjbJRxmEEdCocY7qqUtiXMKs9L8sRBXI0EWSWNyKQf4z1fxj4VrO
/mEUthSUOWMFvYRsvlIgDRzUyjS1syUDeezSrkUKrno1BGHWikzayhjVCJGACjlk
7V/JwcA4bXnJyyzD2uazyNsR7/5rAaPT4JjUT9xn5t836wGj687A7HORMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7V/swHv8xCUN5bTO7GSkyljbc1MB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvYnRYLXpBZV96RUpRM2x0TTdzWktUS1dOdHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucDYMA0G
CSqGSIb3DQEBCwUAA4IBAQDD6pwiYz1qxPQv3CKTICeNXn0t0I5ctp+Q0NcfY3op
LpEFOr5oiUPlrh22zWCjXs/BttMpRMykV6oIohiYckyWRy6BcSLiO6E04Fd1MDi5
PXCkfDICDbmY1/OpvXLlYM4PAObjT+FLhg+Hw8ZeYtcpA0p7XutI0BSuOyQoRpc5
+3wC0qP5xuIokReow8BBactF2JQBB+2T/yAZhdKWTrIxRyDqVa6P2ZTGYZYMqLtp
rRVsvAzQcDgUCSasTZ5nfemV1uCggaehVhQPgO7C/NsC8tuU+zZ/KSIIh/Ernu93
jcjeM8uQSZeoC9vKyUB8DX4Ianl764NnXApzVPiw9hC4
-----END CERTIFICATE-----