Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/3OhnsO_HxPVMDn2ivqu7sM8ZJt0.roa
File:                     3OhnsO_HxPVMDn2ivqu7sM8ZJt0.roa (raw, json)
Hash identifier:          oyN77lXqsW7KJfUiUf+JZixgYw5Mi63myk0LsqnoM3M=
Subject key identifier:   DC:E8:67:B0:EF:C7:C4:F5:4C:0E:7D:A2:BE:AB:BB:B0:CF:19:26:DD
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019424449DFBA4865756B4AB53A813C54CB1
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/3OhnsO_HxPVMDn2ivqu7sM8ZJt0.roa
Signing time:             Wed 01 Jan 2025 23:47:44 +0000
ROA not before:           Wed 01 Jan 2025 23:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212516
IP address blocks:        185.184.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9d:fb:a4:86:57:56:b4:ab:53:a8:13:c5:4c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dce867b0efc7c4f54c0e7da2beabbbb0cf1926dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:b1:2d:b3:b7:c5:09:f7:03:63:3c:4f:c4:
                    c4:4d:a7:b9:f1:c1:66:00:b9:89:d4:46:91:c7:d9:
                    ff:98:1d:db:7f:b3:a9:4e:fb:88:92:cc:44:1d:9f:
                    0c:1d:f8:ee:37:51:1e:3f:a4:9c:3b:cb:a6:1a:12:
                    7b:12:50:6e:03:58:b8:92:f4:59:7e:48:77:da:d5:
                    8e:65:21:e1:36:19:f6:5c:1d:ce:9f:59:e6:29:da:
                    f1:58:50:80:2f:5f:62:0c:6f:a9:5e:7c:70:b5:8f:
                    d6:1a:08:dd:50:8e:ac:24:41:0f:bf:1d:70:69:7d:
                    28:f7:64:7a:79:ef:a6:55:e8:09:3a:85:9e:f5:64:
                    04:ba:2e:36:6e:ea:c7:4c:18:20:3c:f1:3a:fa:55:
                    c7:fc:46:2d:29:b7:dd:2d:ab:f5:65:9a:06:51:e6:
                    52:52:bb:ec:2c:e9:d2:4b:b5:36:ad:4c:67:29:67:
                    19:c9:0e:4f:f2:6d:8d:07:1b:57:41:ab:4f:6c:b2:
                    57:ab:82:71:ae:80:71:f9:18:58:49:fd:21:4d:3c:
                    4b:94:02:c9:08:11:b7:2a:35:3c:df:48:d3:5d:e5:
                    32:33:f5:f8:b2:25:1b:59:27:b8:00:0c:f6:e9:9e:
                    9d:ac:20:04:f1:83:a0:c2:4c:64:1f:f2:b3:98:9f:
                    44:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E8:67:B0:EF:C7:C4:F5:4C:0E:7D:A2:BE:AB:BB:B0:CF:19:26:DD
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/3OhnsO_HxPVMDn2ivqu7sM8ZJt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:29:08:af:91:1e:fe:c1:00:69:e1:db:aa:bf:ed:26:f0:fa:
         14:cc:02:03:7d:ea:08:e7:4c:3a:fd:83:fa:6a:bf:24:bd:68:
         e8:6f:0d:1b:74:c0:79:ce:ce:cf:41:f4:43:eb:7a:64:00:37:
         b2:d9:ed:81:8f:88:d3:d1:5f:45:23:10:83:ec:e8:2d:93:80:
         3e:69:0d:bd:1f:1b:31:d7:ee:7e:23:db:36:96:35:ed:6f:9d:
         ae:df:58:dd:01:b4:65:a0:03:51:32:1a:7e:af:dc:75:55:08:
         ab:7a:df:c3:f8:21:4d:38:2a:2f:d7:e8:77:6c:a0:43:4f:c1:
         f5:b1:dc:02:53:76:3c:5e:2a:d5:20:ff:f1:a0:0c:b3:3a:f0:
         8c:27:f7:d4:da:e2:c8:09:77:50:07:a3:f8:91:ba:29:f5:d3:
         26:5a:d4:d9:fa:8f:2d:0d:6c:c6:a2:76:a7:2e:ac:be:bd:4a:
         bc:1c:fd:3c:a5:96:bc:5e:dd:e3:98:d5:fd:b5:20:47:6e:9c:
         e9:8c:91:1e:3e:04:d3:15:a3:4a:8d:28:c5:71:62:c8:9f:2b:
         b6:73:8a:3d:40:c5:7b:df:40:bf:0d:35:cc:25:9d:1a:b5:a6:
         ee:2a:6b:30:0a:f6:7b:7f:60:95:aa:f1:ac:1c:ce:59:2e:30:
         09:7d:61:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJ37pIZXVrSrU6gTxUyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2U4NjdiMGVmYzdjNGY1NGMwZTdkYTJiZWFiYmJiMGNmMTkyNmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/ixLbO3xQn3A2M8T8TETae58cFm
ALmJ1EaRx9n/mB3bf7OpTvuIksxEHZ8MHfjuN1EeP6ScO8umGhJ7ElBuA1i4kvRZ
fkh32tWOZSHhNhn2XB3On1nmKdrxWFCAL19iDG+pXnxwtY/WGgjdUI6sJEEPvx1w
aX0o92R6ee+mVegJOoWe9WQEui42burHTBggPPE6+lXH/EYtKbfdLav1ZZoGUeZS
UrvsLOnSS7U2rUxnKWcZyQ5P8m2NBxtXQatPbLJXq4JxroBx+RhYSf0hTTxLlALJ
CBG3KjU830jTXeUyM/X4siUbWSe4AAz26Z6drCAE8YOgwkxkH/KzmJ9EKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzoZ7Dvx8T1TA59or6ru7DPGSbdMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvM09obnNPX0h4UFZNRG4yaXZxdTdzTThaSnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjdMA0G
CSqGSIb3DQEBCwUAA4IBAQAkKQivkR7+wQBp4duqv+0m8PoUzAIDfeoI50w6/YP6
ar8kvWjobw0bdMB5zs7PQfRD63pkADey2e2Bj4jT0V9FIxCD7Ogtk4A+aQ29Hxsx
1+5+I9s2ljXtb52u31jdAbRloANRMhp+r9x1VQiret/D+CFNOCov1+h3bKBDT8H1
sdwCU3Y8XirVIP/xoAyzOvCMJ/fU2uLICXdQB6P4kbop9dMmWtTZ+o8tDWzGonan
Lqy+vUq8HP08pZa8Xt3jmNX9tSBHbpzpjJEePgTTFaNKjSjFcWLInyu2c4o9QMV7
30C/DTXMJZ0atabuKmswCvZ7f2CVqvGsHM5ZLjAJfWHD
-----END CERTIFICATE-----