Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/3K66fkLdFIhZuPgVnT8dBkSPcIY.roa
File:                     3K66fkLdFIhZuPgVnT8dBkSPcIY.roa (raw, json)
Hash identifier:          jrto9CYh3lf5yVyFB1TxobdXxUZh+GOGoL+a0rSxI8I=
Subject key identifier:   DC:AE:BA:7E:42:DD:14:88:59:B8:F8:15:9D:3F:1D:06:44:8F:70:86
Certificate issuer:       /CN=3b8fe2465843031b778bb8d8b7bd35a094fccf48
Certificate serial:       0194A7276E3AA0866816A3C784D504E9DA10
Authority key identifier: 3B:8F:E2:46:58:43:03:1B:77:8B:B8:D8:B7:BD:35:A0:94:FC:CF:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/3K66fkLdFIhZuPgVnT8dBkSPcIY.roa
Signing time:             Mon 27 Jan 2025 09:46:06 +0000
ROA not before:           Mon 27 Jan 2025 09:46:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.117.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a7:27:6e:3a:a0:86:68:16:a3:c7:84:d5:04:e9:da:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b8fe2465843031b778bb8d8b7bd35a094fccf48
        Validity
            Not Before: Jan 27 09:46:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcaeba7e42dd148859b8f8159d3f1d06448f7086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b1:00:a3:cb:9c:1b:1d:7e:6a:49:6f:f0:70:
                    86:9e:03:59:52:4a:14:c0:29:5b:29:d3:c7:e8:4a:
                    31:cb:70:b2:be:42:06:73:df:43:44:fb:a4:0a:09:
                    7f:d0:f2:7c:99:1c:76:85:5a:38:1f:6e:ec:d7:16:
                    f1:b3:f4:5d:48:74:77:e6:b8:93:3a:53:47:9c:8d:
                    20:2e:2b:27:75:28:70:a2:8b:25:43:c0:8f:7b:70:
                    f2:a1:02:b3:53:df:c4:c7:ea:5e:08:e7:dd:62:0a:
                    b7:02:75:17:a1:fe:c7:ca:f0:0e:18:76:16:4c:d8:
                    c5:97:ca:19:d1:f5:4d:2a:2e:b2:47:05:46:7a:87:
                    80:34:08:c3:0e:18:8f:ff:86:be:ca:ed:70:f3:99:
                    6c:aa:ff:95:31:f2:57:06:57:4e:cf:fc:13:82:3b:
                    7d:db:95:c2:3c:5d:b5:cd:34:cc:27:f1:06:74:de:
                    83:34:c0:ae:61:62:75:a6:54:ec:f5:59:ef:e3:57:
                    c6:88:ca:99:94:bf:ae:bb:26:19:6a:31:a5:f2:c1:
                    da:2b:04:18:be:24:34:82:cf:9b:52:2c:05:80:2f:
                    69:aa:54:43:0d:24:9f:a0:65:e7:82:6e:f9:ac:17:
                    59:2b:ae:b1:62:36:8c:05:63:c4:a7:81:aa:89:c6:
                    32:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:AE:BA:7E:42:DD:14:88:59:B8:F8:15:9D:3F:1D:06:44:8F:70:86
            X509v3 Authority Key Identifier:
                keyid:3B:8F:E2:46:58:43:03:1B:77:8B:B8:D8:B7:BD:35:A0:94:FC:CF:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/3K66fkLdFIhZuPgVnT8dBkSPcIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:4c:36:60:41:d9:e2:2e:95:8c:45:de:6f:a3:5e:93:d0:f7:
         93:cf:f4:25:53:c6:25:d8:17:49:2f:46:ac:50:2a:5d:a9:e8:
         45:4f:e4:7e:43:95:79:de:a3:3c:c8:39:de:0f:c7:f2:83:03:
         61:b0:8e:f4:a4:a3:6f:0f:7c:74:b4:dc:8b:f0:5d:71:ae:c9:
         ee:36:66:d6:c1:9b:07:af:38:ae:fc:e4:cc:83:c6:97:1d:2d:
         d9:63:cc:ca:d9:06:16:3c:e0:84:3e:8a:d5:6c:b8:67:61:13:
         be:b6:0c:5d:5f:6c:46:8b:fd:e6:3d:b8:2f:9a:5a:5d:0d:09:
         b4:61:08:3a:1a:09:df:1a:af:1f:82:7b:86:ae:ae:2f:b4:8f:
         c1:d8:b1:f8:9e:10:93:15:4b:a1:e2:43:9a:88:a6:5e:04:86:
         8e:61:ae:13:96:c5:8e:47:28:c3:7b:b6:74:6d:c0:22:0f:b2:
         61:66:76:6f:8b:bb:fa:25:f9:76:19:77:ce:60:e1:bf:53:5c:
         49:b1:09:ce:9a:9c:d0:98:e5:52:e2:0f:a5:8b:e3:f3:e4:7d:
         ac:3c:31:96:b2:37:a2:bb:06:6e:00:8e:6a:e0:34:59:a8:28:
         b0:7e:f7:11:06:e0:fe:ff:49:1e:cc:a5:d8:d8:b0:cb:0f:15:
         b3:69:38:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSnJ246oIZoFqPHhNUE6doQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOGZlMjQ2NTg0MzAzMWI3NzhiYjhkOGI3YmQzNWEwOTRm
Y2NmNDgwHhcNMjUwMTI3MDk0NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2FlYmE3ZTQyZGQxNDg4NTliOGY4MTU5ZDNmMWQwNjQ0OGY3MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLEAo8ucGx1+aklv8HCGngNZUkoU
wClbKdPH6Eoxy3CyvkIGc99DRPukCgl/0PJ8mRx2hVo4H27s1xbxs/RdSHR35riT
OlNHnI0gLisndShwooslQ8CPe3DyoQKzU9/Ex+peCOfdYgq3AnUXof7HyvAOGHYW
TNjFl8oZ0fVNKi6yRwVGeoeANAjDDhiP/4a+yu1w85lsqv+VMfJXBldOz/wTgjt9
25XCPF21zTTMJ/EGdN6DNMCuYWJ1plTs9Vnv41fGiMqZlL+uuyYZajGl8sHaKwQY
viQ0gs+bUiwFgC9pqlRDDSSfoGXngm75rBdZK66xYjaMBWPEp4GqicYy4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyuun5C3RSIWbj4FZ0/HQZEj3CGMB8GA1UdIwQY
MBaAFDuP4kZYQwMbd4u42Le9NaCU/M9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzRfaVJsaERBeHQzaTdqWXQ3MDFvSlQ4ejBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lZjIwY2YtNGMzOS00NzA3LTg1N2Mt
N2MzNTAwNmUwN2ExLzEvM0s2NmZrTGRGSWhadVBnVm5UOGRCa1NQY0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lZjIwY2YtNGMzOS00NzA3LTg1N2MtN2MzNTAwNmUwN2Ex
LzEvTzRfaVJsaERBeHQzaTdqWXQ3MDFvSlQ4ejBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXU9MA0G
CSqGSIb3DQEBCwUAA4IBAQBXTDZgQdniLpWMRd5vo16T0PeTz/QlU8Yl2BdJL0as
UCpdqehFT+R+Q5V53qM8yDneD8fygwNhsI70pKNvD3x0tNyL8F1xrsnuNmbWwZsH
rziu/OTMg8aXHS3ZY8zK2QYWPOCEPorVbLhnYRO+tgxdX2xGi/3mPbgvmlpdDQm0
YQg6GgnfGq8fgnuGrq4vtI/B2LH4nhCTFUuh4kOaiKZeBIaOYa4TlsWORyjDe7Z0
bcAiD7JhZnZvi7v6Jfl2GXfOYOG/U1xJsQnOmpzQmOVS4g+li+Pz5H2sPDGWsjei
uwZuAI5q4DRZqCiwfvcRBuD+/0kezKXY2LDLDxWzaTiK
-----END CERTIFICATE-----