Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/Ove3y5qjQ6KJduHbyBUEf3crDrU.roa
File:                     Ove3y5qjQ6KJduHbyBUEf3crDrU.roa (raw, json)
Hash identifier:          Yg8G2jPObXRRMkd9TbBnulOGLBdfFwyyifHYbJD+bvI=
Subject key identifier:   3A:F7:B7:CB:9A:A3:43:A2:89:76:E1:DB:C8:15:04:7F:77:2B:0E:B5
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       01942522153B9CD3CF48EF376A88E3866729
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/Ove3y5qjQ6KJduHbyBUEf3crDrU.roa
Signing time:             Thu 02 Jan 2025 03:49:38 +0000
ROA not before:           Thu 02 Jan 2025 03:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48291
IP address blocks:        185.38.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:15:3b:9c:d3:cf:48:ef:37:6a:88:e3:86:67:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Jan  2 03:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3af7b7cb9aa343a28976e1dbc815047f772b0eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:6e:74:e9:5e:1d:00:17:b2:a6:b1:ad:d9:
                    c2:2b:a5:cc:2e:73:5c:9e:ee:7b:c3:e0:38:db:aa:
                    2d:fa:f3:f5:09:47:24:47:12:49:27:c3:d2:1c:30:
                    d0:64:b4:87:d6:71:98:46:1e:d7:22:85:bc:0a:12:
                    e4:de:74:d3:55:61:2a:4c:48:fc:6e:6b:46:c9:13:
                    b5:cd:ab:15:35:88:48:25:b3:17:e0:7f:7e:90:f7:
                    da:dd:b5:1a:89:37:68:cd:f8:e7:80:52:ed:71:27:
                    ac:5e:94:b3:79:0e:1c:2e:81:91:64:5a:ff:b8:9b:
                    2d:ce:86:6a:0b:d9:76:20:d5:f3:1a:b1:a9:25:e8:
                    ab:4b:e0:fb:63:c6:19:c4:48:92:43:fc:c0:4c:7c:
                    7d:48:1f:c6:2e:a8:36:fa:5e:4c:73:60:e7:c6:3e:
                    ad:3b:2f:6b:84:ed:ee:91:ae:a5:6b:21:1e:5d:d7:
                    cd:c3:88:b6:2c:1d:31:a9:6c:98:3b:03:4f:99:6f:
                    c4:39:fc:a8:04:33:11:98:8e:43:a3:2c:a4:21:d3:
                    78:18:33:5c:f5:b4:aa:1c:55:3c:91:cc:7a:61:fa:
                    7b:b5:9f:6b:7a:c4:31:b3:f6:b4:f1:8d:48:bf:7b:
                    d3:d2:08:14:db:ac:ce:a7:d4:06:d1:e2:cc:c7:fd:
                    87:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F7:B7:CB:9A:A3:43:A2:89:76:E1:DB:C8:15:04:7F:77:2B:0E:B5
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/Ove3y5qjQ6KJduHbyBUEf3crDrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:98:3f:7a:53:09:6c:b1:d3:8d:61:fb:a0:05:b1:83:b3:8d:
         f1:2e:6e:75:40:1f:f2:2e:bc:f5:ee:46:83:7a:03:6d:2a:91:
         1f:74:7d:c7:75:3c:26:63:f0:8c:6e:d5:b2:7b:06:3f:57:3e:
         c7:bd:d0:e0:75:78:04:df:a8:df:82:78:6d:3e:02:a9:a3:55:
         32:23:dc:4b:d7:68:b9:78:a4:5d:fc:0d:d1:03:0f:21:81:7b:
         d9:92:09:62:71:95:40:59:3d:eb:bf:e2:76:0c:3b:21:7d:25:
         41:7a:3f:f6:da:86:21:fa:ed:b9:8e:cc:48:6d:29:ab:1a:80:
         a1:8c:f4:60:2a:29:ec:d2:0f:44:21:0b:59:2c:74:1f:9d:bf:
         c7:c5:e7:63:7c:9f:a0:92:01:30:88:8a:69:a6:76:95:29:96:
         ba:e5:de:b6:15:0c:41:17:f8:a3:61:09:1b:c1:43:89:55:3e:
         c6:65:39:fc:4b:00:b7:da:cd:4c:eb:eb:bf:8a:8c:a7:2d:9d:
         3e:66:b7:77:43:81:af:b2:d8:e2:4a:a4:c6:9d:59:e8:d0:e7:
         85:f9:d4:81:e0:43:62:ca:7f:b6:d7:97:5e:b0:ba:a2:ba:42:
         51:0e:fe:f5:11:bb:64:ac:b9:96:bf:71:6e:0b:ec:fd:8f:a4:
         20:fd:f6:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIhU7nNPPSO83aojjhmcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjUwMTAyMDM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWY3YjdjYjlhYTM0M2EyODk3NmUxZGJjODE1MDQ3Zjc3MmIwZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq95udOleHQAXsqaxrdnCK6XMLnNc
nu57w+A426ot+vP1CUckRxJJJ8PSHDDQZLSH1nGYRh7XIoW8ChLk3nTTVWEqTEj8
bmtGyRO1zasVNYhIJbMX4H9+kPfa3bUaiTdozfjngFLtcSesXpSzeQ4cLoGRZFr/
uJstzoZqC9l2INXzGrGpJeirS+D7Y8YZxEiSQ/zATHx9SB/GLqg2+l5Mc2Dnxj6t
Oy9rhO3uka6layEeXdfNw4i2LB0xqWyYOwNPmW/EOfyoBDMRmI5DoyykIdN4GDNc
9bSqHFU8kcx6Yfp7tZ9resQxs/a08Y1Iv3vT0ggU26zOp9QG0eLMx/2HrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDr3t8uao0OiiXbh28gVBH93Kw61MB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvT3ZlM3k1cWpRNktKZHVIYnlCVUVmM2NyRHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSaKMA0G
CSqGSIb3DQEBCwUAA4IBAQAtmD96UwlssdONYfugBbGDs43xLm51QB/yLrz17kaD
egNtKpEfdH3HdTwmY/CMbtWyewY/Vz7HvdDgdXgE36jfgnhtPgKpo1UyI9xL12i5
eKRd/A3RAw8hgXvZkglicZVAWT3rv+J2DDshfSVBej/22oYh+u25jsxIbSmrGoCh
jPRgKins0g9EIQtZLHQfnb/HxedjfJ+gkgEwiIpppnaVKZa65d62FQxBF/ijYQkb
wUOJVT7GZTn8SwC32s1M6+u/ioynLZ0+Zrd3Q4GvstjiSqTGnVno0OeF+dSB4ENi
yn+215desLqiukJRDv71EbtkrLmWv3FuC+z9j6Qg/fZH
-----END CERTIFICATE-----