Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/M9m5ciKZUlugxrd6zs79XHL4dD4.roa
File:                     M9m5ciKZUlugxrd6zs79XHL4dD4.roa (raw, json)
Hash identifier:          5TehzUmwbp1N2JUN9csCq1NNReNAH4jUA6HYU4FBVG0=
Subject key identifier:   33:D9:B9:72:22:99:52:5B:A0:C6:B7:7A:CE:CE:FD:5C:72:F8:74:3E
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       0196001E06B470BFF1D9CBD06E5541045967
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/M9m5ciKZUlugxrd6zs79XHL4dD4.roa
Signing time:             Fri 04 Apr 2025 09:24:49 +0000
ROA not before:           Fri 04 Apr 2025 09:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        185.244.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:1e:06:b4:70:bf:f1:d9:cb:d0:6e:55:41:04:59:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Apr  4 09:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33d9b9722299525ba0c6b77acecefd5c72f8743e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:72:b4:a4:b9:3b:db:5c:3b:ea:8e:a3:91:fb:
                    7e:0a:7a:78:86:ec:cd:11:b1:91:74:2f:c5:58:c6:
                    c7:79:97:ac:d2:46:a3:62:97:fe:c8:be:b8:a8:a6:
                    dc:df:6e:2a:99:2c:03:33:d6:4b:ae:10:b1:76:0c:
                    37:03:06:a5:77:d0:68:4c:88:c0:f6:25:df:cb:a3:
                    ed:78:17:9f:eb:32:e1:88:9d:fb:34:e8:11:16:71:
                    a4:e2:e8:f2:2e:3f:a1:f2:4b:88:a1:00:c7:a9:b2:
                    66:b2:03:5b:75:62:10:56:24:6f:f5:73:16:1e:97:
                    15:f3:e9:d4:89:1f:6e:b6:8e:08:c5:40:ed:07:93:
                    9e:f6:b1:62:4a:f5:8b:06:c0:1a:2b:17:a2:16:a1:
                    b5:3b:55:03:e3:4e:b2:f4:87:39:a2:d9:11:14:0a:
                    28:ae:78:42:5b:23:03:aa:96:96:9f:66:9b:2f:9e:
                    d6:92:ed:c0:1a:95:fb:5f:13:a7:52:95:85:5b:e3:
                    87:23:51:f7:d3:1f:60:df:69:42:5d:46:1c:db:52:
                    8c:c9:53:bc:b7:e1:38:bc:7b:c0:b5:3f:13:68:5c:
                    1a:e4:bc:90:65:c0:8c:17:1b:06:11:9e:05:f9:70:
                    fd:4c:48:61:13:1b:29:d2:6c:a3:a6:84:fa:71:02:
                    da:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D9:B9:72:22:99:52:5B:A0:C6:B7:7A:CE:CE:FD:5C:72:F8:74:3E
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/M9m5ciKZUlugxrd6zs79XHL4dD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:67:05:a2:d4:df:e8:ca:c1:54:d4:22:07:ab:6d:57:66:01:
         0e:38:08:08:d8:17:92:e3:97:55:dc:f9:4e:ca:d2:5c:24:28:
         cf:f5:37:b2:7c:7d:2f:c6:70:3e:5b:b7:1c:b4:4f:a7:69:4a:
         a4:4f:6f:3d:b4:24:f8:03:8b:d5:34:d9:8d:1d:64:3d:38:94:
         3d:17:e0:19:4d:f9:41:70:c3:bc:84:81:80:3a:f6:d9:0d:4c:
         d8:73:13:30:57:77:64:24:b3:12:ff:80:bf:7f:e9:c7:76:6c:
         5e:c9:8d:5a:2b:f1:d7:01:fd:4d:84:64:8f:ed:74:8d:ff:c6:
         1b:15:f8:62:50:dd:e7:6a:c4:f2:94:70:26:21:57:07:6a:06:
         ae:ad:18:af:0f:43:10:08:ce:8b:36:57:af:24:92:b9:60:e9:
         68:12:d4:34:96:32:b9:11:50:bc:5d:fe:ff:34:d3:20:1e:a9:
         f5:86:7f:ea:a3:f2:af:bc:ec:a1:49:3c:09:ca:5e:95:11:1b:
         17:a6:4d:62:70:40:02:33:1a:00:95:29:65:53:c0:a8:62:12:
         9c:df:5a:0a:e5:68:27:23:80:bb:aa:83:9f:43:d3:99:46:42:
         52:8c:fc:45:41:6a:6a:e8:77:3b:64:57:6e:f3:ef:99:24:54:
         df:48:ed:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYAHga0cL/x2cvQblVBBFlnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwNDA0MDkyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Q5Yjk3MjIyOTk1MjViYTBjNmI3N2FjZWNlZmQ1YzcyZjg3NDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA83K0pLk721w76o6jkft+Cnp4huzN
EbGRdC/FWMbHeZes0kajYpf+yL64qKbc324qmSwDM9ZLrhCxdgw3Awald9BoTIjA
9iXfy6PteBef6zLhiJ37NOgRFnGk4ujyLj+h8kuIoQDHqbJmsgNbdWIQViRv9XMW
HpcV8+nUiR9uto4IxUDtB5Oe9rFiSvWLBsAaKxeiFqG1O1UD406y9Ic5otkRFAoo
rnhCWyMDqpaWn2abL57Wku3AGpX7XxOnUpWFW+OHI1H30x9g32lCXUYc21KMyVO8
t+E4vHvAtT8TaFwa5LyQZcCMFxsGEZ4F+XD9TEhhExsp0myjpoT6cQLa6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPZuXIimVJboMa3es7O/Vxy+HQ+MB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvTTltNWNpS1pVbHVneHJkNnpzNzlYSEw0ZEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQDMA0G
CSqGSIb3DQEBCwUAA4IBAQB1ZwWi1N/oysFU1CIHq21XZgEOOAgI2BeS45dV3PlO
ytJcJCjP9TeyfH0vxnA+W7cctE+naUqkT289tCT4A4vVNNmNHWQ9OJQ9F+AZTflB
cMO8hIGAOvbZDUzYcxMwV3dkJLMS/4C/f+nHdmxeyY1aK/HXAf1NhGSP7XSN/8Yb
FfhiUN3nasTylHAmIVcHagaurRivD0MQCM6LNlevJJK5YOloEtQ0ljK5EVC8Xf7/
NNMgHqn1hn/qo/KvvOyhSTwJyl6VERsXpk1icEACMxoAlSllU8CoYhKc31oK5Wgn
I4C7qoOfQ9OZRkJSjPxFQWpq6Hc7ZFdu8++ZJFTfSO0W
-----END CERTIFICATE-----