Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/m3UPJQ_Zh7wapyw5537rzzPo3os.roa
File:                     m3UPJQ_Zh7wapyw5537rzzPo3os.roa (raw, json)
Hash identifier:          EUy+4/7WXUAZtQJhe/6fh4vD4Ks9aUtYKkwAIbRuQrA=
Subject key identifier:   9B:75:0F:25:0F:D9:87:BC:1A:A7:2C:39:E7:7E:EB:CF:33:E8:DE:8B
Certificate issuer:       /CN=399dc13619aaba7f222ceacb05f1bbac59bd3a9a
Certificate serial:       0194266BE90FD905FACED4A7EBE10487A773
Authority key identifier: 39:9D:C1:36:19:AA:BA:7F:22:2C:EA:CB:05:F1:BB:AC:59:BD:3A:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZ3BNhmqun8iLOrLBfG7rFm9Opo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/m3UPJQ_Zh7wapyw5537rzzPo3os.roa
Signing time:             Thu 02 Jan 2025 09:49:53 +0000
ROA not before:           Thu 02 Jan 2025 09:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        85.208.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/OZ3BNhmqun8iLOrLBfG7rFm9Opo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/OZ3BNhmqun8iLOrLBfG7rFm9Opo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZ3BNhmqun8iLOrLBfG7rFm9Opo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e9:0f:d9:05:fa:ce:d4:a7:eb:e1:04:87:a7:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=399dc13619aaba7f222ceacb05f1bbac59bd3a9a
        Validity
            Not Before: Jan  2 09:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b750f250fd987bc1aa72c39e77eebcf33e8de8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c7:75:f3:6e:79:12:d4:92:90:fd:a8:29:55:
                    60:ec:dd:7e:0b:9b:5b:07:14:16:bf:11:04:b0:9a:
                    dd:77:c0:c6:fd:ce:f8:27:3a:03:fa:16:76:07:d0:
                    cf:78:5b:14:5e:0f:a1:82:c1:6c:56:c9:b3:e7:bd:
                    c6:05:d8:ce:24:a4:f9:7a:fd:0c:91:34:c5:88:89:
                    a3:9c:c6:46:57:5e:ab:7c:0b:9a:38:0f:75:23:01:
                    ef:cc:c4:ff:dd:7c:b8:42:45:20:82:90:a1:d7:b5:
                    cd:35:18:b1:e3:5f:fb:74:2f:6b:50:f4:cb:1b:e6:
                    29:63:78:4c:fe:2b:37:5a:64:83:c3:2a:54:f0:13:
                    bd:36:55:62:13:a6:64:01:c3:73:f9:0c:ff:60:87:
                    fe:bc:1f:9b:06:37:57:1f:72:ae:c5:88:e3:5e:49:
                    5b:52:0c:0d:7f:3d:8e:c7:ec:2b:c8:44:7d:66:8f:
                    50:4b:d4:a4:88:8d:c4:0d:f6:36:b4:73:2b:7f:33:
                    30:5d:d7:19:b4:c6:2d:9e:d2:de:72:0f:a8:7f:11:
                    a8:a8:ad:0c:e7:b5:0f:a6:fe:43:a5:88:2d:32:a2:
                    60:80:19:a4:c2:d1:f6:77:37:41:17:ec:e9:8a:8f:
                    43:fe:c3:7c:53:56:41:82:d6:ae:4c:71:83:3c:ee:
                    3a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:75:0F:25:0F:D9:87:BC:1A:A7:2C:39:E7:7E:EB:CF:33:E8:DE:8B
            X509v3 Authority Key Identifier:
                keyid:39:9D:C1:36:19:AA:BA:7F:22:2C:EA:CB:05:F1:BB:AC:59:BD:3A:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZ3BNhmqun8iLOrLBfG7rFm9Opo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/m3UPJQ_Zh7wapyw5537rzzPo3os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/efa225-16dc-4f43-aae9-0032fdc5450b/1/OZ3BNhmqun8iLOrLBfG7rFm9Opo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:55:2d:94:72:fa:c7:87:4c:f2:9c:ea:26:a4:74:79:d9:73:
         e0:9f:31:c4:6f:10:1f:b9:4c:97:b8:9d:81:aa:93:45:c5:2b:
         99:63:ea:31:6f:97:57:9c:f8:ad:d2:a8:7e:77:b7:08:cc:c7:
         3e:35:2a:92:75:e9:27:dd:6b:63:ef:a2:f7:c7:54:1f:cc:cd:
         5b:b4:d0:e0:64:3d:78:eb:81:b9:bb:dc:ba:52:18:9d:88:f2:
         32:6a:ed:da:44:8b:4b:ea:32:1a:71:76:ca:54:46:8a:01:39:
         ad:53:96:31:81:82:ea:58:c7:d0:19:7b:84:2e:ef:34:60:fa:
         21:64:4a:ee:6f:18:10:0b:e4:cb:6e:86:a5:09:c2:32:46:8b:
         b5:1b:a2:50:c6:fc:bd:20:e7:2a:2a:9c:79:d7:5e:83:84:a8:
         ec:91:22:4d:82:9e:16:d8:ae:46:2e:39:28:0c:02:f7:27:d8:
         da:54:50:8d:8d:65:71:7f:a2:fe:c8:3c:c6:a3:fc:bb:ee:da:
         58:b8:cd:68:3a:84:4f:30:cd:f7:70:0e:50:b9:02:03:c5:df:
         63:ce:49:d5:8f:d2:49:c8:af:d6:7c:16:db:64:ad:fd:39:80:
         c5:51:9c:b4:26:c6:25:7b:b2:88:1e:30:3b:42:6f:ac:30:b1:
         3d:da:24:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+kP2QX6ztSn6+EEh6dzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OWRjMTM2MTlhYWJhN2YyMjJjZWFjYjA1ZjFiYmFjNTli
ZDNhOWEwHhcNMjUwMTAyMDk0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjc1MGYyNTBmZDk4N2JjMWFhNzJjMzllNzdlZWJjZjMzZThkZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsd18255EtSSkP2oKVVg7N1+C5tb
BxQWvxEEsJrdd8DG/c74JzoD+hZ2B9DPeFsUXg+hgsFsVsmz573GBdjOJKT5ev0M
kTTFiImjnMZGV16rfAuaOA91IwHvzMT/3Xy4QkUggpCh17XNNRix41/7dC9rUPTL
G+YpY3hM/is3WmSDwypU8BO9NlViE6ZkAcNz+Qz/YIf+vB+bBjdXH3KuxYjjXklb
UgwNfz2Ox+wryER9Zo9QS9SkiI3EDfY2tHMrfzMwXdcZtMYtntLecg+ofxGoqK0M
57UPpv5DpYgtMqJggBmkwtH2dzdBF+zpio9D/sN8U1ZBgtauTHGDPO46KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJt1DyUP2Ye8GqcsOed+688z6N6LMB8GA1UdIwQY
MBaAFDmdwTYZqrp/IizqywXxu6xZvTqaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1ozQk5obXF1bjhpTE9yTEJmRzdyRm05T3BvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lZmEyMjUtMTZkYy00ZjQzLWFhZTkt
MDAzMmZkYzU0NTBiLzEvbTNVUEpRX1poN3dhcHl3NTUzN3J6elBvM29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lZmEyMjUtMTZkYy00ZjQzLWFhZTktMDAzMmZkYzU0NTBi
LzEvT1ozQk5obXF1bjhpTE9yTEJmRzdyRm05T3BvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdDBMA0G
CSqGSIb3DQEBCwUAA4IBAQBjVS2UcvrHh0zynOompHR52XPgnzHEbxAfuUyXuJ2B
qpNFxSuZY+oxb5dXnPit0qh+d7cIzMc+NSqSdekn3Wtj76L3x1QfzM1btNDgZD14
64G5u9y6UhidiPIyau3aRItL6jIacXbKVEaKATmtU5YxgYLqWMfQGXuELu80YPoh
ZErubxgQC+TLboalCcIyRou1G6JQxvy9IOcqKpx5116DhKjskSJNgp4W2K5GLjko
DAL3J9jaVFCNjWVxf6L+yDzGo/y77tpYuM1oOoRPMM33cA5QuQIDxd9jzknVj9JJ
yK/WfBbbZK39OYDFUZy0JsYle7KIHjA7Qm+sMLE92iRq
-----END CERTIFICATE-----