Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/3MaH3hAy88mGkoZ9aywFsl8fEbg.roa
File:                     3MaH3hAy88mGkoZ9aywFsl8fEbg.roa (raw, json)
Hash identifier:          HXJ2tyPs2uAG3HumKsZBg4yJaGzw5ZrbgCC9XNg25uc=
Subject key identifier:   DC:C6:87:DE:10:32:F3:C9:86:92:86:7D:6B:2C:05:B2:5F:1F:11:B8
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       0192C3C7FEE2690D9472F13136AD797FBD97
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/3MaH3hAy88mGkoZ9aywFsl8fEbg.roa
Signing time:             Fri 25 Oct 2024 13:05:16 +0000
ROA not before:           Fri 25 Oct 2024 13:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55286
IP address blocks:        212.116.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:c7:fe:e2:69:0d:94:72:f1:31:36:ad:79:7f:bd:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Oct 25 13:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcc687de1032f3c98692867d6b2c05b25f1f11b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:25:1b:df:09:bd:1f:b4:f8:ee:da:cb:24:f4:
                    70:ef:d3:0f:4a:c7:e1:c2:e4:7e:cb:10:9e:f5:12:
                    5c:b9:b6:12:5b:38:ae:20:a8:d1:7c:9e:a0:e0:2d:
                    97:17:28:3b:8b:b0:8f:71:43:34:3d:b3:b8:f4:f3:
                    0e:66:b4:c1:80:ec:59:d7:fa:62:72:fb:8b:93:77:
                    13:2f:6b:2b:73:ec:14:4e:5b:16:ce:d8:b7:68:84:
                    bb:0c:d5:63:ec:55:b9:e5:c7:de:01:43:be:5d:f2:
                    87:30:9b:52:79:2f:16:9c:84:3c:45:2a:18:96:d9:
                    bf:3c:57:74:5f:ce:53:35:af:29:71:2a:9f:86:e4:
                    1e:30:1c:0b:31:72:a8:87:d5:79:47:d2:70:0b:67:
                    74:8c:a5:67:52:c5:b9:97:de:12:dc:58:35:e0:e6:
                    b5:a8:c2:17:25:bf:5c:a1:d1:37:e1:0e:6a:00:93:
                    4b:a2:bc:59:00:09:af:0b:e1:fd:6c:b4:45:56:9a:
                    9b:fe:e7:21:36:0c:13:f7:18:53:2f:61:4e:5d:43:
                    cf:61:86:21:8e:8f:82:c5:d9:90:82:4f:33:b6:b0:
                    42:ff:34:02:52:11:2e:d5:be:e8:3c:cb:79:87:d0:
                    2c:ad:5a:77:83:3a:d6:d6:79:64:8e:2f:ab:5a:40:
                    7f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C6:87:DE:10:32:F3:C9:86:92:86:7D:6B:2C:05:B2:5F:1F:11:B8
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/3MaH3hAy88mGkoZ9aywFsl8fEbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:d0:07:3e:6f:92:0e:e8:da:4f:3d:7d:81:52:92:e2:96:02:
         cc:7f:53:1d:c1:f4:73:56:f2:2b:0a:d7:bc:52:92:0b:a4:6f:
         37:41:47:7f:fa:5a:27:51:ea:1b:b2:2e:bf:09:26:3b:e9:b6:
         a3:e9:44:2f:3b:17:94:57:2f:51:d4:3e:c4:43:50:5c:29:30:
         fa:16:85:05:fe:fa:52:a6:99:66:73:e0:0c:94:61:fd:a8:02:
         c8:ba:48:f2:7d:18:23:e7:cd:2d:ff:ff:c8:c2:a7:35:77:87:
         1c:68:45:9b:86:cb:0b:04:6b:1a:ed:93:87:ef:5f:72:da:d3:
         80:03:9b:fb:a3:c4:5c:5e:a5:82:a8:5a:4b:9b:c1:df:1c:ee:
         cf:be:a7:27:d2:af:33:f7:53:07:19:8c:5f:e9:b7:2f:fc:19:
         6e:4b:40:68:29:2b:3c:de:90:36:39:94:72:a8:48:28:6e:b9:
         c3:d5:ca:ec:d9:9d:26:18:7e:3a:e7:cd:ee:f3:3a:a1:d4:06:
         21:8b:d7:79:eb:1d:10:ee:5a:ba:73:c6:72:2a:54:fd:48:3c:
         09:38:99:f0:3d:10:c8:61:e1:9c:a0:1f:22:b9:83:e5:53:08:
         ec:5b:2a:0e:67:5e:42:c0:36:05:de:d6:1f:03:69:c9:18:e3:
         90:b4:99:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLDx/7iaQ2UcvExNq15f72XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjQxMDI1MTMwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2M2ODdkZTEwMzJmM2M5ODY5Mjg2N2Q2YjJjMDViMjVmMWYxMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSUb3wm9H7T47trLJPRw79MPSsfh
wuR+yxCe9RJcubYSWziuIKjRfJ6g4C2XFyg7i7CPcUM0PbO49PMOZrTBgOxZ1/pi
cvuLk3cTL2src+wUTlsWzti3aIS7DNVj7FW55cfeAUO+XfKHMJtSeS8WnIQ8RSoY
ltm/PFd0X85TNa8pcSqfhuQeMBwLMXKoh9V5R9JwC2d0jKVnUsW5l94S3Fg14Oa1
qMIXJb9codE34Q5qAJNLorxZAAmvC+H9bLRFVpqb/uchNgwT9xhTL2FOXUPPYYYh
jo+CxdmQgk8ztrBC/zQCUhEu1b7oPMt5h9AsrVp3gzrW1nlkji+rWkB/owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzGh94QMvPJhpKGfWssBbJfHxG4MB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvM01hSDNoQXk4OG1Ha29aOWF5d0ZzbDhmRWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HTiMA0G
CSqGSIb3DQEBCwUAA4IBAQAm0Ac+b5IO6NpPPX2BUpLilgLMf1MdwfRzVvIrCte8
UpILpG83QUd/+lonUeobsi6/CSY76baj6UQvOxeUVy9R1D7EQ1BcKTD6FoUF/vpS
pplmc+AMlGH9qALIukjyfRgj580t///Iwqc1d4ccaEWbhssLBGsa7ZOH719y2tOA
A5v7o8RcXqWCqFpLm8HfHO7Pvqcn0q8z91MHGYxf6bcv/BluS0BoKSs83pA2OZRy
qEgobrnD1crs2Z0mGH46583u8zqh1AYhi9d56x0Q7lq6c8ZyKlT9SDwJOJnwPRDI
YeGcoB8iuYPlUwjsWyoOZ15CwDYF3tYfA2nJGOOQtJlh
-----END CERTIFICATE-----