Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3XpL4MnoqtsefggtGVNsp50hUos.roa
File:                     3XpL4MnoqtsefggtGVNsp50hUos.roa (raw, json)
Hash identifier:          UbmRySACBmiI8/lEJe3EY2ejMtFGtnNwZY/azKaol3I=
Subject key identifier:   DD:7A:4B:E0:C9:E8:AA:DB:1E:7E:08:2D:19:53:6C:A7:9D:21:52:8B
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019711012C7375436D3DD2B3F2BFCE2425ED
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3XpL4MnoqtsefggtGVNsp50hUos.roa
Signing time:             Tue 27 May 2025 09:09:38 +0000
ROA not before:           Tue 27 May 2025 09:09:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        185.24.150.0/24 maxlen: 24
                          212.16.78.0/24 maxlen: 24
                          212.16.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:39:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:01:2c:73:75:43:6d:3d:d2:b3:f2:bf:ce:24:25:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May 27 09:09:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd7a4be0c9e8aadb1e7e082d19536ca79d21528b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0e:f6:3d:b5:81:d5:04:5a:81:75:ef:eb:25:
                    3c:b5:e2:46:d2:23:ff:6f:a2:4c:93:92:f0:81:47:
                    4f:7b:9b:7e:e5:90:5d:4a:07:d1:a2:bd:48:ca:8d:
                    92:40:da:63:6c:2b:0f:94:6f:e9:b9:09:c7:d7:82:
                    d4:16:44:8a:83:64:7c:a9:1f:7f:43:cb:6b:ba:cb:
                    5b:70:54:a4:8d:74:b1:e4:86:22:b3:9e:9c:5f:51:
                    9d:56:7d:11:8b:da:8e:87:56:14:da:c8:b1:da:c1:
                    bb:55:e2:d3:90:09:59:d3:05:a9:23:00:25:46:95:
                    98:81:37:29:e3:79:ed:4e:29:8b:70:35:92:36:92:
                    4c:79:22:80:9e:a0:e7:1d:c4:f3:4d:4d:c4:5c:e9:
                    3c:e3:13:cf:43:27:ed:d5:96:9c:92:ac:ab:83:68:
                    02:2e:31:2e:7a:eb:13:79:97:4f:a5:64:19:e4:b6:
                    49:4f:4e:94:f4:0f:b2:ba:5e:ea:24:b0:17:ee:db:
                    57:75:28:ac:04:9f:ce:2a:61:bb:a1:14:fc:9c:ab:
                    13:71:c6:30:59:84:df:aa:1d:27:09:16:86:24:4a:
                    e5:d1:e0:87:dc:b8:46:78:c3:85:1d:3a:9c:99:dd:
                    bb:df:e1:c6:15:81:a0:74:63:d6:2b:96:37:2e:50:
                    a0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:7A:4B:E0:C9:E8:AA:DB:1E:7E:08:2D:19:53:6C:A7:9D:21:52:8B
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3XpL4MnoqtsefggtGVNsp50hUos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.150.0/24
                  212.16.78.0/24
                  212.16.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:df:11:2b:8f:7e:da:f6:24:5d:5a:a5:2d:19:b0:f8:d8:24:
         b3:cd:ec:fd:aa:50:ef:bd:4a:4d:3b:4b:d4:8e:8a:74:29:e9:
         07:75:3d:2f:55:e3:b3:f7:28:da:5b:a4:e1:65:30:68:6f:19:
         66:d0:a7:13:80:9b:6e:98:46:3c:4f:16:3e:e6:4c:12:32:4d:
         53:1f:e6:ed:e3:44:a0:f0:80:47:27:72:fd:ea:5a:64:fe:b7:
         a2:2f:eb:d8:21:03:d9:ee:02:2a:d8:e5:a7:fd:ae:76:ce:32:
         13:28:bc:42:f3:93:49:76:37:cd:de:1f:7b:3c:68:54:09:2f:
         c5:99:c1:1c:b5:fd:fa:0f:d4:09:23:e1:d0:5f:44:85:7e:9e:
         e5:43:e0:7b:44:ef:fb:95:f9:77:c3:04:30:ca:1d:b1:76:75:
         75:dd:6b:20:a8:bf:9b:45:0f:01:0e:ec:fe:97:ed:4a:c8:4b:
         88:d8:0e:06:b4:17:56:c1:21:c6:cb:6f:bf:5f:5b:79:77:9d:
         68:89:b3:f1:28:1d:0a:ba:c7:2e:d9:15:77:d4:a7:c4:f6:e5:
         0e:bd:20:23:b4:b5:fb:45:b8:4f:c6:9f:63:e8:06:a1:ca:76:
         e8:cd:b5:69:ca:f1:06:43:70:d8:00:d7:2b:09:35:00:25:c0:
         ba:1c:82:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcRASxzdUNtPdKz8r/OJCXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNTI3MDkwOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdhNGJlMGM5ZThhYWRiMWU3ZTA4MmQxOTUzNmNhNzlkMjE1MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvg72PbWB1QRagXXv6yU8teJG0iP/
b6JMk5LwgUdPe5t+5ZBdSgfRor1Iyo2SQNpjbCsPlG/puQnH14LUFkSKg2R8qR9/
Q8trustbcFSkjXSx5IYis56cX1GdVn0Ri9qOh1YU2six2sG7VeLTkAlZ0wWpIwAl
RpWYgTcp43ntTimLcDWSNpJMeSKAnqDnHcTzTU3EXOk84xPPQyft1Zackqyrg2gC
LjEueusTeZdPpWQZ5LZJT06U9A+yul7qJLAX7ttXdSisBJ/OKmG7oRT8nKsTccYw
WYTfqh0nCRaGJErl0eCH3LhGeMOFHTqcmd273+HGFYGgdGPWK5Y3LlCgJwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN16S+DJ6KrbHn4ILRlTbKedIVKLMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvM1hwTDRNbm9xdHNlZmdndEdWTnNwNTBoVW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuRiWAwQA
1BBOAwQA1BBeMA0GCSqGSIb3DQEBCwUAA4IBAQAa3xErj37a9iRdWqUtGbD42CSz
zez9qlDvvUpNO0vUjop0KekHdT0vVeOz9yjaW6ThZTBobxlm0KcTgJtumEY8TxY+
5kwSMk1TH+bt40Sg8IBHJ3L96lpk/reiL+vYIQPZ7gIq2OWn/a52zjITKLxC85NJ
djfN3h97PGhUCS/FmcEctf36D9QJI+HQX0SFfp7lQ+B7RO/7lfl3wwQwyh2xdnV1
3WsgqL+bRQ8BDuz+l+1KyEuI2A4GtBdWwSHGy2+/X1t5d51oibPxKB0Kuscu2RV3
1KfE9uUOvSAjtLX7RbhPxp9j6AahynbozbVpyvEGQ3DYANcrCTUAJcC6HIKI
-----END CERTIFICATE-----