Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_HM3LXI2dI7yCUkbwsS0LVmtPQ.roa
File:                     3_HM3LXI2dI7yCUkbwsS0LVmtPQ.roa (raw, json)
Hash identifier:          dlvoBhBeGam9xbjGOiUpXKoso+XH3qNTVfnBCvdbd3Q=
Subject key identifier:   DF:F1:CC:DC:B5:C8:D9:D2:3B:C8:25:24:6F:0B:12:D0:B5:66:B4:F4
Certificate issuer:       /CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
Certificate serial:       01942067B72E15189CAD9356EB5B4D18393C
Authority key identifier: DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_HM3LXI2dI7yCUkbwsS0LVmtPQ.roa
Signing time:             Wed 01 Jan 2025 05:47:35 +0000
ROA not before:           Wed 01 Jan 2025 05:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        185.255.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:b7:2e:15:18:9c:ad:93:56:eb:5b:4d:18:39:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff24726df3e77f6f4c8e0436613b35110eeaf38
        Validity
            Not Before: Jan  1 05:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dff1ccdcb5c8d9d23bc825246f0b12d0b566b4f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ee:94:11:d9:7b:ee:ec:36:bd:00:cb:c3:8e:
                    49:92:12:4c:0d:ec:a0:59:2d:8a:6d:d1:5d:3f:b0:
                    8c:81:29:48:73:4d:ad:49:e0:83:a3:37:dd:8f:73:
                    54:a4:ad:02:a9:56:11:c5:be:3b:78:9a:77:ae:03:
                    ca:72:74:5f:f4:90:54:e1:0e:25:6f:62:36:18:82:
                    e2:9c:13:5c:df:1a:7c:a5:94:2c:7c:40:0b:01:32:
                    06:da:cc:2e:91:f2:d0:81:8c:07:7b:5d:07:a3:ce:
                    e5:62:ec:c5:17:95:57:9c:a2:71:4c:71:fd:44:1d:
                    1d:bd:60:d8:06:37:21:a3:1a:4e:47:69:03:b6:e4:
                    db:81:67:9c:d4:fc:71:9c:e3:15:17:b4:cc:c2:6f:
                    c9:ea:09:f4:ab:1e:1d:e2:0e:b2:0f:a6:e6:21:fa:
                    2b:eb:fa:19:dd:41:68:48:c4:75:b0:4d:c5:bc:b3:
                    78:23:8f:4d:54:70:0f:c4:29:65:d4:5f:c9:95:e7:
                    49:58:e5:5c:54:01:2f:7e:5a:84:4d:5a:3e:27:f2:
                    bc:34:1b:d7:eb:a8:97:86:44:21:19:08:46:ee:ca:
                    ab:41:ae:30:7c:38:b6:47:b4:a3:ff:4d:f3:9d:7c:
                    c0:e8:cd:3e:eb:d4:7b:e9:b1:d1:b1:4d:62:ad:8b:
                    81:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F1:CC:DC:B5:C8:D9:D2:3B:C8:25:24:6F:0B:12:D0:B5:66:B4:F4
            X509v3 Authority Key Identifier:
                keyid:DF:F2:47:26:DF:3E:77:F6:F4:C8:E0:43:66:13:B3:51:10:EE:AF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_JHJt8-d_b0yOBDZhOzURDurzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_HM3LXI2dI7yCUkbwsS0LVmtPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a96024-6555-4e8d-af37-62bb6d63e59d/1/3_JHJt8-d_b0yOBDZhOzURDurzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:5f:be:a7:af:c3:74:83:bc:4a:0a:3e:38:91:3f:67:00:0c:
         be:ee:1f:86:2f:9a:6c:98:9b:71:d2:47:bf:a7:7b:22:85:cb:
         70:fc:ef:d6:d5:29:10:1d:b2:7c:33:12:ad:53:f5:b2:88:59:
         fe:ee:ef:19:5b:90:cf:10:7f:ce:36:93:56:48:b2:da:74:12:
         2f:17:46:3f:0f:1f:97:39:fd:88:a3:18:99:ff:67:ce:7d:fc:
         b3:68:7c:20:7c:49:7c:e4:f1:4b:23:9f:d9:8b:13:c9:e8:d8:
         62:20:a6:ba:1a:24:db:cd:89:d5:8d:df:4a:1d:36:48:d8:68:
         69:a6:ef:be:f3:6e:f5:13:07:16:f9:f0:f1:ed:e0:8e:ea:4a:
         7a:b3:96:2c:a5:bf:c1:d9:d0:f0:8b:a6:21:63:3c:6d:63:98:
         bb:72:b5:dc:37:5d:ee:9d:77:4d:ec:b4:75:64:b3:45:b5:37:
         52:af:d5:88:1a:3d:c9:79:ff:79:4d:72:8e:b4:c9:69:7b:51:
         38:16:1a:e4:44:0d:1b:f4:3c:6e:ee:53:f2:b0:3f:d9:18:da:
         d0:5b:d9:95:d6:c9:50:32:c1:93:60:7f:c4:1b:1b:59:f6:5b:
         1f:35:ec:4f:a5:3d:4e:e0:09:f8:35:68:51:1a:68:ef:5d:8c:
         37:c9:71:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7cuFRicrZNW61tNGDk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjI0NzI2ZGYzZTc3ZjZmNGM4ZTA0MzY2MTNiMzUxMTBl
ZWFmMzgwHhcNMjUwMTAxMDU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmYxY2NkY2I1YzhkOWQyM2JjODI1MjQ2ZjBiMTJkMGI1NjZiNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe6UEdl77uw2vQDLw45JkhJMDeyg
WS2KbdFdP7CMgSlIc02tSeCDozfdj3NUpK0CqVYRxb47eJp3rgPKcnRf9JBU4Q4l
b2I2GILinBNc3xp8pZQsfEALATIG2swukfLQgYwHe10Ho87lYuzFF5VXnKJxTHH9
RB0dvWDYBjchoxpOR2kDtuTbgWec1PxxnOMVF7TMwm/J6gn0qx4d4g6yD6bmIfor
6/oZ3UFoSMR1sE3FvLN4I49NVHAPxCll1F/JledJWOVcVAEvflqETVo+J/K8NBvX
66iXhkQhGQhG7sqrQa4wfDi2R7Sj/03znXzA6M0+69R76bHRsU1irYuBWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/xzNy1yNnSO8glJG8LEtC1ZrT0MB8GA1UdIwQY
MBaAFN/yRybfPnf29MjgQ2YTs1EQ7q84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzct
NjJiYjZkNjNlNTlkLzEvM19ITTNMWEkyZEk3eUNVa2J3c1MwTFZtdFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOTYwMjQtNjU1NS00ZThkLWFmMzctNjJiYjZkNjNlNTlk
LzEvM19KSEp0OC1kX2IweU9CRFpoT3pVUkR1cnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf8EMA0G
CSqGSIb3DQEBCwUAA4IBAQCuX76nr8N0g7xKCj44kT9nAAy+7h+GL5psmJtx0ke/
p3sihctw/O/W1SkQHbJ8MxKtU/WyiFn+7u8ZW5DPEH/ONpNWSLLadBIvF0Y/Dx+X
Of2IoxiZ/2fOffyzaHwgfEl85PFLI5/ZixPJ6NhiIKa6GiTbzYnVjd9KHTZI2Ghp
pu++8271EwcW+fDx7eCO6kp6s5Yspb/B2dDwi6YhYzxtY5i7crXcN13unXdN7LR1
ZLNFtTdSr9WIGj3Jef95TXKOtMlpe1E4FhrkRA0b9Dxu7lPysD/ZGNrQW9mV1slQ
MsGTYH/EGxtZ9lsfNexPpT1O4An4NWhRGmjvXYw3yXHv
-----END CERTIFICATE-----