Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/P4Cb5oaFevIjC5s1wM4Yzi97PJE.roa
File:                     P4Cb5oaFevIjC5s1wM4Yzi97PJE.roa (raw, json)
Hash identifier:          3Ogb5mf4rx+IYcLkaQHDj7kY0bKNooxxAV2yrkt6glM=
Subject key identifier:   3F:80:9B:E6:86:85:7A:F2:23:0B:9B:35:C0:CE:18:CE:2F:7B:3C:91
Certificate issuer:       /CN=de2e917315f0a878b21fc139d49a821aaddc3c97
Certificate serial:       01972019DB14D79ACFE70823D92626C82DF3
Authority key identifier: DE:2E:91:73:15:F0:A8:78:B2:1F:C1:39:D4:9A:82:1A:AD:DC:3C:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3i6RcxXwqHiyH8E51JqCGq3cPJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/P4Cb5oaFevIjC5s1wM4Yzi97PJE.roa
Signing time:             Fri 30 May 2025 07:30:54 +0000
ROA not before:           Fri 30 May 2025 07:30:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3301
IP address blocks:        195.54.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/3i6RcxXwqHiyH8E51JqCGq3cPJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/3i6RcxXwqHiyH8E51JqCGq3cPJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3i6RcxXwqHiyH8E51JqCGq3cPJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:19:db:14:d7:9a:cf:e7:08:23:d9:26:26:c8:2d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de2e917315f0a878b21fc139d49a821aaddc3c97
        Validity
            Not Before: May 30 07:30:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f809be686857af2230b9b35c0ce18ce2f7b3c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:84:ec:2e:8c:e9:62:6b:d0:d4:13:e4:b9:8e:
                    03:e0:29:0d:72:d4:a5:6c:4f:0a:33:40:ad:d2:f8:
                    ad:f6:83:90:5c:c8:b8:81:7c:90:39:7a:6e:27:7c:
                    61:7c:4e:c4:8b:93:b5:90:74:4e:1f:e2:46:d7:bc:
                    13:9f:49:99:18:84:c7:b7:b1:e8:9e:a1:ad:6f:3f:
                    80:5a:ce:e1:ec:d6:bc:b1:96:0b:71:1a:b3:88:27:
                    34:fd:52:db:fe:46:35:f4:5c:91:c8:49:45:f4:02:
                    5e:cd:41:31:f0:fe:77:d1:56:53:ac:2a:b5:6f:ab:
                    44:6c:d7:6a:82:27:f7:ce:0a:4a:cb:5d:f9:a3:d0:
                    ff:45:94:57:e1:0c:ad:08:84:3f:d4:f9:e7:42:1d:
                    21:8b:30:c2:fa:98:fe:31:d1:9b:a2:b0:f0:fd:dd:
                    65:7b:1e:8f:03:0a:f9:c5:d5:87:b2:e9:44:d1:84:
                    b8:83:d5:90:2a:f5:91:36:2b:8a:72:f5:88:86:df:
                    cf:c6:d9:e8:69:3a:1f:51:e1:77:e5:47:d1:42:4c:
                    e9:24:36:a0:6b:f8:6e:2d:0d:e8:40:e2:12:54:3c:
                    b5:9d:04:29:aa:8b:7a:c0:5b:fe:6c:e8:c6:7c:71:
                    de:8a:99:d8:46:cf:96:13:73:06:13:59:6e:37:c7:
                    20:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:80:9B:E6:86:85:7A:F2:23:0B:9B:35:C0:CE:18:CE:2F:7B:3C:91
            X509v3 Authority Key Identifier:
                keyid:DE:2E:91:73:15:F0:A8:78:B2:1F:C1:39:D4:9A:82:1A:AD:DC:3C:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3i6RcxXwqHiyH8E51JqCGq3cPJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/P4Cb5oaFevIjC5s1wM4Yzi97PJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/2d5bc8-5d93-4b0a-a8b6-f8d65c983744/1/3i6RcxXwqHiyH8E51JqCGq3cPJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:d5:a7:1b:17:85:86:ba:70:6b:b3:2f:83:55:7a:e8:0d:9e:
         ac:a3:83:bf:c2:cf:0f:7d:cf:3b:bb:63:72:12:02:88:b7:d5:
         b4:4f:da:bb:ff:c6:59:35:1e:4e:c6:56:70:3a:9e:d6:a7:61:
         35:08:77:fd:73:10:9a:9b:66:8f:43:5b:90:41:cc:d0:11:72:
         b7:81:ae:ec:5a:db:e6:8d:80:9b:9a:1a:f8:88:78:af:38:a0:
         dc:e7:d3:a1:ce:e6:66:05:5b:bd:36:01:25:05:92:28:66:75:
         36:84:4f:21:6a:e9:b1:ea:cc:4f:a5:ee:87:fd:fc:29:9f:b2:
         a5:58:eb:18:91:13:d1:04:3d:54:70:5d:50:30:d2:8a:88:9b:
         2a:bb:ab:ea:21:47:98:a5:8b:6b:25:77:fa:3c:b5:0c:21:8d:
         6b:a6:b6:25:61:89:6c:63:74:2d:af:76:c6:69:89:ca:9c:08:
         e1:a1:08:d2:43:ad:0a:5f:6c:1e:a8:32:a6:46:02:93:a3:ba:
         8c:f1:08:25:61:bd:58:c2:93:04:e7:92:2b:80:14:47:02:fe:
         2c:73:31:6a:ee:1c:a0:dd:41:4a:44:3c:3f:b3:87:99:b6:dd:
         03:39:3c:2d:4f:7e:04:ee:74:39:fc:cb:b5:27:1b:40:ca:bf:
         2f:38:df:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcgGdsU15rP5wgj2SYmyC3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMmU5MTczMTVmMGE4NzhiMjFmYzEzOWQ0OWE4MjFhYWRk
YzNjOTcwHhcNMjUwNTMwMDczMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjgwOWJlNjg2ODU3YWYyMjMwYjliMzVjMGNlMThjZTJmN2IzYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyITsLozpYmvQ1BPkuY4D4CkNctSl
bE8KM0Ct0vit9oOQXMi4gXyQOXpuJ3xhfE7Ei5O1kHROH+JG17wTn0mZGITHt7Ho
nqGtbz+AWs7h7Na8sZYLcRqziCc0/VLb/kY19FyRyElF9AJezUEx8P530VZTrCq1
b6tEbNdqgif3zgpKy135o9D/RZRX4QytCIQ/1PnnQh0hizDC+pj+MdGborDw/d1l
ex6PAwr5xdWHsulE0YS4g9WQKvWRNiuKcvWIht/PxtnoaTofUeF35UfRQkzpJDag
a/huLQ3oQOISVDy1nQQpqot6wFv+bOjGfHHeipnYRs+WE3MGE1luN8cg/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+Am+aGhXryIwubNcDOGM4vezyRMB8GA1UdIwQY
MBaAFN4ukXMV8Kh4sh/BOdSaghqt3DyXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2k2UmN4WHdxSGl5SDhFNTFKcUNHcTNjUEpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yZDViYzgtNWQ5My00YjBhLWE4YjYt
ZjhkNjVjOTgzNzQ0LzEvUDRDYjVvYUZldklqQzVzMXdNNFl6aTk3UEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yZDViYzgtNWQ5My00YjBhLWE4YjYtZjhkNjVjOTgzNzQ0
LzEvM2k2UmN4WHdxSGl5SDhFNTFKcUNHcTNjUEpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwza2MA0G
CSqGSIb3DQEBCwUAA4IBAQAD1acbF4WGunBrsy+DVXroDZ6so4O/ws8Pfc87u2Ny
EgKIt9W0T9q7/8ZZNR5OxlZwOp7Wp2E1CHf9cxCam2aPQ1uQQczQEXK3ga7sWtvm
jYCbmhr4iHivOKDc59OhzuZmBVu9NgElBZIoZnU2hE8haumx6sxPpe6H/fwpn7Kl
WOsYkRPRBD1UcF1QMNKKiJsqu6vqIUeYpYtrJXf6PLUMIY1rprYlYYlsY3Qtr3bG
aYnKnAjhoQjSQ60KX2weqDKmRgKTo7qM8QglYb1YwpME55IrgBRHAv4sczFq7hyg
3UFKRDw/s4eZtt0DOTwtT34E7nQ5/Mu1JxtAyr8vON/n
-----END CERTIFICATE-----