Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/3DmQglNYTP4uMHxeyPPkfa8kN5Q.roa
File:                     3DmQglNYTP4uMHxeyPPkfa8kN5Q.roa (raw, json)
Hash identifier:          ynop3XomNcYONsLi+FpslqEY0bVbgvKa90SPiuK02bA=
Subject key identifier:   DC:39:90:82:53:58:4C:FE:2E:30:7C:5E:C8:F3:E4:7D:AF:24:37:94
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019504DCEF1A78EF60F5FE3EE01E35B27006
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/3DmQglNYTP4uMHxeyPPkfa8kN5Q.roa
Signing time:             Fri 14 Feb 2025 14:29:02 +0000
ROA not before:           Fri 14 Feb 2025 14:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4515
IP address blocks:        213.18.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:04:dc:ef:1a:78:ef:60:f5:fe:3e:e0:1e:35:b2:70:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Feb 14 14:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc39908253584cfe2e307c5ec8f3e47daf243794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c6:e5:de:ed:1c:5c:0d:b6:2f:c5:21:72:5e:
                    a0:ca:fc:d4:2f:b8:b1:a4:cb:c8:f0:ac:13:e0:19:
                    0a:6a:c8:dc:be:ba:12:32:4b:df:ad:0d:f3:62:a8:
                    64:08:bc:74:ba:b0:6c:6e:39:3c:7b:3d:bf:f1:1d:
                    b8:41:9a:9b:13:11:1f:ef:60:c5:a2:9a:d9:24:55:
                    0e:52:b4:f0:62:4b:3c:11:bf:2c:72:fb:cd:e2:d5:
                    d5:3e:53:82:67:41:54:c8:05:95:6b:4b:e4:5d:bd:
                    8a:32:8d:2c:8d:a5:2d:00:e0:43:21:2c:b3:ab:df:
                    c0:39:b5:44:4d:20:8f:32:2e:bc:3b:31:f6:b3:af:
                    be:cc:cf:c1:56:b8:db:b6:a6:e0:1b:01:1f:d3:2e:
                    90:e3:73:ce:38:5b:c6:cd:81:22:6c:c3:e8:69:6c:
                    71:50:30:24:b5:b7:b0:e9:a9:a5:06:42:64:81:7d:
                    34:cf:5c:50:dc:0d:6b:5e:a5:3d:c8:eb:12:8f:08:
                    c4:54:0f:c6:f4:46:b0:df:49:52:4b:3a:ae:83:a5:
                    e7:5a:82:30:81:5c:60:e3:55:46:a7:18:e5:bd:60:
                    2b:51:a6:be:38:b6:75:d0:52:86:df:bd:d7:2a:b6:
                    6d:c4:e0:f2:76:27:64:52:5a:ba:d9:87:a7:a1:cc:
                    d3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:39:90:82:53:58:4C:FE:2E:30:7C:5E:C8:F3:E4:7D:AF:24:37:94
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/3DmQglNYTP4uMHxeyPPkfa8kN5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.18.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:5b:b7:4e:af:7c:4c:71:21:4d:26:fa:85:ee:2f:7b:22:43:
         37:a8:d8:aa:d2:80:9c:63:65:a5:d6:72:2a:66:c4:50:20:04:
         28:0b:9c:63:7a:2f:56:62:17:36:f5:92:57:93:92:4b:18:eb:
         94:35:e4:63:f6:d4:ef:d0:78:c2:1d:e7:b5:7f:c0:45:32:59:
         36:c4:fa:04:ea:2d:a5:f1:90:68:dd:5b:35:5f:62:ad:ec:71:
         bc:07:09:84:33:09:ae:ea:34:92:30:0d:e7:fd:5b:18:c1:7e:
         2d:02:b8:48:6d:4b:5f:6b:f7:33:3c:3c:98:c0:61:26:52:ae:
         06:1c:74:91:36:22:88:fd:da:32:4f:77:06:a3:f1:7b:70:26:
         6e:d6:b4:24:4f:5c:b0:43:a4:72:57:90:52:1d:b3:0f:8e:05:
         39:e6:66:49:9f:cd:4b:fb:85:4a:3d:60:f9:db:7c:d8:3e:25:
         c2:af:31:7c:2f:93:7b:f9:1f:c8:0a:a2:69:da:d9:de:c5:d4:
         f0:5a:ac:59:fa:7e:5d:69:6e:ea:4a:99:81:7c:77:a5:cf:41:
         36:e3:e1:6f:db:df:89:c6:d3:97:20:dd:ee:71:28:3a:13:bd:
         9c:9b:5d:31:9f:1f:fc:f0:d9:6a:3e:54:69:38:d8:9a:42:81:
         37:62:ea:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUE3O8aeO9g9f4+4B41snAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMjE0MTQyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM5OTA4MjUzNTg0Y2ZlMmUzMDdjNWVjOGYzZTQ3ZGFmMjQzNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8bl3u0cXA22L8Uhcl6gyvzUL7ix
pMvI8KwT4BkKasjcvroSMkvfrQ3zYqhkCLx0urBsbjk8ez2/8R24QZqbExEf72DF
oprZJFUOUrTwYks8Eb8scvvN4tXVPlOCZ0FUyAWVa0vkXb2KMo0sjaUtAOBDISyz
q9/AObVETSCPMi68OzH2s6++zM/BVrjbtqbgGwEf0y6Q43POOFvGzYEibMPoaWxx
UDAktbew6amlBkJkgX00z1xQ3A1rXqU9yOsSjwjEVA/G9Eaw30lSSzqug6XnWoIw
gVxg41VGpxjlvWArUaa+OLZ10FKG373XKrZtxODydidkUlq62YenoczTvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNw5kIJTWEz+LjB8Xsjz5H2vJDeUMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvM0RtUWdsTllUUDR1TUh4ZXlQUGtmYThrTjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1RLEMA0G
CSqGSIb3DQEBCwUAA4IBAQA3W7dOr3xMcSFNJvqF7i97IkM3qNiq0oCcY2Wl1nIq
ZsRQIAQoC5xjei9WYhc29ZJXk5JLGOuUNeRj9tTv0HjCHee1f8BFMlk2xPoE6i2l
8ZBo3Vs1X2Kt7HG8BwmEMwmu6jSSMA3n/VsYwX4tArhIbUtfa/czPDyYwGEmUq4G
HHSRNiKI/doyT3cGo/F7cCZu1rQkT1ywQ6RyV5BSHbMPjgU55mZJn81L+4VKPWD5
23zYPiXCrzF8L5N7+R/ICqJp2tnexdTwWqxZ+n5daW7qSpmBfHelz0E24+Fv29+J
xtOXIN3ucSg6E72cm10xnx/88NlqPlRpONiaQoE3Yupi
-----END CERTIFICATE-----