Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/3_vCPXMxLInxH4KSM9i76JRc3wI.roa
File:                     3_vCPXMxLInxH4KSM9i76JRc3wI.roa (raw, json)
Hash identifier:          KQnR/Rw1eBymAhNe+aNyzbKPfZJwc7vaoArCKIxxfkQ=
Subject key identifier:   DF:FB:C2:3D:73:31:2C:89:F1:1F:82:92:33:D8:BB:E8:94:5C:DF:02
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       01990BA266F5E1E02A3B995E89D6B9EC3A38
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/3_vCPXMxLInxH4KSM9i76JRc3wI.roa
Signing time:             Tue 02 Sep 2025 18:13:36 +0000
ROA not before:           Tue 02 Sep 2025 18:13:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        188.66.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:a2:66:f5:e1:e0:2a:3b:99:5e:89:d6:b9:ec:3a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Sep  2 18:13:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dffbc23d73312c89f11f829233d8bbe8945cdf02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d4:68:5e:aa:5e:40:6d:9e:29:9b:e7:99:de:
                    cc:f9:f6:10:c6:0b:04:2d:94:50:90:98:d5:cc:cc:
                    ba:dc:a2:e1:97:10:85:44:04:9a:6c:46:ab:5d:61:
                    fc:98:54:31:53:c2:92:cd:e4:65:f0:b1:fb:25:a9:
                    d4:0a:b5:2b:64:62:87:08:95:d2:b6:e3:e0:62:d6:
                    52:cd:12:de:0f:97:1c:4c:6b:b5:59:96:34:4b:95:
                    33:77:22:cf:f8:e4:e0:64:de:1a:bb:f9:5d:d5:90:
                    16:16:33:62:1a:6b:58:75:e6:c7:1b:24:2e:a3:81:
                    15:fb:db:b9:a4:99:e1:59:37:b3:f6:70:95:c8:09:
                    86:b8:e8:1f:2a:90:e3:57:48:37:6d:2a:5c:f3:48:
                    2c:9d:55:a8:1d:26:91:ea:48:7d:53:33:cc:61:48:
                    37:61:61:11:5d:0a:23:80:b5:3d:eb:7c:25:7d:d3:
                    43:75:24:e5:3b:19:92:84:69:52:7a:0b:a8:c5:41:
                    b2:ea:3f:42:30:97:63:79:05:6d:8b:04:a3:d7:45:
                    a2:72:61:20:4d:5a:fd:8f:93:cd:a9:4f:22:e8:af:
                    fe:53:f8:07:ce:b3:95:bd:eb:2a:2c:53:75:5f:28:
                    9e:3c:8a:b3:14:a3:87:0b:8c:b5:22:78:18:87:64:
                    46:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:FB:C2:3D:73:31:2C:89:F1:1F:82:92:33:D8:BB:E8:94:5C:DF:02
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/3_vCPXMxLInxH4KSM9i76JRc3wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:91:bf:0b:d0:d7:7a:3f:1f:f6:f1:bf:d8:2d:0e:6f:df:32:
         e6:6f:e4:0a:a1:9b:45:69:83:34:35:39:1e:d7:21:71:2c:f7:
         d5:72:d2:87:ec:56:05:cf:cd:0b:a3:46:f8:45:c3:c3:85:da:
         cd:9c:81:18:d8:e6:91:28:8c:6b:9c:17:d7:e0:14:a1:af:63:
         4a:dd:12:e1:61:aa:47:2f:40:32:df:8e:62:c3:bd:18:b3:a0:
         bb:45:6f:9a:5b:d9:76:ef:e1:5d:3a:b7:57:0b:59:a4:99:60:
         26:c3:9a:3c:5a:fa:d4:f2:f1:18:ba:3b:4f:75:cc:09:93:6b:
         90:ba:07:92:ac:cb:55:9a:23:70:e2:dc:3f:6a:ae:d6:ba:e2:
         52:68:c2:5f:e6:f3:cd:c5:e4:10:5d:4c:52:a7:39:8e:df:5e:
         75:99:bf:c2:2c:8c:9f:e4:e2:eb:e5:16:bb:dd:1a:ad:47:d6:
         ef:e8:a4:9c:2f:64:61:29:2b:df:88:b4:03:b9:ed:d4:86:a8:
         2f:f7:e1:04:f6:e3:e9:1d:e9:f6:00:9c:32:3f:78:7f:8a:36:
         a3:5a:13:1c:bb:88:58:56:0a:4e:27:1f:60:a1:a0:63:d6:63:
         a8:ac:0c:d8:c8:3b:85:f8:82:bb:3b:d4:e1:29:a1:da:41:b2:
         94:63:b4:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLomb14eAqO5leida57Do4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwOTAyMTgxMzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmZiYzIzZDczMzEyYzg5ZjExZjgyOTIzM2Q4YmJlODk0NWNkZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdRoXqpeQG2eKZvnmd7M+fYQxgsE
LZRQkJjVzMy63KLhlxCFRASabEarXWH8mFQxU8KSzeRl8LH7JanUCrUrZGKHCJXS
tuPgYtZSzRLeD5ccTGu1WZY0S5UzdyLP+OTgZN4au/ld1ZAWFjNiGmtYdebHGyQu
o4EV+9u5pJnhWTez9nCVyAmGuOgfKpDjV0g3bSpc80gsnVWoHSaR6kh9UzPMYUg3
YWERXQojgLU963wlfdNDdSTlOxmShGlSeguoxUGy6j9CMJdjeQVtiwSj10WicmEg
TVr9j5PNqU8i6K/+U/gHzrOVvesqLFN1XyiePIqzFKOHC4y1IngYh2RG5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/7wj1zMSyJ8R+CkjPYu+iUXN8CMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvM192Q1BYTXhMSW54SDRLU005aTc2SlJjM3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIZMA0G
CSqGSIb3DQEBCwUAA4IBAQA6kb8L0Nd6Px/28b/YLQ5v3zLmb+QKoZtFaYM0NTke
1yFxLPfVctKH7FYFz80Lo0b4RcPDhdrNnIEY2OaRKIxrnBfX4BShr2NK3RLhYapH
L0Ay345iw70Ys6C7RW+aW9l27+FdOrdXC1mkmWAmw5o8WvrU8vEYujtPdcwJk2uQ
ugeSrMtVmiNw4tw/aq7WuuJSaMJf5vPNxeQQXUxSpzmO3151mb/CLIyf5OLr5Ra7
3RqtR9bv6KScL2RhKSvfiLQDue3Uhqgv9+EE9uPpHen2AJwyP3h/ijajWhMcu4hY
VgpOJx9goaBj1mOorAzYyDuF+IK7O9ThKaHaQbKUY7Rd
-----END CERTIFICATE-----