Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/P3PfwPwkcE040d3Qr-D90iwF4_k.roa
File:                     P3PfwPwkcE040d3Qr-D90iwF4_k.roa (raw, json)
Hash identifier:          T1rptYAIYRS6lWsTlrVwQbPRhxvEwgxKU1Xm6hHDr7M=
Subject key identifier:   3F:73:DF:C0:FC:24:70:4D:38:D1:DD:D0:AF:E0:FD:D2:2C:05:E3:F9
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       01950F68D21666955855446957B4DF52AB89
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/P3PfwPwkcE040d3Qr-D90iwF4_k.roa
Signing time:             Sun 16 Feb 2025 15:38:02 +0000
ROA not before:           Sun 16 Feb 2025 15:38:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        45.14.82.0/24 maxlen: 24
                          45.85.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:0f:68:d2:16:66:95:58:55:44:69:57:b4:df:52:ab:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Feb 16 15:38:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f73dfc0fc24704d38d1ddd0afe0fdd22c05e3f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:52:95:29:78:03:7d:c3:2f:7f:a1:46:2d:00:
                    62:cc:a1:77:15:8a:ec:f5:e8:5d:5f:b4:52:31:41:
                    7a:3d:8d:8b:87:31:0b:db:ed:8c:9d:b0:e2:9b:24:
                    f3:44:e4:53:36:7b:08:89:b4:65:86:d8:d3:c5:3f:
                    3c:a1:c2:ee:e0:c3:89:32:c9:96:90:ea:4b:11:1f:
                    10:8e:54:cd:d1:d8:84:78:7d:e5:26:e6:82:71:ec:
                    a9:7b:77:a2:65:16:61:66:1f:d6:34:60:ae:0d:fe:
                    c9:a0:54:e5:cb:bd:f9:4a:a1:24:39:04:81:06:7b:
                    10:99:38:b5:60:4b:31:7a:eb:29:ea:35:19:6f:a8:
                    f1:85:c6:e6:14:b9:5d:7b:76:e3:92:35:f5:f0:72:
                    5e:a9:b2:ce:1f:47:48:86:e8:59:c0:f9:94:c3:ae:
                    40:f0:0d:e3:bc:9f:f0:ed:50:37:c7:c0:6a:0c:fe:
                    80:e6:5b:66:11:3a:cd:8d:b3:5a:87:c0:c7:c8:b2:
                    3d:81:41:1e:c0:7a:de:80:18:b3:6e:6f:17:5a:ce:
                    2a:e7:4f:46:31:ef:57:34:37:4c:a4:c3:91:e6:18:
                    79:63:c0:95:ac:0e:1d:b5:08:b3:3e:18:e3:c2:0a:
                    c3:17:62:0b:4f:91:aa:4a:a6:33:d5:90:a6:64:65:
                    aa:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:73:DF:C0:FC:24:70:4D:38:D1:DD:D0:AF:E0:FD:D2:2C:05:E3:F9
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/P3PfwPwkcE040d3Qr-D90iwF4_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.82.0/24
                  45.85.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:60:6d:2c:dc:d8:bf:77:20:a9:ed:cd:d8:86:2a:a0:44:11:
         f9:ce:63:2f:a0:22:df:79:9c:24:99:8b:a0:6b:bd:04:a3:72:
         2d:ac:4c:b4:cf:7a:87:fe:40:7a:83:74:b4:84:d1:f5:ce:c4:
         29:8f:73:26:1e:6f:28:df:fb:41:1e:95:62:27:2e:23:0c:12:
         87:ae:29:c2:82:6d:bf:1a:54:cb:cc:48:56:39:ea:1c:ee:da:
         1f:98:79:cf:c4:42:e2:c3:ca:4e:87:60:04:7a:eb:0d:ab:60:
         8f:c4:39:17:cd:ea:f2:56:4d:3f:51:e1:b2:2f:e6:05:15:1f:
         8b:6e:c5:86:43:76:7d:c9:c2:0b:3e:b7:1b:e9:64:97:df:bb:
         20:b4:b4:19:4b:8a:a4:3a:95:7e:42:02:c0:d2:17:8f:73:9e:
         4a:f9:8a:70:fc:77:e1:ca:6c:2c:5c:35:cf:5e:13:c1:d9:ad:
         62:f6:13:b0:86:71:f9:ee:d3:91:f4:ab:b7:64:c8:02:d1:a6:
         5d:e1:a1:d3:75:7d:7d:68:ba:3d:7b:0b:11:77:c6:04:10:6a:
         71:4c:f2:e4:43:b3:08:49:37:2d:fc:7a:af:ee:89:d9:3e:4b:
         b4:d8:ad:f2:66:77:06:e7:39:dd:6a:87:4e:2b:d3:5c:47:cc:
         06:16:59:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUPaNIWZpVYVURpV7TfUquJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjUwMjE2MTUzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjczZGZjMGZjMjQ3MDRkMzhkMWRkZDBhZmUwZmRkMjJjMDVlM2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1KVKXgDfcMvf6FGLQBizKF3FYrs
9ehdX7RSMUF6PY2LhzEL2+2MnbDimyTzRORTNnsIibRlhtjTxT88ocLu4MOJMsmW
kOpLER8QjlTN0diEeH3lJuaCceype3eiZRZhZh/WNGCuDf7JoFTly735SqEkOQSB
BnsQmTi1YEsxeusp6jUZb6jxhcbmFLlde3bjkjX18HJeqbLOH0dIhuhZwPmUw65A
8A3jvJ/w7VA3x8BqDP6A5ltmETrNjbNah8DHyLI9gUEewHregBizbm8XWs4q509G
Me9XNDdMpMOR5hh5Y8CVrA4dtQizPhjjwgrDF2ILT5GqSqYz1ZCmZGWqjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD9z38D8JHBNONHd0K/g/dIsBeP5MB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvUDNQZndQd2tjRTA0MGQzUXItRDkwaXdGNF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ5SAwQA
LVWAMA0GCSqGSIb3DQEBCwUAA4IBAQCGYG0s3Ni/dyCp7c3YhiqgRBH5zmMvoCLf
eZwkmYuga70Eo3ItrEy0z3qH/kB6g3S0hNH1zsQpj3MmHm8o3/tBHpViJy4jDBKH
rinCgm2/GlTLzEhWOeoc7tofmHnPxELiw8pOh2AEeusNq2CPxDkXzeryVk0/UeGy
L+YFFR+LbsWGQ3Z9ycILPrcb6WSX37sgtLQZS4qkOpV+QgLA0hePc55K+Ypw/Hfh
ymwsXDXPXhPB2a1i9hOwhnH57tOR9Ku3ZMgC0aZd4aHTdX19aLo9ewsRd8YEEGpx
TPLkQ7MISTct/Hqv7onZPku02K3yZncG5zndaodOK9NcR8wGFlmN
-----END CERTIFICATE-----