Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/3UEtPfriipiMbZa6fhwdY3QYuQU.roa
File:                     3UEtPfriipiMbZa6fhwdY3QYuQU.roa (raw, json)
Hash identifier:          zafMtM+qwE9a62Lg/QOalLMv3c0V/Ie0I/pDVfmKXPw=
Subject key identifier:   DD:41:2D:3D:FA:E2:8A:98:8C:6D:96:BA:7E:1C:1D:63:74:18:B9:05
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       01946F459B56982FF7C249A43221E3203345
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/3UEtPfriipiMbZa6fhwdY3QYuQU.roa
Signing time:             Thu 16 Jan 2025 13:20:20 +0000
ROA not before:           Thu 16 Jan 2025 13:20:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.18.123.0/24 maxlen: 24
                          185.27.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6f:45:9b:56:98:2f:f7:c2:49:a4:32:21:e3:20:33:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan 16 13:20:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd412d3dfae28a988c6d96ba7e1c1d637418b905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2f:d5:7a:74:20:a7:37:e3:c2:26:3e:00:f1:
                    d4:3e:62:fa:86:6d:a8:cd:e5:a1:b9:ff:4d:bd:b8:
                    19:c1:e6:45:b1:2a:25:ca:c0:8d:fa:ae:82:51:42:
                    38:4d:fb:72:7c:18:75:21:2c:65:b6:26:5a:1e:93:
                    49:b4:8b:42:c4:e6:45:ea:de:66:60:1e:98:b8:23:
                    5a:7b:c0:51:6d:92:ba:a2:25:43:a0:06:1a:7a:30:
                    98:d2:0e:cf:c8:c6:e2:8b:d8:ae:26:61:c4:f9:7c:
                    92:2d:ce:41:df:ae:eb:a3:1a:c4:52:02:d0:9f:e7:
                    60:d4:e0:17:99:8c:b4:79:2c:bf:39:b6:3d:77:3c:
                    07:f5:07:bf:fc:cf:8a:2e:c0:7f:4b:ad:be:cb:01:
                    df:6e:09:f9:a1:e4:76:2d:21:a4:93:c0:e6:c0:59:
                    b8:05:30:bb:7e:d3:42:4f:26:ac:29:40:28:6b:d2:
                    66:94:51:26:39:3b:37:c0:20:92:4e:5a:e6:eb:0d:
                    3b:7b:51:06:8e:49:a3:9e:f5:e0:a0:c6:c4:53:63:
                    e2:90:c8:0f:1e:95:f6:41:75:51:e7:64:7d:d2:59:
                    bd:fb:2d:fd:dc:b3:43:7c:61:ad:a5:0f:6c:b5:8b:
                    c7:98:e3:c9:b3:00:4b:56:fa:db:59:72:41:7b:83:
                    7f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:41:2D:3D:FA:E2:8A:98:8C:6D:96:BA:7E:1C:1D:63:74:18:B9:05
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/3UEtPfriipiMbZa6fhwdY3QYuQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.123.0/24
                  185.27.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:e8:05:81:ed:03:52:08:08:a6:7c:60:e0:d4:3b:27:1c:19:
         ce:cf:17:5a:8d:86:e2:1b:e1:dd:08:ca:54:bb:80:d6:44:4c:
         04:b9:06:cd:45:28:9d:03:53:16:6b:76:a3:10:a2:15:84:af:
         53:df:f4:16:46:18:0f:49:76:80:6a:28:0a:e0:70:85:ca:e1:
         60:b6:fd:83:86:36:a5:e9:b7:27:5b:09:39:5b:bf:0e:79:f9:
         46:51:81:2e:f4:40:83:e9:2d:7b:9d:d5:fd:9b:5d:12:d7:93:
         99:45:4a:f6:0a:fb:5d:93:47:65:8b:77:52:4c:a7:bb:88:9b:
         42:a9:b9:10:ed:e4:23:51:d0:c8:fb:3c:f7:e7:a9:5b:89:1c:
         d5:d3:93:19:10:e8:fa:14:a1:b4:07:75:cf:4b:6d:92:76:ff:
         c5:40:2f:0e:cf:ae:f0:3f:3f:ef:cb:90:e8:29:6d:22:fb:cb:
         46:dc:3a:e2:a9:ef:f2:ff:c0:73:c4:7f:d5:e3:49:cc:fb:e3:
         b9:7a:67:f1:35:dd:c3:01:d7:35:22:f6:90:fc:c5:89:68:b5:
         e8:74:db:19:84:c8:78:0c:18:64:fc:b4:33:43:96:4b:ed:db:
         0e:ac:6d:c6:bf:e9:9f:bd:c1:51:9a:7f:61:76:7d:49:fc:73:
         62:2d:e9:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRvRZtWmC/3wkmkMiHjIDNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjUwMTE2MTMyMDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQxMmQzZGZhZTI4YTk4OGM2ZDk2YmE3ZTFjMWQ2Mzc0MThiOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC/VenQgpzfjwiY+APHUPmL6hm2o
zeWhuf9NvbgZweZFsSolysCN+q6CUUI4TftyfBh1ISxltiZaHpNJtItCxOZF6t5m
YB6YuCNae8BRbZK6oiVDoAYaejCY0g7PyMbii9iuJmHE+XySLc5B367roxrEUgLQ
n+dg1OAXmYy0eSy/ObY9dzwH9Qe//M+KLsB/S62+ywHfbgn5oeR2LSGkk8DmwFm4
BTC7ftNCTyasKUAoa9JmlFEmOTs3wCCSTlrm6w07e1EGjkmjnvXgoMbEU2PikMgP
HpX2QXVR52R90lm9+y393LNDfGGtpQ9stYvHmOPJswBLVvrbWXJBe4N/hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN1BLT364oqYjG2Wun4cHWN0GLkFMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvM1VFdFBmcmlpcGlNYlphNmZod2RZM1FZdVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRJ7AwQB
uRuyMA0GCSqGSIb3DQEBCwUAA4IBAQAA6AWB7QNSCAimfGDg1DsnHBnOzxdajYbi
G+HdCMpUu4DWREwEuQbNRSidA1MWa3ajEKIVhK9T3/QWRhgPSXaAaigK4HCFyuFg
tv2Dhjal6bcnWwk5W78OeflGUYEu9ECD6S17ndX9m10S15OZRUr2Cvtdk0dli3dS
TKe7iJtCqbkQ7eQjUdDI+zz356lbiRzV05MZEOj6FKG0B3XPS22Sdv/FQC8Oz67w
Pz/vy5DoKW0i+8tG3Driqe/y/8BzxH/V40nM++O5emfxNd3DAdc1IvaQ/MWJaLXo
dNsZhMh4DBhk/LQzQ5ZL7dsOrG3Gv+mfvcFRmn9hdn1J/HNiLekB
-----END CERTIFICATE-----