Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/hLarQu01JmUX4vnwkcXB98ezIuw.roa
File:                     hLarQu01JmUX4vnwkcXB98ezIuw.roa (raw, json)
Hash identifier:          iDJuyq+rVzU9ZgKvDwW/L+MmLaOlvdq9nbxde1XNlsM=
Subject key identifier:   84:B6:AB:42:ED:35:26:65:17:E2:F9:F0:91:C5:C1:F7:C7:B3:22:EC
Certificate issuer:       /CN=3bca34a3034177d084338d33b089b7e03cca3a8a
Certificate serial:       019424448F5FE20593FD253D06E5DD497EAA
Authority key identifier: 3B:CA:34:A3:03:41:77:D0:84:33:8D:33:B0:89:B7:E0:3C:CA:3A:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/hLarQu01JmUX4vnwkcXB98ezIuw.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13289
IP address blocks:        82.212.224.0/19 maxlen: 19
                          185.111.34.0/23 maxlen: 23
                          2a00:cb0:8000::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8f:5f:e2:05:93:fd:25:3d:06:e5:dd:49:7e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bca34a3034177d084338d33b089b7e03cca3a8a
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84b6ab42ed35266517e2f9f091c5c1f7c7b322ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d1:dc:f9:16:ce:d0:1c:7b:e5:d5:fc:9f:f8:
                    58:29:ec:fb:91:23:cf:ba:9f:7a:d7:56:01:c1:7b:
                    84:5d:c2:23:18:88:3c:e7:80:92:ac:f2:cb:6b:6d:
                    d3:93:54:47:81:5c:85:80:aa:11:11:79:e6:7a:5e:
                    c2:17:55:92:4a:3d:a0:15:2f:11:aa:7e:52:71:78:
                    81:03:4c:94:80:e3:69:5a:e2:54:8d:da:a8:c7:63:
                    96:11:ed:5a:b0:22:73:2a:0b:72:c5:38:cc:1b:90:
                    0d:a5:4d:87:1a:b5:ac:f5:75:54:c4:44:51:34:48:
                    12:5d:88:77:62:82:79:b6:2b:9e:ab:46:17:c5:f9:
                    3b:42:fd:f9:c0:d6:ed:fe:44:51:30:58:e5:cd:ab:
                    81:76:1c:6f:4b:af:72:be:2b:b6:7a:57:6c:c7:2f:
                    7e:c4:c6:33:02:bf:6b:cd:36:27:e4:a0:b9:5f:59:
                    10:7e:f6:fa:15:10:ff:ce:cc:f1:13:84:2f:55:43:
                    4f:a9:f0:c3:f9:8e:38:2d:b6:8b:01:a0:c5:78:9f:
                    7a:dc:9c:56:c6:db:76:07:46:4a:54:9d:f0:1c:27:
                    d4:eb:30:e8:99:81:56:1f:a0:b4:6d:fc:e3:cc:30:
                    d1:11:ce:9d:45:c9:49:39:ad:23:fc:2a:62:ee:21:
                    df:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B6:AB:42:ED:35:26:65:17:E2:F9:F0:91:C5:C1:F7:C7:B3:22:EC
            X509v3 Authority Key Identifier:
                keyid:3B:CA:34:A3:03:41:77:D0:84:33:8D:33:B0:89:B7:E0:3C:CA:3A:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/hLarQu01JmUX4vnwkcXB98ezIuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.212.224.0/19
                  185.111.34.0/23
                IPv6:
                  2a00:cb0:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         8a:b3:4b:5f:29:88:30:71:2c:10:d4:35:88:27:ad:20:de:b0:
         64:52:a9:cd:5e:ac:c9:81:be:ef:c9:91:41:cb:20:f5:54:f3:
         eb:eb:fa:6f:6e:da:bf:e6:92:2c:d9:2c:3d:06:11:5b:58:c3:
         50:49:c5:f5:aa:d7:34:62:c1:c1:27:ef:be:2b:d0:74:ff:cd:
         3a:4c:e3:e1:0c:d4:ad:16:dc:fe:89:29:c8:47:25:5b:39:e5:
         fb:ee:fd:9d:df:57:d5:78:d4:cf:78:f5:b7:00:5d:03:c6:30:
         03:aa:f1:45:76:ea:2b:73:20:75:56:5a:b2:e9:3b:0d:96:f3:
         fe:93:d7:d4:5b:d3:b2:fa:15:58:79:1c:05:2f:08:24:ee:7b:
         60:c9:62:eb:8a:ad:64:13:d8:e2:fe:d0:3b:52:40:ed:0c:9b:
         33:d4:f1:61:62:0c:d4:7b:73:f1:3e:5b:55:28:71:d6:71:f1:
         13:97:43:b3:a5:bb:11:9f:3c:5c:4e:fa:3e:b3:dd:7f:7e:9e:
         50:e7:a1:32:ff:e4:70:79:09:2f:ea:e1:1f:2d:5e:ba:8f:f8:
         42:91:dc:a4:68:b8:ca:fa:04:f6:92:16:3d:74:d0:dc:7e:b6:
         a6:cb:0c:77:e0:04:ab:a4:66:de:21:71:5b:ec:c5:51:4d:17:
         d2:de:53:c0
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQkRI9f4gWT/SU9BuXdSX6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2EzNGEzMDM0MTc3ZDA4NDMzOGQzM2IwODliN2UwM2Nj
YTNhOGEwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI2YWI0MmVkMzUyNjY1MTdlMmY5ZjA5MWM1YzFmN2M3YjMyMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdHc+RbO0Bx75dX8n/hYKez7kSPP
up9611YBwXuEXcIjGIg854CSrPLLa23Tk1RHgVyFgKoREXnmel7CF1WSSj2gFS8R
qn5ScXiBA0yUgONpWuJUjdqox2OWEe1asCJzKgtyxTjMG5ANpU2HGrWs9XVUxERR
NEgSXYh3YoJ5tiueq0YXxfk7Qv35wNbt/kRRMFjlzauBdhxvS69yviu2eldsxy9+
xMYzAr9rzTYn5KC5X1kQfvb6FRD/zszxE4QvVUNPqfDD+Y44LbaLAaDFeJ963JxW
xtt2B0ZKVJ3wHCfU6zDomYFWH6C0bfzjzDDREc6dRclJOa0j/Cpi7iHfcQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFIS2q0LtNSZlF+L58JHFwffHsyLsMB8GA1UdIwQY
MBaAFDvKNKMDQXfQhDONM7CJt+A8yjqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzhvMG93TkJkOUNFTTQwenNJbTM0RHpLT29vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9kMTI0NWMtMDJjZi00OGI1LTllNDIt
ODk3NTNmMmI0N2RjLzEvaExhclF1MDFKbVVYNHZud2tjWEI5OGV6SXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9kMTI0NWMtMDJjZi00OGI1LTllNDItODk3NTNmMmI0N2Rj
LzEvTzhvMG93TkJkOUNFTTQwenNJbTM0RHpLT29vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQFUtTgAwQB
uW8iMA4EAgACMAgDBgYqAAywgDANBgkqhkiG9w0BAQsFAAOCAQEAirNLXymIMHEs
ENQ1iCetIN6wZFKpzV6syYG+78mRQcsg9VTz6+v6b27av+aSLNksPQYRW1jDUEnF
9arXNGLBwSfvvivQdP/NOkzj4QzUrRbc/okpyEclWznl++79nd9X1XjUz3j1twBd
A8YwA6rxRXbqK3MgdVZasuk7DZbz/pPX1FvTsvoVWHkcBS8IJO57YMli64qtZBPY
4v7QO1JA7QybM9TxYWIM1Htz8T5bVShx1nHxE5dDs6W7EZ88XE76PrPdf36eUOeh
Mv/kcHkJL+rhHy1euo/4QpHcpGi4yvoE9pIWPXTQ3H62pssMd+AEq6Rm3iFxW+zF
UU0X0t5TwA==
-----END CERTIFICATE-----