Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/3MPX8Hgcgpj46XFJe7iOfP4Vx9k.roa
File:                     3MPX8Hgcgpj46XFJe7iOfP4Vx9k.roa (raw, json)
Hash identifier:          X8ItFNiHsxzuYcCwG/t6V7CD4qgVaZVjCW5JDwwvo1k=
Subject key identifier:   DC:C3:D7:F0:78:1C:82:98:F8:E9:71:49:7B:B8:8E:7C:FE:15:C7:D9
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       0194244546C247C189CA11FFF94E4D9DC465
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/3MPX8Hgcgpj46XFJe7iOfP4Vx9k.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205659
IP address blocks:        64.190.252.0/22 maxlen: 22
                          216.246.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:46:c2:47:c1:89:ca:11:ff:f9:4e:4d:9d:c4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcc3d7f0781c8298f8e971497bb88e7cfe15c7d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b7:0a:17:d1:c9:da:98:73:74:09:36:1a:49:
                    86:8a:ac:95:ba:b7:6f:db:43:64:db:d9:6a:1b:b6:
                    8f:8a:60:19:38:d9:86:01:57:d8:04:c0:07:20:d6:
                    6a:23:0f:6d:de:34:e3:05:6c:51:fb:33:60:a1:63:
                    6a:17:84:af:cd:75:18:7a:de:27:4d:ee:54:6e:ce:
                    b7:b6:5b:3e:18:d1:0d:8f:0c:e3:54:dd:b6:94:9d:
                    89:24:2f:25:a8:c2:fc:04:7e:96:50:ee:19:39:11:
                    1a:a9:ac:c1:e3:94:aa:91:20:2a:98:dc:89:34:3d:
                    1a:e9:80:c3:04:86:54:8f:df:58:37:cb:3f:b4:fe:
                    bc:08:c3:6b:44:8a:14:da:70:c5:fc:3c:61:56:f5:
                    83:cd:de:d5:17:72:ee:78:63:cb:8f:64:61:cb:1c:
                    1f:24:83:43:26:4f:db:c2:3b:15:a8:d5:d2:08:33:
                    c0:3a:ee:4b:3e:d3:a9:36:77:c4:37:56:0a:5d:f6:
                    54:fc:53:f5:e4:fc:62:4f:55:aa:d1:35:5f:e0:c5:
                    55:fa:ab:16:e4:3f:b6:49:e5:1b:35:ca:cc:e2:77:
                    07:17:c9:7e:4b:93:1e:88:e9:96:05:b5:5c:63:d2:
                    a6:7e:c3:e7:06:bb:7d:f5:f8:5b:9c:38:d5:c3:b9:
                    b0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C3:D7:F0:78:1C:82:98:F8:E9:71:49:7B:B8:8E:7C:FE:15:C7:D9
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/3MPX8Hgcgpj46XFJe7iOfP4Vx9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.190.252.0/22
                  216.246.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:7c:17:ef:f2:8a:9a:28:1a:c4:8b:61:da:9e:58:94:ef:29:
         42:3b:c7:5e:c9:65:69:93:46:b0:18:cb:d7:7f:8b:fe:7e:d1:
         f1:97:6f:0a:2b:94:bb:7a:45:22:eb:bf:c1:34:ef:04:47:c9:
         7c:13:04:e4:dd:3b:fe:ca:74:51:0b:76:af:4c:6d:df:dc:e1:
         6f:53:48:6d:8d:58:ac:90:85:44:11:1c:70:ca:f1:3f:7e:ba:
         c4:74:75:8d:f3:68:ee:8e:51:46:8d:4a:85:a2:ff:43:3f:12:
         3e:b1:2c:14:2d:60:dd:92:17:d8:ed:80:5c:ba:02:98:8b:aa:
         57:df:aa:83:5a:f2:6f:9e:20:c4:89:d1:dc:c7:9c:4e:d7:c1:
         9f:93:9e:5f:ad:0a:2c:e5:3f:dd:54:07:ae:5b:20:e9:ee:c2:
         a0:a5:86:fb:74:cd:ea:56:ce:27:61:bb:16:af:77:10:b9:91:
         a0:f1:33:f9:2e:44:c4:36:2a:c2:d8:d7:0a:93:65:06:3d:d9:
         b4:2a:97:d8:c5:4d:5e:eb:34:9e:33:1d:29:11:0a:2f:e8:b9:
         36:d2:fa:79:da:10:4d:9e:14:ee:53:e9:f2:fa:84:ff:29:7d:
         1b:6b:4b:04:38:64:66:db:1d:02:2e:84:dc:ac:73:30:4b:db:
         69:2b:8d:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRUbCR8GJyhH/+U5NncRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2MzZDdmMDc4MWM4Mjk4ZjhlOTcxNDk3YmI4OGU3Y2ZlMTVjN2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLcKF9HJ2phzdAk2GkmGiqyVurdv
20Nk29lqG7aPimAZONmGAVfYBMAHINZqIw9t3jTjBWxR+zNgoWNqF4SvzXUYet4n
Te5Ubs63tls+GNENjwzjVN22lJ2JJC8lqML8BH6WUO4ZOREaqazB45SqkSAqmNyJ
ND0a6YDDBIZUj99YN8s/tP68CMNrRIoU2nDF/DxhVvWDzd7VF3LueGPLj2Rhyxwf
JINDJk/bwjsVqNXSCDPAOu5LPtOpNnfEN1YKXfZU/FP15PxiT1Wq0TVf4MVV+qsW
5D+2SeUbNcrM4ncHF8l+S5MeiOmWBbVcY9KmfsPnBrt99fhbnDjVw7mwXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNzD1/B4HIKY+OlxSXu4jnz+FcfZMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvM01QWDhIZ2NncGo0NlhGSmU3aU9mUDRWeDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCQL78AwQC
2PbUMA0GCSqGSIb3DQEBCwUAA4IBAQCmfBfv8oqaKBrEi2HanliU7ylCO8deyWVp
k0awGMvXf4v+ftHxl28KK5S7ekUi67/BNO8ER8l8EwTk3Tv+ynRRC3avTG3f3OFv
U0htjViskIVEERxwyvE/frrEdHWN82jujlFGjUqFov9DPxI+sSwULWDdkhfY7YBc
ugKYi6pX36qDWvJvniDEidHcx5xO18Gfk55frQos5T/dVAeuWyDp7sKgpYb7dM3q
Vs4nYbsWr3cQuZGg8TP5LkTENirC2NcKk2UGPdm0KpfYxU1e6zSeMx0pEQov6Lk2
0vp52hBNnhTuU+ny+oT/KX0ba0sEOGRm2x0CLoTcrHMwS9tpK41C
-----END CERTIFICATE-----