Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/3DfFQETO6bhcObetwxPc_BEalpU.roa
File:                     3DfFQETO6bhcObetwxPc_BEalpU.roa (raw, json)
Hash identifier:          xqeLrmN/A5n6UzRrPesNYGPs31AaH1Fhah/D9XB5+TU=
Subject key identifier:   DC:37:C5:40:44:CE:E9:B8:5C:39:B7:AD:C3:13:DC:FC:11:1A:96:95
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0195DC3621830307A9B879F5FEBAA5301176
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/3DfFQETO6bhcObetwxPc_BEalpU.roa
Signing time:             Fri 28 Mar 2025 10:04:49 +0000
ROA not before:           Fri 28 Mar 2025 10:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        89.251.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:dc:36:21:83:03:07:a9:b8:79:f5:fe:ba:a5:30:11:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 28 10:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc37c54044cee9b85c39b7adc313dcfc111a9695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8b:90:2b:02:87:22:73:c2:04:c2:d3:21:0b:
                    5e:00:49:87:27:7a:8a:e3:b2:dc:52:b7:bc:67:6d:
                    b5:1d:94:36:f0:ac:60:a9:25:b3:e0:da:bb:70:6a:
                    a9:47:da:e5:f1:b9:93:85:67:76:3e:98:5b:1f:69:
                    41:71:3d:de:90:83:38:37:df:a1:0d:be:c5:04:81:
                    b4:89:1c:ca:be:39:c2:5f:db:69:1c:b6:26:c0:10:
                    5a:93:f8:3d:14:63:fb:4f:6b:3b:12:47:07:f1:12:
                    a8:63:6b:17:37:28:29:7e:85:df:58:d5:c4:5d:d2:
                    59:db:8f:48:71:18:2f:9f:f3:80:cc:40:1f:58:08:
                    8d:36:68:bf:56:c7:a3:da:9f:fa:a2:31:d2:c7:1d:
                    3e:74:43:b3:8e:6e:92:0d:32:29:bf:67:01:13:04:
                    91:b4:ca:1b:78:93:46:95:ca:cb:e6:c1:de:5b:7f:
                    ad:bc:5b:2f:60:0b:a4:aa:c3:1d:dc:a1:61:84:7e:
                    29:81:a6:05:37:d9:0c:79:ad:9b:11:46:70:1d:56:
                    07:6e:62:27:09:96:f9:3b:47:65:e2:e9:b5:de:fb:
                    c1:56:a1:80:45:dc:78:05:cd:b3:70:d0:05:f7:28:
                    02:c8:a8:fa:10:83:5b:65:e3:0c:a7:47:d9:e6:b9:
                    87:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:37:C5:40:44:CE:E9:B8:5C:39:B7:AD:C3:13:DC:FC:11:1A:96:95
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/3DfFQETO6bhcObetwxPc_BEalpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:53:21:71:3c:b3:38:9d:15:f2:88:c1:32:40:64:29:64:8b:
         a8:5d:63:78:5d:f0:9d:3e:78:73:4f:b8:ae:bc:ad:ef:a3:39:
         20:e6:31:65:0e:65:22:5b:2b:bb:89:60:9c:1f:01:56:ed:e6:
         08:c5:e9:96:de:b9:a8:65:8d:71:4d:ab:46:c9:ba:37:0e:c3:
         4f:f5:e9:cf:ed:59:f6:ed:d3:9a:d9:73:8e:18:30:1c:7c:50:
         d6:80:0e:74:24:b4:25:a0:9c:3e:54:bd:e9:59:bf:6a:8f:6d:
         3c:00:6b:f7:54:3f:bf:6b:0d:4a:05:e5:9a:b3:69:41:1e:f4:
         d6:d7:cb:b8:35:40:2e:e5:99:3e:cb:9a:e3:03:05:f0:4d:1e:
         b7:a3:d0:96:90:bb:65:ab:00:3d:39:1c:f3:94:b0:6c:d0:c8:
         15:fa:47:8f:4b:7c:bc:b3:25:73:66:86:c8:16:3b:4c:22:ed:
         15:23:31:8b:bc:5b:04:af:16:1f:e7:e2:4f:23:6c:bb:a7:48:
         4c:79:08:73:87:4c:a6:64:e6:6b:af:bc:4d:85:c5:1e:bd:4a:
         76:85:72:86:ff:e6:88:cf:3c:f1:fb:35:03:ed:22:f0:1a:9c:
         c6:d1:75:8b:98:6c:fd:f2:69:6e:7f:77:c4:45:f3:03:f0:26:
         86:0b:90:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXcNiGDAwepuHn1/rqlMBF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMzI4MTAwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM3YzU0MDQ0Y2VlOWI4NWMzOWI3YWRjMzEzZGNmYzExMWE5Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IuQKwKHInPCBMLTIQteAEmHJ3qK
47LcUre8Z221HZQ28KxgqSWz4Nq7cGqpR9rl8bmThWd2PphbH2lBcT3ekIM4N9+h
Db7FBIG0iRzKvjnCX9tpHLYmwBBak/g9FGP7T2s7EkcH8RKoY2sXNygpfoXfWNXE
XdJZ249IcRgvn/OAzEAfWAiNNmi/Vsej2p/6ojHSxx0+dEOzjm6SDTIpv2cBEwSR
tMobeJNGlcrL5sHeW3+tvFsvYAukqsMd3KFhhH4pgaYFN9kMea2bEUZwHVYHbmIn
CZb5O0dl4um13vvBVqGARdx4Bc2zcNAF9ygCyKj6EINbZeMMp0fZ5rmHHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNw3xUBEzum4XDm3rcMT3PwRGpaVMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvM0RmRlFFVE82YmhjT2JldHd4UGNfQkVhbHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsWMA0G
CSqGSIb3DQEBCwUAA4IBAQA7UyFxPLM4nRXyiMEyQGQpZIuoXWN4XfCdPnhzT7iu
vK3vozkg5jFlDmUiWyu7iWCcHwFW7eYIxemW3rmoZY1xTatGybo3DsNP9enP7Vn2
7dOa2XOOGDAcfFDWgA50JLQloJw+VL3pWb9qj208AGv3VD+/aw1KBeWas2lBHvTW
18u4NUAu5Zk+y5rjAwXwTR63o9CWkLtlqwA9ORzzlLBs0MgV+kePS3y8syVzZobI
FjtMIu0VIzGLvFsErxYf5+JPI2y7p0hMeQhzh0ymZOZrr7xNhcUevUp2hXKG/+aI
zzzx+zUD7SLwGpzG0XWLmGz98mluf3fERfMD8CaGC5AD
-----END CERTIFICATE-----