Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/IN3MTD4yGkkCDB1rJO86jTqGDXo.roa
File:                     IN3MTD4yGkkCDB1rJO86jTqGDXo.roa (raw, json)
Hash identifier:          7YOMcFzQDeiJ2ivIPHaXcmOgqcdPTr50fRvwkCG59Mg=
Subject key identifier:   20:DD:CC:4C:3E:32:1A:49:02:0C:1D:6B:24:EF:3A:8D:3A:86:0D:7A
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454CC74997BEFADAD8C70D8F1A55D8
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/IN3MTD4yGkkCDB1rJO86jTqGDXo.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20200
IP address blocks:        45.155.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4c:c7:49:97:be:fa:da:d8:c7:0d:8f:1a:55:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20ddcc4c3e321a49020c1d6b24ef3a8d3a860d7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:da:7f:9c:63:58:b2:59:04:f3:68:c0:82:c2:
                    d5:72:2f:82:0b:2f:73:ab:b8:93:f0:8b:91:5f:f0:
                    32:9d:76:7e:11:2c:2f:6d:40:56:d9:dc:3e:39:c4:
                    de:e1:8a:d7:ad:41:25:52:86:31:f4:82:27:3c:f1:
                    3a:f4:79:59:87:73:e9:2d:c9:0b:6f:24:3c:50:01:
                    74:87:f5:83:f1:e7:5f:33:af:27:72:96:1f:74:3c:
                    92:60:38:fa:45:8e:e9:76:35:2f:eb:28:b7:42:11:
                    fc:33:c4:5c:d2:d9:01:a1:39:af:08:7e:f1:c9:46:
                    dc:a3:5c:03:45:85:a1:28:2d:66:41:3d:00:a7:53:
                    66:f7:d8:e1:b1:5a:86:72:81:fd:29:ac:ad:ac:0e:
                    96:9c:64:69:2a:4e:85:6d:5d:00:d0:3c:86:4b:9d:
                    27:1b:be:9b:4e:c6:07:bd:17:88:b4:06:89:0d:6d:
                    d0:b0:ab:63:27:21:a5:eb:6b:56:78:b5:60:85:37:
                    e3:c2:ba:c0:58:b7:ce:df:fe:f1:26:2b:84:7f:3e:
                    17:f1:07:e0:e8:7a:41:bd:b1:29:08:40:79:1e:27:
                    b1:d3:16:e6:a0:7b:c5:df:e9:8a:ac:f1:03:4b:db:
                    c3:0f:ed:31:22:cc:02:58:41:5a:e2:d4:c1:4a:3f:
                    52:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:DD:CC:4C:3E:32:1A:49:02:0C:1D:6B:24:EF:3A:8D:3A:86:0D:7A
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/IN3MTD4yGkkCDB1rJO86jTqGDXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:e0:5e:0d:91:08:c5:4e:b0:82:cd:2d:26:f4:f0:90:91:0e:
         aa:4d:f2:72:d9:24:09:7c:42:2b:46:00:b1:4c:6d:06:66:91:
         3e:22:3e:e1:cf:ae:55:a1:fa:ea:e2:b1:c5:9e:71:c9:76:96:
         e0:fc:07:a5:cd:2d:81:c0:15:0f:09:1f:db:08:a5:5b:9d:88:
         e7:66:96:ae:bf:45:1d:57:49:e4:7d:d0:eb:0c:79:59:74:57:
         6f:78:9d:17:89:d6:bd:84:be:34:28:bc:d4:3e:f5:40:7f:7b:
         2e:87:7e:ac:72:96:d8:60:5c:b9:fe:95:7e:54:a2:ca:25:54:
         65:9c:49:d9:28:e0:8b:97:9c:42:32:a7:9b:5f:c9:62:07:e5:
         9b:a6:02:55:2f:e6:aa:47:f1:c3:fd:86:e3:fc:34:52:73:87:
         4e:d3:21:76:97:e0:61:17:a4:ae:2b:14:b0:ee:a2:ef:11:b3:
         e8:ac:ad:4b:71:76:ee:e5:a0:b5:6f:7d:2f:dd:4a:4c:05:64:
         d0:87:23:54:c1:1b:ea:24:f3:19:f8:2d:b0:d3:a6:b4:58:07:
         29:82:c8:10:cc:f7:3b:e4:00:d0:e1:15:9a:06:55:d8:e8:c0:
         3e:71:d8:ee:91:54:bb:66:7b:9d:26:40:fd:90:77:64:ee:96:
         dc:0e:f7:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUzHSZe++trYxw2PGlXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGRkY2M0YzNlMzIxYTQ5MDIwYzFkNmIyNGVmM2E4ZDNhODYwZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tp/nGNYslkE82jAgsLVci+CCy9z
q7iT8IuRX/AynXZ+ESwvbUBW2dw+OcTe4YrXrUElUoYx9IInPPE69HlZh3PpLckL
byQ8UAF0h/WD8edfM68ncpYfdDySYDj6RY7pdjUv6yi3QhH8M8Rc0tkBoTmvCH7x
yUbco1wDRYWhKC1mQT0Ap1Nm99jhsVqGcoH9KaytrA6WnGRpKk6FbV0A0DyGS50n
G76bTsYHvReItAaJDW3QsKtjJyGl62tWeLVghTfjwrrAWLfO3/7xJiuEfz4X8Qfg
6HpBvbEpCEB5Hiex0xbmoHvF3+mKrPEDS9vDD+0xIswCWEFa4tTBSj9SKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDdzEw+MhpJAgwdayTvOo06hg16MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvSU4zTVRENHlHa2tDREIxckpPODZqVHFHRFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv/MA0G
CSqGSIb3DQEBCwUAA4IBAQA64F4NkQjFTrCCzS0m9PCQkQ6qTfJy2SQJfEIrRgCx
TG0GZpE+Ij7hz65Vofrq4rHFnnHJdpbg/AelzS2BwBUPCR/bCKVbnYjnZpauv0Ud
V0nkfdDrDHlZdFdveJ0Xida9hL40KLzUPvVAf3suh36scpbYYFy5/pV+VKLKJVRl
nEnZKOCLl5xCMqebX8liB+WbpgJVL+aqR/HD/Ybj/DRSc4dO0yF2l+BhF6SuKxSw
7qLvEbPorK1LcXbu5aC1b30v3UpMBWTQhyNUwRvqJPMZ+C2w06a0WAcpgsgQzPc7
5ADQ4RWaBlXY6MA+cdjukVS7ZnudJkD9kHdk7pbcDvez
-----END CERTIFICATE-----