Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/3KVjDh6tV6LcIk6BDE6xPuXzBDM.roa
File:                     3KVjDh6tV6LcIk6BDE6xPuXzBDM.roa (raw, json)
Hash identifier:          bQvllPBonHjb5qHCFeaDeGABQpp//k5Dnzxk+0td390=
Subject key identifier:   DC:A5:63:0E:1E:AD:57:A2:DC:22:4E:81:0C:4E:B1:3E:E5:F3:04:33
Certificate issuer:       /CN=af934ec694af68134b7514c10dcd13857b459e38
Certificate serial:       01942445A88CD300F93FF9317E82B9EF6493
Authority key identifier: AF:93:4E:C6:94:AF:68:13:4B:75:14:C1:0D:CD:13:85:7B:45:9E:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/3KVjDh6tV6LcIk6BDE6xPuXzBDM.roa
Signing time:             Wed 01 Jan 2025 23:48:52 +0000
ROA not before:           Wed 01 Jan 2025 23:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61193
IP address blocks:        213.232.198.0/24 maxlen: 24
                          2a10:dc00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a8:8c:d3:00:f9:3f:f9:31:7e:82:b9:ef:64:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af934ec694af68134b7514c10dcd13857b459e38
        Validity
            Not Before: Jan  1 23:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dca5630e1ead57a2dc224e810c4eb13ee5f30433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0c:37:a7:d3:9b:04:a0:15:a9:09:b8:ee:ff:
                    41:29:45:0d:54:6a:8f:ab:aa:7d:e5:c5:df:a2:79:
                    4f:0c:21:b2:3d:92:1a:fa:2b:87:a1:54:df:69:8b:
                    12:df:10:8f:07:bb:5d:6f:c4:cd:95:f1:67:71:61:
                    93:e3:9d:8f:91:22:16:4b:bc:c1:93:5c:05:52:3c:
                    49:f4:bc:09:54:05:78:2a:1a:f1:5b:be:23:fc:e9:
                    4b:98:ec:01:34:3b:cb:64:14:f7:aa:31:e5:77:61:
                    92:f8:98:c7:74:7f:12:c7:8a:f2:b6:cc:62:a2:f5:
                    2c:68:7e:ea:01:b6:51:0d:22:ad:ed:9a:8d:80:3b:
                    bb:4f:c1:5a:3a:36:6f:dd:9f:af:df:06:00:3a:c5:
                    2f:51:9a:e6:03:6c:33:da:a2:39:e9:96:ac:e9:5c:
                    9e:5d:24:25:88:c8:71:85:31:8c:e3:6d:7a:b6:95:
                    a3:82:93:c1:3d:2c:f6:76:66:18:94:c6:3f:c2:df:
                    75:83:03:a2:bd:e3:8e:95:db:6e:ea:86:6d:39:23:
                    f8:93:08:92:92:f0:d3:11:b6:c9:af:d8:a2:a4:76:
                    1d:40:87:91:78:53:3d:59:f5:5f:c1:62:a6:68:a4:
                    a2:9b:40:6d:aa:bd:52:d8:aa:0d:b9:5a:81:19:93:
                    44:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A5:63:0E:1E:AD:57:A2:DC:22:4E:81:0C:4E:B1:3E:E5:F3:04:33
            X509v3 Authority Key Identifier:
                keyid:AF:93:4E:C6:94:AF:68:13:4B:75:14:C1:0D:CD:13:85:7B:45:9E:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/3KVjDh6tV6LcIk6BDE6xPuXzBDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.198.0/24
                IPv6:
                  2a10:dc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:a7:b3:fb:a5:ba:87:fe:6d:bc:bc:ea:f8:26:fb:88:b9:a8:
         3f:fe:f5:33:63:f0:9f:c9:37:65:1a:cf:e3:f1:1c:81:76:5e:
         7a:91:36:9f:20:b7:3d:ef:9b:5e:94:5c:c6:46:7d:07:9b:ed:
         6b:3a:15:a8:fa:3a:9e:25:46:10:4d:8e:de:26:17:7a:2b:6e:
         bc:4f:a4:eb:d7:0b:31:5a:e2:75:5c:fe:38:34:32:13:0c:25:
         51:e4:17:d8:43:f1:04:f3:8e:fe:20:b3:54:17:47:81:a0:1d:
         61:e6:d2:4a:c0:77:e7:c5:83:ca:ab:0f:36:8b:32:78:f0:ff:
         da:1e:33:7a:e9:1f:b8:ce:6e:22:e1:74:3c:cd:02:ac:ce:77:
         65:14:7e:38:dd:4b:70:8b:53:a9:d1:20:93:3f:c7:ed:c4:10:
         0f:aa:c2:d7:0c:50:72:92:db:12:6a:51:95:f0:9e:92:2c:fd:
         91:b0:ef:3d:cb:e1:77:3d:9f:47:6f:fc:29:fa:c3:8e:c7:4a:
         48:1f:fd:c1:1d:2d:d5:32:fe:95:42:f3:31:a1:b1:75:f2:19:
         16:0a:d3:f0:e4:e3:13:18:a6:fa:a6:de:6a:f1:4d:f1:cf:db:
         41:ff:a2:00:fb:60:88:a6:68:d9:f4:dd:fc:a9:a7:c3:24:7d:
         ea:34:d4:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRaiM0wD5P/kxfoK572STMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmOTM0ZWM2OTRhZjY4MTM0Yjc1MTRjMTBkY2QxMzg1N2I0
NTllMzgwHhcNMjUwMTAxMjM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E1NjMwZTFlYWQ1N2EyZGMyMjRlODEwYzRlYjEzZWU1ZjMwNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngw3p9ObBKAVqQm47v9BKUUNVGqP
q6p95cXfonlPDCGyPZIa+iuHoVTfaYsS3xCPB7tdb8TNlfFncWGT452PkSIWS7zB
k1wFUjxJ9LwJVAV4KhrxW74j/OlLmOwBNDvLZBT3qjHld2GS+JjHdH8Sx4rytsxi
ovUsaH7qAbZRDSKt7ZqNgDu7T8FaOjZv3Z+v3wYAOsUvUZrmA2wz2qI56Zas6Vye
XSQliMhxhTGM4216tpWjgpPBPSz2dmYYlMY/wt91gwOiveOOldtu6oZtOSP4kwiS
kvDTEbbJr9iipHYdQIeReFM9WfVfwWKmaKSim0Btqr1S2KoNuVqBGZNEnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNylYw4erVei3CJOgQxOsT7l8wQzMB8GA1UdIwQY
MBaAFK+TTsaUr2gTS3UUwQ3NE4V7RZ44MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjVOT3hwU3ZhQk5MZFJUQkRjMFRoWHRGbmpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85OWJlODAtMTUyYy00YjY1LThiMzIt
MDcxOGFhOGRkOWE3LzEvM0tWakRoNnRWNkxjSWs2QkRFNnhQdVh6QkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85OWJlODAtMTUyYy00YjY1LThiMzItMDcxOGFhOGRkOWE3
LzEvcjVOT3hwU3ZhQk5MZFJUQkRjMFRoWHRGbmpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1ejGMA0E
AgACMAcDBQMqENwAMA0GCSqGSIb3DQEBCwUAA4IBAQAIp7P7pbqH/m28vOr4JvuI
uag//vUzY/CfyTdlGs/j8RyBdl56kTafILc975telFzGRn0Hm+1rOhWo+jqeJUYQ
TY7eJhd6K268T6Tr1wsxWuJ1XP44NDITDCVR5BfYQ/EE847+ILNUF0eBoB1h5tJK
wHfnxYPKqw82izJ48P/aHjN66R+4zm4i4XQ8zQKszndlFH443Utwi1Op0SCTP8ft
xBAPqsLXDFByktsSalGV8J6SLP2RsO89y+F3PZ9Hb/wp+sOOx0pIH/3BHS3VMv6V
QvMxobF18hkWCtPw5OMTGKb6pt5q8U3xz9tB/6IA+2CIpmjZ9N38qafDJH3qNNRc
-----END CERTIFICATE-----