Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/PHlmZzsVHNdtkbgZZGVIzuxsSOI.roa
File:                     PHlmZzsVHNdtkbgZZGVIzuxsSOI.roa (raw, json)
Hash identifier:          nURq80w5QR4Tg4i37nqE1f7UXJnobOs0QVmX70MkIAU=
Subject key identifier:   3C:79:66:67:3B:15:1C:D7:6D:91:B8:19:64:65:48:CE:EC:6C:48:E2
Certificate issuer:       /CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
Certificate serial:       01961ED3628E8350F2BBBDD0F00B9D73FC8E
Authority key identifier: B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/PHlmZzsVHNdtkbgZZGVIzuxsSOI.roa
Signing time:             Thu 10 Apr 2025 08:31:31 +0000
ROA not before:           Thu 10 Apr 2025 08:31:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        79.110.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:d3:62:8e:83:50:f2:bb:bd:d0:f0:0b:9d:73:fc:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3674e822f3876d27deaed5f66dbe9c1a422eb16
        Validity
            Not Before: Apr 10 08:31:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c7966673b151cd76d91b819646548ceec6c48e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f8:51:d3:31:cc:f2:ef:8d:c2:05:f1:7d:5b:
                    1a:ca:69:48:f2:2e:6a:2f:8b:9d:5a:87:ba:0e:71:
                    dc:a9:f6:3c:7c:b2:36:4f:a2:37:de:33:fd:06:d7:
                    5c:e1:af:46:9c:1b:8e:64:c4:d7:b8:35:d4:5f:05:
                    ad:68:fb:c8:27:d0:90:65:25:61:33:86:f0:11:08:
                    0d:07:05:29:e4:fe:31:b3:80:bc:c0:cc:2f:1f:56:
                    7f:96:92:e5:a9:53:a7:cd:4c:46:d8:e6:30:b3:aa:
                    66:b2:8c:65:da:99:74:2b:5d:61:3d:ac:85:e1:06:
                    8a:aa:49:3d:d2:eb:a0:94:d9:f3:a3:cc:79:84:5b:
                    af:f0:1b:ff:ce:f2:1a:bb:a2:17:78:de:a4:6a:e1:
                    08:27:15:b6:38:0c:0b:a2:d3:e3:53:79:7f:35:8e:
                    bf:49:17:ad:21:91:0b:4e:c6:9f:eb:96:9f:d7:1c:
                    75:bc:a3:39:d5:d5:6b:bb:10:42:73:32:e3:13:e2:
                    c1:b7:83:ea:22:78:68:36:89:ab:51:d7:5d:ac:7c:
                    2c:86:c2:b9:11:f3:ab:da:fe:9d:59:05:eb:e3:f3:
                    99:82:d0:b1:e9:35:1f:79:29:bc:0e:5b:3d:29:f6:
                    2d:4e:41:60:a3:5a:2d:44:82:6a:1e:af:11:ac:91:
                    db:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:79:66:67:3B:15:1C:D7:6D:91:B8:19:64:65:48:CE:EC:6C:48:E2
            X509v3 Authority Key Identifier:
                keyid:B3:67:4E:82:2F:38:76:D2:7D:EA:ED:5F:66:DB:E9:C1:A4:22:EB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2dOgi84dtJ96u1fZtvpwaQi6xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/PHlmZzsVHNdtkbgZZGVIzuxsSOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/393251-b488-40d3-be39-f8f08fe64838/1/s2dOgi84dtJ96u1fZtvpwaQi6xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:0d:9b:f2:d1:37:58:aa:5b:99:61:20:b4:bc:11:d0:b7:ff:
         c4:80:94:4c:d9:a1:b2:df:d3:77:5d:79:e6:00:78:ee:13:01:
         e8:08:83:79:05:08:98:8c:54:b0:32:33:32:dd:6a:d3:d1:62:
         79:91:c0:17:0c:de:0c:22:a3:cd:da:b5:2b:2e:28:3c:ba:e8:
         cf:22:8b:8a:eb:9a:a5:0b:d6:c0:19:6f:09:0b:01:dc:b8:1c:
         8c:f8:49:5e:8d:ed:ae:7c:87:53:3d:96:1b:d9:ee:2f:e2:fa:
         12:12:e4:a2:d3:e2:5d:1a:ba:b5:91:60:91:05:af:62:22:13:
         34:4c:ce:88:ea:f2:5f:35:c8:58:2d:a4:ab:0b:fc:f6:3b:0d:
         30:4e:65:d2:9c:e7:f2:c0:32:f5:a2:25:c5:f1:a7:85:ee:e6:
         7b:92:f8:e2:19:52:e8:d5:b7:bb:37:83:65:43:38:87:29:12:
         d5:33:e0:b3:79:69:7c:8c:d6:93:eb:cd:0e:9a:cb:ef:a1:8d:
         9e:c9:a5:ab:4e:8a:b0:a6:6c:d9:0a:18:92:fc:cb:16:3f:b5:
         33:3c:56:84:f8:ec:42:34:94:e5:67:7b:48:a0:d5:87:b5:6b:
         7a:0b:fc:db:45:2e:0d:84:37:c9:f3:90:a9:3c:35:ca:48:97:
         94:b8:3d:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYe02KOg1Dyu73Q8Audc/yOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjc0ZTgyMmYzODc2ZDI3ZGVhZWQ1ZjY2ZGJlOWMxYTQy
MmViMTYwHhcNMjUwNDEwMDgzMTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc5NjY2NzNiMTUxY2Q3NmQ5MWI4MTk2NDY1NDhjZWVjNmM0OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/hR0zHM8u+NwgXxfVsaymlI8i5q
L4udWoe6DnHcqfY8fLI2T6I33jP9Btdc4a9GnBuOZMTXuDXUXwWtaPvIJ9CQZSVh
M4bwEQgNBwUp5P4xs4C8wMwvH1Z/lpLlqVOnzUxG2OYws6pmsoxl2pl0K11hPayF
4QaKqkk90uuglNnzo8x5hFuv8Bv/zvIau6IXeN6kauEIJxW2OAwLotPjU3l/NY6/
SRetIZELTsaf65af1xx1vKM51dVruxBCczLjE+LBt4PqInhoNomrUdddrHwshsK5
EfOr2v6dWQXr4/OZgtCx6TUfeSm8Dls9KfYtTkFgo1otRIJqHq8RrJHb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx5Zmc7FRzXbZG4GWRlSM7sbEjiMB8GA1UdIwQY
MBaAFLNnToIvOHbSfertX2bb6cGkIusWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzkt
ZjhmMDhmZTY0ODM4LzEvUEhsbVp6c1ZITmR0a2JnWlpHVkl6dXhzU09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zOTMyNTEtYjQ4OC00MGQzLWJlMzktZjhmMDhmZTY0ODM4
LzEvczJkT2dpODRkdEo5NnUxZlp0dnB3YVFpNnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27uMA0G
CSqGSIb3DQEBCwUAA4IBAQC2DZvy0TdYqluZYSC0vBHQt//EgJRM2aGy39N3XXnm
AHjuEwHoCIN5BQiYjFSwMjMy3WrT0WJ5kcAXDN4MIqPN2rUrLig8uujPIouK65ql
C9bAGW8JCwHcuByM+Eleje2ufIdTPZYb2e4v4voSEuSi0+JdGrq1kWCRBa9iIhM0
TM6I6vJfNchYLaSrC/z2Ow0wTmXSnOfywDL1oiXF8aeF7uZ7kvjiGVLo1be7N4Nl
QziHKRLVM+CzeWl8jNaT680OmsvvoY2eyaWrToqwpmzZChiS/MsWP7UzPFaE+OxC
NJTlZ3tIoNWHtWt6C/zbRS4NhDfJ85CpPDXKSJeUuD2h
-----END CERTIFICATE-----