Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/pc3D-RJai3Sy0xY8-tFzVCI1yUM.roa
File:                     pc3D-RJai3Sy0xY8-tFzVCI1yUM.roa (raw, json)
Hash identifier:          uBxXsxOQORpc24Ptxkp92Yz5fKaDuCXBuTLa8unFs14=
Subject key identifier:   A5:CD:C3:F9:12:5A:8B:74:B2:D3:16:3C:FA:D1:73:54:22:35:C9:43
Certificate issuer:       /CN=70f68cded39e3ec54cee2233252ef3937ba9828d
Certificate serial:       0195D2E443F2A16DF7D7A2A01AD071C68D42
Authority key identifier: 70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/pc3D-RJai3Sy0xY8-tFzVCI1yUM.roa
Signing time:             Wed 26 Mar 2025 14:38:49 +0000
ROA not before:           Wed 26 Mar 2025 14:38:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212685
IP address blocks:        194.164.36.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d2:e4:43:f2:a1:6d:f7:d7:a2:a0:1a:d0:71:c6:8d:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f68cded39e3ec54cee2233252ef3937ba9828d
        Validity
            Not Before: Mar 26 14:38:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5cdc3f9125a8b74b2d3163cfad173542235c943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:91:c6:5f:66:ca:20:8d:e4:31:4d:19:ab:b9:
                    e8:9f:47:a3:38:52:d1:58:16:97:6f:3c:61:cd:b5:
                    ef:ca:10:e6:7d:8c:51:56:f7:d1:24:90:71:b2:ea:
                    be:96:ac:bd:e2:97:1e:e1:a9:13:04:bf:b6:71:87:
                    b3:c4:ff:b1:23:c3:c2:ad:94:b9:fe:34:64:72:d4:
                    ce:64:2e:f4:d2:a5:8c:54:2d:de:26:bb:0e:63:ec:
                    d6:c0:1c:86:fd:79:0c:14:8f:e3:b5:0a:3e:cb:7b:
                    3d:82:fc:9f:d1:9a:9b:71:1b:63:49:ec:f5:7d:fd:
                    40:9a:02:b7:57:1f:18:f9:97:40:64:25:6b:94:0d:
                    16:24:a7:46:98:72:c7:b9:cf:be:2b:19:6f:99:b8:
                    9e:24:3a:fa:a1:08:b7:fc:e4:2f:df:b0:be:31:9c:
                    3f:b6:af:df:cd:b0:30:78:68:90:3d:a5:c7:50:2f:
                    2d:58:8f:85:4c:4f:0a:60:65:08:6c:98:5b:e0:81:
                    d1:f6:e9:85:50:13:87:a9:0d:fa:5b:70:8d:bc:7c:
                    d6:8a:4e:99:a9:43:f5:04:7d:37:2c:6e:45:f8:93:
                    b9:98:ab:1b:d6:7c:2b:d4:66:b9:f1:c3:e4:3d:6f:
                    2e:7e:cc:84:71:87:54:f7:0d:e7:ca:a8:62:c1:16:
                    f7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:CD:C3:F9:12:5A:8B:74:B2:D3:16:3C:FA:D1:73:54:22:35:C9:43
            X509v3 Authority Key Identifier:
                keyid:70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/pc3D-RJai3Sy0xY8-tFzVCI1yUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:75:80:67:86:1a:cc:ff:44:94:b5:e5:37:29:5c:6f:f7:a8:
         e9:94:81:8e:06:be:30:92:e9:33:18:47:99:6e:a8:0a:65:40:
         c5:bf:f3:8f:3a:10:ba:27:f1:06:8b:15:e9:da:68:55:42:b0:
         6a:ac:69:13:77:5a:06:b6:1c:1b:e6:0e:31:10:ea:5a:55:08:
         b4:63:bf:84:7d:de:10:2a:78:e9:79:dd:af:9e:d4:c2:11:8f:
         e2:99:de:d7:e6:4a:f4:9a:2b:01:da:05:cb:5f:b2:86:e0:86:
         33:6c:10:4e:01:b8:62:92:0f:f2:bf:e7:c8:4d:1a:a5:99:c0:
         65:33:b1:7d:30:0e:2d:d6:30:fa:b8:1e:a3:ea:53:1c:c2:fa:
         5f:f6:da:a7:16:56:fb:85:cd:58:21:a5:0d:ac:1b:ff:75:b5:
         6e:c3:90:1f:42:cb:88:3a:77:d1:54:01:ae:1a:69:68:f7:4d:
         83:ff:d5:ac:8c:6b:b2:f2:8c:f0:77:38:ca:19:57:87:88:57:
         7c:6e:2b:f9:f4:24:e1:fe:74:7e:06:08:74:75:d5:2f:20:31:
         c9:11:bc:2c:bf:6f:2b:34:c1:ba:3e:15:6f:64:2c:45:72:98:
         41:3e:87:75:0e:af:e5:63:94:52:d8:e5:a0:cc:ad:4a:d3:03:
         26:af:f4:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXS5EPyoW3316KgGtBxxo1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjY4Y2RlZDM5ZTNlYzU0Y2VlMjIzMzI1MmVmMzkzN2Jh
OTgyOGQwHhcNMjUwMzI2MTQzODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWNkYzNmOTEyNWE4Yjc0YjJkMzE2M2NmYWQxNzM1NDIyMzVjOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JHGX2bKII3kMU0Zq7non0ejOFLR
WBaXbzxhzbXvyhDmfYxRVvfRJJBxsuq+lqy94pce4akTBL+2cYezxP+xI8PCrZS5
/jRkctTOZC700qWMVC3eJrsOY+zWwByG/XkMFI/jtQo+y3s9gvyf0ZqbcRtjSez1
ff1AmgK3Vx8Y+ZdAZCVrlA0WJKdGmHLHuc++KxlvmbieJDr6oQi3/OQv37C+MZw/
tq/fzbAweGiQPaXHUC8tWI+FTE8KYGUIbJhb4IHR9umFUBOHqQ36W3CNvHzWik6Z
qUP1BH03LG5F+JO5mKsb1nwr1Ga58cPkPW8ufsyEcYdU9w3nyqhiwRb3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXNw/kSWot0stMWPPrRc1QiNclDMB8GA1UdIwQY
MBaAFHD2jN7Tnj7FTO4iMyUu85N7qYKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYt
MjlkZjRlMjYxMWYxLzEvcGMzRC1SSmFpM1N5MHhZOC10RnpWQ0kxeVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYtMjlkZjRlMjYxMWYx
LzEvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqQkMA0G
CSqGSIb3DQEBCwUAA4IBAQCldYBnhhrM/0SUteU3KVxv96jplIGOBr4wkukzGEeZ
bqgKZUDFv/OPOhC6J/EGixXp2mhVQrBqrGkTd1oGthwb5g4xEOpaVQi0Y7+Efd4Q
Knjped2vntTCEY/imd7X5kr0misB2gXLX7KG4IYzbBBOAbhikg/yv+fITRqlmcBl
M7F9MA4t1jD6uB6j6lMcwvpf9tqnFlb7hc1YIaUNrBv/dbVuw5AfQsuIOnfRVAGu
Gmlo902D/9WsjGuy8ozwdzjKGVeHiFd8biv59CTh/nR+Bgh0ddUvIDHJEbwsv28r
NMG6PhVvZCxFcphBPod1Dq/lY5RS2OWgzK1K0wMmr/Sd
-----END CERTIFICATE-----