Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/9OoDrhEhbXk4ekzKyQm0jV-44SA.roa
File:                     9OoDrhEhbXk4ekzKyQm0jV-44SA.roa (raw, json)
Hash identifier:          6i+5X9C2TOzi7xmik76MYbzQQCGqHcJmrVsoOb79H80=
Subject key identifier:   F4:EA:03:AE:11:21:6D:79:38:7A:4C:CA:C9:09:B4:8D:5F:B8:E1:20
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       0194252142921AEB2A84F056E8572073159E
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/9OoDrhEhbXk4ekzKyQm0jV-44SA.roa
Signing time:             Thu 02 Jan 2025 03:48:44 +0000
ROA not before:           Thu 02 Jan 2025 03:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216054
IP address blocks:        185.83.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:42:92:1a:eb:2a:84:f0:56:e8:57:20:73:15:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Jan  2 03:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4ea03ae11216d79387a4ccac909b48d5fb8e120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a8:37:0e:ed:00:da:99:de:aa:6a:36:04:b8:
                    90:cf:11:03:e7:2a:12:69:85:f9:00:1e:65:84:c0:
                    e3:55:3c:8c:de:da:d9:34:1f:8f:6f:dd:ae:00:41:
                    82:da:5d:19:1a:41:b6:b8:1b:ce:c7:af:7c:fa:16:
                    e1:a9:8c:bb:3c:11:5f:fd:e8:fc:33:dc:48:45:b3:
                    6f:54:9d:ce:43:29:83:37:42:39:d0:8b:96:da:0b:
                    51:d8:22:0a:35:62:f5:d1:d4:07:23:77:0c:0f:14:
                    6f:ab:36:3a:93:2b:be:3f:14:f2:d9:6c:0f:0e:9c:
                    56:a0:98:ed:ef:ef:b0:90:1d:00:e2:e8:58:99:c1:
                    c4:de:33:2b:2b:9f:14:9b:4d:2a:0d:49:69:24:4f:
                    1b:29:c1:c7:1e:59:1d:e1:6c:f3:2d:30:3c:0c:61:
                    ea:d6:6e:c0:4c:bd:1f:39:ee:67:e0:50:94:4b:d8:
                    19:f4:9a:45:1d:8a:d3:c3:00:42:de:40:43:13:2e:
                    0b:4c:ce:0e:92:db:ff:c1:3e:67:1c:c0:23:e0:c9:
                    d9:46:14:63:c9:1a:b0:b9:27:fa:1c:1f:9a:f9:d4:
                    fa:2a:2f:e3:d9:46:18:0e:b1:9d:86:20:cb:df:c5:
                    d8:5c:35:96:8e:f7:4a:c9:14:b9:3b:dc:14:16:93:
                    98:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:EA:03:AE:11:21:6D:79:38:7A:4C:CA:C9:09:B4:8D:5F:B8:E1:20
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/9OoDrhEhbXk4ekzKyQm0jV-44SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:d9:b6:03:c2:e1:6d:8d:bf:b2:69:5c:a8:c9:c3:7e:b7:00:
         4f:e1:05:49:5f:93:6b:54:ee:93:cf:2b:b0:88:c7:85:1b:d9:
         32:24:9c:5c:fa:9a:a2:48:fe:7d:65:95:19:b2:d9:a4:89:af:
         6a:a4:af:4e:d5:1f:3f:2e:10:c3:23:64:52:3e:04:11:96:f9:
         5f:86:21:04:e8:79:a6:4f:f8:ef:76:3d:56:58:1d:34:4b:ac:
         9e:1d:49:24:54:73:28:22:f3:a4:f4:33:fc:e8:fb:8b:dd:04:
         5f:26:bc:6b:a6:75:f9:f8:55:7e:b7:1f:89:4c:bb:9d:44:ce:
         f3:1b:d0:a7:c5:f8:b2:d9:13:b4:48:67:55:79:ed:b6:19:41:
         97:e6:ed:f4:bf:6c:55:86:32:8b:4a:74:9d:7a:e6:91:6c:d5:
         68:b9:a2:6c:e8:69:5e:c5:5a:56:4f:cc:67:3e:94:7c:00:ec:
         8f:fd:3e:3e:09:b8:ee:bb:bd:ca:48:83:59:84:3a:b6:f2:57:
         94:d6:54:f3:56:91:b2:e9:8f:6d:42:f2:10:07:f3:6e:25:83:
         dd:ba:1e:d4:29:54:93:21:03:6e:65:57:b2:63:16:25:27:5e:
         79:a9:94:b5:fa:5f:f5:5d:cc:52:43:ef:a7:73:8e:7f:04:bc:
         d3:aa:9f:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIUKSGusqhPBW6FcgcxWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjUwMTAyMDM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGVhMDNhZTExMjE2ZDc5Mzg3YTRjY2FjOTA5YjQ4ZDVmYjhlMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6g3Du0A2pneqmo2BLiQzxED5yoS
aYX5AB5lhMDjVTyM3trZNB+Pb92uAEGC2l0ZGkG2uBvOx698+hbhqYy7PBFf/ej8
M9xIRbNvVJ3OQymDN0I50IuW2gtR2CIKNWL10dQHI3cMDxRvqzY6kyu+PxTy2WwP
DpxWoJjt7++wkB0A4uhYmcHE3jMrK58Um00qDUlpJE8bKcHHHlkd4WzzLTA8DGHq
1m7ATL0fOe5n4FCUS9gZ9JpFHYrTwwBC3kBDEy4LTM4Oktv/wT5nHMAj4MnZRhRj
yRqwuSf6HB+a+dT6Ki/j2UYYDrGdhiDL38XYXDWWjvdKyRS5O9wUFpOYDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTqA64RIW15OHpMyskJtI1fuOEgMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvOU9vRHJoRWhiWGs0ZWt6S3lRbTBqVi00NFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQCy2bYDwuFtjb+yaVyoycN+twBP4QVJX5NrVO6Tzyuw
iMeFG9kyJJxc+pqiSP59ZZUZstmkia9qpK9O1R8/LhDDI2RSPgQRlvlfhiEE6Hmm
T/jvdj1WWB00S6yeHUkkVHMoIvOk9DP86PuL3QRfJrxrpnX5+FV+tx+JTLudRM7z
G9Cnxfiy2RO0SGdVee22GUGX5u30v2xVhjKLSnSdeuaRbNVouaJs6GlexVpWT8xn
PpR8AOyP/T4+Cbjuu73KSINZhDq28leU1lTzVpGy6Y9tQvIQB/NuJYPduh7UKVST
IQNuZVeyYxYlJ155qZS1+l/1XcxSQ++nc45/BLzTqp+J
-----END CERTIFICATE-----