Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Ro3-EUE6MEHO8Brlu5iaFdAlG5Q.roa
File:                     Ro3-EUE6MEHO8Brlu5iaFdAlG5Q.roa (raw, json)
Hash identifier:          u0Ts/8nh0LiCnzteTiJkyma0H6U2qh30HZDM8HXhaHI=
Subject key identifier:   46:8D:FE:11:41:3A:30:41:CE:F0:1A:E5:BB:98:9A:15:D0:25:1B:94
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019584CDAD122F26242F9DF42C9194BF1E9C
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Ro3-EUE6MEHO8Brlu5iaFdAlG5Q.roa
Signing time:             Tue 11 Mar 2025 10:43:46 +0000
ROA not before:           Tue 11 Mar 2025 10:43:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35372
IP address blocks:        45.11.184.0/24 maxlen: 24
                          185.136.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 22:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:84:cd:ad:12:2f:26:24:2f:9d:f4:2c:91:94:bf:1e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Mar 11 10:43:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=468dfe11413a3041cef01ae5bb989a15d0251b94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c7:b8:61:da:bb:ed:e4:d4:d7:66:92:54:20:
                    63:e4:73:a1:2a:6a:4e:16:cb:89:ab:dd:1b:cb:05:
                    29:85:63:16:11:4b:1e:32:64:ed:51:c5:31:26:05:
                    89:d4:46:5f:60:c5:bd:f1:ea:33:81:ba:fb:42:b4:
                    e9:05:d9:2f:45:45:cc:b1:1c:03:5f:6b:0f:5d:f2:
                    f8:7b:9a:50:8f:b9:12:7b:62:0a:12:a6:7e:8a:4e:
                    de:12:20:d0:c3:18:d2:39:87:ba:be:0b:8e:1f:d2:
                    84:1c:4f:da:69:3a:e5:0f:a5:48:be:b8:52:2b:96:
                    f3:91:2a:53:f1:86:20:92:80:d5:5a:c0:7b:a3:17:
                    89:24:ea:50:be:69:c7:12:8e:54:5b:49:aa:88:1f:
                    75:ff:18:1c:8e:70:f8:37:03:c2:b0:83:b2:ee:bc:
                    c9:b1:d1:60:21:83:45:fe:f7:d9:da:30:8f:ed:2b:
                    df:33:7b:65:63:6a:24:74:3c:80:55:ea:9e:cf:58:
                    c6:62:1d:ec:d1:16:e3:2b:31:58:5f:fd:f0:8b:fb:
                    56:84:85:fc:fb:cf:d6:2d:e1:77:3b:e1:15:6a:35:
                    1f:70:7a:8d:f9:a0:73:71:1c:46:a0:76:d0:4d:9e:
                    9c:f0:ee:b6:84:64:bd:9d:75:87:73:41:0b:5b:e9:
                    8d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8D:FE:11:41:3A:30:41:CE:F0:1A:E5:BB:98:9A:15:D0:25:1B:94
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/Ro3-EUE6MEHO8Brlu5iaFdAlG5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.184.0/24
                  185.136.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:ce:46:6f:f4:d3:34:1b:97:b7:72:f8:36:54:a0:a0:8d:94:
         cc:fa:3c:96:04:de:81:8c:3c:0f:0a:1a:fc:01:8d:43:2b:76:
         57:ac:85:11:01:20:4a:d4:10:78:95:d9:50:5e:6f:11:60:9f:
         41:cd:2f:42:e7:62:d6:5f:00:b2:1b:44:2f:3e:cb:65:2f:b3:
         48:13:bc:18:23:f1:40:75:62:64:53:3b:8b:96:b2:33:c1:dc:
         05:ab:0d:af:73:85:61:e5:68:cf:cf:8e:7d:95:d4:b1:c0:39:
         ba:c5:a8:df:77:d2:3b:49:ef:d1:38:0f:36:88:89:dc:4b:6e:
         76:7f:a5:42:57:42:9b:73:f1:9e:ba:98:64:1d:74:f0:41:ae:
         fb:4d:38:86:6d:c3:0f:3a:4a:8d:6e:b8:b2:11:2e:5a:ac:9f:
         95:26:00:b2:b3:16:90:22:7e:35:aa:23:3e:0c:12:60:9d:b3:
         27:03:fe:8b:f3:2c:20:ea:59:bf:f8:3b:9c:54:ec:17:c3:b5:
         65:d2:ad:c7:7b:71:18:f2:d3:64:8c:cc:fb:f0:34:00:83:a1:
         b6:b8:68:b5:3c:f6:90:09:1f:30:13:32:46:72:76:4c:0c:7f:
         e4:8f:7f:3f:0a:3b:9e:20:a2:82:de:49:5f:d5:ff:14:b8:61:
         7a:95:bc:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWEza0SLyYkL530LJGUvx6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMzExMTA0MzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhkZmUxMTQxM2EzMDQxY2VmMDFhZTViYjk4OWExNWQwMjUxYjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8e4Ydq77eTU12aSVCBj5HOhKmpO
FsuJq90bywUphWMWEUseMmTtUcUxJgWJ1EZfYMW98eozgbr7QrTpBdkvRUXMsRwD
X2sPXfL4e5pQj7kSe2IKEqZ+ik7eEiDQwxjSOYe6vguOH9KEHE/aaTrlD6VIvrhS
K5bzkSpT8YYgkoDVWsB7oxeJJOpQvmnHEo5UW0mqiB91/xgcjnD4NwPCsIOy7rzJ
sdFgIYNF/vfZ2jCP7SvfM3tlY2okdDyAVeqez1jGYh3s0RbjKzFYX/3wi/tWhIX8
+8/WLeF3O+EVajUfcHqN+aBzcRxGoHbQTZ6c8O62hGS9nXWHc0ELW+mNYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEaN/hFBOjBBzvAa5buYmhXQJRuUMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvUm8zLUVVRTZNRUhPOEJybHU1aWFGZEFsRzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQu4AwQA
uYiHMA0GCSqGSIb3DQEBCwUAA4IBAQABzkZv9NM0G5e3cvg2VKCgjZTM+jyWBN6B
jDwPChr8AY1DK3ZXrIURASBK1BB4ldlQXm8RYJ9BzS9C52LWXwCyG0QvPstlL7NI
E7wYI/FAdWJkUzuLlrIzwdwFqw2vc4Vh5WjPz459ldSxwDm6xajfd9I7Se/ROA82
iIncS252f6VCV0Kbc/GeuphkHXTwQa77TTiGbcMPOkqNbriyES5arJ+VJgCysxaQ
In41qiM+DBJgnbMnA/6L8ywg6lm/+DucVOwXw7Vl0q3He3EY8tNkjMz78DQAg6G2
uGi1PPaQCR8wEzJGcnZMDH/kj38/CjueIKKC3klf1f8UuGF6lbx7
-----END CERTIFICATE-----