Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/b667aa-c415-4bbc-ad4c-c3377c1e3a2d/1/3ZU7hgqFBvs-JOWJ6E4MEbiA2bk.roa
File:                     3ZU7hgqFBvs-JOWJ6E4MEbiA2bk.roa (raw, json)
Hash identifier:          /NMweqecvh0z4jYnenJq1VRlGwr+MOCXPTrSyQD9fMA=
Subject key identifier:   DD:95:3B:86:0A:85:06:FB:3E:24:E5:89:E8:4E:0C:11:B8:80:D9:B9
Certificate issuer:       /CN=e9318a5198dcd3fcac2498055385d9af2110a6b4
Certificate serial:       0194258E1B29093D6504CC0639C129BE86B9
Authority key identifier: E9:31:8A:51:98:DC:D3:FC:AC:24:98:05:53:85:D9:AF:21:10:A6:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6TGKUZjc0_ysJJgFU4XZryEQprQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/b667aa-c415-4bbc-ad4c-c3377c1e3a2d/1/3ZU7hgqFBvs-JOWJ6E4MEbiA2bk.roa
Signing time:             Thu 02 Jan 2025 05:47:37 +0000
ROA not before:           Thu 02 Jan 2025 05:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43190
IP address blocks:        77.95.248.0/21 maxlen: 21
                          185.217.32.0/22 maxlen: 22
                          2a00:1478::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/b667aa-c415-4bbc-ad4c-c3377c1e3a2d/1/6TGKUZjc0_ysJJgFU4XZryEQprQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/b667aa-c415-4bbc-ad4c-c3377c1e3a2d/1/6TGKUZjc0_ysJJgFU4XZryEQprQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6TGKUZjc0_ysJJgFU4XZryEQprQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:1b:29:09:3d:65:04:cc:06:39:c1:29:be:86:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9318a5198dcd3fcac2498055385d9af2110a6b4
        Validity
            Not Before: Jan  2 05:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd953b860a8506fb3e24e589e84e0c11b880d9b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:42:33:6c:21:3a:3f:1e:a8:38:60:60:6c:ec:
                    ad:0d:59:00:57:59:34:de:ea:fe:d5:ee:98:90:e5:
                    ca:c4:d0:38:07:2c:05:a5:9b:2a:c7:48:84:e4:45:
                    8a:c7:8c:39:95:f2:bc:00:ef:c6:e0:57:e7:97:4a:
                    9e:d5:fd:ac:aa:04:c3:73:57:b2:c2:2c:08:5d:85:
                    ec:66:e5:1b:ee:c7:7c:32:b2:1a:75:bc:39:09:56:
                    30:44:3c:8a:b6:eb:22:59:89:aa:c0:f1:57:e7:5a:
                    d6:a2:7e:17:28:ac:05:ee:d5:9d:42:58:2a:24:97:
                    3c:7d:e6:bc:b4:7a:82:41:2c:12:ef:10:8b:8b:3e:
                    ad:10:76:c1:e1:bd:cf:fe:a2:fb:a2:b8:6b:23:7b:
                    4b:62:d3:20:ea:6b:10:d5:e5:e4:b3:1f:dd:2d:11:
                    1d:ba:88:bd:55:ff:a8:65:80:c6:df:59:0f:27:c8:
                    86:ff:b9:87:c0:a3:49:c2:f8:c3:55:a7:66:a4:57:
                    bb:30:73:7f:ab:72:db:00:66:a9:14:ae:6b:e5:f7:
                    76:b7:60:79:c9:77:b7:89:fb:18:2d:3e:8e:18:0d:
                    1a:9d:89:10:51:10:37:c5:b8:2f:e2:b9:58:00:48:
                    53:e9:0f:6b:76:20:0c:a2:e8:51:8a:0f:a3:bb:a3:
                    a1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:95:3B:86:0A:85:06:FB:3E:24:E5:89:E8:4E:0C:11:B8:80:D9:B9
            X509v3 Authority Key Identifier:
                keyid:E9:31:8A:51:98:DC:D3:FC:AC:24:98:05:53:85:D9:AF:21:10:A6:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6TGKUZjc0_ysJJgFU4XZryEQprQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b667aa-c415-4bbc-ad4c-c3377c1e3a2d/1/3ZU7hgqFBvs-JOWJ6E4MEbiA2bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b667aa-c415-4bbc-ad4c-c3377c1e3a2d/1/6TGKUZjc0_ysJJgFU4XZryEQprQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.248.0/21
                  185.217.32.0/22
                IPv6:
                  2a00:1478::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:d7:04:d2:17:5e:a4:16:42:fd:8b:23:ed:6a:af:34:ff:0c:
         bf:16:8f:3b:8c:f6:ac:9d:d6:be:c9:15:87:44:3b:f6:97:92:
         7b:56:b3:6e:cd:e0:75:89:96:16:be:68:b6:78:37:b2:47:24:
         3e:87:9a:c8:29:c9:0f:c8:65:c6:7f:9f:9c:d0:98:fa:f9:f9:
         f1:bc:d9:e3:e0:51:49:5c:07:5a:91:93:e4:d2:b5:16:8f:57:
         de:83:27:c5:5f:37:41:12:45:ce:53:aa:40:b1:6f:17:e5:42:
         e8:e5:7c:05:17:4c:b0:4f:0e:e7:02:a8:2f:14:3d:09:d5:fb:
         83:bb:77:55:3c:37:13:0d:bc:5f:77:c0:6c:b2:cc:4a:00:5d:
         b0:ac:c3:03:67:82:3c:66:3d:fd:82:b0:74:d2:f5:6a:99:b5:
         fa:20:50:68:8c:b3:f2:98:01:71:bd:97:18:d8:2f:24:f8:74:
         96:4b:08:07:df:fc:d2:a9:81:0c:1a:bb:00:27:a1:fa:87:d5:
         3a:94:01:08:55:6f:c4:8b:60:ff:ec:21:58:9b:e2:92:b7:7d:
         6e:84:c8:d3:22:22:47:e5:d4:0d:df:4f:af:35:27:09:77:a4:
         73:e5:4b:91:b7:fc:ba:62:7f:41:76:6b:fc:9d:fa:b2:8d:dd:
         42:d1:15:6c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQljhspCT1lBMwGOcEpvoa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MzE4YTUxOThkY2QzZmNhYzI0OTgwNTUzODVkOWFmMjEx
MGE2YjQwHhcNMjUwMTAyMDU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDk1M2I4NjBhODUwNmZiM2UyNGU1ODllODRlMGMxMWI4ODBkOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUIzbCE6Px6oOGBgbOytDVkAV1k0
3ur+1e6YkOXKxNA4BywFpZsqx0iE5EWKx4w5lfK8AO/G4Ffnl0qe1f2sqgTDc1ey
wiwIXYXsZuUb7sd8MrIadbw5CVYwRDyKtusiWYmqwPFX51rWon4XKKwF7tWdQlgq
JJc8fea8tHqCQSwS7xCLiz6tEHbB4b3P/qL7orhrI3tLYtMg6msQ1eXksx/dLREd
uoi9Vf+oZYDG31kPJ8iG/7mHwKNJwvjDVadmpFe7MHN/q3LbAGapFK5r5fd2t2B5
yXe3ifsYLT6OGA0anYkQURA3xbgv4rlYAEhT6Q9rdiAMouhRig+ju6OhXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN2VO4YKhQb7PiTliehODBG4gNm5MB8GA1UdIwQY
MBaAFOkxilGY3NP8rCSYBVOF2a8hEKa0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlRHS1VaamMwX3lzSkpnRlU0WFpyeUVRcHJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iNjY3YWEtYzQxNS00YmJjLWFkNGMt
YzMzNzdjMWUzYTJkLzEvM1pVN2hncUZCdnMtSk9XSjZFNE1FYmlBMmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iNjY3YWEtYzQxNS00YmJjLWFkNGMtYzMzNzdjMWUzYTJk
LzEvNlRHS1VaamMwX3lzSkpnRlU0WFpyeUVRcHJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDTV/4AwQC
udkgMA0EAgACMAcDBQAqABR4MA0GCSqGSIb3DQEBCwUAA4IBAQCR1wTSF16kFkL9
iyPtaq80/wy/Fo87jPasnda+yRWHRDv2l5J7VrNuzeB1iZYWvmi2eDeyRyQ+h5rI
KckPyGXGf5+c0Jj6+fnxvNnj4FFJXAdakZPk0rUWj1fegyfFXzdBEkXOU6pAsW8X
5ULo5XwFF0ywTw7nAqgvFD0J1fuDu3dVPDcTDbxfd8BsssxKAF2wrMMDZ4I8Zj39
grB00vVqmbX6IFBojLPymAFxvZcY2C8k+HSWSwgH3/zSqYEMGrsAJ6H6h9U6lAEI
VW/Ei2D/7CFYm+KSt31uhMjTIiJH5dQN30+vNScJd6Rz5UuRt/y6Yn9Bdmv8nfqy
jd1C0RVs
-----END CERTIFICATE-----