Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/3AM1kiBUlkIMgJlgAVSsRhHcsVE.roa
File:                     3AM1kiBUlkIMgJlgAVSsRhHcsVE.roa (raw, json)
Hash identifier:          JRZBzZPP/Qgtum5bkbDwOE4ahKynlQtqROTLxUhU7PU=
Subject key identifier:   DC:03:35:92:20:54:96:42:0C:80:99:60:01:54:AC:46:11:DC:B1:51
Certificate issuer:       /CN=6638515f32944969ae0031bde02d1f4cbd0d2b98
Certificate serial:       0195A9E014E0AC21D296D47F8B794A88666E
Authority key identifier: 66:38:51:5F:32:94:49:69:AE:00:31:BD:E0:2D:1F:4C:BD:0D:2B:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjhRXzKUSWmuADG94C0fTL0NK5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/3AM1kiBUlkIMgJlgAVSsRhHcsVE.roa
Signing time:             Tue 18 Mar 2025 15:29:49 +0000
ROA not before:           Tue 18 Mar 2025 15:29:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8966
IP address blocks:        83.170.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/ZjhRXzKUSWmuADG94C0fTL0NK5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/ZjhRXzKUSWmuADG94C0fTL0NK5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjhRXzKUSWmuADG94C0fTL0NK5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a9:e0:14:e0:ac:21:d2:96:d4:7f:8b:79:4a:88:66:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6638515f32944969ae0031bde02d1f4cbd0d2b98
        Validity
            Not Before: Mar 18 15:29:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc033592205496420c8099600154ac4611dcb151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:92:0e:fa:63:bd:85:94:eb:62:77:93:ab:f4:
                    fc:ee:55:5b:59:8c:b9:b6:c3:1c:55:37:a4:50:84:
                    0a:43:7b:69:60:8d:b8:c4:c6:8d:7b:65:9b:33:f8:
                    37:50:11:80:3d:15:aa:5f:5f:f3:74:56:33:5d:a1:
                    a2:2f:20:8d:20:8e:e8:ae:8d:bc:54:99:47:4a:41:
                    df:e9:02:80:4d:a9:9c:f3:21:37:19:f6:7d:c0:fd:
                    f4:2c:8e:ee:8a:2a:0c:32:61:96:cc:55:54:e1:c5:
                    aa:77:7c:0e:06:94:53:68:f8:b3:ef:43:38:45:2b:
                    57:aa:33:79:00:b7:ad:40:46:50:2e:d8:17:20:cb:
                    1f:eb:a4:b4:f4:b8:4c:00:17:0d:65:48:b1:c4:24:
                    2f:18:0f:f6:3a:7b:5e:62:8c:bc:f0:cf:19:1d:af:
                    f2:b8:56:c9:be:25:0b:1d:30:7f:f4:f1:9d:72:30:
                    2a:d9:be:63:c0:ae:c5:ef:a8:20:ea:82:28:8a:87:
                    1c:94:c2:82:12:a2:08:29:28:2f:7f:2b:62:21:dc:
                    17:4d:29:84:09:23:91:82:84:d1:63:77:c8:97:0f:
                    1c:2f:f8:73:52:0a:cb:c3:0b:46:a6:e4:b6:97:a3:
                    cd:bc:d7:4a:05:03:48:3f:0c:32:bb:f3:bd:b9:29:
                    1e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:03:35:92:20:54:96:42:0C:80:99:60:01:54:AC:46:11:DC:B1:51
            X509v3 Authority Key Identifier:
                keyid:66:38:51:5F:32:94:49:69:AE:00:31:BD:E0:2D:1F:4C:BD:0D:2B:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjhRXzKUSWmuADG94C0fTL0NK5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/3AM1kiBUlkIMgJlgAVSsRhHcsVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c509de-4a06-4f44-b137-c994fd174e6e/1/ZjhRXzKUSWmuADG94C0fTL0NK5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.170.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:1d:23:b9:8a:4f:ee:96:e7:97:63:3c:65:08:00:a1:8f:b4:
         87:af:19:fd:a1:f5:b8:ab:d1:cf:11:05:68:65:75:a0:12:2f:
         81:97:eb:28:da:3e:dc:11:2a:10:3a:b1:bf:6a:d3:0a:a3:e0:
         54:6d:c7:e2:24:65:f1:69:27:e1:34:ef:ab:4a:1a:c4:14:6e:
         75:52:51:a3:ed:36:37:7d:db:22:91:ca:90:09:4a:fb:e5:f7:
         81:cc:37:21:9a:06:e2:b7:b5:55:6f:28:12:ab:7a:49:ed:9f:
         f9:84:c3:b3:f5:e1:db:b6:15:bf:1c:fe:ab:75:61:a0:4d:40:
         e8:a2:35:44:b6:b3:57:89:b7:2a:42:f9:30:48:0c:53:bd:95:
         20:9e:4f:96:c4:15:94:1b:79:82:3a:a5:e7:da:59:04:c3:36:
         19:a9:f7:72:92:8a:32:a1:f3:e2:43:d3:74:36:0b:e8:4b:15:
         65:21:c7:d0:1c:97:3b:40:d7:00:12:8a:f8:92:79:80:51:1d:
         95:44:c9:39:61:da:17:56:13:80:47:66:ef:61:c7:ae:ba:05:
         87:96:af:ed:cf:13:df:74:63:48:6f:bb:2f:d4:e0:36:4d:89:
         d5:7d:58:6b:fd:ee:3a:a6:8a:b8:91:77:44:8f:07:8f:eb:fe:
         1f:6a:37:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWp4BTgrCHSltR/i3lKiGZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2Mzg1MTVmMzI5NDQ5NjlhZTAwMzFiZGUwMmQxZjRjYmQw
ZDJiOTgwHhcNMjUwMzE4MTUyOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzAzMzU5MjIwNTQ5NjQyMGM4MDk5NjAwMTU0YWM0NjExZGNiMTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pIO+mO9hZTrYneTq/T87lVbWYy5
tsMcVTekUIQKQ3tpYI24xMaNe2WbM/g3UBGAPRWqX1/zdFYzXaGiLyCNII7oro28
VJlHSkHf6QKATamc8yE3GfZ9wP30LI7uiioMMmGWzFVU4cWqd3wOBpRTaPiz70M4
RStXqjN5ALetQEZQLtgXIMsf66S09LhMABcNZUixxCQvGA/2OnteYoy88M8ZHa/y
uFbJviULHTB/9PGdcjAq2b5jwK7F76gg6oIoiocclMKCEqIIKSgvfytiIdwXTSmE
CSORgoTRY3fIlw8cL/hzUgrLwwtGpuS2l6PNvNdKBQNIPwwyu/O9uSkewwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwDNZIgVJZCDICZYAFUrEYR3LFRMB8GA1UdIwQY
MBaAFGY4UV8ylElprgAxveAtH0y9DSuYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpoUlh6S1VTV211QURHOTRDMGZUTDBOSzVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9jNTA5ZGUtNGEwNi00ZjQ0LWIxMzct
Yzk5NGZkMTc0ZTZlLzEvM0FNMWtpQlVsa0lNZ0psZ0FWU3NSaEhjc1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9jNTA5ZGUtNGEwNi00ZjQ0LWIxMzctYzk5NGZkMTc0ZTZl
LzEvWmpoUlh6S1VTV211QURHOTRDMGZUTDBOSzVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU6qUMA0G
CSqGSIb3DQEBCwUAA4IBAQCyHSO5ik/ulueXYzxlCAChj7SHrxn9ofW4q9HPEQVo
ZXWgEi+Bl+so2j7cESoQOrG/atMKo+BUbcfiJGXxaSfhNO+rShrEFG51UlGj7TY3
fdsikcqQCUr75feBzDchmgbit7VVbygSq3pJ7Z/5hMOz9eHbthW/HP6rdWGgTUDo
ojVEtrNXibcqQvkwSAxTvZUgnk+WxBWUG3mCOqXn2lkEwzYZqfdykooyofPiQ9N0
NgvoSxVlIcfQHJc7QNcAEor4knmAUR2VRMk5YdoXVhOAR2bvYceuugWHlq/tzxPf
dGNIb7sv1OA2TYnVfVhr/e46poq4kXdEjweP6/4fajfa
-----END CERTIFICATE-----