Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/349zjBrXxWXdbWEBD0TY_PcES-4.roa
File:                     349zjBrXxWXdbWEBD0TY_PcES-4.roa (raw, json)
Hash identifier:          dTkBBehXJumOuwcY3aMRaxc4m1QE9Au6OaxONrVwqa8=
Subject key identifier:   DF:8F:73:8C:1A:D7:C5:65:DD:6D:61:01:0F:44:D8:FC:F7:04:4B:EE
Certificate issuer:       /CN=70847f8221897d6e952e86ea2c339abaacc131f5
Certificate serial:       01942748113AA7002A0EF8ACC6B8E1169242
Authority key identifier: 70:84:7F:82:21:89:7D:6E:95:2E:86:EA:2C:33:9A:BA:AC:C1:31:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/349zjBrXxWXdbWEBD0TY_PcES-4.roa
Signing time:             Thu 02 Jan 2025 13:50:21 +0000
ROA not before:           Thu 02 Jan 2025 13:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60972
IP address blocks:        185.38.28.0/22 maxlen: 24
                          185.95.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 16:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:11:3a:a7:00:2a:0e:f8:ac:c6:b8:e1:16:92:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70847f8221897d6e952e86ea2c339abaacc131f5
        Validity
            Not Before: Jan  2 13:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df8f738c1ad7c565dd6d61010f44d8fcf7044bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:05:6a:69:c9:c7:c8:c9:f0:6e:1c:8a:cc:
                    34:0a:b6:23:4a:2c:52:fa:e1:ed:28:17:83:7d:95:
                    49:1a:48:0f:f2:5b:16:dd:06:8d:ac:45:eb:46:62:
                    78:76:7b:67:af:48:5d:d3:fc:34:07:6a:96:3e:c0:
                    eb:1c:f6:15:7b:62:8a:18:e7:55:52:ac:f8:2f:fb:
                    49:df:d7:87:1e:7c:61:cc:20:5f:60:07:75:6f:ef:
                    02:e0:52:5e:13:28:28:1d:41:b9:3b:a9:77:df:5b:
                    9c:62:4c:ac:1b:42:77:aa:cd:f3:1b:54:e8:2b:bc:
                    f8:20:38:fb:16:6e:83:4c:fa:74:9d:f8:d8:d2:d9:
                    ca:b1:d6:b3:ef:a4:e7:22:3c:c7:ad:4b:69:6c:0e:
                    1d:36:d8:d2:29:6d:4a:48:ee:1a:fb:80:8e:40:7d:
                    49:e1:01:7e:0a:3a:32:16:a3:33:25:be:95:fe:b7:
                    55:20:ad:77:87:de:d0:81:8f:38:9e:93:0e:db:20:
                    70:a9:27:30:0d:e3:9c:7a:fb:04:d6:69:15:5a:bd:
                    e7:4e:d3:5a:8c:3b:8a:ab:24:84:3f:43:94:70:38:
                    28:89:a4:24:27:e4:12:33:28:f7:ce:32:2d:76:2b:
                    5a:6b:1b:b0:7b:c1:7f:b5:69:a6:bf:4e:95:f9:f0:
                    77:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8F:73:8C:1A:D7:C5:65:DD:6D:61:01:0F:44:D8:FC:F7:04:4B:EE
            X509v3 Authority Key Identifier:
                keyid:70:84:7F:82:21:89:7D:6E:95:2E:86:EA:2C:33:9A:BA:AC:C1:31:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIR_giGJfW6VLobqLDOauqzBMfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/349zjBrXxWXdbWEBD0TY_PcES-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/706c03-7d35-4913-8a18-6e8784a7ad09/1/cIR_giGJfW6VLobqLDOauqzBMfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.28.0/22
                  185.95.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:e3:9a:af:a7:09:82:8d:e6:1a:a7:50:3d:1d:e2:0d:c8:64:
         85:19:27:8a:7a:a5:09:f9:82:0b:91:b9:02:5b:4e:fa:35:71:
         f5:91:03:5a:fc:9f:ea:fd:9c:1c:52:cd:77:e2:31:0b:9c:a3:
         70:6d:65:4f:32:28:50:fe:b0:a2:51:eb:84:63:22:61:e6:f9:
         e8:34:f0:0b:91:bf:2b:85:e1:ab:bb:36:6c:21:52:72:f5:3e:
         31:a4:29:fd:60:b2:7a:66:e8:42:50:c3:a8:bc:c9:69:6f:36:
         fa:a3:4f:f8:db:2c:60:80:15:ab:5e:4c:44:3d:6f:b3:40:86:
         ab:45:81:67:b4:98:ed:c4:2e:83:b1:10:60:39:0f:e1:55:74:
         74:82:75:5d:8e:5e:9a:55:dd:65:14:53:18:aa:22:e7:56:61:
         18:34:46:1c:a4:a6:bb:76:4b:9b:48:9a:f3:2f:00:86:ad:53:
         c5:b1:7c:59:6d:16:c9:c2:9a:11:72:c8:ad:47:aa:c8:cd:55:
         d6:0b:86:b9:65:53:5e:b8:73:55:29:72:ad:ca:0f:c1:3f:9b:
         3e:3a:53:18:1e:5a:8e:a3:97:cb:10:57:0d:68:17:8c:23:e7:
         62:f9:12:c1:db:05:1f:5b:d0:4d:45:20:4e:d7:36:f6:e4:f3:
         68:e0:25:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSBE6pwAqDvisxrjhFpJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODQ3ZjgyMjE4OTdkNmU5NTJlODZlYTJjMzM5YWJhYWNj
MTMxZjUwHhcNMjUwMTAyMTM1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjhmNzM4YzFhZDdjNTY1ZGQ2ZDYxMDEwZjQ0ZDhmY2Y3MDQ0YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/8FamnJx8jJ8G4cisw0CrYjSixS
+uHtKBeDfZVJGkgP8lsW3QaNrEXrRmJ4dntnr0hd0/w0B2qWPsDrHPYVe2KKGOdV
Uqz4L/tJ39eHHnxhzCBfYAd1b+8C4FJeEygoHUG5O6l331ucYkysG0J3qs3zG1To
K7z4IDj7Fm6DTPp0nfjY0tnKsdaz76TnIjzHrUtpbA4dNtjSKW1KSO4a+4COQH1J
4QF+CjoyFqMzJb6V/rdVIK13h97QgY84npMO2yBwqScwDeOcevsE1mkVWr3nTtNa
jDuKqySEP0OUcDgoiaQkJ+QSMyj3zjItditaaxuwe8F/tWmmv06V+fB3NQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN+Pc4wa18Vl3W1hAQ9E2Pz3BEvuMB8GA1UdIwQY
MBaAFHCEf4IhiX1ulS6G6iwzmrqswTH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lSX2dpR0pmVzZWTG9icUxET2F1cXpCTWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83MDZjMDMtN2QzNS00OTEzLThhMTgt
NmU4Nzg0YTdhZDA5LzEvMzQ5empCclh4V1hkYldFQkQwVFlfUGNFUy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83MDZjMDMtN2QzNS00OTEzLThhMTgtNmU4Nzg0YTdhZDA5
LzEvY0lSX2dpR0pmVzZWTG9icUxET2F1cXpCTWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSYcAwQC
uV/8MA0GCSqGSIb3DQEBCwUAA4IBAQBB45qvpwmCjeYap1A9HeINyGSFGSeKeqUJ
+YILkbkCW076NXH1kQNa/J/q/ZwcUs134jELnKNwbWVPMihQ/rCiUeuEYyJh5vno
NPALkb8rheGruzZsIVJy9T4xpCn9YLJ6ZuhCUMOovMlpbzb6o0/42yxggBWrXkxE
PW+zQIarRYFntJjtxC6DsRBgOQ/hVXR0gnVdjl6aVd1lFFMYqiLnVmEYNEYcpKa7
dkubSJrzLwCGrVPFsXxZbRbJwpoRcsitR6rIzVXWC4a5ZVNeuHNVKXKtyg/BP5s+
OlMYHlqOo5fLEFcNaBeMI+di+RLB2wUfW9BNRSBO1zb25PNo4CWc
-----END CERTIFICATE-----