Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/3UV0tf4TpPvOJSDiaLYyYXtXVvM.roa
File:                     3UV0tf4TpPvOJSDiaLYyYXtXVvM.roa (raw, json)
Hash identifier:          91M1HXlX3TdwneLYlb0DmYCeKKtHfStsh7Dj5kd2gPQ=
Subject key identifier:   DD:45:74:B5:FE:13:A4:FB:CE:25:20:E2:68:B6:32:61:7B:57:56:F3
Certificate issuer:       /CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
Certificate serial:       019426D96342BDF89EAA282FF457D746A70A
Authority key identifier: CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/3UV0tf4TpPvOJSDiaLYyYXtXVvM.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        91.102.189.0/24 maxlen: 24
                          91.102.190.0/24 maxlen: 24
                          91.102.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:63:42:bd:f8:9e:aa:28:2f:f4:57:d7:46:a7:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec3b347a216bc437b0bd4cf0bc8cda65e8c2d3b
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd4574b5fe13a4fbce2520e268b632617b5756f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:ca:56:5a:bc:ad:20:b9:02:d9:c4:52:bc:
                    ff:3c:26:41:e6:39:b9:61:75:b4:a8:08:b7:0e:7e:
                    2a:77:5a:80:b4:78:c1:c9:4f:bb:94:d4:97:ab:15:
                    af:e5:83:49:82:c7:4a:aa:56:8f:f9:55:14:1b:46:
                    ed:55:00:16:60:28:2e:05:3c:60:d6:b0:02:84:fc:
                    82:7f:f0:0d:c9:e6:71:6e:bc:10:4b:fe:79:36:5d:
                    7a:cb:02:d9:96:2c:00:2e:92:74:9d:d9:75:0a:b9:
                    08:d9:e9:8a:a1:38:78:b5:99:e5:1a:21:28:4e:db:
                    42:68:e9:cd:05:15:9a:30:db:d9:07:85:1e:a0:0e:
                    d3:b5:3b:c3:68:e8:19:5f:fb:89:a6:68:1c:0d:ba:
                    97:b3:22:6a:7a:f5:ec:a6:8f:7b:25:f0:73:ed:9d:
                    a8:09:54:f2:53:f7:d5:f7:09:54:38:90:48:0d:00:
                    0e:07:b2:26:99:d1:55:ba:91:99:d3:47:8f:22:7c:
                    87:d0:08:cc:c9:4f:2e:89:98:05:49:e8:3c:75:86:
                    df:0c:ef:28:98:a4:31:f8:28:4f:7a:77:56:4a:09:
                    1d:22:2c:95:bc:e4:b2:17:18:13:60:60:4f:15:84:
                    db:78:cb:b9:5a:6a:b9:c3:b6:0e:f8:5d:3b:c0:22:
                    3c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:45:74:B5:FE:13:A4:FB:CE:25:20:E2:68:B6:32:61:7B:57:56:F3
            X509v3 Authority Key Identifier:
                keyid:CE:C3:B3:47:A2:16:BC:43:7B:0B:D4:CF:0B:C8:CD:A6:5E:8C:2D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsOzR6IWvEN7C9TPC8jNpl6MLTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/3UV0tf4TpPvOJSDiaLYyYXtXVvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/7a683b-fa78-4112-b6b6-155fb3fe287e/1/zsOzR6IWvEN7C9TPC8jNpl6MLTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.189.0-91.102.191.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:f8:3c:de:e8:62:e9:79:0a:34:ed:09:27:6a:79:69:a4:01:
         b4:5f:b0:ac:ed:8e:6b:94:5b:8f:c7:f7:dd:e3:4e:89:98:ca:
         c2:fa:28:04:70:9d:f2:69:34:26:ec:2c:a4:4d:20:cd:b4:98:
         91:ae:08:ea:04:f0:38:73:2f:cf:ad:1c:8d:6e:68:46:99:02:
         81:8c:88:04:b2:a8:95:b0:01:4a:5a:bf:86:16:a9:9b:c4:17:
         de:11:d6:4e:c5:10:e9:25:90:03:86:f2:db:02:55:55:7d:44:
         b8:2c:d7:b0:a8:9e:68:53:b2:6f:98:1e:d3:3d:a5:48:e7:26:
         d5:9a:27:37:a7:15:d9:06:50:a2:19:ad:a0:7a:0e:7c:0d:b4:
         36:ca:fa:ab:9f:22:05:af:21:21:8f:b8:22:28:50:81:24:0f:
         71:88:75:f9:10:65:c3:86:88:b8:de:df:c6:08:14:9e:bc:36:
         71:3f:aa:03:3f:94:e1:74:30:b6:91:88:1b:2e:00:bb:3d:70:
         20:6a:d6:6c:51:95:32:9b:b9:39:00:10:73:9e:cb:fd:41:a0:
         94:f1:2f:c0:89:6e:a4:a9:7f:38:e9:6d:bd:b7:83:a8:33:52:
         77:53:0a:7f:20:d0:e6:ae:6c:45:53:6c:e1:66:88:c2:25:fb:
         df:6b:b6:66
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQm2WNCvfieqigv9FfXRqcKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzNiMzQ3YTIxNmJjNDM3YjBiZDRjZjBiYzhjZGE2NWU4
YzJkM2IwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQ1NzRiNWZlMTNhNGZiY2UyNTIwZTI2OGI2MzI2MTdiNTc1NmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsR3KVlq8rSC5AtnEUrz/PCZB5jm5
YXW0qAi3Dn4qd1qAtHjByU+7lNSXqxWv5YNJgsdKqlaP+VUUG0btVQAWYCguBTxg
1rAChPyCf/ANyeZxbrwQS/55Nl16ywLZliwALpJ0ndl1CrkI2emKoTh4tZnlGiEo
TttCaOnNBRWaMNvZB4UeoA7TtTvDaOgZX/uJpmgcDbqXsyJqevXspo97JfBz7Z2o
CVTyU/fV9wlUOJBIDQAOB7ImmdFVupGZ00ePInyH0AjMyU8uiZgFSeg8dYbfDO8o
mKQx+ChPendWSgkdIiyVvOSyFxgTYGBPFYTbeMu5Wmq5w7YO+F07wCI8cwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN1FdLX+E6T7ziUg4mi2MmF7V1bzMB8GA1UdIwQY
MBaAFM7Ds0eiFrxDewvUzwvIzaZejC07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYt
MTU1ZmIzZmUyODdlLzEvM1VWMHRmNFRwUHZPSlNEaWFMWXlZWHRYVnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny83YTY4M2ItZmE3OC00MTEyLWI2YjYtMTU1ZmIzZmUyODdl
LzEvenNPelI2SVd2RU43QzlUUEM4ak5wbDZNTFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbZr0D
BAZbZoAwDQYJKoZIhvcNAQELBQADggEBAJz4PN7oYul5CjTtCSdqeWmkAbRfsKzt
jmuUW4/H993jTomYysL6KARwnfJpNCbsLKRNIM20mJGuCOoE8DhzL8+tHI1uaEaZ
AoGMiASyqJWwAUpav4YWqZvEF94R1k7FEOklkAOG8tsCVVV9RLgs17ConmhTsm+Y
HtM9pUjnJtWaJzenFdkGUKIZraB6DnwNtDbK+qufIgWvISGPuCIoUIEkD3GIdfkQ
ZcOGiLje38YIFJ68NnE/qgM/lOF0MLaRiBsuALs9cCBq1mxRlTKbuTkAEHOey/1B
oJTxL8CJbqSpfzjpbb23g6gzUndTCn8g0OaubEVTbOFmiMIl+99rtmY=
-----END CERTIFICATE-----