Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/3_A2__qbd1ZaH227vd1hu0VtaBI.roa
File:                     3_A2__qbd1ZaH227vd1hu0VtaBI.roa (raw, json)
Hash identifier:          gMnn2be33qnp7WN4fSgS1C5Hgdu4DWrSK7M5cqbWQpY=
Subject key identifier:   DF:F0:36:FF:FA:9B:77:56:5A:1F:6D:BB:BD:DD:61:BB:45:6D:68:12
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       019329AE02B5F0CB14D12CFAEF5616081C29
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/3_A2__qbd1ZaH227vd1hu0VtaBI.roa
Signing time:             Thu 14 Nov 2024 07:58:09 +0000
ROA not before:           Thu 14 Nov 2024 07:58:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210058
IP address blocks:        93.175.247.0/24 maxlen: 24
                          212.21.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:ae:02:b5:f0:cb:14:d1:2c:fa:ef:56:16:08:1c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Nov 14 07:58:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dff036fffa9b77565a1f6dbbbddd61bb456d6812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9c:b0:b7:a8:16:ac:76:80:f4:83:6f:b5:ce:
                    e4:59:d0:a5:95:09:16:2e:15:6f:54:3f:11:b3:45:
                    bb:ef:d5:25:b6:de:e2:af:ac:93:b5:be:be:19:2e:
                    36:56:77:eb:a9:b7:5d:d7:ba:58:36:79:5d:45:f4:
                    da:5d:12:df:e9:d2:e6:cf:8c:f5:c8:dc:92:d4:f6:
                    58:7b:81:98:84:fc:9e:ea:f4:cc:de:2a:cf:ef:47:
                    eb:b9:ce:a1:7d:ec:84:45:59:30:bd:a7:f7:67:47:
                    f3:7e:94:db:dd:b5:6d:40:6e:6e:fe:12:ac:3a:5a:
                    41:f3:bc:fd:55:26:c4:69:60:99:84:e8:1b:73:74:
                    17:8b:ae:1f:df:15:a2:cb:0a:b5:61:87:4a:41:53:
                    8e:7e:85:f3:7d:06:d6:89:71:76:17:19:18:6b:c5:
                    56:dc:8b:17:e8:57:03:de:bb:0e:e6:ea:d9:cb:42:
                    76:be:68:b1:91:ea:22:f8:e0:8b:6b:f3:24:eb:e6:
                    71:3a:87:e8:85:ce:71:c6:74:1f:ec:0a:05:18:e1:
                    4a:8b:10:d8:2e:61:cd:c7:b9:2d:cf:80:fe:4a:1e:
                    c0:62:f1:80:6d:77:bd:ab:74:7d:39:9a:ab:c4:6f:
                    71:f4:e7:ab:37:ae:54:c6:40:c8:e3:61:a6:10:9f:
                    aa:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F0:36:FF:FA:9B:77:56:5A:1F:6D:BB:BD:DD:61:BB:45:6D:68:12
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/3_A2__qbd1ZaH227vd1hu0VtaBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.247.0/24
                  212.21.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:34:b9:2c:b6:b5:30:ed:ed:58:3d:e4:f7:e8:1a:b7:19:9f:
         ac:86:98:77:cb:64:a6:82:cb:24:6a:8e:38:65:7e:81:2b:3d:
         fe:c8:ca:33:16:02:33:a6:ff:cd:28:19:76:35:91:63:86:f3:
         78:c1:03:d2:69:2d:6b:65:72:c4:23:cb:ae:40:51:fd:c1:38:
         b5:63:8f:6b:9b:d1:ad:48:5d:b3:3e:14:3f:dc:6f:49:cf:eb:
         46:7a:c6:1b:4f:18:f0:f7:f8:97:f7:b2:cb:c2:be:6d:02:88:
         d4:73:8f:a2:3b:c3:22:12:2e:cc:82:fe:8d:17:5a:cc:61:f4:
         08:74:ed:ac:de:55:26:78:d5:87:78:ec:5c:8e:ee:d9:9f:9f:
         4c:75:60:10:a4:dd:2d:e6:6b:f7:fa:ac:89:00:71:ad:6f:23:
         ec:72:af:bc:a4:1b:ac:95:c4:97:24:b4:3b:41:e2:de:65:64:
         09:b8:87:0c:93:7d:1a:c2:bb:f4:65:7a:ae:cc:b3:9f:8f:48:
         04:ac:0f:db:70:eb:0b:8c:15:99:49:9a:99:01:e1:47:51:72:
         67:bf:9e:25:e3:e6:40:6e:09:cb:2f:91:0b:b5:8e:e4:3a:c0:
         ec:58:94:13:fa:f0:6f:b9:8a:ff:4a:7d:7c:d5:44:43:3e:97:
         ea:fc:cd:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMprgK18MsU0Sz671YWCBwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQxMTE0MDc1ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmYwMzZmZmZhOWI3NzU2NWExZjZkYmJiZGRkNjFiYjQ1NmQ2ODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5ywt6gWrHaA9INvtc7kWdCllQkW
LhVvVD8Rs0W779Ultt7ir6yTtb6+GS42Vnfrqbdd17pYNnldRfTaXRLf6dLmz4z1
yNyS1PZYe4GYhPye6vTM3irP70fruc6hfeyERVkwvaf3Z0fzfpTb3bVtQG5u/hKs
OlpB87z9VSbEaWCZhOgbc3QXi64f3xWiywq1YYdKQVOOfoXzfQbWiXF2FxkYa8VW
3IsX6FcD3rsO5urZy0J2vmixkeoi+OCLa/Mk6+ZxOofohc5xxnQf7AoFGOFKixDY
LmHNx7ktz4D+Sh7AYvGAbXe9q3R9OZqrxG9x9OerN65UxkDI42GmEJ+qowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/wNv/6m3dWWh9tu73dYbtFbWgSMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvM19BMl9fcWJkMVphSDIyN3ZkMWh1MFZ0YUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXa/3AwQA
1BWHMA0GCSqGSIb3DQEBCwUAA4IBAQB5NLkstrUw7e1YPeT36Bq3GZ+shph3y2Sm
gsskao44ZX6BKz3+yMozFgIzpv/NKBl2NZFjhvN4wQPSaS1rZXLEI8uuQFH9wTi1
Y49rm9GtSF2zPhQ/3G9Jz+tGesYbTxjw9/iX97LLwr5tAojUc4+iO8MiEi7Mgv6N
F1rMYfQIdO2s3lUmeNWHeOxcju7Zn59MdWAQpN0t5mv3+qyJAHGtbyPscq+8pBus
lcSXJLQ7QeLeZWQJuIcMk30awrv0ZXquzLOfj0gErA/bcOsLjBWZSZqZAeFHUXJn
v54l4+ZAbgnLL5ELtY7kOsDsWJQT+vBvuYr/Sn181URDPpfq/M3y
-----END CERTIFICATE-----