Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/3wD7YASUrL3NpA7N1DKGwyMvpW8.roa
File:                     3wD7YASUrL3NpA7N1DKGwyMvpW8.roa (raw, json)
Hash identifier:          E3LCGPj2WzMDsMMPMtvTWx8+o6rGMeVTiLG80T025To=
Subject key identifier:   DF:00:FB:60:04:94:AC:BD:CD:A4:0E:CD:D4:32:86:C3:23:2F:A5:6F
Certificate issuer:       /CN=b60d6ca95e2770f55340d909ec7c97eeca3fe20e
Certificate serial:       0194228D18E4A7367D499FE7138CFE92B955
Authority key identifier: B6:0D:6C:A9:5E:27:70:F5:53:40:D9:09:EC:7C:97:EE:CA:3F:E2:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tg1sqV4ncPVTQNkJ7HyX7so_4g4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/3wD7YASUrL3NpA7N1DKGwyMvpW8.roa
Signing time:             Wed 01 Jan 2025 15:47:39 +0000
ROA not before:           Wed 01 Jan 2025 15:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204634
IP address blocks:        185.248.130.0/24 maxlen: 24
                          185.248.131.0/24 maxlen: 24
                          194.31.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/tg1sqV4ncPVTQNkJ7HyX7so_4g4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/tg1sqV4ncPVTQNkJ7HyX7so_4g4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tg1sqV4ncPVTQNkJ7HyX7so_4g4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:18:e4:a7:36:7d:49:9f:e7:13:8c:fe:92:b9:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60d6ca95e2770f55340d909ec7c97eeca3fe20e
        Validity
            Not Before: Jan  1 15:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df00fb600494acbdcda40ecdd43286c3232fa56f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5f:1b:01:2f:59:71:f9:93:ec:08:0b:45:50:
                    a7:e1:e5:00:da:d0:1a:63:96:82:5f:17:c2:b9:1c:
                    d5:81:be:fd:9c:27:ad:35:cf:e3:99:d9:cc:75:4b:
                    f6:b0:60:60:f4:e0:35:4a:2d:fb:26:b0:e9:93:52:
                    67:ae:d3:93:c7:d1:58:ac:23:31:66:c8:ca:b2:2e:
                    c7:7c:ed:b2:c0:ec:dc:f0:61:45:19:7c:c0:c9:e3:
                    be:91:bd:b5:b3:e5:4a:0b:1a:9b:b5:a6:20:cb:1a:
                    ec:f5:06:76:73:06:8f:ce:ad:09:92:ae:d6:30:f5:
                    22:2b:72:60:96:20:19:9a:02:8d:0f:f4:b7:5d:06:
                    10:3d:5a:79:ba:44:36:b9:af:2f:a0:b5:3b:8c:31:
                    6d:ce:ea:c2:92:da:20:4c:40:55:39:c3:4b:58:3b:
                    1a:1a:fa:18:48:c2:cb:b4:52:8d:e8:b5:0c:1c:77:
                    1a:1f:85:9d:2a:24:5c:5d:25:88:cc:cc:1d:7f:99:
                    51:33:d3:60:73:19:67:be:3f:f9:fa:c7:01:dc:0d:
                    25:61:f4:7a:fd:78:ea:0f:94:93:d7:a8:e6:68:1e:
                    43:d5:04:41:be:e9:02:00:63:63:d5:c7:32:87:cd:
                    e6:f0:49:a5:b1:c5:f8:ad:15:62:19:5e:ca:59:6a:
                    58:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:00:FB:60:04:94:AC:BD:CD:A4:0E:CD:D4:32:86:C3:23:2F:A5:6F
            X509v3 Authority Key Identifier:
                keyid:B6:0D:6C:A9:5E:27:70:F5:53:40:D9:09:EC:7C:97:EE:CA:3F:E2:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tg1sqV4ncPVTQNkJ7HyX7so_4g4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/3wD7YASUrL3NpA7N1DKGwyMvpW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/033e8b-bde1-4f90-baf5-23847a40d9e4/1/tg1sqV4ncPVTQNkJ7HyX7so_4g4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.130.0/23
                  194.31.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:80:63:9d:f6:77:35:4e:bf:a4:d2:c3:07:20:77:d1:30:bc:
         59:71:1f:24:ed:b6:71:31:1c:63:56:c4:b7:c5:7b:fa:84:51:
         60:20:c6:37:42:41:9b:3f:39:7e:01:f0:c9:29:6e:e5:41:49:
         94:32:dd:89:21:7c:89:14:44:d8:b5:0c:a9:23:aa:d6:9c:d9:
         a0:0c:26:e4:a7:d2:99:b5:1d:2b:d2:1a:cc:bb:6b:af:69:3b:
         c4:b3:9b:f1:a0:bc:81:5d:9d:bc:d0:f4:48:1a:60:48:55:8e:
         84:0c:b7:82:07:94:b8:92:8c:c1:58:d4:b6:a7:4a:38:c7:0d:
         8e:ec:dd:35:9b:80:3e:3f:a7:94:55:e2:3c:80:b5:65:6f:c0:
         84:c9:cd:c0:48:0c:a8:df:dc:1a:2d:0e:99:0f:e9:4f:0f:cd:
         5b:65:d5:5e:03:38:59:34:69:0e:69:2b:94:2c:60:1a:83:37:
         7f:7a:01:60:25:33:8c:cb:16:a7:54:5b:9a:e7:9b:53:71:8a:
         07:20:77:ac:58:1d:b8:72:a0:48:a1:f2:bc:1d:ff:09:d3:50:
         00:c1:dd:92:23:0b:a0:6a:44:6c:e2:1d:f6:7a:08:b8:f3:71:
         2f:16:e9:0e:b7:62:2a:95:e0:ac:93:32:46:74:62:de:c3:7d:
         28:f6:e8:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijRjkpzZ9SZ/nE4z+krlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MGQ2Y2E5NWUyNzcwZjU1MzQwZDkwOWVjN2M5N2VlY2Ez
ZmUyMGUwHhcNMjUwMTAxMTU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAwZmI2MDA0OTRhY2JkY2RhNDBlY2RkNDMyODZjMzIzMmZhNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV8bAS9ZcfmT7AgLRVCn4eUA2tAa
Y5aCXxfCuRzVgb79nCetNc/jmdnMdUv2sGBg9OA1Si37JrDpk1JnrtOTx9FYrCMx
ZsjKsi7HfO2ywOzc8GFFGXzAyeO+kb21s+VKCxqbtaYgyxrs9QZ2cwaPzq0Jkq7W
MPUiK3JgliAZmgKND/S3XQYQPVp5ukQ2ua8voLU7jDFtzurCktogTEBVOcNLWDsa
GvoYSMLLtFKN6LUMHHcaH4WdKiRcXSWIzMwdf5lRM9Ngcxlnvj/5+scB3A0lYfR6
/XjqD5ST16jmaB5D1QRBvukCAGNj1ccyh83m8EmlscX4rRViGV7KWWpYfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN8A+2AElKy9zaQOzdQyhsMjL6VvMB8GA1UdIwQY
MBaAFLYNbKleJ3D1U0DZCex8l+7KP+IOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGcxc3FWNG5jUFZUUU5rSjdIeVg3c29fNGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wMzNlOGItYmRlMS00ZjkwLWJhZjUt
MjM4NDdhNDBkOWU0LzEvM3dEN1lBU1VyTDNOcEE3TjFES0d3eU12cFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wMzNlOGItYmRlMS00ZjkwLWJhZjUtMjM4NDdhNDBkOWU0
LzEvdGcxc3FWNG5jUFZUUU5rSjdIeVg3c29fNGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBufiCAwQA
wh+rMA0GCSqGSIb3DQEBCwUAA4IBAQAVgGOd9nc1Tr+k0sMHIHfRMLxZcR8k7bZx
MRxjVsS3xXv6hFFgIMY3QkGbPzl+AfDJKW7lQUmUMt2JIXyJFETYtQypI6rWnNmg
DCbkp9KZtR0r0hrMu2uvaTvEs5vxoLyBXZ280PRIGmBIVY6EDLeCB5S4kozBWNS2
p0o4xw2O7N01m4A+P6eUVeI8gLVlb8CEyc3ASAyo39waLQ6ZD+lPD81bZdVeAzhZ
NGkOaSuULGAagzd/egFgJTOMyxanVFua55tTcYoHIHesWB24cqBIofK8Hf8J01AA
wd2SIwugakRs4h32egi483EvFukOt2IqleCskzJGdGLew30o9uhd
-----END CERTIFICATE-----