Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/P3b7DFzAl1mF00eFO0q0Hvx6uqg.roa
File:                     P3b7DFzAl1mF00eFO0q0Hvx6uqg.roa (raw, json)
Hash identifier:          4Vw9mbX/VAtbgUX/fX/IcrRcZH092D/s4XK4tYr5SHw=
Subject key identifier:   3F:76:FB:0C:5C:C0:97:59:85:D3:47:85:3B:4A:B4:1E:FC:7A:BA:A8
Certificate issuer:       /CN=ba5b651791119f8ebaa3be26f1c756b86309be8e
Certificate serial:       019425FBFEDD70FE71C6AE81F6EED46F1DB2
Authority key identifier: BA:5B:65:17:91:11:9F:8E:BA:A3:BE:26:F1:C7:56:B8:63:09:BE:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/P3b7DFzAl1mF00eFO0q0Hvx6uqg.roa
Signing time:             Thu 02 Jan 2025 07:47:39 +0000
ROA not before:           Thu 02 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25111
IP address blocks:        194.0.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:fe:dd:70:fe:71:c6:ae:81:f6:ee:d4:6f:1d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba5b651791119f8ebaa3be26f1c756b86309be8e
        Validity
            Not Before: Jan  2 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f76fb0c5cc0975985d347853b4ab41efc7abaa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:95:a4:4f:95:c9:1d:46:e8:46:ba:71:2f:06:
                    14:d1:b3:ac:06:93:98:84:dd:17:09:a1:48:d1:2b:
                    e0:da:68:61:b0:5b:fa:3a:02:a2:52:de:9d:cf:26:
                    e4:de:64:8d:4b:25:a1:75:26:12:fd:3a:d6:18:e9:
                    67:93:fe:fd:c9:9e:16:97:88:a2:7c:3f:ec:13:cb:
                    ce:ec:88:6f:da:18:7f:fc:0e:f3:44:c0:a4:42:71:
                    ca:cc:4e:73:86:eb:b1:94:20:e0:32:cb:03:73:cd:
                    07:e8:e0:c3:4d:f7:46:6f:1c:53:45:b3:32:59:f1:
                    50:aa:a6:c7:b0:96:f6:11:60:eb:3b:0e:e4:c9:ba:
                    31:e0:a3:94:0b:c6:a5:1f:18:6a:07:3c:16:86:c4:
                    0b:3c:a9:fc:8c:39:a4:2b:41:fd:92:74:ea:cc:da:
                    73:0b:6c:35:3c:cd:ef:21:60:a1:a4:1e:42:a1:a6:
                    48:b0:66:3a:fe:75:ce:e5:39:39:78:b2:10:55:55:
                    68:b5:e2:ee:d2:30:fd:a1:44:07:72:db:c6:16:bb:
                    d6:96:05:bd:a1:41:90:e0:83:26:88:9e:db:89:10:
                    08:83:c8:1c:91:4f:89:72:0e:dd:a0:f4:c1:d8:9c:
                    2c:19:be:0c:2f:ef:3d:b0:33:22:8e:f9:43:4a:7d:
                    3e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:76:FB:0C:5C:C0:97:59:85:D3:47:85:3B:4A:B4:1E:FC:7A:BA:A8
            X509v3 Authority Key Identifier:
                keyid:BA:5B:65:17:91:11:9F:8E:BA:A3:BE:26:F1:C7:56:B8:63:09:BE:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ultlF5ERn466o74m8cdWuGMJvo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/P3b7DFzAl1mF00eFO0q0Hvx6uqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/4cc4d8-8091-4581-92f4-196f8f064ee4/1/ultlF5ERn466o74m8cdWuGMJvo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:cc:d3:a4:21:69:b7:9f:b0:68:90:29:6a:57:29:6c:20:07:
         74:75:c7:d9:93:b3:02:57:ce:e8:6d:24:17:4f:e7:0c:b0:b1:
         47:11:7b:d6:f9:cf:d6:dd:db:4d:1e:b6:6f:9e:b3:d9:eb:d6:
         17:48:65:0e:8a:23:cd:3a:05:fa:2d:84:0a:52:e6:9a:9d:18:
         05:f7:47:86:0f:90:0f:ec:6e:8f:c4:22:e0:15:37:9d:c7:4f:
         77:d2:59:aa:60:1d:33:20:a2:d3:b7:a7:f2:b5:67:6a:ed:73:
         3a:67:33:db:66:2d:b4:0b:e0:ee:a0:b5:39:63:39:4f:be:91:
         42:ac:e8:92:37:0c:3a:10:bc:c7:7f:e2:c5:f3:33:75:ef:c7:
         3e:04:69:6a:45:30:07:f7:93:21:5a:1f:f3:1a:91:5d:4b:9f:
         f1:3a:15:ad:f8:7e:a4:68:3b:1c:f8:87:3c:7c:7a:e3:3f:aa:
         b8:ac:73:54:54:6e:bf:1c:d0:cf:76:b5:60:28:b4:13:6a:f5:
         1d:55:b9:60:77:b7:17:c1:06:21:3a:20:f7:9b:04:07:9e:00:
         f6:8f:04:c3:e3:6a:34:84:22:30:b2:8d:7b:d9:74:74:ee:68:
         72:48:5b:65:bd:0c:84:27:ce:4b:a6:c7:6c:31:24:3b:b5:7f:
         9f:d1:37:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl+/7dcP5xxq6B9u7Ubx2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNWI2NTE3OTExMTlmOGViYWEzYmUyNmYxYzc1NmI4NjMw
OWJlOGUwHhcNMjUwMTAyMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjc2ZmIwYzVjYzA5NzU5ODVkMzQ3ODUzYjRhYjQxZWZjN2FiYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5WkT5XJHUboRrpxLwYU0bOsBpOY
hN0XCaFI0Svg2mhhsFv6OgKiUt6dzybk3mSNSyWhdSYS/TrWGOlnk/79yZ4Wl4ii
fD/sE8vO7Ihv2hh//A7zRMCkQnHKzE5zhuuxlCDgMssDc80H6ODDTfdGbxxTRbMy
WfFQqqbHsJb2EWDrOw7kybox4KOUC8alHxhqBzwWhsQLPKn8jDmkK0H9knTqzNpz
C2w1PM3vIWChpB5CoaZIsGY6/nXO5Tk5eLIQVVVoteLu0jD9oUQHctvGFrvWlgW9
oUGQ4IMmiJ7biRAIg8gckU+Jcg7doPTB2JwsGb4ML+89sDMijvlDSn0+swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD92+wxcwJdZhdNHhTtKtB78erqoMB8GA1UdIwQY
MBaAFLpbZReREZ+OuqO+JvHHVrhjCb6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWx0bEY1RVJuNDY2bzc0bThjZFd1R01Kdm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80Y2M0ZDgtODA5MS00NTgxLTkyZjQt
MTk2ZjhmMDY0ZWU0LzEvUDNiN0RGekFsMW1GMDBlRk8wcTBIdng2dXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80Y2M0ZDgtODA5MS00NTgxLTkyZjQtMTk2ZjhmMDY0ZWU0
LzEvdWx0bEY1RVJuNDY2bzc0bThjZFd1R01Kdm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCGMA0G
CSqGSIb3DQEBCwUAA4IBAQBgzNOkIWm3n7BokClqVylsIAd0dcfZk7MCV87obSQX
T+cMsLFHEXvW+c/W3dtNHrZvnrPZ69YXSGUOiiPNOgX6LYQKUuaanRgF90eGD5AP
7G6PxCLgFTedx0930lmqYB0zIKLTt6fytWdq7XM6ZzPbZi20C+DuoLU5YzlPvpFC
rOiSNww6ELzHf+LF8zN178c+BGlqRTAH95MhWh/zGpFdS5/xOhWt+H6kaDsc+Ic8
fHrjP6q4rHNUVG6/HNDPdrVgKLQTavUdVblgd7cXwQYhOiD3mwQHngD2jwTD42o0
hCIwso172XR07mhySFtlvQyEJ85LpsdsMSQ7tX+f0TdT
-----END CERTIFICATE-----