Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/3lXi1_g77NKzjT3HhPoXoOvjf4w.roa
File:                     3lXi1_g77NKzjT3HhPoXoOvjf4w.roa (raw, json)
Hash identifier:          Ay8Ub8kwHojvnn8g9zm4+05FafWEgsI4HELIX5EKY7A=
Subject key identifier:   DE:55:E2:D7:F8:3B:EC:D2:B3:8D:3D:C7:84:FA:17:A0:EB:E3:7F:8C
Certificate issuer:       /CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
Certificate serial:       019424B3FFFE46C1F2E86A87DA8DEDD21911
Authority key identifier: 98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/3lXi1_g77NKzjT3HhPoXoOvjf4w.roa
Signing time:             Thu 02 Jan 2025 01:49:23 +0000
ROA not before:           Thu 02 Jan 2025 01:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        147.251.0.0/16 maxlen: 24
                          217.69.96.0/20 maxlen: 24
                          2a00:5800::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ff:fe:46:c1:f2:e8:6a:87:da:8d:ed:d2:19:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
        Validity
            Not Before: Jan  2 01:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de55e2d7f83becd2b38d3dc784fa17a0ebe37f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ae:98:2d:dd:7e:09:7d:b5:06:6a:a7:e5:76:
                    f2:63:9e:e5:c0:4c:70:c7:4d:d7:6b:a7:90:12:42:
                    7c:27:0f:6d:7e:9d:e8:34:71:2a:5e:69:37:88:fe:
                    5e:6c:52:10:1c:25:46:56:1e:ba:57:49:16:1d:8b:
                    78:cb:a5:c0:57:48:13:1a:c6:f0:be:05:b8:a9:3e:
                    af:82:b7:34:bc:62:d5:15:66:48:c2:7f:4c:cb:d0:
                    ee:83:84:df:00:a9:a2:b1:d6:d8:76:2f:df:3a:59:
                    5e:dc:4e:08:e2:ac:5e:45:c1:fa:97:d4:26:d2:29:
                    65:99:72:33:ab:f8:98:01:6f:d8:cb:95:2b:b4:7a:
                    7c:bc:07:3b:7f:66:91:ed:4b:e7:45:ea:2f:99:89:
                    67:c5:9e:81:fe:9c:12:5e:14:ad:41:e8:e0:4b:eb:
                    cc:5b:0d:50:04:80:ab:04:93:82:bd:d6:8c:69:e8:
                    fc:d2:63:fd:15:37:ac:d5:1c:d7:50:49:86:0d:c5:
                    ba:a9:ee:7a:5b:aa:1c:eb:78:0c:e7:88:95:f0:9a:
                    f0:9b:36:60:4d:46:34:63:93:e6:79:49:27:e2:47:
                    6b:0e:ba:22:79:1d:49:73:63:31:05:fb:12:3a:01:
                    aa:85:29:bb:16:12:dc:21:4f:94:d8:7e:8a:bc:6b:
                    07:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:55:E2:D7:F8:3B:EC:D2:B3:8D:3D:C7:84:FA:17:A0:EB:E3:7F:8C
            X509v3 Authority Key Identifier:
                keyid:98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/3lXi1_g77NKzjT3HhPoXoOvjf4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.251.0.0/16
                  217.69.96.0/20
                IPv6:
                  2a00:5800::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:56:3b:90:1f:34:90:ff:b3:82:af:23:0e:18:06:05:c0:bb:
         59:db:7f:1a:5b:4a:e3:84:32:55:79:cf:96:ff:16:53:e2:09:
         f3:33:79:a0:a5:4f:53:61:1f:ca:b2:1e:6a:a0:37:e3:3a:7e:
         31:d3:33:09:d6:40:38:11:bc:58:e7:a1:67:3a:8c:86:4e:6e:
         dc:29:19:05:22:5d:d0:30:86:2f:e3:38:f7:62:7a:32:e9:b9:
         b8:70:a2:46:31:df:70:1b:97:65:5c:ef:d8:5a:72:e2:38:79:
         ac:e3:c8:40:fd:27:2f:36:b5:00:4f:d5:70:00:f8:c2:d1:ad:
         1a:c1:78:b2:92:a6:66:f0:0b:ac:a4:d5:df:56:98:59:66:c5:
         67:a2:c3:28:ef:e2:86:27:46:d7:32:64:21:b0:84:9c:fb:e0:
         a4:8a:6d:68:de:f7:03:0b:80:54:ab:29:e5:ba:60:92:6d:e8:
         8f:db:f1:80:7b:61:26:f7:cc:b6:33:5c:5f:38:69:53:98:2c:
         15:7c:66:af:11:09:9a:12:48:89:7e:8b:63:ea:ce:7e:0e:37:
         96:25:dc:6d:d8:de:ca:bb:58:a0:ed:de:a2:90:2e:bd:28:dd:
         6c:1b:6a:0a:f2:6f:a0:0e:0c:e5:f3:3c:4d:63:26:d6:b4:21:
         19:d5:bf:3c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQks//+RsHy6GqH2o3t0hkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTE4Njg3ZmRkNmZmODBmYjA5OGE5ZWVlZjA2ZGUzNzdm
ODVkNmUwHhcNMjUwMTAyMDE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTU1ZTJkN2Y4M2JlY2QyYjM4ZDNkYzc4NGZhMTdhMGViZTM3ZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtq6YLd1+CX21Bmqn5XbyY57lwExw
x03Xa6eQEkJ8Jw9tfp3oNHEqXmk3iP5ebFIQHCVGVh66V0kWHYt4y6XAV0gTGsbw
vgW4qT6vgrc0vGLVFWZIwn9My9Dug4TfAKmisdbYdi/fOlle3E4I4qxeRcH6l9Qm
0illmXIzq/iYAW/Yy5UrtHp8vAc7f2aR7UvnReovmYlnxZ6B/pwSXhStQejgS+vM
Ww1QBICrBJOCvdaMaej80mP9FTes1RzXUEmGDcW6qe56W6oc63gM54iV8JrwmzZg
TUY0Y5PmeUkn4kdrDroieR1Jc2MxBfsSOgGqhSm7FhLcIU+U2H6KvGsHuQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN5V4tf4O+zSs409x4T6F6Dr43+MMB8GA1UdIwQY
MBaAFJgRhof91v+A+wmKnu7wbeN3+F1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYt
NjlhZjBhNmU5ODliLzEvM2xYaTFfZzc3Tkt6alQzSGhQb1hvT3ZqZjR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYtNjlhZjBhNmU5ODli
LzEvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAk/sDBATZ
RWAwDQQCAAIwBwMFACoAWAAwDQYJKoZIhvcNAQELBQADggEBAGJWO5AfNJD/s4Kv
Iw4YBgXAu1nbfxpbSuOEMlV5z5b/FlPiCfMzeaClT1NhH8qyHmqgN+M6fjHTMwnW
QDgRvFjnoWc6jIZObtwpGQUiXdAwhi/jOPdiejLpubhwokYx33Abl2Vc79hacuI4
eazjyED9Jy82tQBP1XAA+MLRrRrBeLKSpmbwC6yk1d9WmFlmxWeiwyjv4oYnRtcy
ZCGwhJz74KSKbWje9wMLgFSrKeW6YJJt6I/b8YB7YSb3zLYzXF84aVOYLBV8Zq8R
CZoSSIl+i2Pqzn4ON5Yl3G3Y3sq7WKDt3qKQLr0o3Wwbagryb6AODOXzPE1jJta0
IRnVvzw=
-----END CERTIFICATE-----