Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/7478dc-c96d-4be5-8086-253b8b41a75c/1/3tu6ClYuvbDBR6KTKvf_i26_sNM.roa
File:                     3tu6ClYuvbDBR6KTKvf_i26_sNM.roa (raw, json)
Hash identifier:          mscne+X+jfLaHAfi9bV23pNVKutqYHuT+pdDSC+aYJQ=
Subject key identifier:   DE:DB:BA:0A:56:2E:BD:B0:C1:47:A2:93:2A:F7:FF:8B:6E:BF:B0:D3
Certificate issuer:       /CN=a721082c80abaf95fad7ea60f3c5ec0e05e28edc
Certificate serial:       0194221FB36EBEA7F280D1AE2318F5FA0965
Authority key identifier: A7:21:08:2C:80:AB:AF:95:FA:D7:EA:60:F3:C5:EC:0E:05:E2:8E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pyEILICrr5X61-pg88XsDgXijtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/7478dc-c96d-4be5-8086-253b8b41a75c/1/3tu6ClYuvbDBR6KTKvf_i26_sNM.roa
Signing time:             Wed 01 Jan 2025 13:48:10 +0000
ROA not before:           Wed 01 Jan 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3268
IP address blocks:        82.116.192.0/19 maxlen: 19
                          82.116.202.0/24 maxlen: 24
                          82.116.208.0/24 maxlen: 24
                          2a0d:8700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/7478dc-c96d-4be5-8086-253b8b41a75c/1/pyEILICrr5X61-pg88XsDgXijtw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/7478dc-c96d-4be5-8086-253b8b41a75c/1/pyEILICrr5X61-pg88XsDgXijtw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pyEILICrr5X61-pg88XsDgXijtw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b3:6e:be:a7:f2:80:d1:ae:23:18:f5:fa:09:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a721082c80abaf95fad7ea60f3c5ec0e05e28edc
        Validity
            Not Before: Jan  1 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dedbba0a562ebdb0c147a2932af7ff8b6ebfb0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9b:9c:f5:fa:3a:d3:a7:d7:da:18:4c:dd:b8:
                    14:23:9d:1f:42:f9:9e:bf:47:f1:7c:7a:35:cb:bf:
                    91:80:da:39:56:52:29:85:81:ba:20:52:76:25:df:
                    25:7c:f3:23:78:58:8e:97:72:3e:e1:b8:0e:ea:00:
                    44:e7:fa:1e:ff:75:8e:62:70:61:a6:5c:78:f4:01:
                    03:ae:67:e0:eb:3c:f0:eb:ce:d3:9d:5f:45:b2:68:
                    19:bf:b6:22:35:22:4c:8f:e6:40:51:b1:f9:ad:ed:
                    b8:4c:2a:e2:dd:98:72:96:06:0a:5a:de:81:92:fa:
                    78:94:ad:e5:00:b6:40:ff:5f:51:f0:d8:a4:ea:40:
                    85:c5:9f:9c:73:a9:bb:c4:75:5f:19:82:4c:cb:1f:
                    48:9e:98:a3:60:b2:dd:6b:02:0f:fc:40:e6:35:ea:
                    64:69:a4:ae:69:11:5b:67:94:98:2e:9e:e9:a0:c2:
                    a9:c5:32:7c:5c:f8:c2:00:38:64:f6:d3:42:16:ad:
                    e3:fc:e0:18:64:c8:52:51:dd:c6:a5:75:a3:c9:e8:
                    d2:ef:b9:1c:17:fe:23:ce:40:15:b7:89:78:db:a5:
                    1c:e2:a1:2f:35:ae:a3:8a:18:75:01:47:1e:e6:9a:
                    45:c0:a3:b5:6a:7b:b4:e3:56:fd:24:93:8b:d7:e4:
                    be:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DB:BA:0A:56:2E:BD:B0:C1:47:A2:93:2A:F7:FF:8B:6E:BF:B0:D3
            X509v3 Authority Key Identifier:
                keyid:A7:21:08:2C:80:AB:AF:95:FA:D7:EA:60:F3:C5:EC:0E:05:E2:8E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pyEILICrr5X61-pg88XsDgXijtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/7478dc-c96d-4be5-8086-253b8b41a75c/1/3tu6ClYuvbDBR6KTKvf_i26_sNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/7478dc-c96d-4be5-8086-253b8b41a75c/1/pyEILICrr5X61-pg88XsDgXijtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.116.192.0/19
                IPv6:
                  2a0d:8700::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:93:81:26:96:51:51:27:ab:10:33:03:52:04:1b:5b:7f:04:
         9d:ab:73:1b:da:5e:34:70:a1:60:b3:b4:b7:2d:52:dd:fd:1d:
         f9:8a:bd:a8:35:3a:60:a4:30:68:fb:3a:f2:df:64:31:3e:03:
         4e:30:6c:9c:11:a5:d5:8a:14:4c:9a:ba:b4:fa:c3:21:fd:74:
         3c:6c:25:aa:ef:e6:fe:52:c4:d1:68:f8:bc:28:f0:c6:e2:73:
         3b:7c:ff:66:97:89:eb:f9:a5:df:61:77:5c:f5:26:31:26:7a:
         b1:66:24:ea:0c:92:8c:de:e3:ac:67:ee:f6:c2:c0:78:62:9a:
         31:5b:ef:be:db:16:62:ad:7a:5c:21:1d:e1:f4:4c:54:a0:13:
         2f:f4:a2:9d:9a:38:0e:00:07:0f:b5:ce:c9:89:73:56:fe:c8:
         2f:05:d4:2a:f2:b3:fe:e5:6e:ab:9c:1b:3e:8b:de:85:e1:76:
         91:cc:50:05:e1:f7:77:a5:e2:96:26:e7:26:3e:2a:bc:8c:50:
         54:d3:23:d2:b8:8e:be:f7:ad:ea:ff:7c:64:97:cc:ed:e8:64:
         00:b2:8d:db:29:c8:ce:76:30:52:39:6d:60:fe:c2:e5:39:b9:
         9e:7b:e4:a4:24:40:7e:b6:7a:06:8f:63:88:4b:55:4a:d5:4f:
         0b:bb:64:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH7NuvqfygNGuIxj1+gllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MjEwODJjODBhYmFmOTVmYWQ3ZWE2MGYzYzVlYzBlMDVl
MjhlZGMwHhcNMjUwMTAxMTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRiYmEwYTU2MmViZGIwYzE0N2EyOTMyYWY3ZmY4YjZlYmZiMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpuc9fo606fX2hhM3bgUI50fQvme
v0fxfHo1y7+RgNo5VlIphYG6IFJ2Jd8lfPMjeFiOl3I+4bgO6gBE5/oe/3WOYnBh
plx49AEDrmfg6zzw687TnV9FsmgZv7YiNSJMj+ZAUbH5re24TCri3ZhylgYKWt6B
kvp4lK3lALZA/19R8Nik6kCFxZ+cc6m7xHVfGYJMyx9InpijYLLdawIP/EDmNepk
aaSuaRFbZ5SYLp7poMKpxTJ8XPjCADhk9tNCFq3j/OAYZMhSUd3GpXWjyejS77kc
F/4jzkAVt4l426Uc4qEvNa6jihh1AUce5ppFwKO1anu041b9JJOL1+S+yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN7bugpWLr2wwUeikyr3/4tuv7DTMB8GA1UdIwQY
MBaAFKchCCyAq6+V+tfqYPPF7A4F4o7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHlFSUxJQ3JyNVg2MS1wZzg4WHNEZ1hpanR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi83NDc4ZGMtYzk2ZC00YmU1LTgwODYt
MjUzYjhiNDFhNzVjLzEvM3R1NkNsWXV2YkRCUjZLVEt2Zl9pMjZfc05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi83NDc4ZGMtYzk2ZC00YmU1LTgwODYtMjUzYjhiNDFhNzVj
LzEvcHlFSUxJQ3JyNVg2MS1wZzg4WHNEZ1hpanR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUnTAMA0E
AgACMAcDBQMqDYcAMA0GCSqGSIb3DQEBCwUAA4IBAQBrk4EmllFRJ6sQMwNSBBtb
fwSdq3Mb2l40cKFgs7S3LVLd/R35ir2oNTpgpDBo+zry32QxPgNOMGycEaXVihRM
mrq0+sMh/XQ8bCWq7+b+UsTRaPi8KPDG4nM7fP9ml4nr+aXfYXdc9SYxJnqxZiTq
DJKM3uOsZ+72wsB4YpoxW+++2xZirXpcIR3h9ExUoBMv9KKdmjgOAAcPtc7JiXNW
/sgvBdQq8rP+5W6rnBs+i96F4XaRzFAF4fd3peKWJucmPiq8jFBU0yPSuI6+963q
/3xkl8zt6GQAso3bKcjOdjBSOW1g/sLlObmee+SkJEB+tnoGj2OIS1VK1U8Lu2SN
-----END CERTIFICATE-----