Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/821f35-a880-4d64-adc0-4611046f1a4e/1/F3oEv0QBT7ejRZnF2aTKoyEK5cI.roa
File:                     F3oEv0QBT7ejRZnF2aTKoyEK5cI.roa (raw, json)
Hash identifier:          MTTLBQPL1aOScQOGtAiCwXpSCEzlrz60TWKC9wTFgO4=
Subject key identifier:   17:7A:04:BF:44:01:4F:B7:A3:45:99:C5:D9:A4:CA:A3:21:0A:E5:C2
Certificate issuer:       /CN=3bf468d1515ad6f14ca69cf9c772e5cb57d277d6
Certificate serial:       019424B3C6F32E38491AD08B547D503745E2
Authority key identifier: 3B:F4:68:D1:51:5A:D6:F1:4C:A6:9C:F9:C7:72:E5:CB:57:D2:77:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_Ro0VFa1vFMppz5x3Lly1fSd9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/821f35-a880-4d64-adc0-4611046f1a4e/1/F3oEv0QBT7ejRZnF2aTKoyEK5cI.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199296
IP address blocks:        91.233.136.0/22 maxlen: 22
                          95.141.243.0/24 maxlen: 24
                          2a13:60c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/821f35-a880-4d64-adc0-4611046f1a4e/1/O_Ro0VFa1vFMppz5x3Lly1fSd9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/821f35-a880-4d64-adc0-4611046f1a4e/1/O_Ro0VFa1vFMppz5x3Lly1fSd9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_Ro0VFa1vFMppz5x3Lly1fSd9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c6:f3:2e:38:49:1a:d0:8b:54:7d:50:37:45:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bf468d1515ad6f14ca69cf9c772e5cb57d277d6
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=177a04bf44014fb7a34599c5d9a4caa3210ae5c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7e:9d:8e:5e:11:92:4c:6b:d0:24:a9:cb:b5:
                    7c:db:50:b4:7a:4d:24:e9:c0:8d:63:97:2a:dc:9b:
                    db:f0:33:44:80:a0:b6:ba:d7:cc:d2:70:cc:68:a6:
                    d2:9c:01:04:41:33:47:6e:49:04:80:20:eb:0b:74:
                    df:bb:f7:20:79:d7:02:52:30:16:3b:a7:da:f1:b3:
                    42:13:6c:34:fc:f0:e5:2e:f0:a1:fe:70:ad:2f:6f:
                    62:d7:01:c5:16:f7:2e:27:86:58:2c:06:3a:d1:fd:
                    1e:fa:67:82:43:8d:5f:01:18:2b:36:b0:f3:94:11:
                    ab:39:cb:94:96:bd:7b:40:df:e3:c6:82:12:ad:25:
                    47:9b:4a:4a:c2:53:f7:cd:b5:93:00:54:73:38:2f:
                    19:3e:fe:1f:fd:79:7a:56:02:f6:94:ac:a8:cc:6b:
                    1b:76:8c:ec:2e:04:d6:06:0d:ac:f9:d1:73:27:da:
                    5f:0e:fa:13:e0:8b:43:c8:62:3a:5f:f6:3a:7a:34:
                    87:2a:3e:4a:de:3d:dc:e0:4f:5d:72:f3:e7:f9:22:
                    5d:33:11:8b:7e:c0:ec:da:bf:16:38:30:cf:36:7b:
                    96:e7:b5:cc:8c:44:e6:cd:56:39:b9:fd:e1:47:8d:
                    73:65:f0:dd:72:ec:0c:14:ac:ac:fe:d9:f7:c7:78:
                    1a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7A:04:BF:44:01:4F:B7:A3:45:99:C5:D9:A4:CA:A3:21:0A:E5:C2
            X509v3 Authority Key Identifier:
                keyid:3B:F4:68:D1:51:5A:D6:F1:4C:A6:9C:F9:C7:72:E5:CB:57:D2:77:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_Ro0VFa1vFMppz5x3Lly1fSd9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/821f35-a880-4d64-adc0-4611046f1a4e/1/F3oEv0QBT7ejRZnF2aTKoyEK5cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/821f35-a880-4d64-adc0-4611046f1a4e/1/O_Ro0VFa1vFMppz5x3Lly1fSd9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.136.0/22
                  95.141.243.0/24
                IPv6:
                  2a13:60c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:4e:3e:1f:13:c5:48:46:29:fb:c7:28:70:6e:3b:94:07:78:
         5e:72:b5:fc:c9:6b:bb:b2:df:82:6b:ec:83:e1:08:ec:79:1f:
         82:02:71:17:ae:7c:11:c4:9d:59:ab:fd:c3:3b:d2:82:a1:29:
         8a:26:b5:84:6d:1c:db:1b:36:4f:60:fb:5f:09:0b:eb:78:63:
         e4:97:72:d0:f9:7e:53:ba:cc:c9:5e:71:38:13:6c:49:2b:9f:
         5b:d3:b0:14:43:a3:4c:34:65:44:c0:ee:ae:c3:c7:4a:ca:10:
         e4:80:3b:8f:ea:fe:58:bf:c7:4f:64:97:b7:95:f2:8b:7f:87:
         4d:cc:4d:d3:33:eb:67:b0:7f:d0:72:7b:8b:75:91:07:91:00:
         4a:f1:73:4d:3e:62:cd:0e:37:bc:08:70:7c:c6:ee:72:b3:e0:
         57:e1:71:c7:35:72:3b:0e:c6:c2:52:49:11:9c:db:9d:e0:fb:
         88:03:10:5e:b1:67:4e:68:d8:97:fd:13:55:7c:75:32:c9:fc:
         e4:42:37:ca:59:b9:d1:3e:c0:1c:ff:00:4e:52:f7:f3:76:96:
         bc:c3:35:f6:2b:6c:80:d7:aa:c7:73:be:a2:56:da:56:0b:6c:
         8f:d2:2d:53:87:fa:be:8f:24:a6:02:6c:2b:14:9f:df:c6:82:
         5c:cd:d2:37
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks8bzLjhJGtCLVH1QN0XiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZjQ2OGQxNTE1YWQ2ZjE0Y2E2OWNmOWM3NzJlNWNiNTdk
Mjc3ZDYwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzdhMDRiZjQ0MDE0ZmI3YTM0NTk5YzVkOWE0Y2FhMzIxMGFlNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2X6djl4Rkkxr0CSpy7V821C0ek0k
6cCNY5cq3Jvb8DNEgKC2utfM0nDMaKbSnAEEQTNHbkkEgCDrC3Tfu/cgedcCUjAW
O6fa8bNCE2w0/PDlLvCh/nCtL29i1wHFFvcuJ4ZYLAY60f0e+meCQ41fARgrNrDz
lBGrOcuUlr17QN/jxoISrSVHm0pKwlP3zbWTAFRzOC8ZPv4f/Xl6VgL2lKyozGsb
dozsLgTWBg2s+dFzJ9pfDvoT4ItDyGI6X/Y6ejSHKj5K3j3c4E9dcvPn+SJdMxGL
fsDs2r8WODDPNnuW57XMjETmzVY5uf3hR41zZfDdcuwMFKys/tn3x3gaowIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBd6BL9EAU+3o0WZxdmkyqMhCuXCMB8GA1UdIwQY
MBaAFDv0aNFRWtbxTKac+cdy5ctX0nfWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19SbzBWRmExdkZNcHB6NXgzTGx5MWZTZDlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC84MjFmMzUtYTg4MC00ZDY0LWFkYzAt
NDYxMTA0NmYxYTRlLzEvRjNvRXYwUUJUN2VqUlpuRjJhVEtveUVLNWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC84MjFmMzUtYTg4MC00ZDY0LWFkYzAtNDYxMTA0NmYxYTRl
LzEvT19SbzBWRmExdkZNcHB6NXgzTGx5MWZTZDlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW+mIAwQA
X43zMA0EAgACMAcDBQAqE2DAMA0GCSqGSIb3DQEBCwUAA4IBAQBvTj4fE8VIRin7
xyhwbjuUB3hecrX8yWu7st+Ca+yD4QjseR+CAnEXrnwRxJ1Zq/3DO9KCoSmKJrWE
bRzbGzZPYPtfCQvreGPkl3LQ+X5TuszJXnE4E2xJK59b07AUQ6NMNGVEwO6uw8dK
yhDkgDuP6v5Yv8dPZJe3lfKLf4dNzE3TM+tnsH/QcnuLdZEHkQBK8XNNPmLNDje8
CHB8xu5ys+BX4XHHNXI7DsbCUkkRnNud4PuIAxBesWdOaNiX/RNVfHUyyfzkQjfK
WbnRPsAc/wBOUvfzdpa8wzX2K2yA16rHc76iVtpWC2yP0i1Th/q+jySmAmwrFJ/f
xoJczdI3
-----END CERTIFICATE-----