Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/i39oSJ2rNy9514bIrxEQXucU-Lo.roa
File:                     i39oSJ2rNy9514bIrxEQXucU-Lo.roa (raw, json)
Hash identifier:          AVzwd5YBpdawmhXJLH/fAHRapN67BY7IIJORgcTsACc=
Subject key identifier:   8B:7F:68:48:9D:AB:37:2F:79:D7:86:C8:AF:11:10:5E:E7:14:F8:BA
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5ABF382DE804D52189C7CECC5F351
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/i39oSJ2rNy9514bIrxEQXucU-Lo.roa
Signing time:             Wed 01 Jan 2025 07:47:41 +0000
ROA not before:           Wed 01 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31180
IP address blocks:        195.6.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ab:f3:82:de:80:4d:52:18:9c:7c:ec:c5:f3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b7f68489dab372f79d786c8af11105ee714f8ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:26:cb:53:55:f7:8c:15:26:d0:86:29:4e:28:
                    91:0f:41:1c:26:ee:35:1b:c2:bc:8d:be:b6:d7:c3:
                    31:3e:02:20:04:12:6c:b3:3a:0d:82:8e:ee:ab:dc:
                    9c:90:61:c9:66:0e:56:0d:e9:19:fa:40:02:8a:3d:
                    08:92:53:71:27:26:56:bb:4d:08:56:0d:ec:e8:bb:
                    36:8f:10:c2:c6:36:06:ba:51:8d:ba:b2:3b:2c:70:
                    01:53:c4:20:e3:6f:56:67:2b:c2:7e:c0:18:a2:af:
                    a7:6d:75:40:6e:74:bc:e5:e8:7e:eb:f7:b9:2c:3d:
                    60:47:b2:7f:c0:bc:47:a8:ad:ee:72:42:93:13:df:
                    98:80:cb:57:20:3f:d1:85:ca:eb:92:ab:6b:e5:0f:
                    27:81:8c:f5:b2:24:d1:a1:f3:ae:e4:88:85:95:d9:
                    04:b6:3c:29:2c:da:4d:2a:07:f1:46:9d:d6:55:16:
                    bf:c8:f9:57:a7:9a:51:7e:42:4c:04:61:83:12:66:
                    49:45:03:25:9a:8e:ed:20:7f:ef:c8:f0:78:e1:f2:
                    86:ae:5a:d2:93:c4:01:50:c3:f2:fb:d7:e0:d0:e1:
                    47:bd:54:42:7c:b7:18:0e:98:37:7b:4f:4b:96:97:
                    de:df:7e:b1:71:c3:5f:3e:2c:bb:26:88:cc:73:fa:
                    25:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:7F:68:48:9D:AB:37:2F:79:D7:86:C8:AF:11:10:5E:E7:14:F8:BA
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/i39oSJ2rNy9514bIrxEQXucU-Lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.6.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:f9:25:7f:90:63:c6:81:a3:18:4b:aa:e6:76:1c:59:ed:fd:
         d8:95:59:1e:50:76:63:52:e8:88:9c:70:d4:08:12:1a:d5:66:
         55:39:8d:68:ba:1a:c3:f8:bf:0f:3c:d0:cb:d8:a4:b0:59:fd:
         19:1b:12:82:f0:2a:1f:61:bd:5f:c8:b4:a5:2c:31:9e:50:b8:
         d6:72:c0:d3:45:ea:f5:94:d5:61:69:a7:4e:4c:9f:62:fa:68:
         f2:81:32:15:a6:ac:f1:ca:f7:a8:6f:53:96:62:89:c1:09:a1:
         c3:c0:2d:73:2b:ca:7f:98:3b:ae:0c:ea:32:b3:00:89:cb:44:
         1e:f4:cd:95:58:90:f5:c6:94:45:20:24:1b:eb:5e:b7:60:f4:
         5a:13:d9:5e:6b:97:3d:0a:50:71:83:f2:40:da:fc:c8:64:1e:
         13:54:74:e3:4a:e1:28:5e:44:d8:fd:cd:b2:08:4a:a9:de:fa:
         1f:c6:71:ce:9c:0c:23:df:6f:24:14:01:2f:e8:16:67:38:e7:
         b8:8f:9e:0a:81:56:9b:96:25:6a:25:72:bf:b1:c3:8e:a4:68:
         7b:af:d0:b5:f2:33:e7:13:e9:fe:16:54:f5:bb:f7:2a:2e:b1:
         be:34:f8:bb:df:32:d2:f1:3e:1a:ea:94:85:37:9e:68:5c:fe:
         d9:46:ad:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1avzgt6ATVIYnHzsxfNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjdmNjg0ODlkYWIzNzJmNzlkNzg2YzhhZjExMTA1ZWU3MTRmOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmibLU1X3jBUm0IYpTiiRD0EcJu41
G8K8jb6218MxPgIgBBJsszoNgo7uq9yckGHJZg5WDekZ+kACij0IklNxJyZWu00I
Vg3s6Ls2jxDCxjYGulGNurI7LHABU8Qg429WZyvCfsAYoq+nbXVAbnS85eh+6/e5
LD1gR7J/wLxHqK3uckKTE9+YgMtXID/Rhcrrkqtr5Q8ngYz1siTRofOu5IiFldkE
tjwpLNpNKgfxRp3WVRa/yPlXp5pRfkJMBGGDEmZJRQMlmo7tIH/vyPB44fKGrlrS
k8QBUMPy+9fg0OFHvVRCfLcYDpg3e09Llpfe336xccNfPiy7JojMc/oltQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIt/aEidqzcvedeGyK8REF7nFPi6MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvaTM5b1NKMnJOeTk1MTRiSXJ4RVFYdWNVLUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwYDMA0G
CSqGSIb3DQEBCwUAA4IBAQBW+SV/kGPGgaMYS6rmdhxZ7f3YlVkeUHZjUuiInHDU
CBIa1WZVOY1ouhrD+L8PPNDL2KSwWf0ZGxKC8CofYb1fyLSlLDGeULjWcsDTRer1
lNVhaadOTJ9i+mjygTIVpqzxyveob1OWYonBCaHDwC1zK8p/mDuuDOoyswCJy0Qe
9M2VWJD1xpRFICQb6163YPRaE9lea5c9ClBxg/JA2vzIZB4TVHTjSuEoXkTY/c2y
CEqp3vofxnHOnAwj328kFAEv6BZnOOe4j54KgVabliVqJXK/scOOpGh7r9C18jPn
E+n+FlT1u/cqLrG+NPi73zLS8T4a6pSFN55oXP7ZRq3U
-----END CERTIFICATE-----