Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/3uMGCa1hGu4z3o3-_G7z4ipL-iU.roa
File:                     3uMGCa1hGu4z3o3-_G7z4ipL-iU.roa (raw, json)
Hash identifier:          W9UTR4UDUFmqfh0USMFmsobpW7zQlT5fd2b07I+b238=
Subject key identifier:   DE:E3:06:09:AD:61:1A:EE:33:DE:8D:FE:FC:6E:F3:E2:2A:4B:FA:25
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       01941FFA9C19DC1F8A1D62B73517B794DFD6
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/3uMGCa1hGu4z3o3-_G7z4ipL-iU.roa
Signing time:             Wed 01 Jan 2025 03:48:25 +0000
ROA not before:           Wed 01 Jan 2025 03:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35758
IP address blocks:        88.218.106.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9c:19:dc:1f:8a:1d:62:b7:35:17:b7:94:df:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Jan  1 03:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dee30609ad611aee33de8dfefc6ef3e22a4bfa25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b9:73:58:cc:b9:f5:71:b7:f0:00:60:9e:40:
                    25:23:48:bc:7b:38:49:99:d3:d7:1e:fe:f0:48:d4:
                    b3:44:4e:4c:76:e2:1c:44:04:ed:c4:85:78:59:4a:
                    2c:d9:df:8c:34:60:8c:50:13:e5:8b:95:8a:74:da:
                    66:f6:cc:3a:7e:c9:68:9b:39:e8:76:ac:34:aa:d1:
                    8b:69:ae:e7:10:cd:2a:97:0d:b5:94:bb:b4:1b:cd:
                    08:9c:91:4a:63:1e:d0:e7:a9:db:93:59:45:b9:89:
                    7e:2c:ef:62:43:4f:b8:b6:29:53:69:7c:25:06:79:
                    bf:c7:d3:a4:ae:ef:46:90:27:91:a5:c7:ff:69:95:
                    9c:d6:43:80:18:8a:15:17:da:74:34:b2:c7:05:58:
                    df:97:a6:08:4b:de:5d:ee:d4:75:61:76:f5:1a:91:
                    c6:59:0a:77:79:6f:06:50:9c:29:b9:a8:bf:fc:3b:
                    7f:47:29:f7:41:32:0b:39:79:80:d8:95:87:9a:8f:
                    da:6a:e7:84:3c:ca:f1:f9:a7:a5:ba:f5:76:0b:1d:
                    6e:25:4c:7d:92:48:a0:31:21:cd:5e:ea:06:be:2a:
                    07:96:3b:a9:48:31:ce:9a:a4:70:73:4d:5e:0f:bd:
                    a1:0c:f7:42:94:30:0f:e3:69:b5:cf:35:e9:9d:62:
                    33:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E3:06:09:AD:61:1A:EE:33:DE:8D:FE:FC:6E:F3:E2:2A:4B:FA:25
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/3uMGCa1hGu4z3o3-_G7z4ipL-iU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:94:bc:00:a5:ba:90:ff:75:d6:26:11:d5:5c:7e:29:e4:b0:
         f3:47:f2:17:bd:21:23:9a:cd:c8:40:48:7b:e7:62:0c:e4:3d:
         30:39:51:9e:83:ea:79:bb:44:7c:89:04:56:b9:22:2f:4c:03:
         b8:88:37:b0:3d:61:c7:ef:e2:aa:23:ef:ce:0f:aa:0f:a2:f3:
         d8:53:3e:0c:62:bd:cc:40:41:a6:63:8c:ba:45:f0:1e:d9:9f:
         d3:34:54:fd:4e:8c:7c:5f:46:1e:f9:9b:43:f6:78:85:5f:74:
         73:7e:8e:57:6f:8c:90:55:c2:82:40:82:44:15:cd:ca:cf:df:
         42:b3:75:ed:57:a2:ca:8e:38:36:42:f6:84:eb:e3:25:5f:77:
         9b:ac:00:20:89:83:05:ee:d6:e5:88:47:72:ea:d6:45:e6:16:
         6f:70:1f:ab:51:c8:68:62:42:c4:78:2d:62:25:77:4d:37:09:
         49:00:3d:29:9e:9f:3d:e4:4a:df:eb:01:d1:71:c8:37:b6:35:
         9e:37:00:39:f6:d6:4a:69:54:77:5a:75:a9:e2:48:b4:93:56:
         ba:ac:2a:41:59:08:73:45:7b:3b:73:5a:27:f2:76:ea:f2:21:
         f0:82:cd:d3:f4:80:27:7f:1c:a2:27:51:9c:ee:ac:cb:bc:d8:
         ab:69:48:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pwZ3B+KHWK3NRe3lN/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjUwMTAxMDM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWUzMDYwOWFkNjExYWVlMzNkZThkZmVmYzZlZjNlMjJhNGJmYTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7lzWMy59XG38ABgnkAlI0i8ezhJ
mdPXHv7wSNSzRE5MduIcRATtxIV4WUos2d+MNGCMUBPli5WKdNpm9sw6fslomzno
dqw0qtGLaa7nEM0qlw21lLu0G80InJFKYx7Q56nbk1lFuYl+LO9iQ0+4tilTaXwl
Bnm/x9Okru9GkCeRpcf/aZWc1kOAGIoVF9p0NLLHBVjfl6YIS95d7tR1YXb1GpHG
WQp3eW8GUJwpuai//Dt/Ryn3QTILOXmA2JWHmo/aaueEPMrx+aeluvV2Cx1uJUx9
kkigMSHNXuoGvioHljupSDHOmqRwc01eD72hDPdClDAP42m1zzXpnWIz4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7jBgmtYRruM96N/vxu8+IqS/olMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvM3VNR0NhMWhHdTR6M28zLV9HN3o0aXBMLWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNpqMA0G
CSqGSIb3DQEBCwUAA4IBAQB8lLwApbqQ/3XWJhHVXH4p5LDzR/IXvSEjms3IQEh7
52IM5D0wOVGeg+p5u0R8iQRWuSIvTAO4iDewPWHH7+KqI+/OD6oPovPYUz4MYr3M
QEGmY4y6RfAe2Z/TNFT9Tox8X0Ye+ZtD9niFX3Rzfo5Xb4yQVcKCQIJEFc3Kz99C
s3XtV6LKjjg2QvaE6+MlX3ebrAAgiYMF7tbliEdy6tZF5hZvcB+rUchoYkLEeC1i
JXdNNwlJAD0pnp895Erf6wHRccg3tjWeNwA59tZKaVR3WnWp4ki0k1a6rCpBWQhz
RXs7c1on8nbq8iHwgs3T9IAnfxyiJ1Gc7qzLvNiraUi7
-----END CERTIFICATE-----