Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/3k8_kp12bXXFkHjiBg1PEJICwr0.roa
File:                     3k8_kp12bXXFkHjiBg1PEJICwr0.roa (raw, json)
Hash identifier:          1PMOgKfDIxDbLF+RS6601XWcDPM5AQrPUfsfKSaLeP8=
Subject key identifier:   DE:4F:3F:92:9D:76:6D:75:C5:90:78:E2:06:0D:4F:10:92:02:C2:BD
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       019421B2010C1FA8DBE3C052C20D52094225
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/3k8_kp12bXXFkHjiBg1PEJICwr0.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        212.116.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:01:0c:1f:a8:db:e3:c0:52:c2:0d:52:09:42:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de4f3f929d766d75c59078e2060d4f109202c2bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c2:03:60:9a:8c:72:95:a8:bb:17:78:8b:1d:
                    9b:da:4b:a3:f4:ea:5f:dd:34:60:32:ae:82:2a:ef:
                    6a:80:c4:43:d6:5a:7b:57:0d:2a:00:6b:21:0d:db:
                    39:73:59:e1:75:ce:9f:be:ce:48:a4:4e:d3:95:89:
                    bf:47:4b:0d:a8:1d:76:0b:c7:9c:ac:ab:e8:80:db:
                    49:5e:d1:96:b5:0d:54:e9:a9:a0:11:84:76:58:6e:
                    3c:8d:9f:9e:63:0e:0f:18:4d:aa:02:81:f4:be:50:
                    cd:b0:a1:9f:a9:05:79:4c:a1:de:d4:e9:c2:f9:e3:
                    5c:a6:48:84:cf:60:37:e7:70:8e:15:a5:11:49:7a:
                    e4:38:ac:c3:3f:9e:18:a0:d0:ac:71:1f:e0:58:5e:
                    1c:a5:88:80:2e:72:e5:09:0f:bb:8f:f1:0c:ae:a5:
                    48:da:83:4f:4b:69:46:97:84:f2:c0:9c:a5:8e:3b:
                    46:3c:fb:45:87:c9:fa:7f:b5:2a:b6:7a:dd:e6:35:
                    60:6f:5a:06:a2:92:0b:df:d6:b1:4d:19:66:55:69:
                    03:08:53:e2:35:e2:e1:04:25:83:c0:86:d9:f7:78:
                    1d:bd:d4:b0:42:7c:be:5d:79:fd:26:3f:97:a6:77:
                    03:7e:01:b6:96:34:5a:66:55:7a:0c:bd:af:f8:14:
                    48:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4F:3F:92:9D:76:6D:75:C5:90:78:E2:06:0D:4F:10:92:02:C2:BD
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/3k8_kp12bXXFkHjiBg1PEJICwr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:03:b6:20:70:75:ed:7c:50:55:9d:05:1b:f2:f1:cd:e5:fa:
         bb:fa:c2:fe:47:74:76:82:a5:16:72:d2:e4:ab:e2:7f:8f:21:
         3c:bf:de:a6:53:6b:03:da:14:db:6d:a0:42:1d:d9:ef:e9:eb:
         b5:a5:86:71:d2:86:ca:d7:dc:8b:3a:8c:5b:68:1c:20:bf:ff:
         2d:31:d0:a4:a7:74:e6:8f:8b:ed:c1:a4:01:c2:cd:29:89:ad:
         12:32:3c:66:4e:ac:ac:f8:fe:e7:10:42:65:39:a4:1d:dc:63:
         7d:4d:73:6d:fb:f2:54:40:8a:c9:26:cb:a2:f7:be:4a:46:ff:
         01:7e:4a:82:86:d6:f1:47:f7:95:e8:6e:0b:35:fc:db:7d:ea:
         da:a5:42:ac:74:9f:c1:83:73:dd:11:11:47:4b:41:37:4e:d3:
         b7:fa:49:b5:b3:20:d0:2c:ef:01:56:d4:d3:a0:17:db:94:68:
         33:34:37:29:b3:13:46:c0:f2:13:ad:06:e5:55:b1:eb:38:a1:
         00:ba:df:94:a2:0a:28:25:cd:53:54:1a:be:ac:93:ec:9c:0b:
         c0:b5:c5:f7:43:f4:61:da:82:3a:54:51:36:06:86:0b:02:02:
         ed:d0:6d:47:3b:5c:42:6e:da:4a:17:d3:e0:93:c8:63:71:89:
         2c:1c:7a:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgEMH6jb48BSwg1SCUIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRmM2Y5MjlkNzY2ZDc1YzU5MDc4ZTIwNjBkNGYxMDkyMDJjMmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssIDYJqMcpWouxd4ix2b2kuj9Opf
3TRgMq6CKu9qgMRD1lp7Vw0qAGshDds5c1nhdc6fvs5IpE7TlYm/R0sNqB12C8ec
rKvogNtJXtGWtQ1U6amgEYR2WG48jZ+eYw4PGE2qAoH0vlDNsKGfqQV5TKHe1OnC
+eNcpkiEz2A353COFaURSXrkOKzDP54YoNCscR/gWF4cpYiALnLlCQ+7j/EMrqVI
2oNPS2lGl4TywJyljjtGPPtFh8n6f7Uqtnrd5jVgb1oGopIL39axTRlmVWkDCFPi
NeLhBCWDwIbZ93gdvdSwQny+XXn9Jj+XpncDfgG2ljRaZlV6DL2v+BRIWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5PP5Kddm11xZB44gYNTxCSAsK9MB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvM2s4X2twMTJiWFhGa0hqaUJnMVBFSklDd3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1HTkMA0G
CSqGSIb3DQEBCwUAA4IBAQCSA7YgcHXtfFBVnQUb8vHN5fq7+sL+R3R2gqUWctLk
q+J/jyE8v96mU2sD2hTbbaBCHdnv6eu1pYZx0obK19yLOoxbaBwgv/8tMdCkp3Tm
j4vtwaQBws0pia0SMjxmTqys+P7nEEJlOaQd3GN9TXNt+/JUQIrJJsui975KRv8B
fkqChtbxR/eV6G4LNfzbferapUKsdJ/Bg3PdERFHS0E3TtO3+km1syDQLO8BVtTT
oBfblGgzNDcpsxNGwPITrQblVbHrOKEAut+UogooJc1TVBq+rJPsnAvAtcX3Q/Rh
2oI6VFE2BoYLAgLt0G1HO1xCbtpKF9Pgk8hjcYksHHoi
-----END CERTIFICATE-----