Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Mai3hO1570LXs6RLr6YGrktOd4s.roa
File:                     Mai3hO1570LXs6RLr6YGrktOd4s.roa (raw, json)
Hash identifier:          3YqQQd9kN82zwoLCu2RB4M6k5ODGSKxhrf7vMbNdzEk=
Subject key identifier:   31:A8:B7:84:ED:79:EF:42:D7:B3:A4:4B:AF:A6:06:AE:4B:4E:77:8B
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       0194D9EF002B44F6A7731399DCD80DCED1FE
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Mai3hO1570LXs6RLr6YGrktOd4s.roa
Signing time:             Thu 06 Feb 2025 06:25:06 +0000
ROA not before:           Thu 06 Feb 2025 06:25:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23532
IP address blocks:        185.125.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d9:ef:00:2b:44:f6:a7:73:13:99:dc:d8:0d:ce:d1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Feb  6 06:25:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31a8b784ed79ef42d7b3a44bafa606ae4b4e778b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9b:ca:30:c4:6c:c6:7b:c8:99:18:cb:73:bb:
                    92:61:9f:b9:86:22:dd:88:22:c0:9d:cf:66:c8:a7:
                    67:ee:c1:ba:f0:da:18:03:ef:98:30:16:d8:ad:a9:
                    d1:c5:56:c4:c5:85:8b:a3:6f:b4:37:17:72:f9:1d:
                    ea:f1:db:ce:e2:11:65:e6:90:56:e2:a4:6f:bf:61:
                    56:9b:2d:e4:53:83:95:d1:b3:4c:50:6d:38:37:40:
                    7f:12:03:31:41:fd:95:c4:c5:d1:f0:d2:71:3f:d6:
                    16:56:64:ab:14:f8:e1:7a:a0:61:7f:66:1b:5e:fc:
                    4a:81:e5:58:24:3b:fe:b9:5e:b1:a3:e2:77:d3:a6:
                    6c:69:9b:fa:c4:6b:c5:e5:51:9f:76:44:9b:22:84:
                    d1:06:12:a5:68:f6:f4:fe:0e:36:d3:05:29:0e:fc:
                    06:b8:79:39:a7:20:4b:08:e9:7e:1f:c9:95:0c:6e:
                    6c:33:86:d6:86:a1:31:34:b2:80:26:28:cb:8f:fe:
                    20:d2:17:dd:aa:f5:21:1e:84:58:45:c4:8b:4e:07:
                    d3:73:26:8a:19:3d:a3:c3:28:4c:1d:72:14:8a:5f:
                    95:72:2b:00:02:5b:80:7d:8d:5f:18:b3:76:d9:31:
                    23:bc:cf:bb:c3:6b:97:87:a0:8e:f9:ff:87:95:6e:
                    47:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A8:B7:84:ED:79:EF:42:D7:B3:A4:4B:AF:A6:06:AE:4B:4E:77:8B
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Mai3hO1570LXs6RLr6YGrktOd4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:09:d4:a5:3f:b5:fb:6b:51:de:a5:cf:0a:2b:e6:75:10:68:
         ea:cb:1f:9a:e7:34:25:c7:52:d1:af:5e:65:dd:52:46:f1:76:
         8e:94:f6:49:0d:6a:17:0b:9d:78:fc:10:0b:bd:38:d3:0f:93:
         5d:a4:13:22:91:fe:ef:7e:d3:0b:34:d0:a3:c0:10:06:9b:4b:
         92:4f:60:87:24:46:0b:bc:52:99:d5:1b:81:ba:74:42:b2:0b:
         2b:a7:b6:f5:53:80:04:9c:c9:f1:9f:67:a0:67:a7:59:47:6e:
         0b:bc:92:c7:37:65:fb:13:dd:13:3f:ce:9d:b0:25:b0:c7:6a:
         5b:27:a5:43:20:e7:3e:2e:15:8a:0b:9e:9a:d8:a8:a4:af:6d:
         f9:e3:e1:3d:64:a2:db:28:28:15:6a:a6:fe:a8:d0:7e:53:1c:
         61:e2:75:e6:f4:d8:79:46:31:b4:ad:d4:b1:8f:e1:e0:ac:b5:
         4d:95:d6:9b:e1:4e:ff:5e:93:ab:40:cf:fa:54:52:a1:aa:87:
         14:da:87:1c:07:41:a2:99:20:9f:b4:cb:a8:2a:2c:4e:67:15:
         25:e0:f3:8d:fa:e9:8e:be:64:88:0e:d7:e0:0a:53:52:53:d3:
         1d:91:e1:50:f0:9d:99:81:a8:b1:67:4a:db:51:1b:52:c7:3f:
         57:69:b5:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTZ7wArRPancxOZ3NgNztH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMjA2MDYyNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWE4Yjc4NGVkNzllZjQyZDdiM2E0NGJhZmE2MDZhZTRiNGU3NzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpvKMMRsxnvImRjLc7uSYZ+5hiLd
iCLAnc9myKdn7sG68NoYA++YMBbYranRxVbExYWLo2+0Nxdy+R3q8dvO4hFl5pBW
4qRvv2FWmy3kU4OV0bNMUG04N0B/EgMxQf2VxMXR8NJxP9YWVmSrFPjheqBhf2Yb
XvxKgeVYJDv+uV6xo+J306ZsaZv6xGvF5VGfdkSbIoTRBhKlaPb0/g420wUpDvwG
uHk5pyBLCOl+H8mVDG5sM4bWhqExNLKAJijLj/4g0hfdqvUhHoRYRcSLTgfTcyaK
GT2jwyhMHXIUil+VcisAAluAfY1fGLN22TEjvM+7w2uXh6CO+f+HlW5HDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGot4Ttee9C17OkS6+mBq5LTneLMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvTWFpM2hPMTU3MExYczZSTHI2WUdya3RPZDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX3zMA0G
CSqGSIb3DQEBCwUAA4IBAQBnCdSlP7X7a1Hepc8KK+Z1EGjqyx+a5zQlx1LRr15l
3VJG8XaOlPZJDWoXC514/BALvTjTD5NdpBMikf7vftMLNNCjwBAGm0uST2CHJEYL
vFKZ1RuBunRCsgsrp7b1U4AEnMnxn2egZ6dZR24LvJLHN2X7E90TP86dsCWwx2pb
J6VDIOc+LhWKC56a2Kikr2354+E9ZKLbKCgVaqb+qNB+Uxxh4nXm9Nh5RjG0rdSx
j+HgrLVNldab4U7/XpOrQM/6VFKhqocU2occB0GimSCftMuoKixOZxUl4PON+umO
vmSIDtfgClNSU9MdkeFQ8J2ZgaixZ0rbURtSxz9XabVN
-----END CERTIFICATE-----