Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/3MF6BuznJ4OfS1C5J5sFom719Ag.roa
File:                     3MF6BuznJ4OfS1C5J5sFom719Ag.roa (raw, json)
Hash identifier:          SgA1M+YF5PTZbvqD1BRuBpZXk3sFWrE/PgQsVhuZ/S4=
Subject key identifier:   DC:C1:7A:06:EC:E7:27:83:9F:4B:50:B9:27:9B:05:A2:6E:F5:F4:08
Certificate issuer:       /CN=874b591b5d8f076eaf472e3ea45d3b5c8e1350a1
Certificate serial:       01941F8C9EF246426A781E5DD6273B824BF3
Authority key identifier: 87:4B:59:1B:5D:8F:07:6E:AF:47:2E:3E:A4:5D:3B:5C:8E:13:50:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/3MF6BuznJ4OfS1C5J5sFom719Ag.roa
Signing time:             Wed 01 Jan 2025 01:48:16 +0000
ROA not before:           Wed 01 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207945
IP address blocks:        185.183.72.0/22 maxlen: 22
                          194.63.152.0/22 maxlen: 22
                          2a0f:6b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9e:f2:46:42:6a:78:1e:5d:d6:27:3b:82:4b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874b591b5d8f076eaf472e3ea45d3b5c8e1350a1
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcc17a06ece727839f4b50b9279b05a26ef5f408
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bb:13:de:0d:8b:9b:20:a8:68:b8:de:bd:2c:
                    c3:c3:e2:88:58:56:8a:88:40:19:05:d4:02:e3:12:
                    7e:da:d8:f3:c9:d2:e0:10:dc:fc:e9:8e:e3:2e:34:
                    3f:92:25:99:e1:fa:02:62:ee:d1:a8:09:f1:ba:ff:
                    bd:57:26:75:4f:e5:1d:68:89:c9:5f:53:6d:d3:33:
                    a6:69:c0:68:36:02:22:10:c7:bb:af:d5:af:68:09:
                    a0:46:e8:d2:ef:53:97:b1:5c:b9:eb:db:59:b0:39:
                    e8:17:b1:7b:cb:68:47:d0:b6:73:7f:0c:4b:39:e2:
                    84:11:e2:30:84:d7:1a:43:93:a5:83:be:ec:a8:de:
                    e5:89:8d:a6:c2:1f:f4:8a:63:47:eb:f3:85:73:53:
                    ed:19:0f:34:92:c3:98:24:2a:06:01:a4:1d:eb:32:
                    ea:6b:c7:53:cc:00:92:83:1a:5f:98:56:c1:a5:84:
                    a7:fe:fe:4d:43:78:b7:63:68:31:a0:d9:1e:8a:64:
                    6a:32:14:c3:a1:55:3d:21:86:11:85:6e:d9:39:4f:
                    9f:b3:cd:fd:f6:2c:90:ea:19:da:56:3b:85:45:e6:
                    0b:d4:cc:da:97:a9:d6:b0:82:ec:cb:f2:9f:cd:1b:
                    e6:09:89:b3:c5:01:15:2f:6d:2f:44:76:ac:6f:ec:
                    3b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C1:7A:06:EC:E7:27:83:9F:4B:50:B9:27:9B:05:A2:6E:F5:F4:08
            X509v3 Authority Key Identifier:
                keyid:87:4B:59:1B:5D:8F:07:6E:AF:47:2E:3E:A4:5D:3B:5C:8E:13:50:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0tZG12PB26vRy4-pF07XI4TUKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/3MF6BuznJ4OfS1C5J5sFom719Ag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/cad521-dabe-49a8-bce4-0c6a67820a58/1/h0tZG12PB26vRy4-pF07XI4TUKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.72.0/22
                  194.63.152.0/22
                IPv6:
                  2a0f:6b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:9e:cc:03:50:ac:4b:05:44:e5:87:4f:90:c0:51:7b:3f:74:
         e7:a5:7f:9c:9a:2e:44:d0:68:04:da:93:b6:cb:05:1e:e4:40:
         03:5e:f5:25:4e:05:81:c4:1e:20:46:85:e3:5e:18:10:ab:d2:
         ec:19:13:df:54:6f:be:7b:46:99:10:48:20:69:0f:97:a1:be:
         ea:fc:d2:36:5f:fb:c8:a2:3f:85:79:1c:9e:10:8a:9b:4d:24:
         ce:85:46:38:c5:5a:81:5b:6a:b0:fd:4c:4b:ec:76:70:1b:07:
         3c:4c:31:7e:87:a1:4a:28:b5:35:92:44:5b:7f:20:fe:d8:7b:
         58:fd:25:dc:8d:79:eb:43:c4:e5:81:20:3b:6e:18:aa:f5:01:
         1a:e9:e3:5f:c7:3b:03:52:e6:13:46:78:55:c2:21:c2:dc:3f:
         57:6a:52:a2:0b:7d:61:5c:23:33:95:0f:3e:6d:59:73:39:7e:
         bc:46:8d:31:7c:87:9b:38:89:c6:07:8e:15:80:aa:3c:9e:ac:
         a9:f6:f8:da:b4:59:74:21:3d:51:40:03:3f:64:ee:6d:02:84:
         f2:05:40:c2:ea:5f:5c:95:86:d1:a2:37:e1:16:4b:c0:fa:18:
         a7:4b:99:2a:b7:33:9e:de:93:a5:3d:e4:b0:5c:90:22:e6:ec:
         88:2a:d3:a3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjJ7yRkJqeB5d1ic7gkvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGI1OTFiNWQ4ZjA3NmVhZjQ3MmUzZWE0NWQzYjVjOGUx
MzUwYTEwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2MxN2EwNmVjZTcyNzgzOWY0YjUwYjkyNzliMDVhMjZlZjVmNDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7sT3g2LmyCoaLjevSzDw+KIWFaK
iEAZBdQC4xJ+2tjzydLgENz86Y7jLjQ/kiWZ4foCYu7RqAnxuv+9VyZ1T+UdaInJ
X1Nt0zOmacBoNgIiEMe7r9WvaAmgRujS71OXsVy569tZsDnoF7F7y2hH0LZzfwxL
OeKEEeIwhNcaQ5Olg77sqN7liY2mwh/0imNH6/OFc1PtGQ80ksOYJCoGAaQd6zLq
a8dTzACSgxpfmFbBpYSn/v5NQ3i3Y2gxoNkeimRqMhTDoVU9IYYRhW7ZOU+fs839
9iyQ6hnaVjuFReYL1Mzal6nWsILsy/KfzRvmCYmzxQEVL20vRHasb+w7vQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNzBegbs5yeDn0tQuSebBaJu9fQIMB8GA1UdIwQY
MBaAFIdLWRtdjwdur0cuPqRdO1yOE1ChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB0WkcxMlBCMjZ2Unk0LXBGMDdYSTRUVUtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jYWQ1MjEtZGFiZS00OWE4LWJjZTQt
MGM2YTY3ODIwYTU4LzEvM01GNkJ1em5KNE9mUzFDNUo1c0ZvbTcxOUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jYWQ1MjEtZGFiZS00OWE4LWJjZTQtMGM2YTY3ODIwYTU4
LzEvaDB0WkcxMlBCMjZ2Unk0LXBGMDdYSTRUVUtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCubdIAwQC
wj+YMA0EAgACMAcDBQMqD2uAMA0GCSqGSIb3DQEBCwUAA4IBAQChnswDUKxLBUTl
h0+QwFF7P3TnpX+cmi5E0GgE2pO2ywUe5EADXvUlTgWBxB4gRoXjXhgQq9LsGRPf
VG++e0aZEEggaQ+Xob7q/NI2X/vIoj+FeRyeEIqbTSTOhUY4xVqBW2qw/UxL7HZw
Gwc8TDF+h6FKKLU1kkRbfyD+2HtY/SXcjXnrQ8TlgSA7bhiq9QEa6eNfxzsDUuYT
RnhVwiHC3D9XalKiC31hXCMzlQ8+bVlzOX68Ro0xfIebOInGB44VgKo8nqyp9vja
tFl0IT1RQAM/ZO5tAoTyBUDC6l9clYbRojfhFkvA+hinS5kqtzOe3pOlPeSwXJAi
5uyIKtOj
-----END CERTIFICATE-----