Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/yjNjQum49zE8oaEbbGwNjU1csGk.roa
File:                     yjNjQum49zE8oaEbbGwNjU1csGk.roa (raw, json)
Hash identifier:          a+ZHTvcXLlXULObWqZE5DGx1Uba0NvfCvm7QVFQB2fM=
Subject key identifier:   CA:33:63:42:E9:B8:F7:31:3C:A1:A1:1B:6C:6C:0D:8D:4D:5C:B0:69
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0194266B82BADD55FB5BA1372DE9E39D302C
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/yjNjQum49zE8oaEbbGwNjU1csGk.roa
Signing time:             Thu 02 Jan 2025 09:49:27 +0000
ROA not before:           Thu 02 Jan 2025 09:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207066
IP address blocks:        176.103.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:82:ba:dd:55:fb:5b:a1:37:2d:e9:e3:9d:30:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 09:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca336342e9b8f7313ca1a11b6c6c0d8d4d5cb069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:fa:e4:23:d5:a7:f5:65:8e:1d:6e:9b:67:17:
                    79:da:5e:94:9d:e5:04:34:6e:a9:5c:b4:cb:c0:27:
                    61:c4:2c:6c:7a:e8:36:b2:2b:2d:28:53:c6:11:61:
                    33:4b:1b:63:d7:66:7b:2a:49:f5:22:e2:51:e2:53:
                    c0:6e:56:a6:a5:22:27:5a:67:05:08:99:6d:a3:2f:
                    c6:1b:b8:06:b0:ca:65:06:a7:f0:c1:93:7d:d9:1e:
                    ab:87:09:f5:9a:08:02:6c:3f:98:2f:c2:61:d5:29:
                    8e:e2:3a:5a:48:37:84:65:f6:da:bd:c5:28:d9:89:
                    d9:49:5b:e4:fa:1c:00:0e:2c:37:55:53:86:94:8a:
                    80:47:b4:7b:10:f4:08:cb:89:fa:ea:0e:7e:6e:47:
                    31:3a:67:4c:9f:7a:a9:8d:99:ba:b6:29:05:6a:a9:
                    1a:00:e7:16:a3:bd:33:fe:e4:a3:a1:84:7d:ba:c6:
                    2e:6e:47:c9:39:4f:a2:5f:74:ca:71:83:c1:f5:2e:
                    3e:19:c9:23:d6:3d:6b:00:7b:c8:08:db:62:af:4c:
                    a3:09:b4:42:9f:af:31:af:d4:a7:a6:26:0a:35:ee:
                    f7:1e:54:f1:d4:ba:90:84:ab:49:3c:11:46:e2:62:
                    58:5b:c0:51:7e:c4:8c:cd:e7:6d:3d:6f:0a:80:55:
                    a5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:33:63:42:E9:B8:F7:31:3C:A1:A1:1B:6C:6C:0D:8D:4D:5C:B0:69
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/yjNjQum49zE8oaEbbGwNjU1csGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ed:ba:70:e0:f1:9a:65:11:62:41:1c:09:40:ff:ea:da:5b:
         8f:74:e4:8e:1f:db:f1:52:42:45:f7:3d:1a:a4:3e:34:4e:81:
         6c:f2:40:ec:4f:98:1f:66:10:51:6b:4f:33:6a:81:5c:2e:75:
         fd:b3:84:63:93:87:a2:6a:d9:1c:1a:be:d1:d4:9b:ce:bb:6d:
         2a:15:d7:1d:09:5b:2a:69:cb:96:39:d3:6f:02:de:59:f8:2e:
         c7:e8:9f:20:06:55:e4:eb:56:92:e8:65:d0:18:ee:69:89:a8:
         8b:2a:3d:2b:cd:82:d7:a2:ec:d5:a7:fd:a8:2d:f6:cb:65:25:
         6a:54:60:cc:9c:c9:d4:58:2c:f4:66:85:70:81:e8:50:2c:de:
         cc:55:5c:4f:d8:2a:24:95:45:6f:86:1b:d4:b9:55:88:2c:89:
         32:fa:35:bb:7a:67:ba:9f:a2:c9:d3:98:d9:e3:2a:5a:85:b0:
         13:06:7d:ff:e7:b5:93:06:9a:6f:06:ba:ec:1a:ca:fe:74:0f:
         09:21:6f:bd:84:cd:66:62:3c:f7:e1:72:eb:af:fc:e4:c8:ed:
         18:d2:10:e5:8b:e3:3c:02:4c:41:60:06:54:86:ea:fb:24:88:
         1c:69:5b:88:f6:b0:88:f0:20:fd:76:b6:f4:c7:fe:19:a7:3f:
         9d:67:a6:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4K63VX7W6E3LenjnTAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwMTAyMDk0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMzNjM0MmU5YjhmNzMxM2NhMWExMWI2YzZjMGQ4ZDRkNWNiMDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PrkI9Wn9WWOHW6bZxd52l6UneUE
NG6pXLTLwCdhxCxseug2sistKFPGEWEzSxtj12Z7Kkn1IuJR4lPAblampSInWmcF
CJltoy/GG7gGsMplBqfwwZN92R6rhwn1mggCbD+YL8Jh1SmO4jpaSDeEZfbavcUo
2YnZSVvk+hwADiw3VVOGlIqAR7R7EPQIy4n66g5+bkcxOmdMn3qpjZm6tikFaqka
AOcWo70z/uSjoYR9usYubkfJOU+iX3TKcYPB9S4+Gckj1j1rAHvICNtir0yjCbRC
n68xr9SnpiYKNe73HlTx1LqQhKtJPBFG4mJYW8BRfsSMzedtPW8KgFWljwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMozY0LpuPcxPKGhG2xsDY1NXLBpMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEveWpOalF1bTQ5ekU4b2FFYmJHd05qVTFjc0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGe5MA0G
CSqGSIb3DQEBCwUAA4IBAQCS7bpw4PGaZRFiQRwJQP/q2luPdOSOH9vxUkJF9z0a
pD40ToFs8kDsT5gfZhBRa08zaoFcLnX9s4Rjk4eiatkcGr7R1JvOu20qFdcdCVsq
acuWOdNvAt5Z+C7H6J8gBlXk61aS6GXQGO5piaiLKj0rzYLXouzVp/2oLfbLZSVq
VGDMnMnUWCz0ZoVwgehQLN7MVVxP2CoklUVvhhvUuVWILIky+jW7eme6n6LJ05jZ
4ypahbATBn3/57WTBppvBrrsGsr+dA8JIW+9hM1mYjz34XLrr/zkyO0Y0hDli+M8
AkxBYAZUhur7JIgcaVuI9rCI8CD9drb0x/4Zpz+dZ6a9
-----END CERTIFICATE-----