Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3m-CieAv6hh3ZEVFvjzJOkWljko.roa
File:                     3m-CieAv6hh3ZEVFvjzJOkWljko.roa (raw, json)
Hash identifier:          8QPP3dAqs2H0UhkY5lao855mAjZ2+TFm7qGVfeo9bmo=
Subject key identifier:   DE:6F:82:89:E0:2F:EA:18:77:64:45:45:BE:3C:C9:3A:45:A5:8E:4A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198B1E585E28BC5AF634BC60384801C73AC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3m-CieAv6hh3ZEVFvjzJOkWljko.roa
Signing time:             Sat 16 Aug 2025 08:01:05 +0000
ROA not before:           Sat 16 Aug 2025 08:01:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214309
IP address blocks:        45.12.70.0/24 maxlen: 24
                          2a06:de00:dde0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b1:e5:85:e2:8b:c5:af:63:4b:c6:03:84:80:1c:73:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 16 08:01:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de6f8289e02fea1877644545be3cc93a45a58e4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8c:c2:00:af:70:03:76:ed:a4:d2:c8:e5:c2:
                    ab:f7:f7:b6:9f:44:34:ec:d7:2e:fc:22:0b:39:6c:
                    bf:b7:79:71:f1:f5:ea:7f:06:af:20:b6:36:3e:09:
                    ac:9e:98:4f:cc:59:15:ff:dd:31:b1:65:26:71:9e:
                    62:d8:62:ba:1d:2a:45:04:88:a1:be:45:92:23:e2:
                    d1:f1:31:ba:8d:51:c0:0e:a1:13:8e:48:b8:d3:7c:
                    06:56:6d:f0:eb:7b:0a:86:d9:4c:43:66:87:42:ef:
                    5a:60:7f:0f:84:15:49:c9:d3:92:5c:3e:1c:b6:3e:
                    d2:5c:78:c0:27:59:a4:26:7b:db:12:51:af:f8:3a:
                    76:2b:1e:37:3e:f8:a1:97:ba:93:ca:3d:68:47:88:
                    e2:51:39:62:d9:fe:38:7f:40:dd:0e:41:bc:2f:ea:
                    92:41:52:22:89:1e:26:7c:05:60:9d:b3:33:49:9c:
                    26:14:a7:2f:14:46:71:19:7a:bc:78:fb:18:0c:3e:
                    64:42:1c:a2:9a:a2:c2:59:c0:df:2d:65:69:55:10:
                    a2:a1:9e:99:57:d7:c3:a3:21:ab:7c:22:e1:c6:d9:
                    18:8f:8a:65:70:8e:b5:07:73:5d:0d:f6:56:cd:8c:
                    29:01:eb:2b:4c:68:d3:ee:07:92:5b:da:37:d7:bc:
                    cf:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:6F:82:89:E0:2F:EA:18:77:64:45:45:BE:3C:C9:3A:45:A5:8E:4A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3m-CieAv6hh3ZEVFvjzJOkWljko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.70.0/24
                IPv6:
                  2a06:de00:dde0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:56:ae:44:cf:db:5d:fb:10:aa:4f:12:66:29:81:7d:7b:72:
         59:8d:82:47:8a:ce:60:d2:70:03:a9:a2:34:37:a0:20:e6:df:
         43:4b:4a:cf:5c:10:e9:17:b8:de:c6:ff:fd:12:03:af:56:5f:
         0a:bf:d7:6b:07:4c:b2:79:d7:6a:e2:d3:01:63:bd:71:1c:1c:
         d9:f0:75:5f:81:e1:6b:86:e1:65:5b:19:db:70:20:a7:ca:d2:
         4a:3a:0e:81:48:ee:af:b6:d6:f4:f7:83:70:0f:fe:7d:d6:db:
         8e:e1:f3:1b:4d:3f:51:b7:c0:b4:30:81:6b:25:2d:dd:ee:ef:
         02:10:64:c0:0f:56:d5:60:2c:e7:3b:21:e8:7f:ad:92:22:30:
         02:2b:72:81:56:d2:68:d9:8f:3e:78:3e:e6:4a:c4:4a:09:07:
         dc:a7:0f:a7:04:36:9b:40:11:15:7b:db:c9:67:1e:2f:e0:cb:
         6a:bc:36:50:69:33:a8:2d:4d:a6:5e:06:82:2c:1f:6f:36:2c:
         b3:6d:86:75:19:30:de:12:a1:08:ac:64:d0:b3:14:9e:10:be:
         b0:6d:6e:04:7b:f9:78:31:a3:bd:9f:bd:55:df:bf:a4:c4:fc:
         00:90:69:d6:db:0d:a9:3f:89:3d:80:a6:df:9e:72:25:78:2d:
         9b:b2:42:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZix5YXii8WvY0vGA4SAHHOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODE2MDgwMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTZmODI4OWUwMmZlYTE4Nzc2NDQ1NDViZTNjYzkzYTQ1YTU4ZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtozCAK9wA3btpNLI5cKr9/e2n0Q0
7Ncu/CILOWy/t3lx8fXqfwavILY2PgmsnphPzFkV/90xsWUmcZ5i2GK6HSpFBIih
vkWSI+LR8TG6jVHADqETjki403wGVm3w63sKhtlMQ2aHQu9aYH8PhBVJydOSXD4c
tj7SXHjAJ1mkJnvbElGv+Dp2Kx43Pvihl7qTyj1oR4jiUTli2f44f0DdDkG8L+qS
QVIiiR4mfAVgnbMzSZwmFKcvFEZxGXq8ePsYDD5kQhyimqLCWcDfLWVpVRCioZ6Z
V9fDoyGrfCLhxtkYj4plcI61B3NdDfZWzYwpAesrTGjT7geSW9o317zPQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN5vgongL+oYd2RFRb48yTpFpY5KMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM20tQ2llQXY2aGgzWkVWRnZqekpPa1dsamtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALQxGMA8E
AgACMAkDBwQqBt4A3eAwDQYJKoZIhvcNAQELBQADggEBAGxWrkTP2137EKpPEmYp
gX17clmNgkeKzmDScAOpojQ3oCDm30NLSs9cEOkXuN7G//0SA69WXwq/12sHTLJ5
12ri0wFjvXEcHNnwdV+B4WuG4WVbGdtwIKfK0ko6DoFI7q+21vT3g3AP/n3W247h
8xtNP1G3wLQwgWslLd3u7wIQZMAPVtVgLOc7Ieh/rZIiMAIrcoFW0mjZjz54PuZK
xEoJB9ynD6cENptAERV728lnHi/gy2q8NlBpM6gtTaZeBoIsH282LLNthnUZMN4S
oQisZNCzFJ4QvrBtbgR7+Xgxo72fvVXfv6TE/ACQadbbDak/iT2Apt+eciV4LZuy
Qk4=
-----END CERTIFICATE-----