Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3c5026-5011-4689-8367-7b4e5e184735/1/PQ28rfbk5yXRYjcz-QOCkZ4ENM0.roa
File:                     PQ28rfbk5yXRYjcz-QOCkZ4ENM0.roa (raw, json)
Hash identifier:          YSotQz0qiTv7LM37y7e6zhLaYImvG6ufZU+Z40/a72I=
Subject key identifier:   3D:0D:BC:AD:F6:E4:E7:25:D1:62:37:33:F9:03:82:91:9E:04:34:CD
Certificate issuer:       /CN=3fcff98aaa5b48dc6158d2fc65f25c5097b5e26a
Certificate serial:       0194258E90E0F0B3D0620C0249FFCFB8EC01
Authority key identifier: 3F:CF:F9:8A:AA:5B:48:DC:61:58:D2:FC:65:F2:5C:50:97:B5:E2:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P8_5iqpbSNxhWNL8ZfJcUJe14mo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3c5026-5011-4689-8367-7b4e5e184735/1/PQ28rfbk5yXRYjcz-QOCkZ4ENM0.roa
Signing time:             Thu 02 Jan 2025 05:48:07 +0000
ROA not before:           Thu 02 Jan 2025 05:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214087
IP address blocks:        185.184.30.0/24 maxlen: 24
                          185.184.31.0/24 maxlen: 24
                          2a10:ac82::/32 maxlen: 32
                          2a10:ac83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3c5026-5011-4689-8367-7b4e5e184735/1/P8_5iqpbSNxhWNL8ZfJcUJe14mo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3c5026-5011-4689-8367-7b4e5e184735/1/P8_5iqpbSNxhWNL8ZfJcUJe14mo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P8_5iqpbSNxhWNL8ZfJcUJe14mo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:90:e0:f0:b3:d0:62:0c:02:49:ff:cf:b8:ec:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fcff98aaa5b48dc6158d2fc65f25c5097b5e26a
        Validity
            Not Before: Jan  2 05:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d0dbcadf6e4e725d1623733f90382919e0434cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1d:cc:33:2f:45:e6:94:5a:8d:86:2b:a8:10:
                    ea:1e:79:7f:60:7f:47:1c:84:9e:31:1e:e4:2e:0b:
                    78:f6:c7:a3:07:ac:b5:be:6c:bc:21:3c:3a:da:7b:
                    b3:63:b0:02:a2:55:76:c0:04:ac:b7:03:52:17:98:
                    8b:50:93:be:ac:44:25:54:58:f3:19:22:c5:67:df:
                    64:58:0d:4a:75:83:83:fb:93:b6:eb:1e:80:e1:ae:
                    b8:bf:88:4f:eb:33:b4:de:c1:a5:a1:01:03:df:62:
                    6c:d3:f8:20:5a:ea:a3:f9:95:fc:c0:03:1d:3e:9f:
                    4d:57:18:ee:4c:6a:ee:4c:cc:1b:98:d2:a7:5b:58:
                    2e:a8:fd:07:0a:2b:3f:c4:ff:03:18:08:68:82:a2:
                    bf:66:5d:03:7a:aa:2e:94:9a:8e:bf:a1:d5:94:04:
                    c0:6e:7e:e0:d3:0a:f8:26:0b:6c:b2:7c:89:1e:ec:
                    29:2a:a2:18:66:2b:91:1e:d5:3f:77:fd:2d:6d:ec:
                    71:dc:81:73:e5:4e:85:7a:81:bc:12:04:a8:7c:a8:
                    c2:88:52:7f:95:ee:aa:0c:c4:c5:ef:74:93:12:4b:
                    6f:b7:c2:a1:84:0a:e3:f1:9b:f6:41:c3:21:f1:ca:
                    e4:ce:e4:45:eb:a8:e7:35:74:6d:fe:22:c1:13:bd:
                    3e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:0D:BC:AD:F6:E4:E7:25:D1:62:37:33:F9:03:82:91:9E:04:34:CD
            X509v3 Authority Key Identifier:
                keyid:3F:CF:F9:8A:AA:5B:48:DC:61:58:D2:FC:65:F2:5C:50:97:B5:E2:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P8_5iqpbSNxhWNL8ZfJcUJe14mo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3c5026-5011-4689-8367-7b4e5e184735/1/PQ28rfbk5yXRYjcz-QOCkZ4ENM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3c5026-5011-4689-8367-7b4e5e184735/1/P8_5iqpbSNxhWNL8ZfJcUJe14mo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.30.0/23
                IPv6:
                  2a10:ac82::/31

    Signature Algorithm: sha256WithRSAEncryption
         46:7d:94:6f:e9:bf:7e:35:27:3a:33:69:9d:e4:73:82:b1:dc:
         36:b8:7c:ee:ed:22:21:f8:3c:31:b9:c6:d3:1b:98:c0:5a:a9:
         a0:e5:a5:5d:3f:80:69:bf:44:63:bc:5a:b3:8b:3f:fb:ad:71:
         e1:d3:58:9d:1a:9f:7d:86:b4:95:89:37:b5:5a:ed:36:9e:a6:
         ed:c4:b5:5d:c1:9e:09:16:b5:2e:6c:eb:7d:92:e5:5d:bc:44:
         75:18:ed:27:dd:52:15:5a:01:d4:e6:41:d9:23:91:ba:b3:8e:
         4c:34:a4:75:4a:88:66:c8:0c:8d:31:8b:04:31:a8:b6:d2:75:
         af:74:af:d8:26:e1:0f:96:7b:f1:01:ee:d1:d0:78:d1:8b:8b:
         7a:bf:ce:5b:43:35:e7:35:a0:8c:b5:3f:fa:73:d4:ef:1a:de:
         d3:2b:6a:bc:5e:52:e0:6e:0a:95:c5:43:ec:38:56:6a:d6:c1:
         d5:88:fd:04:08:72:79:e7:5c:9b:cd:ff:3a:c4:8a:71:e6:db:
         aa:f5:00:66:a5:e2:a9:4e:3d:7a:22:8c:70:df:33:b9:c2:ba:
         23:76:ba:d7:59:55:17:30:1a:63:1e:22:e2:b8:ca:35:9e:40:
         6b:f6:88:27:a7:c0:ed:32:3a:b4:5f:a8:58:d6:12:28:f2:61:
         6a:08:1f:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljpDg8LPQYgwCSf/PuOwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmY2ZmOThhYWE1YjQ4ZGM2MTU4ZDJmYzY1ZjI1YzUwOTdi
NWUyNmEwHhcNMjUwMTAyMDU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDBkYmNhZGY2ZTRlNzI1ZDE2MjM3MzNmOTAzODI5MTllMDQzNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3MMy9F5pRajYYrqBDqHnl/YH9H
HISeMR7kLgt49sejB6y1vmy8ITw62nuzY7AColV2wASstwNSF5iLUJO+rEQlVFjz
GSLFZ99kWA1KdYOD+5O26x6A4a64v4hP6zO03sGloQED32Js0/ggWuqj+ZX8wAMd
Pp9NVxjuTGruTMwbmNKnW1guqP0HCis/xP8DGAhogqK/Zl0DeqoulJqOv6HVlATA
bn7g0wr4JgtssnyJHuwpKqIYZiuRHtU/d/0tbexx3IFz5U6FeoG8EgSofKjCiFJ/
le6qDMTF73STEktvt8KhhArj8Zv2QcMh8crkzuRF66jnNXRt/iLBE70+IQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD0NvK325Ocl0WI3M/kDgpGeBDTNMB8GA1UdIwQY
MBaAFD/P+YqqW0jcYVjS/GXyXFCXteJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDhfNWlxcGJTTnhoV05MOFpmSmNVSmUxNG1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zYzUwMjYtNTAxMS00Njg5LTgzNjct
N2I0ZTVlMTg0NzM1LzEvUFEyOHJmYms1eVhSWWpjei1RT0NrWjRFTk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zYzUwMjYtNTAxMS00Njg5LTgzNjctN2I0ZTVlMTg0NzM1
LzEvUDhfNWlxcGJTTnhoV05MOFpmSmNVSmUxNG1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBubgeMA0E
AgACMAcDBQEqEKyCMA0GCSqGSIb3DQEBCwUAA4IBAQBGfZRv6b9+NSc6M2md5HOC
sdw2uHzu7SIh+DwxucbTG5jAWqmg5aVdP4Bpv0RjvFqziz/7rXHh01idGp99hrSV
iTe1Wu02nqbtxLVdwZ4JFrUubOt9kuVdvER1GO0n3VIVWgHU5kHZI5G6s45MNKR1
SohmyAyNMYsEMai20nWvdK/YJuEPlnvxAe7R0HjRi4t6v85bQzXnNaCMtT/6c9Tv
Gt7TK2q8XlLgbgqVxUPsOFZq1sHViP0ECHJ551ybzf86xIpx5tuq9QBmpeKpTj16
Ioxw3zO5wrojdrrXWVUXMBpjHiLiuMo1nkBr9ognp8DtMjq0X6hY1hIo8mFqCB8O
-----END CERTIFICATE-----