Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/_dm0as-nFQQ1bS3pghCSO6ryUwQ.roa
File:                     _dm0as-nFQQ1bS3pghCSO6ryUwQ.roa (raw, json)
Hash identifier:          fzQteoaQMk8gRjZgQC3tI6Hb34tGlOG3z2safrXEkbY=
Subject key identifier:   FD:D9:B4:6A:CF:A7:15:04:35:6D:2D:E9:82:10:92:3B:AA:F2:53:04
Certificate issuer:       /CN=da27113db55b63b67a4a627a7008a8afc2bcc42c
Certificate serial:       019424B39A8AB8E3605F4751F62B55E595C2
Authority key identifier: DA:27:11:3D:B5:5B:63:B6:7A:4A:62:7A:70:08:A8:AF:C2:BC:C4:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2icRPbVbY7Z6SmJ6cAior8K8xCw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/_dm0as-nFQQ1bS3pghCSO6ryUwQ.roa
Signing time:             Thu 02 Jan 2025 01:48:57 +0000
ROA not before:           Thu 02 Jan 2025 01:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        146.66.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/2icRPbVbY7Z6SmJ6cAior8K8xCw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/2icRPbVbY7Z6SmJ6cAior8K8xCw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2icRPbVbY7Z6SmJ6cAior8K8xCw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:9a:8a:b8:e3:60:5f:47:51:f6:2b:55:e5:95:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da27113db55b63b67a4a627a7008a8afc2bcc42c
        Validity
            Not Before: Jan  2 01:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd9b46acfa71504356d2de98210923baaf25304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d7:63:5b:7e:69:58:a5:45:c6:b5:dd:35:7e:
                    ea:5d:29:e1:da:6f:e4:18:2b:cd:7f:0d:da:42:3b:
                    0e:b3:25:2b:53:fe:11:08:61:cf:fb:3e:79:1d:aa:
                    41:c1:be:47:a2:c5:a5:fd:dc:2b:8c:a3:36:1b:b0:
                    f9:68:c0:8a:b1:c7:b5:3e:8a:72:fc:2a:4b:9d:fe:
                    8e:7d:fe:eb:14:71:b8:cf:e4:e5:3b:7f:99:c0:5a:
                    bf:b0:6e:dd:c6:03:a3:76:df:6a:fe:87:d9:7d:74:
                    e1:db:00:4d:03:51:c9:8a:d7:1d:be:73:0f:75:00:
                    e4:d6:44:fa:8c:b3:bc:f4:be:74:4c:1c:f1:16:2c:
                    cb:1a:8b:37:0c:d2:b5:f5:ef:5b:64:c3:d3:10:6d:
                    86:c3:4b:ec:b4:0f:d1:51:a5:bd:09:40:c4:76:29:
                    d2:9e:c5:ac:ef:f2:22:7a:d2:32:da:90:67:c3:4c:
                    ac:79:7d:17:78:fd:17:ff:da:7a:f2:67:5e:6c:02:
                    c5:3c:0b:44:3c:14:fc:5f:1f:1d:31:0b:03:64:c7:
                    37:a9:bc:7d:86:ee:17:c1:32:cb:10:ed:f6:9b:69:
                    12:a1:ad:e0:82:eb:01:4d:fa:91:fd:4e:3e:d1:f2:
                    4a:9e:98:ad:b0:de:6f:29:cb:a3:6e:32:23:80:b1:
                    7c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D9:B4:6A:CF:A7:15:04:35:6D:2D:E9:82:10:92:3B:AA:F2:53:04
            X509v3 Authority Key Identifier:
                keyid:DA:27:11:3D:B5:5B:63:B6:7A:4A:62:7A:70:08:A8:AF:C2:BC:C4:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2icRPbVbY7Z6SmJ6cAior8K8xCw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/_dm0as-nFQQ1bS3pghCSO6ryUwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a5f931-6fa8-4cf0-8f97-23b28f39a602/1/2icRPbVbY7Z6SmJ6cAior8K8xCw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.66.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9d:57:1e:57:82:fe:5d:1f:3a:85:e9:43:c5:88:29:42:0d:
         1b:c7:e3:61:e4:fa:d5:9b:ef:12:2c:a3:d0:3b:2c:7c:07:aa:
         7a:91:20:45:59:46:48:89:bb:5b:f1:4f:a2:f0:28:91:fc:b8:
         1b:cc:92:df:b4:60:79:b0:d1:76:0c:cf:d9:39:7d:c8:52:e4:
         fd:a3:9b:8d:d3:73:85:4f:ce:f9:3e:6d:25:91:8f:35:06:63:
         d3:07:05:08:03:7d:5e:5d:08:4b:c9:c4:0e:dc:7c:7c:8a:77:
         44:ef:2f:6d:98:e6:42:9d:a5:9e:8e:51:5d:58:8d:2c:31:9d:
         95:24:1d:3e:20:1d:23:a4:ea:d1:2b:50:04:10:d7:d2:19:dc:
         f0:44:ff:22:ff:a4:b1:58:6e:53:6d:75:dc:34:35:91:ed:58:
         8f:4c:9e:6a:a0:6e:09:0f:bd:ba:14:18:58:f0:62:39:de:6d:
         c7:c9:bb:b3:82:39:f1:c0:a5:37:b2:46:2b:ed:2e:a7:84:40:
         a4:6f:1d:84:d0:81:23:d1:a1:e7:0c:11:b5:88:3c:5a:a2:c5:
         67:f5:ec:c4:d8:00:22:69:77:ea:43:7c:95:2d:84:81:27:17:
         9e:e6:0e:c7:a0:ea:c3:f1:93:5d:53:ed:a1:c4:e0:a3:e9:8d:
         6a:51:f3:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5qKuONgX0dR9itV5ZXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjcxMTNkYjU1YjYzYjY3YTRhNjI3YTcwMDhhOGFmYzJi
Y2M0MmMwHhcNMjUwMTAyMDE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQ5YjQ2YWNmYTcxNTA0MzU2ZDJkZTk4MjEwOTIzYmFhZjI1MzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tdjW35pWKVFxrXdNX7qXSnh2m/k
GCvNfw3aQjsOsyUrU/4RCGHP+z55HapBwb5HosWl/dwrjKM2G7D5aMCKsce1Popy
/CpLnf6Off7rFHG4z+TlO3+ZwFq/sG7dxgOjdt9q/ofZfXTh2wBNA1HJitcdvnMP
dQDk1kT6jLO89L50TBzxFizLGos3DNK19e9bZMPTEG2Gw0vstA/RUaW9CUDEdinS
nsWs7/IietIy2pBnw0yseX0XeP0X/9p68mdebALFPAtEPBT8Xx8dMQsDZMc3qbx9
hu4XwTLLEO32m2kSoa3ggusBTfqR/U4+0fJKnpitsN5vKcujbjIjgLF8FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3ZtGrPpxUENW0t6YIQkjuq8lMEMB8GA1UdIwQY
MBaAFNonET21W2O2ekpienAIqK/CvMQsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmljUlBiVmJZN1o2U21KNmNBaW9yOEs4eEN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9hNWY5MzEtNmZhOC00Y2YwLThmOTct
MjNiMjhmMzlhNjAyLzEvX2RtMGFzLW5GUVExYlMzcGdoQ1NPNnJ5VXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9hNWY5MzEtNmZhOC00Y2YwLThmOTctMjNiMjhmMzlhNjAy
LzEvMmljUlBiVmJZN1o2U21KNmNBaW9yOEs4eEN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkkIDMA0G
CSqGSIb3DQEBCwUAA4IBAQCRnVceV4L+XR86helDxYgpQg0bx+Nh5PrVm+8SLKPQ
Oyx8B6p6kSBFWUZIibtb8U+i8CiR/LgbzJLftGB5sNF2DM/ZOX3IUuT9o5uN03OF
T875Pm0lkY81BmPTBwUIA31eXQhLycQO3Hx8indE7y9tmOZCnaWejlFdWI0sMZ2V
JB0+IB0jpOrRK1AEENfSGdzwRP8i/6SxWG5TbXXcNDWR7ViPTJ5qoG4JD726FBhY
8GI53m3HybuzgjnxwKU3skYr7S6nhECkbx2E0IEj0aHnDBG1iDxaosVn9ezE2AAi
aXfqQ3yVLYSBJxee5g7HoOrD8ZNdU+2hxOCj6Y1qUfNu
-----END CERTIFICATE-----