Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/3LguPMqZSd4yhX8NUjzWdmBRih8.roa
File:                     3LguPMqZSd4yhX8NUjzWdmBRih8.roa (raw, json)
Hash identifier:          Eb00HvIk2TUv6r6+WiaEYLXtmilnavu3rDsG2CRMnkY=
Subject key identifier:   DC:B8:2E:3C:CA:99:49:DE:32:85:7F:0D:52:3C:D6:76:60:51:8A:1F
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019427473A23CA00BBDF1114325A313B7F65
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/3LguPMqZSd4yhX8NUjzWdmBRih8.roa
Signing time:             Thu 02 Jan 2025 13:49:26 +0000
ROA not before:           Thu 02 Jan 2025 13:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215238
IP address blocks:        185.243.182.0/24 maxlen: 24
                          185.249.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:3a:23:ca:00:bb:df:11:14:32:5a:31:3b:7f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  2 13:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcb82e3cca9949de32857f0d523cd67660518a1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:79:5c:c5:58:71:ad:3a:bc:3b:e2:d6:15:56:
                    2b:90:c8:02:8b:b4:e4:55:91:5c:74:ff:bf:24:43:
                    17:9f:de:7a:7f:b6:7d:ae:84:ab:87:6a:b0:d6:a8:
                    27:63:4f:42:a7:fb:d7:3b:0c:4f:b8:f7:4c:0e:01:
                    ff:fa:4f:c3:19:97:4e:f7:4e:e0:90:a6:c1:c3:91:
                    8a:32:75:28:e8:66:17:5d:dd:c9:cb:0a:26:31:f3:
                    10:5f:e4:f3:00:30:e5:a6:b2:68:86:16:23:8b:4e:
                    df:f5:0a:81:b2:75:47:aa:5a:fd:0b:8d:96:df:94:
                    a5:8e:30:c6:85:43:3d:47:7f:73:d3:67:a7:f8:c1:
                    ab:b3:2f:bb:f6:df:ec:14:6e:8f:0c:aa:5c:74:ba:
                    b0:2c:a4:b0:4d:cf:c7:56:ec:ff:61:6d:a5:9d:35:
                    c1:f5:0e:94:06:20:3b:95:55:1b:8b:e5:3c:74:52:
                    f0:b3:49:2b:70:ae:7b:6f:8f:5c:d8:7e:02:78:38:
                    a7:0b:23:b4:ee:5b:4c:79:a9:b1:e4:ab:9b:3e:10:
                    3f:88:46:7e:63:a7:a2:62:4f:66:19:79:5b:08:59:
                    b6:0b:b8:03:f7:a1:c3:97:a3:9f:07:bd:51:74:3d:
                    01:b4:f6:95:b6:71:9a:db:d3:73:b9:e4:18:9b:24:
                    b5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B8:2E:3C:CA:99:49:DE:32:85:7F:0D:52:3C:D6:76:60:51:8A:1F
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/3LguPMqZSd4yhX8NUjzWdmBRih8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.182.0/24
                  185.249.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:59:c2:19:df:c0:8b:76:ee:3e:c9:27:b8:32:ae:76:1a:8c:
         23:a0:23:ec:54:41:a4:e4:cb:62:c0:ef:25:dd:b2:fa:63:30:
         4f:d5:a4:6d:cc:8e:0c:9f:08:7f:38:c4:f6:e6:b3:15:0f:c7:
         94:ed:a0:c2:d2:c5:42:65:9f:49:9e:bc:ca:37:eb:e2:7c:a3:
         ad:d9:0b:ab:36:04:fd:d7:37:11:81:f1:24:50:44:3d:70:44:
         6e:4e:6e:3d:43:e4:fe:ff:0f:a7:fe:42:2d:f4:ff:a9:01:be:
         da:53:6c:e8:89:f9:5c:f5:53:bb:c8:47:5e:f5:80:d9:fe:3e:
         60:4c:b3:c0:1b:f7:b6:d3:1b:b1:fd:f5:bc:e5:2d:0f:49:b5:
         b0:b8:dd:94:4a:1e:f0:88:35:dc:19:6d:d4:5b:13:9c:4f:78:
         fa:5c:0c:b7:f4:33:22:f9:6a:eb:35:1b:47:70:61:c4:fc:3e:
         13:80:92:18:b9:a8:63:a8:59:7d:8b:28:58:35:5c:bb:12:53:
         06:9b:13:da:f7:7c:9c:cf:e4:e0:11:cf:a9:f3:dd:59:cb:65:
         23:2e:cd:83:b7:1e:65:8f:dd:3a:58:0a:1f:fa:57:64:8c:45:
         7b:51:be:bd:4e:32:d9:b9:5d:ae:a9:8e:d3:b0:1a:75:63:7a:
         ca:e9:20:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnRzojygC73xEUMloxO39lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMTAyMTM0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I4MmUzY2NhOTk0OWRlMzI4NTdmMGQ1MjNjZDY3NjYwNTE4YTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXlcxVhxrTq8O+LWFVYrkMgCi7Tk
VZFcdP+/JEMXn956f7Z9roSrh2qw1qgnY09Cp/vXOwxPuPdMDgH/+k/DGZdO907g
kKbBw5GKMnUo6GYXXd3JywomMfMQX+TzADDlprJohhYji07f9QqBsnVHqlr9C42W
35SljjDGhUM9R39z02en+MGrsy+79t/sFG6PDKpcdLqwLKSwTc/HVuz/YW2lnTXB
9Q6UBiA7lVUbi+U8dFLws0krcK57b49c2H4CeDinCyO07ltMeamx5KubPhA/iEZ+
Y6eiYk9mGXlbCFm2C7gD96HDl6OfB71RdD0BtPaVtnGa29NzueQYmyS1fQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNy4LjzKmUneMoV/DVI81nZgUYofMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvM0xndVBNcVpTZDR5aFg4TlVqeldkbUJSaWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufO2AwQA
ufnKMA0GCSqGSIb3DQEBCwUAA4IBAQB/WcIZ38CLdu4+ySe4Mq52GowjoCPsVEGk
5MtiwO8l3bL6YzBP1aRtzI4Mnwh/OMT25rMVD8eU7aDC0sVCZZ9JnrzKN+vifKOt
2QurNgT91zcRgfEkUEQ9cERuTm49Q+T+/w+n/kIt9P+pAb7aU2zoiflc9VO7yEde
9YDZ/j5gTLPAG/e20xux/fW85S0PSbWwuN2USh7wiDXcGW3UWxOcT3j6XAy39DMi
+WrrNRtHcGHE/D4TgJIYuahjqFl9iyhYNVy7ElMGmxPa93ycz+TgEc+p891Zy2Uj
Ls2Dtx5lj906WAof+ldkjEV7Ub69TjLZuV2uqY7TsBp1Y3rK6SCD
-----END CERTIFICATE-----