Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/3M7wBBpkusFy6XxKDsxty6MG5oc.roa
File:                     3M7wBBpkusFy6XxKDsxty6MG5oc.roa (raw, json)
Hash identifier:          YSSYNxdPtjen4WxWiG8EF2gEI3aywMBBh8+MYwBRA4Y=
Subject key identifier:   DC:CE:F0:04:1A:64:BA:C1:72:E9:7C:4A:0E:CC:6D:CB:A3:06:E6:87
Certificate issuer:       /CN=dbd7fc50548287deaea7ce92099e47a04a70d451
Certificate serial:       019425218FDA23558CCE3DF7879BEE1AF127
Authority key identifier: DB:D7:FC:50:54:82:87:DE:AE:A7:CE:92:09:9E:47:A0:4A:70:D4:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/3M7wBBpkusFy6XxKDsxty6MG5oc.roa
Signing time:             Thu 02 Jan 2025 03:49:04 +0000
ROA not before:           Thu 02 Jan 2025 03:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.73.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8f:da:23:55:8c:ce:3d:f7:87:9b:ee:1a:f1:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd7fc50548287deaea7ce92099e47a04a70d451
        Validity
            Not Before: Jan  2 03:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dccef0041a64bac172e97c4a0ecc6dcba306e687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e7:ac:cb:3d:10:2d:24:3b:12:0c:13:0d:a5:
                    8f:a8:18:9a:ea:e3:32:52:b6:01:4d:70:08:8c:51:
                    9e:64:f9:47:e6:e6:c4:ad:8a:7e:c2:dd:1a:36:9d:
                    91:5c:b5:c8:16:7a:a5:eb:ab:24:ec:a7:2a:87:1a:
                    93:e3:0e:63:d0:ad:26:0a:a6:fd:b7:49:04:12:a8:
                    18:fc:cc:6d:d5:aa:ae:f0:a4:7d:15:50:24:62:f0:
                    ac:77:43:f1:4f:05:50:e9:3f:bd:fa:2c:f6:ee:4d:
                    8b:04:d7:76:40:18:78:0c:48:86:b4:70:47:43:98:
                    d5:f3:7e:e4:2f:86:f2:42:63:f7:97:fe:23:b6:9d:
                    c6:98:3a:af:99:60:82:b8:55:bf:05:51:a9:67:6f:
                    aa:86:6c:f5:2a:d1:03:c6:1a:ea:a2:fd:d3:28:c5:
                    a7:33:e6:92:a6:4e:f3:c0:71:30:b3:10:4e:fc:39:
                    1d:72:d9:42:b9:cc:b2:ae:4c:47:16:35:15:41:1c:
                    e0:b8:31:57:5e:07:18:64:a7:e4:01:78:0e:80:bc:
                    c7:af:fe:13:c1:90:82:18:13:24:8e:d0:4c:01:aa:
                    53:4b:0d:04:9b:c4:b5:5c:2a:5f:23:35:c0:cd:55:
                    56:19:c9:42:d7:a2:d4:f3:97:db:cc:9d:f3:3b:26:
                    61:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:CE:F0:04:1A:64:BA:C1:72:E9:7C:4A:0E:CC:6D:CB:A3:06:E6:87
            X509v3 Authority Key Identifier:
                keyid:DB:D7:FC:50:54:82:87:DE:AE:A7:CE:92:09:9E:47:A0:4A:70:D4:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/3M7wBBpkusFy6XxKDsxty6MG5oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:3a:67:b0:9c:45:8c:80:5f:ca:d6:ad:54:73:c5:92:eb:c6:
         17:c5:7f:97:27:78:84:49:fd:2f:88:95:83:b7:ee:eb:35:11:
         f7:71:bb:8a:8f:3d:76:b2:69:3b:ff:e4:ca:3b:38:a5:33:52:
         5d:49:cf:16:a3:6c:95:3d:de:cc:d5:95:49:07:a5:b5:4f:c1:
         7e:4c:9a:ab:51:7a:cb:4d:88:2e:1f:55:52:4c:36:ce:da:eb:
         d7:60:d0:e3:1e:44:3d:93:53:7a:3d:b5:88:8c:5a:43:6b:dd:
         e0:3c:53:08:06:d6:be:04:ba:69:a0:7d:c1:a6:80:50:fb:e0:
         c8:fd:7a:39:04:13:43:1f:e1:0c:da:e5:60:f7:55:90:7e:98:
         a9:03:fc:a9:73:64:81:e3:d7:07:d7:d9:15:20:28:0e:42:b4:
         e9:43:80:7f:73:22:58:a0:7d:e6:0c:77:bf:4d:7a:d4:93:b1:
         23:b8:76:f5:9e:4d:6a:74:59:47:7e:fc:eb:96:23:c7:7d:a1:
         be:83:11:2b:59:18:85:e2:0d:b0:fb:57:cb:05:7b:34:ca:56:
         db:19:ae:fc:f9:03:5d:76:be:42:f6:9e:e7:af:ff:38:50:78:
         9e:06:41:85:b4:68:3b:b2:6b:a8:e8:ea:28:42:9a:8c:3d:1c:
         ff:bc:e8:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIY/aI1WMzj33h5vuGvEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDdmYzUwNTQ4Mjg3ZGVhZWE3Y2U5MjA5OWU0N2EwNGE3
MGQ0NTEwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2NlZjAwNDFhNjRiYWMxNzJlOTdjNGEwZWNjNmRjYmEzMDZlNjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOesyz0QLSQ7EgwTDaWPqBia6uMy
UrYBTXAIjFGeZPlH5ubErYp+wt0aNp2RXLXIFnql66sk7KcqhxqT4w5j0K0mCqb9
t0kEEqgY/Mxt1aqu8KR9FVAkYvCsd0PxTwVQ6T+9+iz27k2LBNd2QBh4DEiGtHBH
Q5jV837kL4byQmP3l/4jtp3GmDqvmWCCuFW/BVGpZ2+qhmz1KtEDxhrqov3TKMWn
M+aSpk7zwHEwsxBO/DkdctlCucyyrkxHFjUVQRzguDFXXgcYZKfkAXgOgLzHr/4T
wZCCGBMkjtBMAapTSw0Em8S1XCpfIzXAzVVWGclC16LU85fbzJ3zOyZhQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzO8AQaZLrBcul8Sg7MbcujBuaHMB8GA1UdIwQY
MBaAFNvX/FBUgoferqfOkgmeR6BKcNRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlmOFVGU0NoOTZ1cDg2U0NaNUhvRXB3MUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82MDZlYTktNDgzNC00YjYzLTllMGEt
ZjI1NjA0YzRiZTgyLzEvM003d0JCcGt1c0Z5Nlh4S0RzeHR5Nk1HNW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82MDZlYTktNDgzNC00YjYzLTllMGEtZjI1NjA0YzRiZTgy
LzEvMjlmOFVGU0NoOTZ1cDg2U0NaNUhvRXB3MUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUngMA0G
CSqGSIb3DQEBCwUAA4IBAQAxOmewnEWMgF/K1q1Uc8WS68YXxX+XJ3iESf0viJWD
t+7rNRH3cbuKjz12smk7/+TKOzilM1JdSc8Wo2yVPd7M1ZVJB6W1T8F+TJqrUXrL
TYguH1VSTDbO2uvXYNDjHkQ9k1N6PbWIjFpDa93gPFMIBta+BLppoH3BpoBQ++DI
/Xo5BBNDH+EM2uVg91WQfpipA/ypc2SB49cH19kVICgOQrTpQ4B/cyJYoH3mDHe/
TXrUk7EjuHb1nk1qdFlHfvzrliPHfaG+gxErWRiF4g2w+1fLBXs0ylbbGa78+QNd
dr5C9p7nr/84UHieBkGFtGg7smuo6OooQpqMPRz/vOjZ
-----END CERTIFICATE-----