Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/3GIlAH2jmkjrzkMr8xA50guC164.roa
File:                     3GIlAH2jmkjrzkMr8xA50guC164.roa (raw, json)
Hash identifier:          xXO6utTVq05KsIWjlU+m3x4dft23WacAm19MsctwPAs=
Subject key identifier:   DC:62:25:00:7D:A3:9A:48:EB:CE:43:2B:F3:10:39:D2:0B:82:D7:AE
Certificate issuer:       /CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
Certificate serial:       0197C6F65C2BCA3E55CC4BDEAFD85243319C
Authority key identifier: ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/3GIlAH2jmkjrzkMr8xA50guC164.roa
Signing time:             Tue 01 Jul 2025 17:08:43 +0000
ROA not before:           Tue 01 Jul 2025 17:08:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34396
IP address blocks:        195.200.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:f6:5c:2b:ca:3e:55:cc:4b:de:af:d8:52:43:31:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da82dbc7d7e2818f96680b66efcedb1087947
        Validity
            Not Before: Jul  1 17:08:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc6225007da39a48ebce432bf31039d20b82d7ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e4:73:70:0f:f7:25:81:b6:72:bb:a7:93:11:
                    c7:64:cd:bf:6a:bf:30:85:75:fe:41:16:50:14:b3:
                    30:07:2b:cb:c6:1b:fb:be:c4:32:5a:f2:88:28:cc:
                    5e:1f:54:1a:97:73:a1:b3:1b:9f:d0:27:5c:20:20:
                    06:79:ec:6d:ea:37:e5:c1:de:ab:38:ea:64:e1:12:
                    73:b8:5f:ee:f9:a3:10:78:12:80:75:d4:fd:63:47:
                    b8:f4:82:d6:59:d2:da:17:18:74:51:2d:3f:bb:89:
                    22:08:b6:3d:3a:cc:99:91:2d:b8:ac:47:d3:4b:2b:
                    15:e2:71:20:d6:c2:8b:aa:aa:fa:f5:cd:9c:1e:30:
                    ca:76:db:cd:32:25:52:0d:a0:71:23:c2:1e:82:1f:
                    ef:e8:02:55:cd:92:45:c9:50:7c:9d:51:03:36:f4:
                    bb:2c:22:34:ac:ab:d1:03:a3:ce:73:fc:f7:07:b7:
                    43:e5:b3:40:dd:bd:18:b0:d0:b1:4e:6a:20:b9:31:
                    c0:f2:1d:1a:c8:28:ca:3c:d5:9e:64:be:4e:ac:18:
                    ea:e7:aa:bc:20:76:2f:e2:4f:78:30:7f:89:3a:df:
                    ac:56:86:a9:27:2a:01:90:78:40:73:74:b5:e9:56:
                    f7:e4:36:3e:a9:2c:0c:7b:14:01:97:c2:13:5a:1c:
                    d3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:62:25:00:7D:A3:9A:48:EB:CE:43:2B:F3:10:39:D2:0B:82:D7:AE
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A8:2D:BC:7D:7E:28:18:F9:66:80:B6:6E:FC:ED:B1:08:79:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2oLbx9figY-WaAtm787bEIeUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/3GIlAH2jmkjrzkMr8xA50guC164.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3549fb-e3a3-4124-b3b0-59957787b015/1/7W2oLbx9figY-WaAtm787bEIeUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:7e:77:90:06:02:c3:f1:b6:dc:b6:da:82:08:d0:71:11:65:
         af:58:b7:96:71:d1:53:28:3e:bc:a1:e5:d1:11:e9:a4:12:80:
         79:f1:ae:16:20:65:07:c8:08:5c:4e:b8:e1:78:30:1b:d9:4c:
         3f:af:83:6b:fe:a4:94:5b:c9:8b:ac:1d:9e:fe:21:c7:f6:e6:
         57:69:c6:dd:8d:a3:31:84:71:1c:ec:f8:11:de:8e:83:2f:69:
         7e:f0:e1:9b:a8:b8:c4:0d:5d:77:4e:73:5f:0a:0f:a2:8c:7d:
         72:07:c3:99:01:1f:b3:b1:fc:3b:63:26:28:d5:b7:45:6b:9b:
         8f:7d:81:a3:40:55:de:a7:11:72:5d:fa:15:7c:b6:61:ec:53:
         a6:e1:66:36:70:25:15:1a:64:95:3d:49:6e:7d:d6:8a:6b:23:
         27:6d:e0:34:b7:f4:0e:20:1e:ce:47:3b:b4:59:72:5c:4d:a0:
         df:9a:c0:c0:12:b8:2d:e7:7f:3d:f7:cb:f9:9c:b5:0b:b9:c0:
         ff:86:1d:65:77:e9:30:1d:36:4a:28:b1:3b:23:87:dc:ea:57:
         1f:a0:8e:ae:87:52:6d:c6:30:c6:49:97:47:1f:23:4e:83:95:
         b8:e6:4e:9e:b3:28:2d:48:90:ce:39:2c:70:39:7c:af:ff:ce:
         ff:f5:71:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfG9lwryj5VzEver9hSQzGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhODJkYmM3ZDdlMjgxOGY5NjY4MGI2NmVmY2VkYjEw
ODc5NDcwHhcNMjUwNzAxMTcwODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzYyMjUwMDdkYTM5YTQ4ZWJjZTQzMmJmMzEwMzlkMjBiODJkN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxORzcA/3JYG2crunkxHHZM2/ar8w
hXX+QRZQFLMwByvLxhv7vsQyWvKIKMxeH1Qal3Ohsxuf0CdcICAGeext6jflwd6r
OOpk4RJzuF/u+aMQeBKAddT9Y0e49ILWWdLaFxh0US0/u4kiCLY9OsyZkS24rEfT
SysV4nEg1sKLqqr69c2cHjDKdtvNMiVSDaBxI8Iegh/v6AJVzZJFyVB8nVEDNvS7
LCI0rKvRA6POc/z3B7dD5bNA3b0YsNCxTmoguTHA8h0ayCjKPNWeZL5OrBjq56q8
IHYv4k94MH+JOt+sVoapJyoBkHhAc3S16Vb35DY+qSwMexQBl8ITWhzT6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxiJQB9o5pI685DK/MQOdILgteuMB8GA1UdIwQY
MBaAFO1tqC28fX4oGPlmgLZu/O2xCHlHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAt
NTk5NTc3ODdiMDE1LzEvM0dJbEFIMmpta2pyemtNcjh4QTUwZ3VDMTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zNTQ5ZmItZTNhMy00MTI0LWIzYjAtNTk5NTc3ODdiMDE1
LzEvN1cyb0xieDlmaWdZLVdhQXRtNzg3YkVJZVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hRMA0G
CSqGSIb3DQEBCwUAA4IBAQALfneQBgLD8bbcttqCCNBxEWWvWLeWcdFTKD68oeXR
EemkEoB58a4WIGUHyAhcTrjheDAb2Uw/r4Nr/qSUW8mLrB2e/iHH9uZXacbdjaMx
hHEc7PgR3o6DL2l+8OGbqLjEDV13TnNfCg+ijH1yB8OZAR+zsfw7YyYo1bdFa5uP
fYGjQFXepxFyXfoVfLZh7FOm4WY2cCUVGmSVPUlufdaKayMnbeA0t/QOIB7ORzu0
WXJcTaDfmsDAErgt538998v5nLULucD/hh1ld+kwHTZKKLE7I4fc6lcfoI6uh1Jt
xjDGSZdHHyNOg5W45k6esygtSJDOOSxwOXyv/87/9XFM
-----END CERTIFICATE-----