Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/oLh3yoxxKDPJ0rI4fFfhHDN8zHc.roa
File:                     oLh3yoxxKDPJ0rI4fFfhHDN8zHc.roa (raw, json)
Hash identifier:          gc86IVswZ2auip9vASDEdi6AXEh5d/2Jw9bjMy6Pwd8=
Subject key identifier:   A0:B8:77:CA:8C:71:28:33:C9:D2:B2:38:7C:57:E1:1C:33:7C:CC:77
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       01942068503CD209E5600678EAC3784F1647
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/oLh3yoxxKDPJ0rI4fFfhHDN8zHc.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23655
IP address blocks:        185.71.228.0/24 maxlen: 24
                          185.71.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:50:3c:d2:09:e5:60:06:78:ea:c3:78:4f:16:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0b877ca8c712833c9d2b2387c57e11c337ccc77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:af:38:a8:31:91:eb:a2:d4:56:d9:1d:2c:24:
                    c9:d9:4f:d5:2a:de:08:df:17:7f:f4:44:a0:44:66:
                    17:f5:f5:1e:c6:30:7d:c4:e1:3f:f3:46:0e:3b:d2:
                    bd:40:66:b7:43:76:9f:de:f2:8e:90:c6:63:a8:73:
                    b4:8d:73:49:7c:76:bc:80:89:12:9b:22:2e:d7:50:
                    71:e7:1b:1c:6d:aa:ae:b0:28:ab:1f:02:26:62:4c:
                    45:4a:96:44:89:b9:57:5f:53:d3:8c:c1:8a:94:2d:
                    a6:28:b0:b8:9d:4e:69:5f:68:95:32:95:b1:32:f4:
                    e8:15:8d:bf:70:d6:f3:2c:94:e0:d0:1f:b2:17:27:
                    99:ef:e2:4f:ea:f5:b1:79:48:25:0a:67:9b:18:51:
                    cc:37:7b:03:4d:8b:cb:39:ef:b4:c7:2d:f4:18:e5:
                    c0:d4:5e:4e:18:34:42:b7:98:d9:50:62:5e:99:c8:
                    a0:ab:5a:fc:88:1a:f4:ea:df:28:3e:64:34:e4:7a:
                    cd:c8:7e:73:12:c6:72:ce:6a:70:97:c6:6e:04:ee:
                    a6:42:ff:d1:08:8a:c1:5a:79:55:83:e7:f1:59:de:
                    1b:41:5e:77:e4:f5:a5:e8:46:03:47:ce:7c:49:91:
                    fc:d0:ba:75:c0:bf:ad:9d:be:aa:38:66:0b:87:0e:
                    8b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B8:77:CA:8C:71:28:33:C9:D2:B2:38:7C:57:E1:1C:33:7C:CC:77
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/oLh3yoxxKDPJ0rI4fFfhHDN8zHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:e7:aa:55:f2:ab:5b:23:12:e7:48:63:9a:19:73:97:e0:5f:
         0c:5e:08:fe:e7:2a:dc:2b:ac:c1:3a:b6:fb:a4:53:26:96:61:
         df:e7:92:cc:e0:a9:13:b2:f2:c7:cc:e5:dd:1d:ce:11:6e:07:
         8b:a3:73:33:37:16:70:6a:10:75:ce:22:16:51:0b:ed:08:34:
         94:c9:6f:34:95:82:67:e3:58:28:9f:be:29:80:4f:75:4b:eb:
         92:1b:7b:44:d6:b2:0b:9b:d9:56:45:fe:28:02:ac:79:7b:bc:
         5b:6c:73:54:c6:cf:c3:a3:78:df:06:3d:fe:f4:ef:9e:d1:4d:
         be:25:6d:4e:55:95:94:ce:39:07:0b:c2:21:89:10:3e:1f:bd:
         69:55:c8:6f:b2:ea:1c:9c:61:fb:09:ba:24:ca:63:7d:4f:f7:
         37:3e:3d:70:0d:66:a5:b2:14:4d:02:d8:a6:5a:05:38:ca:53:
         2f:30:ab:ff:37:86:5e:e5:14:e1:b4:62:d1:09:d2:dd:91:f1:
         c3:8f:a2:cd:b0:1c:d4:da:5c:d6:b5:b3:2c:c7:a6:b9:4a:9f:
         a4:b9:20:83:36:56:ea:b6:46:87:af:ee:60:99:79:39:06:57:
         5a:e4:a6:50:97:5d:80:ef:24:eb:e4:29:cb:86:68:c3:42:7a:
         e9:49:e7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFA80gnlYAZ46sN4TxZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI4NzdjYThjNzEyODMzYzlkMmIyMzg3YzU3ZTExYzMzN2NjYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg684qDGR66LUVtkdLCTJ2U/VKt4I
3xd/9ESgRGYX9fUexjB9xOE/80YOO9K9QGa3Q3af3vKOkMZjqHO0jXNJfHa8gIkS
myIu11Bx5xscbaqusCirHwImYkxFSpZEiblXX1PTjMGKlC2mKLC4nU5pX2iVMpWx
MvToFY2/cNbzLJTg0B+yFyeZ7+JP6vWxeUglCmebGFHMN3sDTYvLOe+0xy30GOXA
1F5OGDRCt5jZUGJemcigq1r8iBr06t8oPmQ05HrNyH5zEsZyzmpwl8ZuBO6mQv/R
CIrBWnlVg+fxWd4bQV535PWl6EYDR858SZH80Lp1wL+tnb6qOGYLhw6LNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC4d8qMcSgzydKyOHxX4RwzfMx3MB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvb0xoM3lveHhLRFBKMHJJNGZGZmhIRE44ekhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUfkMA0G
CSqGSIb3DQEBCwUAA4IBAQCa56pV8qtbIxLnSGOaGXOX4F8MXgj+5yrcK6zBOrb7
pFMmlmHf55LM4KkTsvLHzOXdHc4RbgeLo3MzNxZwahB1ziIWUQvtCDSUyW80lYJn
41gon74pgE91S+uSG3tE1rILm9lWRf4oAqx5e7xbbHNUxs/Do3jfBj3+9O+e0U2+
JW1OVZWUzjkHC8IhiRA+H71pVchvsuocnGH7CbokymN9T/c3Pj1wDWalshRNAtim
WgU4ylMvMKv/N4Ze5RThtGLRCdLdkfHDj6LNsBzU2lzWtbMsx6a5Sp+kuSCDNlbq
tkaHr+5gmXk5Blda5KZQl12A7yTr5CnLhmjDQnrpSeeL
-----END CERTIFICATE-----