Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/3vLmPv7Djr6TKH8h-94292rkuas.roa
File:                     3vLmPv7Djr6TKH8h-94292rkuas.roa (raw, json)
Hash identifier:          QtPMjz6hCorikM+hOJr55a+h94gKpssEGVbmMdG9iwo=
Subject key identifier:   DE:F2:E6:3E:FE:C3:8E:BE:93:28:7F:21:FB:DE:36:F7:6A:E4:B9:AB
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       018F7B863D3A24B5614BF220C49862AB0077
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/3vLmPv7Djr6TKH8h-94292rkuas.roa
Signing time:             Wed 15 May 2024 09:12:26 +0000
ROA not before:           Wed 15 May 2024 09:12:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200239
IP address blocks:        185.121.132.0/24 maxlen: 24
                          185.121.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:86:3d:3a:24:b5:61:4b:f2:20:c4:98:62:ab:00:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 15 09:12:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=def2e63efec38ebe93287f21fbde36f76ae4b9ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c5:41:60:62:68:52:aa:76:3c:49:85:3c:3a:
                    c2:7f:ba:31:1a:e9:21:0a:bc:9b:79:48:ee:8f:ec:
                    3c:96:77:15:17:49:f4:e4:50:9b:5c:31:bc:14:68:
                    b6:db:62:99:d0:99:f0:c7:cd:96:df:1c:6f:dc:45:
                    55:6b:8c:c3:71:7d:75:52:9a:0e:9a:f1:90:03:0b:
                    f6:75:c2:24:38:8f:60:61:f2:fc:e4:3b:58:e2:12:
                    5a:b7:3b:92:79:ae:ec:c1:48:11:eb:3c:8f:79:e5:
                    12:46:f0:9a:1e:8c:0e:16:d2:86:01:6b:95:26:df:
                    eb:6a:d5:25:1f:e9:87:89:0d:49:fe:66:78:77:31:
                    ad:e9:e5:bc:b6:18:9f:bb:80:39:9c:ba:e9:18:f2:
                    ca:4a:d0:36:75:47:58:e8:b9:89:b2:21:0d:1a:08:
                    5c:db:6d:2a:64:cb:11:9e:50:a6:d3:56:98:91:47:
                    30:20:bc:33:59:9a:a2:60:38:4e:c5:5e:97:6b:bb:
                    64:63:ba:00:d8:06:9e:7a:0c:03:8d:9f:9d:53:25:
                    c2:ed:ed:29:da:ca:aa:74:cd:59:f5:17:2e:34:ce:
                    86:ef:47:45:d4:50:89:08:30:a2:ff:78:7f:1d:26:
                    d4:08:1d:df:cf:dd:ed:46:e4:10:4f:84:7b:84:52:
                    ba:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F2:E6:3E:FE:C3:8E:BE:93:28:7F:21:FB:DE:36:F7:6A:E4:B9:AB
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/3vLmPv7Djr6TKH8h-94292rkuas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.132.0/24
                  185.121.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:4a:58:6a:be:67:a7:35:bc:6e:b5:c8:90:5f:d5:8f:19:37:
         80:60:16:e1:06:bf:b9:e5:b9:77:3a:51:ca:b6:5d:23:6d:af:
         1b:23:84:7f:97:e4:f4:e0:c0:33:5b:2b:6d:02:28:78:31:bf:
         e5:b1:d1:aa:c8:4f:ab:2a:97:e9:ee:a6:36:6e:e0:df:6a:c1:
         46:ec:b2:bf:5b:0a:d0:d5:76:8a:43:f8:02:ca:20:8b:30:90:
         7f:36:9e:c3:c5:b4:d2:a8:ea:da:66:1d:14:03:6d:80:27:78:
         24:3a:42:fe:0c:10:9c:82:89:c8:8d:fb:f6:cd:6c:f6:5d:cb:
         81:fa:c0:55:86:84:b3:b9:53:ab:96:a0:ec:80:1b:9e:df:c7:
         20:95:b1:42:cc:ee:36:bf:88:17:5e:0f:ef:f8:88:81:b1:cc:
         6f:da:40:56:88:f5:56:79:c0:04:9e:26:bd:14:e8:a6:ce:f0:
         31:9e:2f:69:02:45:63:28:ca:f3:d5:a5:b5:e9:38:ff:e0:3e:
         ad:b6:ae:97:3c:70:fc:e8:37:b4:d9:9a:b3:df:8d:4b:a2:41:
         6e:90:1d:ec:3c:e0:a5:f2:d4:64:e9:d7:f9:9f:27:7a:0b:3a:
         75:e0:cb:c5:3c:2c:71:cd:47:94:ed:ee:cd:f5:92:18:7e:8c:
         41:03:6b:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY97hj06JLVhS/IgxJhiqwB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQwNTE1MDkxMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWYyZTYzZWZlYzM4ZWJlOTMyODdmMjFmYmRlMzZmNzZhZTRiOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMVBYGJoUqp2PEmFPDrCf7oxGukh
CrybeUjuj+w8lncVF0n05FCbXDG8FGi222KZ0Jnwx82W3xxv3EVVa4zDcX11UpoO
mvGQAwv2dcIkOI9gYfL85DtY4hJatzuSea7swUgR6zyPeeUSRvCaHowOFtKGAWuV
Jt/ratUlH+mHiQ1J/mZ4dzGt6eW8thifu4A5nLrpGPLKStA2dUdY6LmJsiENGghc
220qZMsRnlCm01aYkUcwILwzWZqiYDhOxV6Xa7tkY7oA2AaeegwDjZ+dUyXC7e0p
2sqqdM1Z9RcuNM6G70dF1FCJCDCi/3h/HSbUCB3fz93tRuQQT4R7hFK6CwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN7y5j7+w46+kyh/IfveNvdq5LmrMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvM3ZMbVB2N0RqcjZUS0g4aC05NDI5MnJrdWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXmEAwQA
uXmHMA0GCSqGSIb3DQEBCwUAA4IBAQBYSlhqvmenNbxutciQX9WPGTeAYBbhBr+5
5bl3OlHKtl0jba8bI4R/l+T04MAzWyttAih4Mb/lsdGqyE+rKpfp7qY2buDfasFG
7LK/WwrQ1XaKQ/gCyiCLMJB/Np7DxbTSqOraZh0UA22AJ3gkOkL+DBCcgonIjfv2
zWz2XcuB+sBVhoSzuVOrlqDsgBue38cglbFCzO42v4gXXg/v+IiBscxv2kBWiPVW
ecAEnia9FOimzvAxni9pAkVjKMrz1aW16Tj/4D6ttq6XPHD86De02Zqz341LokFu
kB3sPOCl8tRk6df5nyd6Czp14MvFPCxxzUeU7e7N9ZIYfoxBA2t5
-----END CERTIFICATE-----