Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/3JkM8vUrkCbAmhwQjTJzai8PJt4.roa
File:                     3JkM8vUrkCbAmhwQjTJzai8PJt4.roa (raw, json)
Hash identifier:          rKQRrUjGotUF8dzfvK33idpF0k0Q/0xTsyKVQjD8oBU=
Subject key identifier:   DC:99:0C:F2:F5:2B:90:26:C0:9A:1C:10:8D:32:73:6A:2F:0F:26:DE
Certificate issuer:       /CN=222c4585bd88fb27cadf29ee5bb95d6575fcef83
Certificate serial:       0194228D403E6F230DF77A8F96AAB1656239
Authority key identifier: 22:2C:45:85:BD:88:FB:27:CA:DF:29:EE:5B:B9:5D:65:75:FC:EF:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IixFhb2I-yfK3ynuW7ldZXX874M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/3JkM8vUrkCbAmhwQjTJzai8PJt4.roa
Signing time:             Wed 01 Jan 2025 15:47:49 +0000
ROA not before:           Wed 01 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62563
IP address blocks:        176.126.222.0/24 maxlen: 24
                          188.212.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/IixFhb2I-yfK3ynuW7ldZXX874M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/IixFhb2I-yfK3ynuW7ldZXX874M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IixFhb2I-yfK3ynuW7ldZXX874M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:40:3e:6f:23:0d:f7:7a:8f:96:aa:b1:65:62:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=222c4585bd88fb27cadf29ee5bb95d6575fcef83
        Validity
            Not Before: Jan  1 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc990cf2f52b9026c09a1c108d32736a2f0f26de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b5:c0:96:c9:39:de:a1:ae:4d:9d:fa:d0:02:
                    19:23:52:83:9f:3c:6b:fe:f0:74:23:34:46:4c:ed:
                    e9:eb:20:27:21:1a:a8:03:74:9c:4a:52:80:77:ad:
                    cb:73:58:11:2e:79:cb:cf:9a:51:b8:73:2c:0f:5b:
                    09:b8:84:4c:0d:0d:d2:64:be:2a:93:df:ad:13:f3:
                    94:75:94:b5:73:41:f9:57:b6:b4:80:dd:90:47:64:
                    93:4e:5f:bb:20:80:83:e4:5f:a5:c6:99:1f:33:26:
                    c7:85:55:35:39:3c:9e:fe:c9:f1:20:69:65:c4:50:
                    97:e5:73:a7:2c:c5:9f:81:4a:bd:77:cf:f3:d6:77:
                    d7:1a:2c:33:87:04:d7:5c:8c:11:25:0d:c3:5d:1b:
                    f6:5d:e4:2e:16:79:5b:3c:59:69:21:37:1f:11:84:
                    20:86:12:42:11:30:7e:7a:36:12:ac:a3:17:c7:d5:
                    35:24:77:80:53:34:d7:30:98:15:5d:a4:16:4f:73:
                    d2:d2:b0:31:01:5a:27:a2:d7:d2:a3:34:aa:2e:ef:
                    64:24:6e:3b:c9:36:2e:6a:3f:a0:39:24:e4:49:53:
                    65:e4:7a:a3:b1:23:51:81:ef:c7:ca:6a:6f:08:31:
                    f6:91:30:b2:80:70:a8:a8:0f:35:2e:ed:01:44:e6:
                    39:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:99:0C:F2:F5:2B:90:26:C0:9A:1C:10:8D:32:73:6A:2F:0F:26:DE
            X509v3 Authority Key Identifier:
                keyid:22:2C:45:85:BD:88:FB:27:CA:DF:29:EE:5B:B9:5D:65:75:FC:EF:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IixFhb2I-yfK3ynuW7ldZXX874M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/3JkM8vUrkCbAmhwQjTJzai8PJt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6eb365-803a-4c2f-b7ae-c647a8c1ddfa/1/IixFhb2I-yfK3ynuW7ldZXX874M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.222.0/24
                  188.212.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:7e:6b:c3:8d:e1:e5:26:1c:00:66:85:cf:6f:27:e1:1e:82:
         4d:fd:2c:2f:5b:c1:f8:30:67:19:0c:38:71:25:ae:1a:e7:4f:
         37:e7:56:a9:f4:34:ae:38:fe:66:7b:03:bd:d9:17:31:46:86:
         90:12:3d:87:69:be:c0:dc:e7:3f:dc:7f:78:1e:80:4f:00:65:
         77:74:af:f1:4b:8e:f8:9e:1f:28:49:c8:fb:da:37:80:e2:cf:
         ee:21:95:42:ee:c8:46:e4:f0:a9:11:27:9d:3c:5e:38:9e:72:
         aa:17:6b:a9:55:ec:2b:c5:b0:4a:4e:d6:c4:f6:59:4a:5f:99:
         00:9d:1d:e9:df:d3:5f:09:f8:3b:db:99:5e:6b:7b:bc:1d:b7:
         b9:04:05:b4:16:24:07:06:b2:a6:61:d4:cb:bb:02:b6:34:16:
         c3:b2:31:74:fd:c6:3b:6c:4c:1e:52:44:2e:6e:44:93:3a:6e:
         63:4f:12:84:aa:d7:06:b2:6f:62:b3:9a:62:76:5a:4c:b3:d9:
         34:86:55:8d:08:de:83:00:4f:60:7b:9e:98:64:bc:61:00:d7:
         28:da:56:42:c0:a3:f8:13:31:d7:e6:e7:f8:35:28:a5:d2:89:
         71:74:c8:5e:50:91:12:07:fe:4d:11:ff:0b:6f:e5:5f:1a:23:
         2d:89:df:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijUA+byMN93qPlqqxZWI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMmM0NTg1YmQ4OGZiMjdjYWRmMjllZTViYjk1ZDY1NzVm
Y2VmODMwHhcNMjUwMTAxMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzk5MGNmMmY1MmI5MDI2YzA5YTFjMTA4ZDMyNzM2YTJmMGYyNmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrXAlsk53qGuTZ360AIZI1KDnzxr
/vB0IzRGTO3p6yAnIRqoA3ScSlKAd63Lc1gRLnnLz5pRuHMsD1sJuIRMDQ3SZL4q
k9+tE/OUdZS1c0H5V7a0gN2QR2STTl+7IICD5F+lxpkfMybHhVU1OTye/snxIGll
xFCX5XOnLMWfgUq9d8/z1nfXGiwzhwTXXIwRJQ3DXRv2XeQuFnlbPFlpITcfEYQg
hhJCETB+ejYSrKMXx9U1JHeAUzTXMJgVXaQWT3PS0rAxAVonotfSozSqLu9kJG47
yTYuaj+gOSTkSVNl5HqjsSNRge/HympvCDH2kTCygHCoqA81Lu0BROY56QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNyZDPL1K5AmwJocEI0yc2ovDybeMB8GA1UdIwQY
MBaAFCIsRYW9iPsnyt8p7lu5XWV1/O+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWl4RmhiMkkteWZLM3ludVc3bGRaWFg4NzRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZWIzNjUtODAzYS00YzJmLWI3YWUt
YzY0N2E4YzFkZGZhLzEvM0prTTh2VXJrQ2JBbWh3UWpUSnphaThQSnQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZWIzNjUtODAzYS00YzJmLWI3YWUtYzY0N2E4YzFkZGZh
LzEvSWl4RmhiMkkteWZLM3ludVc3bGRaWFg4NzRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsH7eAwQA
vNQnMA0GCSqGSIb3DQEBCwUAA4IBAQAwfmvDjeHlJhwAZoXPbyfhHoJN/SwvW8H4
MGcZDDhxJa4a508351ap9DSuOP5mewO92RcxRoaQEj2Hab7A3Oc/3H94HoBPAGV3
dK/xS474nh8oScj72jeA4s/uIZVC7shG5PCpESedPF44nnKqF2upVewrxbBKTtbE
9llKX5kAnR3p39NfCfg725lea3u8Hbe5BAW0FiQHBrKmYdTLuwK2NBbDsjF0/cY7
bEweUkQubkSTOm5jTxKEqtcGsm9is5pidlpMs9k0hlWNCN6DAE9ge56YZLxhANco
2lZCwKP4EzHX5uf4NSil0olxdMheUJESB/5NEf8Lb+VfGiMtid/i
-----END CERTIFICATE-----