Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/POUPcBO03DMIXVf_MFYgEgCOm2c.roa
File:                     POUPcBO03DMIXVf_MFYgEgCOm2c.roa (raw, json)
Hash identifier:          U70/4wMtnCfwgqCkp7u+PlnT2NS/US0B2K04xMH3TNI=
Subject key identifier:   3C:E5:0F:70:13:B4:DC:33:08:5D:57:FF:30:56:20:12:00:8E:9B:67
Certificate issuer:       /CN=852ece9c9a324d45c35f9559f329d8869dab53ba
Certificate serial:       01945FA7DF14FB3367BE20ABC9D822DE0E7F
Authority key identifier: 85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/POUPcBO03DMIXVf_MFYgEgCOm2c.roa
Signing time:             Mon 13 Jan 2025 12:33:44 +0000
ROA not before:           Mon 13 Jan 2025 12:33:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28761
IP address blocks:        195.3.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:a7:df:14:fb:33:67:be:20:ab:c9:d8:22:de:0e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=852ece9c9a324d45c35f9559f329d8869dab53ba
        Validity
            Not Before: Jan 13 12:33:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ce50f7013b4dc33085d57ff30562012008e9b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8b:c9:02:c7:52:05:b4:b4:7e:9b:7a:70:a4:
                    2f:7b:e9:b6:6f:0c:84:6e:18:96:a8:0b:34:20:fa:
                    2b:cf:b6:15:ea:0d:2b:1b:58:e1:a8:d4:d9:a4:68:
                    dd:79:21:1e:44:8a:d9:ea:7f:75:11:4a:4e:e2:b9:
                    32:b0:17:a8:a0:b0:ee:a7:e4:7f:c9:e3:15:f2:32:
                    3a:0f:d4:42:f8:b4:99:d5:61:23:d7:a6:96:62:0c:
                    bd:67:c0:35:c6:08:b3:c7:85:73:13:00:b7:f9:d4:
                    1e:f5:25:e7:07:e2:2e:16:88:5e:28:90:ed:81:b3:
                    e4:43:83:02:e2:8d:68:2d:5e:7b:a1:5b:f7:6f:6a:
                    3e:6b:77:20:1c:fc:44:16:cc:0f:27:15:0f:8f:6b:
                    ae:17:29:66:c2:38:1a:09:9c:12:18:a0:84:56:ff:
                    eb:7d:b4:f4:1c:57:1d:91:25:7a:a8:b5:c3:4a:8b:
                    cf:d6:a0:d7:17:c2:fa:25:18:3e:54:b7:4c:c8:1d:
                    3f:1e:ef:f8:5d:66:8d:e1:f9:b0:d2:b0:b8:19:71:
                    a8:72:7b:46:b7:17:8e:39:4f:d3:6d:6d:72:ef:e4:
                    4e:71:57:9e:b3:cc:70:a9:d0:15:10:e4:af:f3:89:
                    87:e3:b9:0d:11:b9:f5:78:c1:a5:67:43:91:d6:d4:
                    d6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:E5:0F:70:13:B4:DC:33:08:5D:57:FF:30:56:20:12:00:8E:9B:67
            X509v3 Authority Key Identifier:
                keyid:85:2E:CE:9C:9A:32:4D:45:C3:5F:95:59:F3:29:D8:86:9D:AB:53:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/POUPcBO03DMIXVf_MFYgEgCOm2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d3cce6-b47b-4d06-a30f-eb2411d212ab/1/hS7OnJoyTUXDX5VZ8ynYhp2rU7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.3.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:92:8a:cd:35:f3:4a:07:23:0d:bd:7d:d9:b7:a6:92:66:6e:
         65:48:f3:c8:80:62:88:54:5a:7d:cf:23:04:a2:91:5f:a5:54:
         bf:36:49:aa:1b:4f:ff:50:54:28:59:91:31:85:67:40:bd:45:
         50:6b:c6:f8:75:13:0f:2d:5e:b3:f9:77:3a:fa:9e:19:06:b6:
         2c:bd:9a:51:87:ce:1c:ca:1e:18:c7:49:3d:f0:95:bd:3f:24:
         d3:d0:b2:0d:75:5a:17:4e:aa:52:9d:e5:71:c3:da:c4:6d:d0:
         11:bf:52:4e:fa:b3:c3:2c:63:6f:bd:da:a5:47:48:10:09:42:
         0d:0f:6a:78:77:86:6d:a9:90:b6:bf:61:79:3a:fe:ed:d4:91:
         22:a7:3c:18:33:6d:7c:0c:aa:c1:34:a2:54:8c:ce:38:9b:66:
         c1:9c:30:ba:95:e1:e0:4e:95:0c:e4:a0:dd:00:5e:15:88:89:
         f7:04:bb:21:00:6e:12:16:26:30:aa:5d:d8:5e:50:c0:0e:7b:
         79:94:f0:de:ff:a3:cf:bf:f9:f1:bb:57:b2:2c:8b:7e:1f:38:
         03:c3:ed:40:10:87:79:c8:bf:a9:57:96:1f:59:69:50:f0:1a:
         d3:4e:2a:7d:43:6a:5a:38:59:84:62:51:a3:34:78:1f:b2:28:
         14:59:85:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRfp98U+zNnviCrydgi3g5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmVjZTljOWEzMjRkNDVjMzVmOTU1OWYzMjlkODg2OWRh
YjUzYmEwHhcNMjUwMTEzMTIzMzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2U1MGY3MDEzYjRkYzMzMDg1ZDU3ZmYzMDU2MjAxMjAwOGU5YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4vJAsdSBbS0fpt6cKQve+m2bwyE
bhiWqAs0IPorz7YV6g0rG1jhqNTZpGjdeSEeRIrZ6n91EUpO4rkysBeooLDup+R/
yeMV8jI6D9RC+LSZ1WEj16aWYgy9Z8A1xgizx4VzEwC3+dQe9SXnB+IuFoheKJDt
gbPkQ4MC4o1oLV57oVv3b2o+a3cgHPxEFswPJxUPj2uuFylmwjgaCZwSGKCEVv/r
fbT0HFcdkSV6qLXDSovP1qDXF8L6JRg+VLdMyB0/Hu/4XWaN4fmw0rC4GXGocntG
txeOOU/TbW1y7+ROcVees8xwqdAVEOSv84mH47kNEbn1eMGlZ0OR1tTWJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzlD3ATtNwzCF1X/zBWIBIAjptnMB8GA1UdIwQY
MBaAFIUuzpyaMk1Fw1+VWfMp2Iadq1O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYt
ZWIyNDExZDIxMmFiLzEvUE9VUGNCTzAzRE1JWFZmX01GWWdFZ0NPbTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kM2NjZTYtYjQ3Yi00ZDA2LWEzMGYtZWIyNDExZDIxMmFi
LzEvaFM3T25Kb3lUVVhEWDVWWjh5bllocDJyVTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwwP0MA0G
CSqGSIb3DQEBCwUAA4IBAQCakorNNfNKByMNvX3Zt6aSZm5lSPPIgGKIVFp9zyME
opFfpVS/NkmqG0//UFQoWZExhWdAvUVQa8b4dRMPLV6z+Xc6+p4ZBrYsvZpRh84c
yh4Yx0k98JW9PyTT0LINdVoXTqpSneVxw9rEbdARv1JO+rPDLGNvvdqlR0gQCUIN
D2p4d4ZtqZC2v2F5Ov7t1JEipzwYM218DKrBNKJUjM44m2bBnDC6leHgTpUM5KDd
AF4ViIn3BLshAG4SFiYwql3YXlDADnt5lPDe/6PPv/nxu1eyLIt+HzgDw+1AEId5
yL+pV5YfWWlQ8BrTTip9Q2paOFmEYlGjNHgfsigUWYUg
-----END CERTIFICATE-----