Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/OzgFbbI0V5S5o1DdJOQqtABdtH0.roa
File:                     OzgFbbI0V5S5o1DdJOQqtABdtH0.roa (raw, json)
Hash identifier:          y+11/IkfsSulnXEQxCkUZyHEuxM7K/mkeaGWZSD0CSE=
Subject key identifier:   3B:38:05:6D:B2:34:57:94:B9:A3:50:DD:24:E4:2A:B4:00:5D:B4:7D
Certificate issuer:       /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial:       019712E4D028595C570650725EB4072D8228
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/OzgFbbI0V5S5o1DdJOQqtABdtH0.roa
Signing time:             Tue 27 May 2025 17:57:54 +0000
ROA not before:           Tue 27 May 2025 17:57:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        91.206.71.0/24 maxlen: 24
                          185.7.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:e4:d0:28:59:5c:57:06:50:72:5e:b4:07:2d:82:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
        Validity
            Not Before: May 27 17:57:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b38056db2345794b9a350dd24e42ab4005db47d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:69:fc:69:c9:2f:62:d6:f4:a1:48:e8:56:d1:
                    aa:6a:8f:1b:2e:1b:a4:c2:bc:34:2f:f6:05:17:8b:
                    40:b3:0e:11:75:d9:e8:36:56:60:ca:99:8d:c5:91:
                    fc:11:c5:08:88:f1:7b:57:ac:af:35:9b:c5:04:0b:
                    cc:d1:a3:f8:55:e9:1e:89:f6:42:12:17:27:43:f2:
                    e0:0a:44:8f:b6:01:c2:34:44:d0:c8:e2:22:77:ff:
                    41:60:4f:33:63:8d:a2:3e:fb:6a:aa:b5:c5:25:bd:
                    e9:74:89:25:51:16:45:91:2c:18:22:46:8d:4d:29:
                    82:1a:d7:8c:f5:5d:18:d9:99:03:e6:5b:ec:91:04:
                    42:c7:18:6b:f1:c3:a2:9c:0b:a8:03:62:69:04:a9:
                    70:7c:6a:71:ac:3d:fd:5b:7b:72:63:7e:96:0f:30:
                    3d:cf:2a:65:20:64:a8:67:e8:e7:97:38:d9:8a:78:
                    ba:ba:6f:66:a5:80:e1:b5:28:5b:7d:c6:52:17:ff:
                    fd:2d:5e:45:f8:12:24:66:9c:a4:85:b5:1a:54:4c:
                    c5:27:95:6b:23:b8:ef:93:c5:f4:c5:49:88:1c:1b:
                    26:38:45:d6:40:68:2f:8b:4f:06:57:3a:be:a1:31:
                    0d:de:d6:0f:11:20:26:2d:e9:4f:55:2a:4e:26:0e:
                    b1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:38:05:6D:B2:34:57:94:B9:A3:50:DD:24:E4:2A:B4:00:5D:B4:7D
            X509v3 Authority Key Identifier:
                keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/OzgFbbI0V5S5o1DdJOQqtABdtH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.71.0/24
                  185.7.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:9a:b7:cd:30:bb:b3:e4:ca:9d:a5:c6:1a:1d:bd:9f:42:7b:
         79:1d:c5:eb:b2:e8:f3:6a:c1:30:62:8a:f2:d1:55:1f:87:9f:
         c3:dc:95:e2:52:c8:71:cd:33:3f:29:e7:6f:2b:37:81:75:99:
         18:94:11:29:41:f8:cf:6e:53:51:cd:b2:73:f8:c5:99:18:44:
         8d:ea:0b:c1:db:e0:f3:24:b3:2b:7f:ea:03:98:9e:ee:4c:9f:
         07:97:d4:54:bd:47:22:e8:6c:9a:b1:f5:ab:3d:36:45:6b:be:
         34:ff:e8:97:e2:43:f4:38:e5:c4:da:7a:ce:de:ac:85:e2:02:
         b0:37:9b:f3:09:0c:7f:d0:52:e8:80:b9:31:8e:d9:e5:f5:ed:
         27:1d:7a:e5:81:8f:65:f7:04:63:9c:99:16:8e:b0:e6:cf:c4:
         e1:f6:e4:6c:81:b1:f7:dc:e6:6a:c5:3f:fd:50:57:a1:9e:7e:
         44:96:ac:54:20:ab:91:b6:8a:66:f2:d8:03:04:d2:8f:e2:4d:
         d5:1f:34:f0:47:5a:c3:44:72:3d:96:b0:15:98:86:4b:26:54:
         04:56:85:26:4d:91:e5:dd:03:36:b9:40:50:3e:b6:98:dc:96:
         05:04:0d:0d:be:4d:01:32:10:00:71:f5:aa:45:27:11:e8:e3:
         be:fe:0b:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcS5NAoWVxXBlByXrQHLYIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUwNTI3MTc1NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjM4MDU2ZGIyMzQ1Nzk0YjlhMzUwZGQyNGU0MmFiNDAwNWRiNDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWn8ackvYtb0oUjoVtGqao8bLhuk
wrw0L/YFF4tAsw4RddnoNlZgypmNxZH8EcUIiPF7V6yvNZvFBAvM0aP4VekeifZC
EhcnQ/LgCkSPtgHCNETQyOIid/9BYE8zY42iPvtqqrXFJb3pdIklURZFkSwYIkaN
TSmCGteM9V0Y2ZkD5lvskQRCxxhr8cOinAuoA2JpBKlwfGpxrD39W3tyY36WDzA9
zyplIGSoZ+jnlzjZini6um9mpYDhtShbfcZSF//9LV5F+BIkZpykhbUaVEzFJ5Vr
I7jvk8X0xUmIHBsmOEXWQGgvi08GVzq+oTEN3tYPESAmLelPVSpOJg6x1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDs4BW2yNFeUuaNQ3STkKrQAXbR9MB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvT3pnRmJiSTBWNVM1bzFEZEpPUXF0QUJkdEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW85HAwQA
uQfwMA0GCSqGSIb3DQEBCwUAA4IBAQAJmrfNMLuz5MqdpcYaHb2fQnt5HcXrsujz
asEwYory0VUfh5/D3JXiUshxzTM/KedvKzeBdZkYlBEpQfjPblNRzbJz+MWZGESN
6gvB2+DzJLMrf+oDmJ7uTJ8Hl9RUvUci6GyasfWrPTZFa740/+iX4kP0OOXE2nrO
3qyF4gKwN5vzCQx/0FLogLkxjtnl9e0nHXrlgY9l9wRjnJkWjrDmz8Th9uRsgbH3
3OZqxT/9UFehnn5ElqxUIKuRtopm8tgDBNKP4k3VHzTwR1rDRHI9lrAVmIZLJlQE
VoUmTZHl3QM2uUBQPraY3JYFBA0Nvk0BMhAAcfWqRScR6OO+/gse
-----END CERTIFICATE-----