Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/_mYolmt2fF0wabxHp1kAcOpFjJQ.roa
File:                     _mYolmt2fF0wabxHp1kAcOpFjJQ.roa (raw, json)
Hash identifier:          Ni2pHhwSkaVczL8tsRRH+ZM9PBph4eSrgcYZ18OoRUY=
Subject key identifier:   FE:66:28:96:6B:76:7C:5D:30:69:BC:47:A7:59:00:70:EA:45:8C:94
Certificate issuer:       /CN=603831a61bc8a8f4cb85887022fb6f86397345dc
Certificate serial:       0194258F1D489FDCE04BAB8EF809CD686BA6
Authority key identifier: 60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/_mYolmt2fF0wabxHp1kAcOpFjJQ.roa
Signing time:             Thu 02 Jan 2025 05:48:43 +0000
ROA not before:           Thu 02 Jan 2025 05:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60173
IP address blocks:        185.34.224.0/24 maxlen: 24
                          185.34.225.0/24 maxlen: 24
                          185.34.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:1d:48:9f:dc:e0:4b:ab:8e:f8:09:cd:68:6b:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=603831a61bc8a8f4cb85887022fb6f86397345dc
        Validity
            Not Before: Jan  2 05:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe6628966b767c5d3069bc47a7590070ea458c94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:60:da:c9:1a:82:8c:30:e0:5e:51:85:30:d7:
                    53:43:9e:51:71:66:ca:5c:64:ae:57:54:f3:b0:e0:
                    2c:48:50:fd:5a:24:c5:e6:50:af:b0:d5:82:a8:b8:
                    f8:b3:60:0c:f8:d1:fc:48:8b:72:2c:16:17:f3:3f:
                    25:da:d9:c0:a9:68:09:82:42:99:44:6f:13:b6:af:
                    a8:f9:f4:f2:65:d3:1d:4c:b0:a0:f2:52:dc:0c:43:
                    92:a2:2e:1e:f5:01:4c:96:4d:3d:9a:8e:a3:01:c1:
                    0c:83:69:8a:ac:e0:09:7b:d2:14:8b:65:98:a6:2b:
                    2e:6b:f6:8e:ef:de:f2:e4:93:dc:ea:3e:11:2a:31:
                    6b:dd:e8:e2:80:5e:da:fe:cd:cd:e4:1f:53:8c:46:
                    0b:66:d5:7d:96:91:ac:a9:9e:6a:ec:2f:5b:c2:26:
                    a3:06:2b:94:a5:b4:11:df:7e:8f:36:5d:f8:6b:f8:
                    9e:f4:bf:92:0b:d6:fe:ef:e0:fa:92:c2:bc:f1:7d:
                    16:54:85:67:11:d8:95:56:76:f2:c7:fc:62:16:60:
                    70:93:9c:46:2b:a1:ef:dc:26:db:df:a1:1d:c1:cc:
                    a0:6c:fe:71:29:36:a4:78:e1:f4:74:d7:bb:04:75:
                    fd:db:1b:16:30:bf:b2:a3:2f:5a:80:56:53:3a:b6:
                    07:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:66:28:96:6B:76:7C:5D:30:69:BC:47:A7:59:00:70:EA:45:8C:94
            X509v3 Authority Key Identifier:
                keyid:60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/_mYolmt2fF0wabxHp1kAcOpFjJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.224.0-185.34.226.255

    Signature Algorithm: sha256WithRSAEncryption
         13:d1:33:8a:72:d2:2f:99:c5:0b:43:7a:a9:24:b2:23:0f:52:
         a8:2b:39:10:3e:e3:fe:29:6e:d6:45:08:19:7a:a7:f7:38:e7:
         62:ef:ca:f5:2a:b1:04:89:f5:4b:13:79:bc:61:99:5e:49:37:
         87:03:39:62:c8:f8:63:ec:66:45:4f:74:26:6b:f5:54:dc:b4:
         83:08:ef:d9:e7:79:a7:84:fd:bb:25:81:f4:17:07:30:dd:2a:
         b9:7f:1e:07:df:ec:d1:79:73:58:f1:a0:1e:59:9e:61:65:63:
         ac:67:9e:a3:1f:ff:e5:fa:24:0f:f0:91:44:2b:2d:62:70:82:
         08:f2:00:ee:b7:f3:b9:ee:23:40:b3:3a:f4:14:cd:30:cf:ca:
         1a:70:c1:c5:13:b3:84:5b:28:bb:08:84:ca:24:f2:6a:cd:ea:
         7a:b2:c4:90:8b:5e:77:73:20:cc:2a:72:47:4a:fb:3a:82:8b:
         10:a8:a0:b1:62:89:4d:f5:d9:89:64:60:17:e9:20:47:b6:a3:
         b9:45:94:85:37:b8:af:4b:5c:32:2f:03:52:7a:2f:e0:7b:4c:
         0c:88:aa:d8:54:65:f2:a8:85:2a:17:44:78:4d:e7:11:d0:c8:
         2f:70:75:d4:5c:c2:79:86:d0:1b:e2:9d:80:1c:85:d6:e8:fd:
         6f:e0:85:c8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQljx1In9zgS6uO+AnNaGumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzgzMWE2MWJjOGE4ZjRjYjg1ODg3MDIyZmI2Zjg2Mzk3
MzQ1ZGMwHhcNMjUwMTAyMDU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTY2Mjg5NjZiNzY3YzVkMzA2OWJjNDdhNzU5MDA3MGVhNDU4Yzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGDayRqCjDDgXlGFMNdTQ55RcWbK
XGSuV1TzsOAsSFD9WiTF5lCvsNWCqLj4s2AM+NH8SItyLBYX8z8l2tnAqWgJgkKZ
RG8Ttq+o+fTyZdMdTLCg8lLcDEOSoi4e9QFMlk09mo6jAcEMg2mKrOAJe9IUi2WY
pisua/aO797y5JPc6j4RKjFr3ejigF7a/s3N5B9TjEYLZtV9lpGsqZ5q7C9bwiaj
BiuUpbQR336PNl34a/ie9L+SC9b+7+D6ksK88X0WVIVnEdiVVnbyx/xiFmBwk5xG
K6Hv3Cbb36EdwcygbP5xKTakeOH0dNe7BHX92xsWML+yoy9agFZTOrYH0QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP5mKJZrdnxdMGm8R6dZAHDqRYyUMB8GA1UdIwQY
MBaAFGA4MaYbyKj0y4WIcCL7b4Y5c0XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYt
OTgwODU0NTkzM2M5LzEvX21Zb2xtdDJmRjB3YWJ4SHAxa0FjT3BGakpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYtOTgwODU0NTkzM2M5
LzEvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5IuAD
BAC5IuIwDQYJKoZIhvcNAQELBQADggEBABPRM4py0i+ZxQtDeqkksiMPUqgrORA+
4/4pbtZFCBl6p/c452LvyvUqsQSJ9UsTebxhmV5JN4cDOWLI+GPsZkVPdCZr9VTc
tIMI79nneaeE/bslgfQXBzDdKrl/Hgff7NF5c1jxoB5ZnmFlY6xnnqMf/+X6JA/w
kUQrLWJwggjyAO6387nuI0CzOvQUzTDPyhpwwcUTs4RbKLsIhMok8mrN6nqyxJCL
XndzIMwqckdK+zqCixCooLFiiU312YlkYBfpIEe2o7lFlIU3uK9LXDIvA1J6L+B7
TAyIqthUZfKohSoXRHhN5xHQyC9wddRcwnmG0BvinYAchdbo/W/ghcg=
-----END CERTIFICATE-----