Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/3X_OCsm4wSXVQQmIGXvbWiOwwPk.roa
File:                     3X_OCsm4wSXVQQmIGXvbWiOwwPk.roa (raw, json)
Hash identifier:          uAifQhxv7JsH18zEmjWnpWg6H+QdTkCHwp4ioEB51v8=
Subject key identifier:   DD:7F:CE:0A:C9:B8:C1:25:D5:41:09:88:19:7B:DB:5A:23:B0:C0:F9
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       0194221F5BB7230F11B9E9B80FDFE1DBF629
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/3X_OCsm4wSXVQQmIGXvbWiOwwPk.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34529
IP address blocks:        37.34.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5b:b7:23:0f:11:b9:e9:b8:0f:df:e1:db:f6:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd7fce0ac9b8c125d5410988197bdb5a23b0c0f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f3:7f:2d:91:58:77:c0:12:b7:f2:51:09:71:
                    5b:6a:f1:0e:36:da:6f:94:69:b4:a2:32:cb:0b:f6:
                    8f:fc:7d:a4:89:5e:b6:2a:c0:15:d9:c4:a2:b4:72:
                    9a:72:fc:e1:f5:72:09:9e:63:c8:7d:8c:8a:17:35:
                    fe:58:4d:20:73:b1:3f:95:05:98:82:f1:aa:59:5c:
                    10:4a:56:68:6a:32:fb:73:e5:59:1a:cc:23:d8:db:
                    1a:63:50:0d:f1:5e:20:35:62:27:7f:df:c4:f1:60:
                    1c:4d:5a:fd:12:23:01:cb:a2:b7:fe:9d:38:43:54:
                    7a:64:c5:37:3a:38:8a:f7:28:38:fc:3d:f3:3d:c6:
                    60:bf:d9:d9:be:18:5d:d8:19:84:6b:9a:90:f9:bb:
                    43:41:12:94:12:54:a2:4b:3f:29:36:fc:62:86:7d:
                    b5:59:1b:98:ce:e0:18:cd:e5:a2:4f:81:e9:35:05:
                    b0:15:71:19:d3:22:f5:05:29:38:b5:3e:10:bd:c5:
                    16:f4:ba:6d:d8:ed:e3:2a:68:88:de:95:84:3a:34:
                    a2:85:1f:f8:75:4d:1d:36:d2:3f:7e:bd:ea:f7:2b:
                    bd:1e:c5:0d:bb:a9:58:b2:6c:0e:4d:39:3d:7c:f7:
                    2b:33:ef:6b:3b:0d:00:55:23:5d:1b:53:86:54:f5:
                    2b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:7F:CE:0A:C9:B8:C1:25:D5:41:09:88:19:7B:DB:5A:23:B0:C0:F9
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/3X_OCsm4wSXVQQmIGXvbWiOwwPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:05:c6:89:66:22:a6:00:11:fb:75:0c:8e:d6:01:86:77:29:
         1a:97:c2:0a:f6:e1:3d:8d:01:c2:ea:ea:69:4d:85:e8:56:eb:
         f1:7b:d4:82:2f:9a:bb:e9:56:9e:f4:ef:2f:7e:52:d0:1b:32:
         bc:87:33:84:ab:e3:d7:a4:5b:18:fd:90:c7:8a:ea:6e:05:83:
         fc:3a:66:54:b4:a7:2b:50:91:44:d5:e2:bf:d9:1d:c8:d4:2f:
         7c:ba:87:24:e3:ae:70:07:46:71:d7:c6:ae:3e:0f:c2:41:75:
         f0:c9:73:47:43:17:0b:0f:36:d0:e4:93:b9:77:d6:46:90:d9:
         52:89:9b:60:9c:00:87:c3:21:96:82:db:f7:5d:d8:35:ab:ab:
         ef:e8:7a:ad:44:4a:c1:31:b5:15:03:42:5a:27:8e:ff:3c:27:
         21:61:98:df:cd:ca:3a:03:03:26:a0:6d:14:ce:6a:2d:04:6c:
         22:ef:2e:4f:9c:ec:f2:86:ae:9f:04:3e:cd:31:32:69:ab:a8:
         fc:76:ba:e0:2a:ea:78:7a:1a:c6:b7:23:d5:68:8b:b2:43:a0:
         62:9a:ed:2f:ea:14:a2:2f:14:73:c7:04:33:03:a2:f8:d7:12:
         11:02:54:95:57:29:92:4b:95:b0:da:d5:c2:46:f5:c4:3e:16:
         36:ca:78:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH1u3Iw8Ruem4D9/h2/YpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdmY2UwYWM5YjhjMTI1ZDU0MTA5ODgxOTdiZGI1YTIzYjBjMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/N/LZFYd8ASt/JRCXFbavEONtpv
lGm0ojLLC/aP/H2kiV62KsAV2cSitHKacvzh9XIJnmPIfYyKFzX+WE0gc7E/lQWY
gvGqWVwQSlZoajL7c+VZGswj2NsaY1AN8V4gNWInf9/E8WAcTVr9EiMBy6K3/p04
Q1R6ZMU3OjiK9yg4/D3zPcZgv9nZvhhd2BmEa5qQ+btDQRKUElSiSz8pNvxihn21
WRuYzuAYzeWiT4HpNQWwFXEZ0yL1BSk4tT4QvcUW9Lpt2O3jKmiI3pWEOjSihR/4
dU0dNtI/fr3q9yu9HsUNu6lYsmwOTTk9fPcrM+9rOw0AVSNdG1OGVPUrEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1/zgrJuMEl1UEJiBl721ojsMD5MB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEvM1hfT0NzbTR3U1hWUVFtSUdYdmJXaU93d1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSJoMA0G
CSqGSIb3DQEBCwUAA4IBAQCNBcaJZiKmABH7dQyO1gGGdykal8IK9uE9jQHC6upp
TYXoVuvxe9SCL5q76Vae9O8vflLQGzK8hzOEq+PXpFsY/ZDHiupuBYP8OmZUtKcr
UJFE1eK/2R3I1C98uock465wB0Zx18auPg/CQXXwyXNHQxcLDzbQ5JO5d9ZGkNlS
iZtgnACHwyGWgtv3Xdg1q6vv6HqtRErBMbUVA0JaJ47/PCchYZjfzco6AwMmoG0U
zmotBGwi7y5PnOzyhq6fBD7NMTJpq6j8drrgKup4ehrGtyPVaIuyQ6Bimu0v6hSi
LxRzxwQzA6L41xIRAlSVVymSS5Ww2tXCRvXEPhY2yngE
-----END CERTIFICATE-----