Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/Ov3gjJ6W-dbwS4PXLMVQiSqFnNQ.roa
File:                     Ov3gjJ6W-dbwS4PXLMVQiSqFnNQ.roa (raw, json)
Hash identifier:          o4iE9tRsZeaUQiDaowkSOTalxZRZJ/iDwiD354nCzGY=
Subject key identifier:   3A:FD:E0:8C:9E:96:F9:D6:F0:4B:83:D7:2C:C5:50:89:2A:85:9C:D4
Certificate issuer:       /CN=25e1b659862d15a51cb5ff34de7223c69e48126a
Certificate serial:       018CCA2A044F6CE20F2A2333F2E3F2483E78
Authority key identifier: 25:E1:B6:59:86:2D:15:A5:1C:B5:FF:34:DE:72:23:C6:9E:48:12:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/Ov3gjJ6W-dbwS4PXLMVQiSqFnNQ.roa
Signing time:             Tue 02 Jan 2024 12:33:20 +0000
ROA not before:           Tue 02 Jan 2024 12:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204638
IP address blocks:        185.75.58.0/24 maxlen: 24
                          185.75.57.0/24 maxlen: 24
                          185.75.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:04:4f:6c:e2:0f:2a:23:33:f2:e3:f2:48:3e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e1b659862d15a51cb5ff34de7223c69e48126a
        Validity
            Not Before: Jan  2 12:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3afde08c9e96f9d6f04b83d72cc550892a859cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d9:1d:03:a2:e5:8d:2f:6d:2a:a0:db:60:0d:
                    ca:d1:ab:a2:86:fb:9f:9f:0d:41:45:34:fe:0f:e7:
                    f2:97:2e:0c:16:9a:5e:2c:a9:b7:c6:c0:97:4b:60:
                    a2:80:3c:2b:5b:50:dd:4a:fe:f9:d5:b6:b7:1b:e6:
                    3b:01:4b:fc:e8:21:c0:bf:ab:c0:47:39:93:69:b6:
                    61:08:4e:a0:7a:ab:14:0a:8c:45:f7:2e:ee:e6:28:
                    7d:88:22:51:96:9f:71:bb:23:90:00:d3:47:6c:f3:
                    9e:21:d3:bd:62:fa:d2:ad:ec:08:ee:d1:e9:32:ca:
                    64:d5:d3:31:07:a9:5f:3f:b5:2a:25:de:9a:b7:3c:
                    29:37:fa:38:43:ed:a4:b2:08:0f:7c:34:10:7b:0c:
                    d0:8c:13:4e:f0:7a:81:af:61:83:3a:fe:68:39:b7:
                    55:98:6e:99:02:7a:9a:a1:3f:e4:f4:4a:5a:9a:2e:
                    3e:8c:b6:9a:c1:6b:0c:d6:01:4f:65:fa:48:0b:34:
                    e3:a4:9e:6e:a2:b6:11:f1:cc:0c:43:af:92:e3:ea:
                    74:8a:c5:da:a7:13:b7:39:39:18:bf:03:c8:7d:42:
                    d2:21:d3:d6:32:42:ac:8d:a5:f2:7a:db:2b:9c:d2:
                    cd:81:c7:36:d3:d3:76:9a:b2:e0:8e:38:6e:4c:25:
                    b9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FD:E0:8C:9E:96:F9:D6:F0:4B:83:D7:2C:C5:50:89:2A:85:9C:D4
            X509v3 Authority Key Identifier:
                keyid:25:E1:B6:59:86:2D:15:A5:1C:B5:FF:34:DE:72:23:C6:9E:48:12:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/Ov3gjJ6W-dbwS4PXLMVQiSqFnNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.56.0-185.75.58.255

    Signature Algorithm: sha256WithRSAEncryption
         22:1c:53:d2:84:fb:c6:db:1f:ad:9c:b8:18:31:b0:e0:28:67:
         eb:de:02:7d:4c:f5:b5:de:18:e6:d0:54:40:b6:3d:67:95:1c:
         7d:62:35:7c:65:16:46:2e:b4:ad:2f:9d:63:fe:5b:9a:64:e5:
         a3:61:62:94:dd:a9:2a:7f:99:32:63:d5:a5:b6:bd:a8:96:2d:
         6c:cf:24:ba:52:cd:c8:9c:85:3b:ce:bf:e5:b3:85:8a:39:fb:
         51:ff:3d:fb:3d:ae:c1:f3:1d:8d:8c:39:c2:d6:c8:2d:79:fc:
         22:43:b0:c6:6f:a0:ec:61:53:2f:2f:d3:cc:86:7b:c3:40:53:
         a4:19:e2:eb:17:6a:45:d4:b9:5b:8e:a1:f0:d5:d1:f8:60:8f:
         ae:11:81:b6:d1:33:4d:37:a1:6d:77:83:71:89:84:33:b5:4f:
         d4:93:5d:58:ae:89:97:84:93:31:38:72:f8:fe:e2:3e:81:74:
         67:71:c1:b2:d0:ef:58:76:e6:0e:87:68:13:9f:4b:95:18:b5:
         f6:5c:d5:d3:e6:04:3b:35:32:5f:a3:66:a1:c6:39:2d:78:51:
         8f:a2:b4:c3:4d:34:f5:8a:e9:99:b5:62:31:90:33:1e:94:eb:
         0a:73:8a:17:f8:e5:01:26:84:fa:1f:e7:f5:e2:11:52:7f:f9:
         ac:f2:28:df
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKgRPbOIPKiMz8uPySD54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTFiNjU5ODYyZDE1YTUxY2I1ZmYzNGRlNzIyM2M2OWU0
ODEyNmEwHhcNMjQwMTAyMTIzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWZkZTA4YzllOTZmOWQ2ZjA0YjgzZDcyY2M1NTA4OTJhODU5Y2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9kdA6LljS9tKqDbYA3K0auihvuf
nw1BRTT+D+fyly4MFppeLKm3xsCXS2CigDwrW1DdSv751ba3G+Y7AUv86CHAv6vA
RzmTabZhCE6geqsUCoxF9y7u5ih9iCJRlp9xuyOQANNHbPOeIdO9YvrSrewI7tHp
Mspk1dMxB6lfP7UqJd6atzwpN/o4Q+2ksggPfDQQewzQjBNO8HqBr2GDOv5oObdV
mG6ZAnqaoT/k9Epami4+jLaawWsM1gFPZfpICzTjpJ5uorYR8cwMQ6+S4+p0isXa
pxO3OTkYvwPIfULSIdPWMkKsjaXyetsrnNLNgcc209N2mrLgjjhuTCW5GQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDr94IyelvnW8EuD1yzFUIkqhZzUMB8GA1UdIwQY
MBaAFCXhtlmGLRWlHLX/NN5yI8aeSBJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVHMldZWXRGYVVjdGY4MDNuSWp4cDVJRW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjNiNmMtNmRiMy00ODIxLTlhNDAt
ZTNjN2Q0ZTY1OThmLzEvT3YzZ2pKNlctZGJ3UzRQWExNVlFpU3FGbk5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjNiNmMtNmRiMy00ODIxLTlhNDAtZTNjN2Q0ZTY1OThm
LzEvSmVHMldZWXRGYVVjdGY4MDNuSWp4cDVJRW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5SzgD
BAC5SzowDQYJKoZIhvcNAQELBQADggEBACIcU9KE+8bbH62cuBgxsOAoZ+veAn1M
9bXeGObQVEC2PWeVHH1iNXxlFkYutK0vnWP+W5pk5aNhYpTdqSp/mTJj1aW2vaiW
LWzPJLpSzcichTvOv+WzhYo5+1H/Pfs9rsHzHY2MOcLWyC15/CJDsMZvoOxhUy8v
08yGe8NAU6QZ4usXakXUuVuOofDV0fhgj64RgbbRM003oW13g3GJhDO1T9STXViu
iZeEkzE4cvj+4j6BdGdxwbLQ71h25g6HaBOfS5UYtfZc1dPmBDs1Ml+jZqHGOS14
UY+itMNNNPWK6Zm1YjGQMx6U6wpzihf45QEmhPof5/XiEVJ/+azyKN8=
-----END CERTIFICATE-----