Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/3gdjx6-jXCWlE99Kf_MNliJ4_3o.roa
File:                     3gdjx6-jXCWlE99Kf_MNliJ4_3o.roa (raw, json)
Hash identifier:          VzMyOOl9cEYPtCPqPtsMwQYZihpi1TJveh2D21Agtjw=
Subject key identifier:   DE:07:63:C7:AF:A3:5C:25:A5:13:DF:4A:7F:F3:0D:96:22:78:FF:7A
Certificate issuer:       /CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
Certificate serial:       0194258FC64931A38E86629069B11AA61BDC
Authority key identifier: EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/3gdjx6-jXCWlE99Kf_MNliJ4_3o.roa
Signing time:             Thu 02 Jan 2025 05:49:26 +0000
ROA not before:           Thu 02 Jan 2025 05:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        185.3.28.0/23 maxlen: 23
                          185.3.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c6:49:31:a3:8e:86:62:90:69:b1:1a:a6:1b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
        Validity
            Not Before: Jan  2 05:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de0763c7afa35c25a513df4a7ff30d962278ff7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cc:3a:14:37:b3:67:43:cd:5d:95:83:59:ae:
                    74:4f:26:43:ce:80:62:45:f3:76:7f:36:66:9c:03:
                    dd:2b:fb:17:bc:13:97:1b:04:f7:85:76:18:19:cb:
                    8a:16:7c:5c:fa:70:a1:99:5c:68:82:29:3c:e5:d7:
                    30:b6:88:cf:c7:db:b3:19:a1:62:98:fd:30:d1:73:
                    36:8f:41:0b:f2:ff:77:71:59:3e:ab:de:b4:ba:2b:
                    51:b7:38:0d:97:de:81:58:10:89:84:d8:5c:e3:c1:
                    81:1f:61:06:bf:63:52:aa:b3:9e:8e:57:87:89:ac:
                    08:91:b6:13:82:54:0f:40:e4:9d:ab:26:7a:6d:29:
                    3f:01:27:b4:87:c0:cd:85:fa:f5:7b:fd:ec:8c:35:
                    84:0e:8b:fe:2a:0b:24:13:f6:e8:35:fc:9d:6e:7a:
                    47:ce:d8:e7:8a:e2:33:51:2f:e6:a8:a2:fe:5c:b1:
                    2f:0e:b2:cb:42:2f:05:c7:53:28:da:8f:dd:08:f1:
                    27:aa:e0:73:b3:38:e1:0c:68:d2:eb:20:d6:52:17:
                    bb:58:f7:d2:11:42:f6:37:f9:cd:1a:1f:44:c9:be:
                    5c:fb:c3:ba:db:13:92:91:59:f4:ed:fc:fe:d0:7f:
                    48:ec:53:c8:78:c5:92:5b:cf:3b:55:a6:b1:4c:dd:
                    2d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:07:63:C7:AF:A3:5C:25:A5:13:DF:4A:7F:F3:0D:96:22:78:FF:7A
            X509v3 Authority Key Identifier:
                keyid:EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/3gdjx6-jXCWlE99Kf_MNliJ4_3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:70:69:17:68:56:78:d0:d3:78:0b:60:07:ba:1e:a6:74:bc:
         66:66:80:4e:6d:9f:af:43:45:21:80:27:84:12:fc:ee:f6:7f:
         73:cd:b3:4f:0c:fa:3c:0a:ba:5f:65:90:7a:5e:00:55:7f:e9:
         c5:01:ae:8c:46:a9:3b:fe:a2:c1:38:7d:a6:61:fa:dd:78:43:
         b5:01:41:ed:37:56:4d:d7:a8:9a:01:8c:e6:13:3d:a2:56:72:
         31:ef:6e:e8:0a:8e:92:c5:6a:13:24:2c:97:a4:3a:a6:60:e8:
         fc:48:1d:9b:ae:da:3a:54:05:9b:de:84:d5:93:a7:90:5f:96:
         bc:d0:99:b7:de:3e:ca:8d:35:1f:a1:d3:27:78:8c:56:60:55:
         ab:09:05:81:e1:47:8a:98:03:16:91:86:bf:b7:2c:ec:2a:51:
         5a:15:d4:2f:ad:b0:52:00:a5:28:de:bb:19:41:28:ab:fe:10:
         60:c5:13:e8:ef:e9:a9:93:89:a1:e9:dd:dd:fd:66:70:4e:84:
         5e:0f:ce:ef:ad:24:70:09:1a:b1:5d:52:f0:05:b4:7e:a1:1b:
         42:c3:7c:b9:ae:46:0c:cc:e5:4d:7a:16:df:26:6d:87:d5:b8:
         74:9e:d1:b7:31:ba:1a:6a:e5:dc:54:6c:ac:07:38:03:4f:62:
         0c:2e:28:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8ZJMaOOhmKQabEaphvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMTY3YmI2YjA2MWZmZmE2MjlkZDJhODRjY2Y3ZGI0NGM3
MWEzNTEwHhcNMjUwMTAyMDU0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTA3NjNjN2FmYTM1YzI1YTUxM2RmNGE3ZmYzMGQ5NjIyNzhmZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cw6FDezZ0PNXZWDWa50TyZDzoBi
RfN2fzZmnAPdK/sXvBOXGwT3hXYYGcuKFnxc+nChmVxogik85dcwtojPx9uzGaFi
mP0w0XM2j0EL8v93cVk+q960uitRtzgNl96BWBCJhNhc48GBH2EGv2NSqrOejleH
iawIkbYTglQPQOSdqyZ6bSk/ASe0h8DNhfr1e/3sjDWEDov+KgskE/boNfydbnpH
ztjniuIzUS/mqKL+XLEvDrLLQi8Fx1Mo2o/dCPEnquBzszjhDGjS6yDWUhe7WPfS
EUL2N/nNGh9Eyb5c+8O62xOSkVn07fz+0H9I7FPIeMWSW887VaaxTN0tMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4HY8evo1wlpRPfSn/zDZYieP96MB8GA1UdIwQY
MBaAFOwWe7awYf/6Yp3SqEzPfbRMcaNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjct
YzY1NWFkNTk0MTkzLzEvM2dkang2LWpYQ1dsRTk5S2ZfTU5saUo0XzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjctYzY1NWFkNTk0MTkz
LzEvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQMcMA0G
CSqGSIb3DQEBCwUAA4IBAQBscGkXaFZ40NN4C2AHuh6mdLxmZoBObZ+vQ0UhgCeE
Evzu9n9zzbNPDPo8CrpfZZB6XgBVf+nFAa6MRqk7/qLBOH2mYfrdeEO1AUHtN1ZN
16iaAYzmEz2iVnIx727oCo6SxWoTJCyXpDqmYOj8SB2brto6VAWb3oTVk6eQX5a8
0Jm33j7KjTUfodMneIxWYFWrCQWB4UeKmAMWkYa/tyzsKlFaFdQvrbBSAKUo3rsZ
QSir/hBgxRPo7+mpk4mh6d3d/WZwToReD87vrSRwCRqxXVLwBbR+oRtCw3y5rkYM
zOVNehbfJm2H1bh0ntG3MboaauXcVGysBzgDT2IMLii7
-----END CERTIFICATE-----