Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/_3Pc_4Bz2D0phEqm40JUBCMBOMs.roa
File:                     _3Pc_4Bz2D0phEqm40JUBCMBOMs.roa (raw, json)
Hash identifier:          jKpdz+/oy9afZUNmdPkZDx7RzPY3Ab/FuG9Hux6Exr8=
Subject key identifier:   FF:73:DC:FF:80:73:D8:3D:29:84:4A:A6:E3:42:54:04:23:01:38:CB
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       01970AAA31130FB02C8593775035F9CD46CC
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/_3Pc_4Bz2D0phEqm40JUBCMBOMs.roa
Signing time:             Mon 26 May 2025 03:36:55 +0000
ROA not before:           Mon 26 May 2025 03:36:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.221.116.0/24 maxlen: 24
                          185.126.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0a:aa:31:13:0f:b0:2c:85:93:77:50:35:f9:cd:46:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: May 26 03:36:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff73dcff8073d83d29844aa6e3425404230138cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:07:39:b9:21:f9:d0:24:84:c7:92:14:11:27:
                    b4:08:47:c7:27:de:c2:24:7f:ca:84:da:50:26:ac:
                    98:c9:d6:4e:6c:61:76:78:91:2a:66:2e:17:3c:8a:
                    21:a2:8e:22:28:ff:37:c5:7b:57:c3:d6:b9:00:ad:
                    c7:ee:54:95:94:3e:50:77:86:b7:46:a8:da:b8:98:
                    76:b5:21:d1:f2:d3:82:7a:2d:d1:f7:e7:4c:d7:ef:
                    24:10:29:f5:4a:b3:aa:58:87:25:18:16:90:b2:f5:
                    99:0d:ce:fc:a6:c0:83:80:f4:06:a2:ec:74:db:83:
                    68:f6:12:80:fb:fa:a3:3e:55:5f:d9:6f:da:1f:7f:
                    d0:e8:76:9e:58:7a:a9:bc:8a:06:30:0e:30:2b:22:
                    69:fc:ed:8f:b2:e9:be:35:de:87:df:70:d4:80:c2:
                    20:c1:25:2e:98:df:63:9f:36:0d:0b:dd:f6:73:bb:
                    3c:c6:b4:f1:ab:75:4d:f7:48:3e:d9:9c:96:a3:1a:
                    e2:71:0a:f2:2d:40:c3:c4:66:e0:57:b4:2f:8b:c2:
                    90:45:9a:42:fe:89:35:a0:42:5b:78:ab:87:73:da:
                    20:bb:8a:f6:e2:b6:f5:ea:28:53:9f:25:cc:a4:1d:
                    cd:6d:8b:bb:2b:05:8f:7c:8c:1c:46:13:68:ed:d4:
                    c1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:73:DC:FF:80:73:D8:3D:29:84:4A:A6:E3:42:54:04:23:01:38:CB
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/_3Pc_4Bz2D0phEqm40JUBCMBOMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24
                  185.126.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:08:c8:51:4c:cc:59:b0:78:1e:1b:99:58:81:29:46:2b:7d:
         b8:ef:6a:09:9f:4b:e4:28:b4:f9:7d:b6:b5:e3:73:61:b8:e4:
         0c:b2:a1:a8:60:a3:ca:a4:9e:47:ed:b0:8a:6e:ae:83:44:19:
         50:b9:f7:f2:96:97:16:c5:4b:5a:5d:40:66:09:68:d4:21:c2:
         f7:04:ab:6c:41:12:df:89:58:6a:f5:84:4d:20:11:38:75:9d:
         29:96:51:42:9d:5b:19:08:80:87:59:2b:1f:f3:79:3c:f7:c1:
         6c:53:e3:43:ae:23:6b:ce:81:57:41:06:92:70:a2:4f:b1:10:
         7b:97:15:7f:e3:78:f3:1a:68:a6:d3:0b:01:1c:53:9f:1a:0b:
         94:e2:12:e2:4b:a6:87:ca:9f:5e:be:1a:02:a1:4c:b6:4e:06:
         37:a3:d9:0b:3b:88:32:a2:27:f8:18:59:03:34:e5:2a:8e:97:
         b8:79:5b:34:d3:96:66:d0:84:13:26:a9:43:3c:4b:a4:c0:7e:
         ce:53:c8:f3:60:18:84:0f:dc:6b:e8:e3:87:58:c0:01:1e:cc:
         7b:14:49:da:19:4e:31:07:22:c7:1c:a9:7a:0c:70:54:27:34:
         ff:38:fb:a6:7a:42:c2:af:f4:65:b5:3b:8a:8a:5b:1a:90:25:
         c1:8c:52:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcKqjETD7AshZN3UDX5zUbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUwNTI2MDMzNjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjczZGNmZjgwNzNkODNkMjk4NDRhYTZlMzQyNTQwNDIzMDEzOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgc5uSH50CSEx5IUESe0CEfHJ97C
JH/KhNpQJqyYydZObGF2eJEqZi4XPIohoo4iKP83xXtXw9a5AK3H7lSVlD5Qd4a3
RqjauJh2tSHR8tOCei3R9+dM1+8kECn1SrOqWIclGBaQsvWZDc78psCDgPQGoux0
24No9hKA+/qjPlVf2W/aH3/Q6HaeWHqpvIoGMA4wKyJp/O2Psum+Nd6H33DUgMIg
wSUumN9jnzYNC932c7s8xrTxq3VN90g+2ZyWoxricQryLUDDxGbgV7Qvi8KQRZpC
/ok1oEJbeKuHc9ogu4r24rb16ihTnyXMpB3NbYu7KwWPfIwcRhNo7dTB/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP9z3P+Ac9g9KYRKpuNCVAQjATjLMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvXzNQY180QnoyRDBwaEVxbTQwSlVCQ01CT01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW910AwQB
uX6cMA0GCSqGSIb3DQEBCwUAA4IBAQAFCMhRTMxZsHgeG5lYgSlGK32472oJn0vk
KLT5fba143NhuOQMsqGoYKPKpJ5H7bCKbq6DRBlQuffylpcWxUtaXUBmCWjUIcL3
BKtsQRLfiVhq9YRNIBE4dZ0pllFCnVsZCICHWSsf83k898FsU+NDriNrzoFXQQaS
cKJPsRB7lxV/43jzGmim0wsBHFOfGguU4hLiS6aHyp9evhoCoUy2TgY3o9kLO4gy
oif4GFkDNOUqjpe4eVs005Zm0IQTJqlDPEukwH7OU8jzYBiED9xr6OOHWMABHsx7
FEnaGU4xByLHHKl6DHBUJzT/OPumekLCr/RltTuKilsakCXBjFK6
-----END CERTIFICATE-----