Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/CPpx0d1XDfTts_23VJXBkQFqJg4.roa
File:                     CPpx0d1XDfTts_23VJXBkQFqJg4.roa (raw, json)
Hash identifier:          1lxLtZe90XZ7bXiEJNFwLj04/bVq/MlZjvYwJI3pqW4=
Subject key identifier:   08:FA:71:D1:DD:57:0D:F4:ED:B3:FD:B7:54:95:C1:91:01:6A:26:0E
Certificate issuer:       /CN=3bec12c21108134f00c0353107d60ccdaebefb2e
Certificate serial:       0194266B97E2A408AEFADD3BAE459BCE3392
Authority key identifier: 3B:EC:12:C2:11:08:13:4F:00:C0:35:31:07:D6:0C:CD:AE:BE:FB:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-wSwhEIE08AwDUxB9YMza6--y4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/CPpx0d1XDfTts_23VJXBkQFqJg4.roa
Signing time:             Thu 02 Jan 2025 09:49:32 +0000
ROA not before:           Thu 02 Jan 2025 09:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        91.208.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/O-wSwhEIE08AwDUxB9YMza6--y4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/O-wSwhEIE08AwDUxB9YMza6--y4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-wSwhEIE08AwDUxB9YMza6--y4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:97:e2:a4:08:ae:fa:dd:3b:ae:45:9b:ce:33:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bec12c21108134f00c0353107d60ccdaebefb2e
        Validity
            Not Before: Jan  2 09:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08fa71d1dd570df4edb3fdb75495c191016a260e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:87:95:ba:0a:cf:5c:0c:1d:79:14:a8:85:ef:
                    9c:e0:be:fb:9e:52:6d:ab:65:65:43:b1:8f:ef:fa:
                    88:83:8c:21:56:a9:b2:bd:67:eb:6f:9e:7b:0e:63:
                    f3:ae:ba:e2:c4:27:19:58:cb:28:ba:62:ce:7c:d7:
                    c7:46:8a:7f:a1:08:6e:b2:47:51:75:c1:1b:d9:6a:
                    ab:56:44:b8:f1:4d:9f:82:d1:62:b2:90:e0:d9:40:
                    73:03:8a:eb:7d:f7:d0:b7:06:2b:01:0e:92:ba:cd:
                    8a:71:e5:1e:54:61:ed:c2:f8:bb:40:a3:2b:85:9f:
                    63:e8:9e:b8:15:ad:b6:14:78:95:91:ea:91:9c:dc:
                    ff:ad:59:b1:5e:6c:e4:11:06:a9:e0:5b:37:e1:dc:
                    33:db:ba:9d:f1:e2:a0:82:76:81:2a:12:0c:9f:28:
                    fd:80:4e:f9:b7:18:91:83:99:c3:06:7d:4f:f0:9e:
                    32:09:8a:f3:68:25:07:45:e2:c4:6f:79:c4:d6:9e:
                    ed:3f:90:81:df:96:f9:75:3c:33:79:58:cc:49:5c:
                    66:bf:8b:90:c3:57:b2:a4:05:70:e4:f4:42:a8:c3:
                    c4:6f:fb:79:43:9f:11:6d:3d:61:e8:5c:7b:e8:4f:
                    6a:21:0e:ab:4b:b9:cb:7e:1f:da:ae:60:6d:91:3e:
                    1e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:FA:71:D1:DD:57:0D:F4:ED:B3:FD:B7:54:95:C1:91:01:6A:26:0E
            X509v3 Authority Key Identifier:
                keyid:3B:EC:12:C2:11:08:13:4F:00:C0:35:31:07:D6:0C:CD:AE:BE:FB:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-wSwhEIE08AwDUxB9YMza6--y4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/CPpx0d1XDfTts_23VJXBkQFqJg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/O-wSwhEIE08AwDUxB9YMza6--y4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:af:ed:59:32:63:c3:bf:22:e3:ac:76:ed:50:79:9c:91:2d:
         aa:0f:f4:24:f5:1d:69:b5:3f:b2:26:e2:3a:97:73:3c:24:e1:
         c2:8b:da:19:5c:0a:f8:fd:70:95:ea:6a:14:b8:35:d0:b0:9f:
         cc:76:ea:80:47:01:45:29:9d:85:76:4e:14:1b:68:ee:ec:77:
         9f:24:6e:87:3f:49:91:c5:13:78:d5:9a:3f:41:1e:9d:ce:0b:
         08:13:ba:cb:2d:4a:1b:a1:a1:47:44:7d:4d:e6:0a:1e:cd:c0:
         3b:e6:50:a0:55:0e:cc:c4:d5:a6:64:28:73:40:4d:56:0e:69:
         7a:97:c5:67:8d:6b:c1:6f:7e:c3:c9:9b:fa:9e:01:8f:d4:40:
         db:90:0b:42:71:f8:8e:d1:c4:14:cb:41:de:eb:f6:53:8f:73:
         d9:05:7d:8d:6b:8b:12:96:ad:b6:09:86:25:bd:ea:d7:6a:a4:
         23:4d:80:5e:43:29:30:f1:88:88:5a:1a:3a:43:05:71:b8:97:
         24:ca:27:dc:86:62:d9:cf:27:54:f6:1b:6f:37:92:30:73:09:
         f3:16:6f:17:7a:b7:33:e4:42:41:73:e9:71:02:f2:06:ea:4f:
         68:25:13:e1:dc:55:c8:5c:75:b9:84:05:d9:73:db:9f:cd:2a:
         f7:c8:e9:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma5fipAiu+t07rkWbzjOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZWMxMmMyMTEwODEzNGYwMGMwMzUzMTA3ZDYwY2NkYWVi
ZWZiMmUwHhcNMjUwMTAyMDk0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGZhNzFkMWRkNTcwZGY0ZWRiM2ZkYjc1NDk1YzE5MTAxNmEyNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4eVugrPXAwdeRSohe+c4L77nlJt
q2VlQ7GP7/qIg4whVqmyvWfrb557DmPzrrrixCcZWMsoumLOfNfHRop/oQhuskdR
dcEb2WqrVkS48U2fgtFispDg2UBzA4rrfffQtwYrAQ6Sus2KceUeVGHtwvi7QKMr
hZ9j6J64Fa22FHiVkeqRnNz/rVmxXmzkEQap4Fs34dwz27qd8eKggnaBKhIMnyj9
gE75txiRg5nDBn1P8J4yCYrzaCUHReLEb3nE1p7tP5CB35b5dTwzeVjMSVxmv4uQ
w1eypAVw5PRCqMPEb/t5Q58RbT1h6Fx76E9qIQ6rS7nLfh/armBtkT4eMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAj6cdHdVw307bP9t1SVwZEBaiYOMB8GA1UdIwQY
MBaAFDvsEsIRCBNPAMA1MQfWDM2uvvsuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy13U3doRUlFMDhBd0RVeEI5WU16YTYtLXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZGZhOTctOGM1My00ZTc0LTlhMmMt
NDg0YTA2YTYxNzE3LzEvQ1BweDBkMVhEZlR0c18yM1ZKWEJrUUZxSmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZGZhOTctOGM1My00ZTc0LTlhMmMtNDg0YTA2YTYxNzE3
LzEvTy13U3doRUlFMDhBd0RVeEI5WU16YTYtLXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DMMA0G
CSqGSIb3DQEBCwUAA4IBAQAar+1ZMmPDvyLjrHbtUHmckS2qD/Qk9R1ptT+yJuI6
l3M8JOHCi9oZXAr4/XCV6moUuDXQsJ/MduqARwFFKZ2Fdk4UG2ju7HefJG6HP0mR
xRN41Zo/QR6dzgsIE7rLLUoboaFHRH1N5goezcA75lCgVQ7MxNWmZChzQE1WDml6
l8VnjWvBb37DyZv6ngGP1EDbkAtCcfiO0cQUy0He6/ZTj3PZBX2Na4sSlq22CYYl
verXaqQjTYBeQykw8YiIWho6QwVxuJckyifchmLZzydU9htvN5IwcwnzFm8Xercz
5EJBc+lxAvIG6k9oJRPh3FXIXHW5hAXZc9ufzSr3yOno
-----END CERTIFICATE-----