Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/g3gXDyn1r3CKRtOkIamh9XiFNXQ.roa
File:                     g3gXDyn1r3CKRtOkIamh9XiFNXQ.roa (raw, json)
Hash identifier:          bsh/frVfpWjiiUA/IVdx5lj5UBB7HEuHeERH5RVXbJU=
Subject key identifier:   83:78:17:0F:29:F5:AF:70:8A:46:D3:A4:21:A9:A1:F5:78:85:35:74
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019423D7E26CB00F074F5EEF3B09133FF203
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/g3gXDyn1r3CKRtOkIamh9XiFNXQ.roa
Signing time:             Wed 01 Jan 2025 21:48:58 +0000
ROA not before:           Wed 01 Jan 2025 21:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47726
IP address blocks:        185.65.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e2:6c:b0:0f:07:4f:5e:ef:3b:09:13:3f:f2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 21:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8378170f29f5af708a46d3a421a9a1f578853574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ae:75:7e:81:29:fb:2f:78:f8:e9:df:5d:25:
                    7a:dd:6c:83:92:8c:4a:69:f3:75:ee:4e:b9:0d:c3:
                    96:bf:18:6b:02:43:be:25:0f:43:52:9d:f4:2f:a8:
                    92:59:65:c1:ad:4b:e2:64:d3:02:f7:62:d1:07:a8:
                    9d:54:da:b9:91:b3:0f:25:6e:99:93:5d:6d:a8:7a:
                    27:51:4a:2a:d1:4c:1a:d9:0c:d5:bb:70:da:93:60:
                    26:a9:af:b9:04:37:fd:45:dc:00:b5:c4:08:e1:bb:
                    4f:bc:f0:e3:1b:78:36:fb:bb:8a:30:14:87:ab:b7:
                    7b:17:7c:c5:57:46:f5:41:18:36:7f:a2:5c:bf:03:
                    72:d7:f5:34:cd:d4:65:6c:c8:f3:ac:8d:c1:8e:a4:
                    46:4d:59:7f:7e:c2:4d:d6:5a:e2:eb:6b:d0:3d:6b:
                    1c:cc:ad:d1:88:42:74:35:c6:8e:1d:ef:31:1f:d1:
                    b2:83:67:db:cc:b3:df:63:d4:e8:2e:a9:b7:03:b4:
                    e3:49:fa:00:e2:e1:da:4c:28:93:a6:2a:5d:c5:65:
                    c5:65:59:22:4f:98:be:e3:a3:4e:a1:dc:eb:fb:c5:
                    a8:4a:fc:ed:f3:d8:96:07:0c:29:f8:9b:1f:90:a7:
                    a1:5c:22:2d:6a:87:9a:f4:d7:4b:ef:96:ab:21:3d:
                    92:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:78:17:0F:29:F5:AF:70:8A:46:D3:A4:21:A9:A1:F5:78:85:35:74
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/g3gXDyn1r3CKRtOkIamh9XiFNXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:ac:86:3a:14:18:13:b6:1a:dd:0f:33:0e:73:4b:c6:e5:32:
         2e:f4:66:f9:8f:25:9b:84:dd:57:da:e4:e8:95:b0:4a:f4:71:
         45:e6:2e:62:3c:07:c1:90:0b:98:9f:09:8f:96:86:8f:3b:9c:
         a3:08:f4:3d:f5:3f:e7:81:4b:5a:24:6b:7e:32:66:f8:03:63:
         9f:08:b3:0f:d2:8f:3d:ad:fe:26:a1:f2:af:fc:2a:c4:16:1d:
         f5:42:67:2c:a7:d6:3e:21:5c:66:9c:2b:b7:da:6f:9f:32:ab:
         af:3e:52:ac:c2:5b:d6:f7:d3:1b:6f:e9:19:ef:70:8d:5d:1f:
         1d:cb:52:d2:03:e4:3e:61:b7:3d:f6:24:93:9e:9c:6a:14:1c:
         fe:97:0a:ed:8d:c7:ad:25:dd:45:4f:17:df:54:33:f4:ea:aa:
         64:0f:e0:51:bd:e4:34:e6:45:5a:4f:a8:e7:37:29:85:7c:7c:
         2b:99:da:d0:56:b0:3c:da:fe:5b:35:8f:fd:2c:01:08:04:83:
         ab:86:0b:de:28:40:24:3e:63:97:b0:50:79:db:56:3d:4f:cf:
         c1:c1:87:f6:77:b9:a4:0d:9b:c4:44:a3:cf:cb:8d:91:a9:87:
         ca:3e:06:b9:ca:03:3c:1a:c6:2e:68:47:e1:04:a7:dd:0c:eb:
         f2:08:75:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+JssA8HT17vOwkTP/IDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwMTAxMjE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzc4MTcwZjI5ZjVhZjcwOGE0NmQzYTQyMWE5YTFmNTc4ODUzNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2q51foEp+y94+OnfXSV63WyDkoxK
afN17k65DcOWvxhrAkO+JQ9DUp30L6iSWWXBrUviZNMC92LRB6idVNq5kbMPJW6Z
k11tqHonUUoq0Uwa2QzVu3Dak2Amqa+5BDf9RdwAtcQI4btPvPDjG3g2+7uKMBSH
q7d7F3zFV0b1QRg2f6JcvwNy1/U0zdRlbMjzrI3BjqRGTVl/fsJN1lri62vQPWsc
zK3RiEJ0NcaOHe8xH9Gyg2fbzLPfY9ToLqm3A7TjSfoA4uHaTCiTpipdxWXFZVki
T5i+46NOodzr+8WoSvzt89iWBwwp+JsfkKehXCItaoea9NdL75arIT2SFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIN4Fw8p9a9wikbTpCGpofV4hTV0MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvZzNnWER5bjFyM0NLUnRPa0lhbWg5WGlGTlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUHLMA0G
CSqGSIb3DQEBCwUAA4IBAQAZrIY6FBgTthrdDzMOc0vG5TIu9Gb5jyWbhN1X2uTo
lbBK9HFF5i5iPAfBkAuYnwmPloaPO5yjCPQ99T/ngUtaJGt+Mmb4A2OfCLMP0o89
rf4mofKv/CrEFh31Qmcsp9Y+IVxmnCu32m+fMquvPlKswlvW99Mbb+kZ73CNXR8d
y1LSA+Q+Ybc99iSTnpxqFBz+lwrtjcetJd1FTxffVDP06qpkD+BRveQ05kVaT6jn
NymFfHwrmdrQVrA82v5bNY/9LAEIBIOrhgveKEAkPmOXsFB521Y9T8/BwYf2d7mk
DZvERKPPy42RqYfKPga5ygM8GsYuaEfhBKfdDOvyCHX6
-----END CERTIFICATE-----