Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/gD3woXUC-WqortYqBWCfUTbN-6s.roa
File:                     gD3woXUC-WqortYqBWCfUTbN-6s.roa (raw, json)
Hash identifier:          4m9GD86eXZHIDuKu5606dRxx8eCf4kOZ5e1eJk9t9m8=
Subject key identifier:   80:3D:F0:A1:75:02:F9:6A:A8:AE:D6:2A:05:60:9F:51:36:CD:FB:AB
Certificate issuer:       /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial:       0197132680B69551E434F30CDAB275593DC0
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/gD3woXUC-WqortYqBWCfUTbN-6s.roa
Signing time:             Tue 27 May 2025 19:09:39 +0000
ROA not before:           Tue 27 May 2025 19:09:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.7.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Jun 2025 20:34:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:26:80:b6:95:51:e4:34:f3:0c:da:b2:75:59:3d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
        Validity
            Not Before: May 27 19:09:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=803df0a17502f96aa8aed62a05609f5136cdfbab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1b:c1:3b:4e:3d:39:63:da:e5:e0:96:b0:7c:
                    09:db:54:29:ac:f7:d6:c9:9c:5c:a1:b3:9b:ed:6d:
                    83:35:37:dc:ea:3f:6a:12:5d:4a:43:00:8f:2e:e9:
                    ea:16:5a:93:14:b4:18:f5:7a:c2:a4:78:ad:73:77:
                    a2:16:ca:88:d6:c3:42:ac:1e:31:c9:03:80:f3:37:
                    72:51:bc:0e:ff:8f:e1:b5:21:00:8c:ba:a2:13:0e:
                    07:57:68:9c:5a:0e:5e:f5:e8:72:8d:1d:06:d4:94:
                    07:03:0c:a9:43:e9:38:a3:86:0b:c2:cd:0a:07:80:
                    6a:ea:12:24:94:5e:ac:86:42:42:fb:52:88:eb:27:
                    e0:67:3c:28:f2:96:f2:cb:08:04:10:d6:2d:9b:59:
                    6c:ba:e4:c3:29:ae:71:76:34:28:d4:71:98:99:3f:
                    01:a1:3c:49:9c:c6:43:6a:4a:dd:2d:38:da:21:a0:
                    c2:41:44:0e:ef:7d:73:30:45:51:19:11:03:f8:de:
                    18:75:e4:79:db:49:71:1e:d6:a8:51:5b:f1:5e:c1:
                    9c:e9:30:43:31:76:9b:cf:68:d4:99:4f:c6:15:58:
                    ae:7f:1d:08:05:2b:33:06:05:9d:a1:d5:7c:50:49:
                    55:16:74:b6:fc:35:b0:0f:33:16:cb:92:ec:71:39:
                    b0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:3D:F0:A1:75:02:F9:6A:A8:AE:D6:2A:05:60:9F:51:36:CD:FB:AB
            X509v3 Authority Key Identifier:
                keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/gD3woXUC-WqortYqBWCfUTbN-6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:7d:b8:fe:86:06:f0:93:51:63:b9:d1:0f:e0:f4:da:79:ff:
         4d:59:10:46:84:11:5d:10:50:7c:6b:24:7c:c5:9f:c2:d9:4c:
         5a:64:67:fd:29:75:e2:8c:17:b7:78:bb:92:5e:83:40:25:fb:
         4e:e3:97:a7:bd:25:0c:72:47:7e:f0:59:ba:61:dd:4c:1b:55:
         58:8e:5a:bc:fd:de:f6:39:73:28:57:13:ef:bd:09:12:65:d1:
         25:b1:e6:ac:1b:c6:d8:a6:ba:58:be:12:75:d5:3f:9b:f8:4f:
         cf:0a:b5:80:d5:68:bf:10:b9:c1:bd:2c:18:9d:0c:f5:e5:23:
         3e:d5:c6:09:e1:a5:af:63:34:58:78:d9:22:ce:ff:de:d9:84:
         8a:0e:63:b2:93:0d:a4:2c:83:da:93:05:b0:43:71:01:54:fd:
         69:70:79:00:61:8f:7e:53:5a:6e:f0:7b:c5:fa:c6:83:96:5a:
         4e:c9:63:df:95:ab:23:db:50:06:17:17:02:03:4f:c2:5c:01:
         53:03:05:b6:8e:9d:f4:ee:68:94:aa:fb:db:8e:65:23:88:d7:
         c9:09:fa:cf:1c:c2:67:51:d4:df:fb:53:9c:1b:23:a4:a1:df:
         8d:d7:fd:ae:67:ea:b0:5a:e0:18:76:3d:4b:22:9d:1a:e4:e9:
         ad:ae:50:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcTJoC2lVHkNPMM2rJ1WT3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUwNTI3MTkwOTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDNkZjBhMTc1MDJmOTZhYThhZWQ2MmEwNTYwOWY1MTM2Y2RmYmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhvBO049OWPa5eCWsHwJ21QprPfW
yZxcobOb7W2DNTfc6j9qEl1KQwCPLunqFlqTFLQY9XrCpHitc3eiFsqI1sNCrB4x
yQOA8zdyUbwO/4/htSEAjLqiEw4HV2icWg5e9ehyjR0G1JQHAwypQ+k4o4YLws0K
B4Bq6hIklF6shkJC+1KI6yfgZzwo8pbyywgEENYtm1lsuuTDKa5xdjQo1HGYmT8B
oTxJnMZDakrdLTjaIaDCQUQO731zMEVRGRED+N4YdeR520lxHtaoUVvxXsGc6TBD
MXabz2jUmU/GFViufx0IBSszBgWdodV8UElVFnS2/DWwDzMWy5LscTmw5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIA98KF1AvlqqK7WKgVgn1E2zfurMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvZ0Qzd29YVUMtV3FvcnRZcUJXQ2ZVVGJOLTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQfwMA0G
CSqGSIb3DQEBCwUAA4IBAQCSfbj+hgbwk1FjudEP4PTaef9NWRBGhBFdEFB8ayR8
xZ/C2UxaZGf9KXXijBe3eLuSXoNAJftO45envSUMckd+8Fm6Yd1MG1VYjlq8/d72
OXMoVxPvvQkSZdElseasG8bYprpYvhJ11T+b+E/PCrWA1Wi/ELnBvSwYnQz15SM+
1cYJ4aWvYzRYeNkizv/e2YSKDmOykw2kLIPakwWwQ3EBVP1pcHkAYY9+U1pu8HvF
+saDllpOyWPflasj21AGFxcCA0/CXAFTAwW2jp307miUqvvbjmUjiNfJCfrPHMJn
UdTf+1OcGyOkod+N1/2uZ+qwWuAYdj1LIp0a5OmtrlDO
-----END CERTIFICATE-----