Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/3I2mGfHorPrDep9I0nPeIh65tkI.roa
File:                     3I2mGfHorPrDep9I0nPeIh65tkI.roa (raw, json)
Hash identifier:          OLscXpyWIbrn1RcZqjdSr9XXKKiPI7j2rv0JHHPMEQI=
Subject key identifier:   DC:8D:A6:19:F1:E8:AC:FA:C3:7A:9F:48:D2:73:DE:22:1E:B9:B6:42
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       0194B6BB77968E45AABB9B72E72B0303B4BC
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/3I2mGfHorPrDep9I0nPeIh65tkI.roa
Signing time:             Thu 30 Jan 2025 10:22:06 +0000
ROA not before:           Thu 30 Jan 2025 10:22:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        116.199.224.0/21 maxlen: 21
                          116.199.232.0/23 maxlen: 23
                          116.199.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b6:bb:77:96:8e:45:aa:bb:9b:72:e7:2b:03:03:b4:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Jan 30 10:22:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc8da619f1e8acfac37a9f48d273de221eb9b642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ec:e1:5c:e5:0d:e3:63:e8:d1:3c:7d:f6:19:
                    6d:85:18:4e:cf:36:94:57:7a:e8:87:6d:f0:ee:ae:
                    b8:71:cc:3c:c7:8c:b2:f6:1b:6d:b2:9d:05:e8:a5:
                    3b:cd:b3:87:eb:d5:c6:99:11:c7:07:6c:6a:f5:3f:
                    8f:f6:3a:09:ee:dd:57:25:90:65:18:08:3a:ba:10:
                    0e:de:80:4e:f3:cb:9d:e9:1d:58:40:24:a0:45:33:
                    3a:1b:99:53:41:c6:cf:fe:dd:56:ce:61:34:c6:b2:
                    49:e5:e9:41:f2:3b:25:fe:c0:89:f4:79:73:e6:2a:
                    9f:f0:2a:94:5e:6d:9b:f9:f1:0f:fb:8c:81:39:2e:
                    e7:8b:41:f6:0b:7e:ec:d7:f1:67:fa:46:32:42:a7:
                    37:cc:52:57:df:1e:13:56:32:18:d1:c0:1d:21:76:
                    5b:64:fc:ea:fe:3c:8a:20:5b:e9:9b:aa:40:a9:4c:
                    de:de:d9:e8:2c:8c:e9:c6:b6:64:06:4d:87:7a:53:
                    6f:d0:fb:08:7e:97:db:a6:ab:5a:0e:c2:0b:6c:d0:
                    40:cf:d3:7f:b4:19:8c:81:3e:16:22:6e:2b:4b:da:
                    41:4a:53:ab:b4:4f:bd:21:76:b2:ca:10:69:ed:5e:
                    7a:bf:ad:fe:ca:f7:a3:72:a1:86:37:d4:77:47:ee:
                    1d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:8D:A6:19:F1:E8:AC:FA:C3:7A:9F:48:D2:73:DE:22:1E:B9:B6:42
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/3I2mGfHorPrDep9I0nPeIh65tkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.199.224.0-116.199.234.255

    Signature Algorithm: sha256WithRSAEncryption
         89:26:68:bc:ae:ca:00:ba:09:e4:f1:d3:61:d4:c8:ee:80:14:
         e6:00:3d:40:95:ff:c1:5c:fb:6f:fc:f5:08:12:7c:b3:4b:7e:
         bf:fd:d7:aa:35:39:b1:92:b7:d4:69:59:d0:c2:08:de:2d:e0:
         cc:6f:87:2b:b2:d8:66:a7:ef:07:6d:ab:76:d4:0b:58:24:17:
         39:71:21:38:49:00:74:27:1f:cf:7f:42:b7:7b:c7:76:7d:10:
         0f:0f:fd:58:2d:b0:7b:4f:51:81:d7:74:8e:09:48:ab:9a:1d:
         d0:cd:9f:c3:a4:2e:e8:87:10:cf:45:21:a2:83:81:4a:66:06:
         90:de:bb:ef:62:d2:09:cb:89:21:3d:80:1e:75:c6:0f:4d:05:
         db:10:1b:09:3d:ab:e7:53:7e:84:ab:e6:a5:96:72:fa:98:37:
         6d:78:f6:af:69:8c:50:e6:e4:08:8c:92:14:5e:14:55:e7:c2:
         b6:cd:50:29:ad:5d:ad:e2:e2:d5:be:27:40:88:d0:4f:01:38:
         0b:f3:86:75:f7:7e:f8:f3:e6:05:15:59:f0:6b:ac:c1:5b:6b:
         fe:b7:8c:df:d1:20:89:39:f5:88:d1:f9:99:ef:e1:7e:ec:ae:
         7f:2e:97:50:88:3c:00:9b:56:d5:6c:f6:50:f5:f5:25:d3:8e:
         ea:7d:b6:8a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZS2u3eWjkWqu5ty5ysDA7S8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjUwMTMwMTAyMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzhkYTYxOWYxZThhY2ZhYzM3YTlmNDhkMjczZGUyMjFlYjliNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ezhXOUN42Po0Tx99hlthRhOzzaU
V3roh23w7q64ccw8x4yy9httsp0F6KU7zbOH69XGmRHHB2xq9T+P9joJ7t1XJZBl
GAg6uhAO3oBO88ud6R1YQCSgRTM6G5lTQcbP/t1WzmE0xrJJ5elB8jsl/sCJ9Hlz
5iqf8CqUXm2b+fEP+4yBOS7ni0H2C37s1/Fn+kYyQqc3zFJX3x4TVjIY0cAdIXZb
ZPzq/jyKIFvpm6pAqUze3tnoLIzpxrZkBk2HelNv0PsIfpfbpqtaDsILbNBAz9N/
tBmMgT4WIm4rS9pBSlOrtE+9IXayyhBp7V56v63+yvejcqGGN9R3R+4dwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNyNphnx6Kz6w3qfSNJz3iIeubZCMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvM0kybUdmSG9yUHJEZXA5STBuUGVJaDY1dGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAV0x+AD
BAB0x+owDQYJKoZIhvcNAQELBQADggEBAIkmaLyuygC6CeTx02HUyO6AFOYAPUCV
/8Fc+2/89QgSfLNLfr/916o1ObGSt9RpWdDCCN4t4Mxvhyuy2Gan7wdtq3bUC1gk
FzlxIThJAHQnH89/Qrd7x3Z9EA8P/VgtsHtPUYHXdI4JSKuaHdDNn8OkLuiHEM9F
IaKDgUpmBpDeu+9i0gnLiSE9gB51xg9NBdsQGwk9q+dTfoSr5qWWcvqYN2149q9p
jFDm5AiMkhReFFXnwrbNUCmtXa3i4tW+J0CI0E8BOAvzhnX3fvjz5gUVWfBrrMFb
a/63jN/RIIk59YjR+Znv4X7srn8ul1CIPACbVtVs9lD19SXTjup9too=
-----END CERTIFICATE-----