Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/3TsgJTCqJzOcEWU1D_eLkn9vlVQ.roa
File:                     3TsgJTCqJzOcEWU1D_eLkn9vlVQ.roa (raw, json)
Hash identifier:          FocquAr/i2n2K968hOeO0r6QOp/B6G9WWrm69jbwUbg=
Subject key identifier:   DD:3B:20:25:30:AA:27:33:9C:11:65:35:0F:F7:8B:92:7F:6F:95:54
Certificate issuer:       /CN=037f532fa262f5c6bd9615bcd79d6edd43f2e075
Certificate serial:       019424B39A93109887C71FDB40C466DB5F3C
Authority key identifier: 03:7F:53:2F:A2:62:F5:C6:BD:96:15:BC:D7:9D:6E:DD:43:F2:E0:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/3TsgJTCqJzOcEWU1D_eLkn9vlVQ.roa
Signing time:             Thu 02 Jan 2025 01:48:57 +0000
ROA not before:           Thu 02 Jan 2025 01:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        185.186.108.0/24 maxlen: 24
                          185.186.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:9a:93:10:98:87:c7:1f:db:40:c4:66:db:5f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=037f532fa262f5c6bd9615bcd79d6edd43f2e075
        Validity
            Not Before: Jan  2 01:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd3b202530aa27339c1165350ff78b927f6f9554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:32:30:8c:50:ed:63:93:2a:81:c0:78:d5:8e:
                    53:3b:30:18:45:64:ad:7b:a8:2f:38:f3:b5:f7:ba:
                    83:91:ed:7a:62:73:ce:e8:a5:e1:05:98:8a:fe:47:
                    3d:4a:1b:63:52:5a:63:2f:a3:e1:9d:e6:50:02:49:
                    63:06:c3:08:42:e3:48:54:02:55:c0:70:11:04:90:
                    1a:94:64:86:de:72:42:01:f8:41:ca:67:bd:06:75:
                    2c:cb:80:c3:1d:73:e6:91:c7:2a:dd:02:e5:29:9c:
                    42:e7:3f:2b:f4:db:1f:11:32:66:0f:4c:57:f4:1b:
                    55:58:d9:55:c9:83:bd:e7:0b:e0:5d:4b:13:27:58:
                    86:a1:1f:a8:6f:4d:6b:7b:f6:4d:d4:34:8c:36:c9:
                    95:6f:89:b5:10:a6:b4:84:44:e8:48:92:34:14:55:
                    09:5a:6e:8f:d9:cf:ea:96:01:96:43:90:e1:e0:05:
                    4b:2a:e7:24:cd:81:df:00:9a:9c:55:be:47:5e:1c:
                    13:06:8c:97:f3:74:aa:0e:bb:33:6f:da:eb:a2:39:
                    9e:bd:92:2d:bc:fb:09:b4:6c:d4:66:c2:4b:65:81:
                    82:26:23:c7:f5:c6:5c:f3:97:21:90:ba:d1:b9:99:
                    26:ef:da:9e:2c:b5:7c:86:b4:d1:ec:83:76:3e:54:
                    75:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3B:20:25:30:AA:27:33:9C:11:65:35:0F:F7:8B:92:7F:6F:95:54
            X509v3 Authority Key Identifier:
                keyid:03:7F:53:2F:A2:62:F5:C6:BD:96:15:BC:D7:9D:6E:DD:43:F2:E0:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/3TsgJTCqJzOcEWU1D_eLkn9vlVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:29:a3:40:ea:87:18:51:e2:ee:77:b7:dd:de:ed:1e:bd:5a:
         71:80:ab:0e:7c:93:9b:34:46:ff:7c:c7:b7:0e:f5:9a:4f:c0:
         15:2f:e8:ee:37:3e:93:c9:c6:ec:ca:ef:a2:1c:6e:4d:30:c6:
         54:85:52:2c:d3:2b:46:e2:a6:98:97:74:61:c1:06:9f:23:e9:
         3a:ac:29:66:bf:7b:0b:4b:a4:58:79:53:77:e7:10:8e:07:04:
         34:41:86:23:87:69:b4:58:05:06:c3:20:b6:36:b7:63:a8:59:
         29:b6:fa:19:f8:31:66:08:ec:3c:fe:75:4c:66:79:6f:a4:8b:
         77:d9:0b:8b:31:2c:28:96:3e:f4:8e:98:e7:99:53:1e:73:e5:
         1d:7e:ec:d5:db:0c:ed:78:67:7f:0f:7c:3a:88:e0:52:78:e5:
         fa:f2:57:e8:0c:48:08:03:d3:4f:bb:04:66:2d:fe:18:a8:3c:
         d2:d7:4d:cb:f4:d4:60:a7:ff:82:82:05:47:f5:3f:6e:d6:93:
         00:e0:58:89:c2:9a:f4:00:e1:43:4a:a4:2b:e3:20:0b:ba:3c:
         bc:f8:fd:3d:1b:da:60:82:52:c2:a5:76:ee:a1:cb:c2:5e:fe:
         49:d0:bc:ab:e2:c3:b6:c8:cf:66:6a:0f:cd:e4:7f:cc:85:77:
         d6:86:b7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5qTEJiHxx/bQMRm2188MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzN2Y1MzJmYTI2MmY1YzZiZDk2MTViY2Q3OWQ2ZWRkNDNm
MmUwNzUwHhcNMjUwMTAyMDE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDNiMjAyNTMwYWEyNzMzOWMxMTY1MzUwZmY3OGI5MjdmNmY5NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDIwjFDtY5MqgcB41Y5TOzAYRWSt
e6gvOPO197qDke16YnPO6KXhBZiK/kc9ShtjUlpjL6PhneZQAkljBsMIQuNIVAJV
wHARBJAalGSG3nJCAfhByme9BnUsy4DDHXPmkccq3QLlKZxC5z8r9NsfETJmD0xX
9BtVWNlVyYO95wvgXUsTJ1iGoR+ob01re/ZN1DSMNsmVb4m1EKa0hEToSJI0FFUJ
Wm6P2c/qlgGWQ5Dh4AVLKuckzYHfAJqcVb5HXhwTBoyX83SqDrszb9rrojmevZIt
vPsJtGzUZsJLZYGCJiPH9cZc85chkLrRuZkm79qeLLV8hrTR7IN2PlR1gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN07ICUwqicznBFlNQ/3i5J/b5VUMB8GA1UdIwQY
MBaAFAN/Uy+iYvXGvZYVvNedbt1D8uB1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTM5VEw2Smk5Y2E5bGhXODE1MXUzVVB5NEhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8wOGU1N2MtZDcxNi00NzA1LTk1NjEt
MDNhZGZiYzY4YzkxLzEvM1RzZ0pUQ3FKek9jRVdVMURfZUxrbjl2bFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8wOGU1N2MtZDcxNi00NzA1LTk1NjEtMDNhZGZiYzY4Yzkx
LzEvQTM5VEw2Smk5Y2E5bGhXODE1MXUzVVB5NEhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubpsMA0G
CSqGSIb3DQEBCwUAA4IBAQATKaNA6ocYUeLud7fd3u0evVpxgKsOfJObNEb/fMe3
DvWaT8AVL+juNz6Tycbsyu+iHG5NMMZUhVIs0ytG4qaYl3RhwQafI+k6rClmv3sL
S6RYeVN35xCOBwQ0QYYjh2m0WAUGwyC2NrdjqFkptvoZ+DFmCOw8/nVMZnlvpIt3
2QuLMSwolj70jpjnmVMec+UdfuzV2wzteGd/D3w6iOBSeOX68lfoDEgIA9NPuwRm
Lf4YqDzS103L9NRgp/+CggVH9T9u1pMA4FiJwpr0AOFDSqQr4yALujy8+P09G9pg
glLCpXbuocvCXv5J0Lyr4sO2yM9mag/N5H/MhXfWhreL
-----END CERTIFICATE-----