Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/xB3tLzZcAH5nHqyXJclj-Vxekh4.roa
File:                     xB3tLzZcAH5nHqyXJclj-Vxekh4.roa (raw, json)
Hash identifier:          vRWKn360bNd0jnKWSrgfNY6zDbfJUTKsgibAzr4SQxk=
Subject key identifier:   C4:1D:ED:2F:36:5C:00:7E:67:1E:AC:97:25:C9:63:F9:5C:5E:92:1E
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019424B382827D61FCA89093991264366331
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/xB3tLzZcAH5nHqyXJclj-Vxekh4.roa
Signing time:             Thu 02 Jan 2025 01:48:51 +0000
ROA not before:           Thu 02 Jan 2025 01:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137951
IP address blocks:        213.176.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:82:82:7d:61:fc:a8:90:93:99:12:64:36:63:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 01:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c41ded2f365c007e671eac9725c963f95c5e921e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ee:3c:35:11:4f:75:a0:9f:a7:08:16:fe:fe:
                    af:b8:83:d8:03:2b:a4:a6:86:a3:d8:6b:b0:7d:be:
                    0b:14:92:17:0e:12:a8:2a:c6:ba:3f:d8:0b:0b:d5:
                    5d:f3:45:1a:5d:cb:4e:c4:ea:a3:f1:83:f5:c2:d5:
                    b3:79:ef:c5:e8:f2:fd:10:e2:26:6e:0c:ea:70:11:
                    3e:56:7f:3b:59:c6:45:0d:f3:cf:9d:84:8e:8b:a5:
                    15:35:78:86:6a:23:ca:6a:83:0f:07:4a:4a:e9:f3:
                    ef:b5:e3:d1:e3:a9:ed:a4:97:ab:36:b2:de:ba:4c:
                    2f:19:65:54:55:1e:ef:a8:76:15:c8:d4:ee:32:32:
                    28:80:62:79:ce:56:f4:b5:d1:93:5c:dc:8f:e5:21:
                    1d:06:e1:08:20:4a:fd:fe:6c:ef:7e:0e:78:82:6c:
                    09:50:0e:a2:2e:ce:23:50:52:c9:88:59:d3:86:a8:
                    b8:e9:3a:e6:17:8b:65:da:ea:68:7b:77:06:0e:94:
                    86:8f:8f:0a:40:ed:8e:c7:44:06:81:d9:f3:70:c2:
                    3a:6c:a2:05:62:6d:06:bc:ba:d2:2f:b7:49:19:9b:
                    d9:1a:91:4c:1f:b6:a8:58:f3:98:87:29:b4:6d:96:
                    9b:49:8b:bc:c3:a3:c5:3d:60:82:cf:28:b1:ca:5b:
                    15:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:1D:ED:2F:36:5C:00:7E:67:1E:AC:97:25:C9:63:F9:5C:5E:92:1E
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/xB3tLzZcAH5nHqyXJclj-Vxekh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:72:4c:de:a0:43:81:6d:c4:fd:f3:a3:9c:02:3f:04:17:78:
         74:43:e9:84:8d:59:a8:65:18:f0:c1:37:55:99:3e:80:90:38:
         53:d5:61:87:22:28:13:40:d4:de:42:fa:21:be:b6:21:b4:2e:
         7d:eb:5b:23:c8:02:a7:ba:e7:95:c0:94:a8:f9:d1:b5:c2:cf:
         4e:8b:58:da:73:3d:d2:5f:f1:a7:12:79:74:f8:2f:6a:f2:11:
         bd:70:f3:c8:8a:ca:9f:36:b5:b6:5b:2f:b8:f0:38:c9:d7:12:
         f6:4e:63:e8:c4:b6:60:ec:f3:e8:b0:b8:35:8e:ff:94:27:02:
         78:15:b8:0e:4c:01:ee:b9:6b:9c:c6:bd:91:6f:aa:cb:e7:a6:
         85:72:9b:09:1a:9a:d7:52:50:19:18:cd:bc:a8:1b:00:4a:f2:
         ed:df:47:a7:e0:1c:85:79:e4:4d:d4:f0:64:5f:19:40:75:bc:
         42:f6:fb:1d:2c:8c:9f:60:4e:3d:d4:d5:ba:22:24:2a:7d:72:
         45:2f:d4:12:89:9f:d1:e6:58:79:e7:a4:78:90:e9:11:60:79:
         40:be:4a:e6:f0:ee:ab:e5:93:67:40:95:1a:ff:06:e7:08:14:
         97:8c:89:89:cd:e5:2b:99:e4:9d:be:f6:cd:90:ba:1a:5e:28:
         b7:8e:60:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4KCfWH8qJCTmRJkNmMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwMTAyMDE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDFkZWQyZjM2NWMwMDdlNjcxZWFjOTcyNWM5NjNmOTVjNWU5MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO48NRFPdaCfpwgW/v6vuIPYAyuk
poaj2Guwfb4LFJIXDhKoKsa6P9gLC9Vd80UaXctOxOqj8YP1wtWzee/F6PL9EOIm
bgzqcBE+Vn87WcZFDfPPnYSOi6UVNXiGaiPKaoMPB0pK6fPvtePR46ntpJerNrLe
ukwvGWVUVR7vqHYVyNTuMjIogGJ5zlb0tdGTXNyP5SEdBuEIIEr9/mzvfg54gmwJ
UA6iLs4jUFLJiFnThqi46TrmF4tl2upoe3cGDpSGj48KQO2Ox0QGgdnzcMI6bKIF
Ym0GvLrSL7dJGZvZGpFMH7aoWPOYhym0bZabSYu8w6PFPWCCzyixylsV2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQd7S82XAB+Zx6slyXJY/lcXpIeMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEveEIzdEx6WmNBSDVuSHF5WEpjbGotVnhla2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bBbMA0G
CSqGSIb3DQEBCwUAA4IBAQAEckzeoEOBbcT986OcAj8EF3h0Q+mEjVmoZRjwwTdV
mT6AkDhT1WGHIigTQNTeQvohvrYhtC5961sjyAKnuueVwJSo+dG1ws9Oi1jacz3S
X/GnEnl0+C9q8hG9cPPIisqfNrW2Wy+48DjJ1xL2TmPoxLZg7PPosLg1jv+UJwJ4
FbgOTAHuuWucxr2Rb6rL56aFcpsJGprXUlAZGM28qBsASvLt30en4ByFeeRN1PBk
XxlAdbxC9vsdLIyfYE491NW6IiQqfXJFL9QSiZ/R5lh556R4kOkRYHlAvkrm8O6r
5ZNnQJUa/wbnCBSXjImJzeUrmeSdvvbNkLoaXii3jmCo
-----END CERTIFICATE-----