Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/3xoSMW3uw_aGnOkwJvgMWVTvXrQ.roa
File:                     3xoSMW3uw_aGnOkwJvgMWVTvXrQ.roa (raw, json)
Hash identifier:          McDzyjYp9EJli2XCI018RhHxdzIZVsyY+FcMufRrpZk=
Subject key identifier:   DF:1A:12:31:6D:EE:C3:F6:86:9C:E9:30:26:F8:0C:59:54:EF:5E:B4
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143F6F4EE0D88A1292791667B711F4A
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/3xoSMW3uw_aGnOkwJvgMWVTvXrQ.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34047
IP address blocks:        146.19.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f6:f4:ee:0d:88:a1:29:27:91:66:7b:71:1f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df1a12316deec3f6869ce93026f80c5954ef5eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c5:55:98:d2:83:24:06:2a:18:9c:13:45:2e:
                    88:04:ee:6e:dc:ba:72:56:8b:8c:76:e1:e0:79:c9:
                    f9:4b:06:b8:f8:c4:81:65:b5:bf:47:09:cf:51:04:
                    66:70:be:eb:f5:ba:b7:6f:22:2c:6d:f6:47:59:b5:
                    17:26:e3:77:bf:ba:72:bf:1d:79:e6:d3:e3:e7:e1:
                    11:8e:d3:67:4d:41:bd:8f:21:1a:3f:73:dc:1f:0d:
                    43:58:53:a7:db:dd:ab:80:f7:43:75:2c:00:dd:cd:
                    7b:fa:22:8d:15:10:25:70:3a:5c:a9:15:0e:b7:c4:
                    5b:b0:a7:17:b3:df:7d:0f:bd:14:ae:40:57:43:38:
                    7a:21:c4:92:69:c0:92:1f:87:2b:01:0e:02:9a:d5:
                    b8:fa:62:bd:d4:26:8c:20:e9:d1:01:8f:d4:c4:d6:
                    01:26:d8:84:0f:1c:d6:c5:97:ee:23:29:a6:bf:d6:
                    20:17:49:ce:09:07:40:c5:cf:84:90:b2:e9:c2:4b:
                    1e:60:4d:a4:35:f6:e8:8c:5b:0f:d0:a2:94:be:a5:
                    d2:b4:4f:d6:b7:11:27:61:b2:b7:7b:c5:ce:42:86:
                    09:21:60:d0:fa:d3:c0:96:83:8b:c0:1b:02:b6:21:
                    ad:e3:e6:f5:8e:17:82:5f:21:22:a0:47:cb:a0:b7:
                    35:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1A:12:31:6D:EE:C3:F6:86:9C:E9:30:26:F8:0C:59:54:EF:5E:B4
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/3xoSMW3uw_aGnOkwJvgMWVTvXrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:14:c6:bd:ab:c1:b8:fa:e0:32:b4:28:38:b1:f3:5a:7c:6a:
         6c:57:07:2f:5b:71:d2:4b:5b:9f:a0:00:e0:ce:8d:a6:d1:f8:
         b8:75:98:cb:5a:4c:ed:a8:62:09:36:c1:8e:54:2d:8e:63:70:
         5d:d3:b5:d0:30:03:90:06:19:8d:e6:49:cd:fd:b0:b4:20:81:
         17:8d:ad:73:cd:a0:93:2a:bf:ca:fa:f5:fc:dc:1e:da:1c:8d:
         4f:53:bc:d2:da:3c:e5:16:15:e4:8d:ca:25:97:4b:8d:09:e9:
         1c:dc:fb:75:36:17:d0:71:39:58:69:84:09:ef:52:8f:55:ed:
         56:d5:9c:9d:4e:64:a9:1e:34:8d:30:17:75:09:6b:a7:2c:e0:
         91:93:ad:30:12:73:34:68:96:ea:c2:33:0a:4a:e9:b3:3b:8e:
         1f:6a:60:fa:16:63:e8:a6:4f:70:60:cf:6f:88:65:10:57:29:
         71:0c:23:df:8c:83:ab:13:00:23:22:9c:02:58:74:62:12:f5:
         3b:47:13:c9:93:8f:3e:1f:92:b0:b5:9d:0d:c7:b1:c7:c2:3f:
         71:61:0a:10:75:11:94:d2:1b:04:09:d4:16:b3:65:d7:02:7c:
         4a:6e:67:da:2f:07:fe:71:02:e2:b8:ea:a8:c5:0b:06:a1:55:
         d8:41:4b:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/b07g2IoSknkWZ7cR9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjFhMTIzMTZkZWVjM2Y2ODY5Y2U5MzAyNmY4MGM1OTU0ZWY1ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2sVVmNKDJAYqGJwTRS6IBO5u3Lpy
VouMduHgecn5Swa4+MSBZbW/RwnPUQRmcL7r9bq3byIsbfZHWbUXJuN3v7pyvx15
5tPj5+ERjtNnTUG9jyEaP3PcHw1DWFOn292rgPdDdSwA3c17+iKNFRAlcDpcqRUO
t8RbsKcXs999D70UrkBXQzh6IcSSacCSH4crAQ4CmtW4+mK91CaMIOnRAY/UxNYB
JtiEDxzWxZfuIymmv9YgF0nOCQdAxc+EkLLpwkseYE2kNfbojFsP0KKUvqXStE/W
txEnYbK3e8XOQoYJIWDQ+tPAloOLwBsCtiGt4+b1jheCXyEioEfLoLc1tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8aEjFt7sP2hpzpMCb4DFlU7160MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvM3hvU01XM3V3X2FHbk9rd0p2Z01XVlR2WHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNxMA0G
CSqGSIb3DQEBCwUAA4IBAQA3FMa9q8G4+uAytCg4sfNafGpsVwcvW3HSS1ufoADg
zo2m0fi4dZjLWkztqGIJNsGOVC2OY3Bd07XQMAOQBhmN5knN/bC0IIEXja1zzaCT
Kr/K+vX83B7aHI1PU7zS2jzlFhXkjcoll0uNCekc3Pt1NhfQcTlYaYQJ71KPVe1W
1ZydTmSpHjSNMBd1CWunLOCRk60wEnM0aJbqwjMKSumzO44famD6FmPopk9wYM9v
iGUQVylxDCPfjIOrEwAjIpwCWHRiEvU7RxPJk48+H5KwtZ0Nx7HHwj9xYQoQdRGU
0hsECdQWs2XXAnxKbmfaLwf+cQLiuOqoxQsGoVXYQUsv
-----END CERTIFICATE-----