Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/O4pIscar-T5J7wN4zdwq7SCw37o.roa
File:                     O4pIscar-T5J7wN4zdwq7SCw37o.roa (raw, json)
Hash identifier:          vINaa0L+6gqqQWj7X6CWh0AhbZ33Gs5iMEtG/RPtaW4=
Subject key identifier:   3B:8A:48:B1:C6:AB:F9:3E:49:EF:03:78:CD:DC:2A:ED:20:B0:DF:BA
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       0194228DCC6CCBBB6E4F212E35408804DB27
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/O4pIscar-T5J7wN4zdwq7SCw37o.roa
Signing time:             Wed 01 Jan 2025 15:48:25 +0000
ROA not before:           Wed 01 Jan 2025 15:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212806
IP address blocks:        185.175.90.0/24 maxlen: 24
                          2a10:4740:40::/42 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:cc:6c:cb:bb:6e:4f:21:2e:35:40:88:04:db:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Jan  1 15:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b8a48b1c6abf93e49ef0378cddc2aed20b0dfba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b3:ef:46:7e:aa:d9:3e:3a:c1:2e:c5:9a:20:
                    42:9d:28:8f:e3:9e:65:65:ca:1f:b9:30:b2:d2:11:
                    dd:73:cf:c4:e2:56:02:3a:03:65:eb:20:ba:5a:4b:
                    5e:68:61:f0:49:55:3b:2c:55:ff:b5:58:86:d9:2c:
                    15:10:0c:16:74:9b:09:01:b3:e3:c9:38:b6:bf:29:
                    54:68:f5:16:12:be:b5:af:7c:d2:4f:2e:09:54:32:
                    0d:2d:c0:03:8e:0a:b5:b9:22:4d:35:77:85:71:f9:
                    48:5f:86:10:e5:9c:97:63:9d:f3:39:7d:22:8b:96:
                    89:7e:eb:14:1f:3b:85:c4:67:1f:23:94:63:5b:e1:
                    2d:6b:27:87:0d:81:34:36:8a:35:8c:fa:e3:ca:aa:
                    7f:6c:83:f5:e7:9a:9c:e7:82:54:be:bf:ce:5a:92:
                    9a:8d:7b:43:4d:03:f1:a1:11:62:f8:fb:ac:e5:ad:
                    c0:ea:8f:04:b8:15:11:93:02:3e:c4:17:72:9e:9f:
                    a5:ef:cd:fb:87:76:48:0a:7a:d6:2b:19:f4:37:89:
                    68:0c:f5:cc:7d:d7:f1:27:ce:9c:f5:1e:08:04:09:
                    33:66:3d:c7:fc:3a:1c:49:9b:f0:82:3e:3e:9d:6d:
                    ab:9f:7f:c3:e7:82:f8:bf:c2:e7:69:19:93:cd:c8:
                    ab:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:8A:48:B1:C6:AB:F9:3E:49:EF:03:78:CD:DC:2A:ED:20:B0:DF:BA
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/O4pIscar-T5J7wN4zdwq7SCw37o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.90.0/24
                IPv6:
                  2a10:4740:40::/42

    Signature Algorithm: sha256WithRSAEncryption
         10:96:a5:65:1e:3a:c0:29:de:e1:bd:15:a4:8e:05:0c:78:5c:
         c3:84:45:09:1c:90:ff:b3:d8:a7:7d:bf:59:72:d2:bb:3f:1f:
         e9:76:97:86:bb:74:94:14:b8:fd:54:e5:24:42:c4:a4:ee:e8:
         be:a6:c3:65:1a:42:fb:de:54:25:d3:47:fc:cb:8c:d6:53:9e:
         a2:cc:27:7c:97:8c:0e:34:08:1c:56:a3:9e:b9:59:67:4b:a4:
         cc:c9:9e:98:63:04:09:87:c9:ed:67:0d:05:41:ef:b6:4a:f1:
         a3:88:ca:35:43:de:f5:9d:ed:0c:71:bc:d9:6c:11:96:e0:26:
         27:50:1b:d8:cd:e9:37:14:ec:38:1c:73:d6:5b:d6:00:20:4b:
         28:83:45:2a:a6:35:52:f9:c3:28:3e:b2:2e:ba:9a:06:f9:d1:
         28:46:88:ce:91:2b:70:6a:36:4c:8c:2e:9a:67:8b:7d:a3:8e:
         a4:e5:7b:05:c6:2c:68:58:5b:c4:30:e9:d5:a8:a0:3e:4f:42:
         65:fa:3f:5f:d4:ee:6d:f7:3d:ae:82:31:05:17:88:63:ce:4a:
         4a:9f:ec:4a:07:e6:4e:6b:6d:de:48:d1:8d:23:a8:a3:54:9e:
         40:c6:1d:69:7f:74:ba:57:eb:e9:33:fa:8d:fb:03:86:63:78:
         12:a4:6d:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijcxsy7tuTyEuNUCIBNsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwMTAxMTU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhhNDhiMWM2YWJmOTNlNDllZjAzNzhjZGRjMmFlZDIwYjBkZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbPvRn6q2T46wS7FmiBCnSiP455l
ZcofuTCy0hHdc8/E4lYCOgNl6yC6WkteaGHwSVU7LFX/tViG2SwVEAwWdJsJAbPj
yTi2vylUaPUWEr61r3zSTy4JVDINLcADjgq1uSJNNXeFcflIX4YQ5ZyXY53zOX0i
i5aJfusUHzuFxGcfI5RjW+EtayeHDYE0Noo1jPrjyqp/bIP155qc54JUvr/OWpKa
jXtDTQPxoRFi+Pus5a3A6o8EuBURkwI+xBdynp+l7837h3ZICnrWKxn0N4loDPXM
fdfxJ86c9R4IBAkzZj3H/DocSZvwgj4+nW2rn3/D54L4v8LnaRmTzcircwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDuKSLHGq/k+Se8DeM3cKu0gsN+6MB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvTzRwSXNjYXItVDVKN3dONHpkd3E3U0N3MzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAua9aMA8E
AgACMAkDBwYqEEdAAEAwDQYJKoZIhvcNAQELBQADggEBABCWpWUeOsAp3uG9FaSO
BQx4XMOERQkckP+z2Kd9v1ly0rs/H+l2l4a7dJQUuP1U5SRCxKTu6L6mw2UaQvve
VCXTR/zLjNZTnqLMJ3yXjA40CBxWo565WWdLpMzJnphjBAmHye1nDQVB77ZK8aOI
yjVD3vWd7QxxvNlsEZbgJidQG9jN6TcU7Dgcc9Zb1gAgSyiDRSqmNVL5wyg+si66
mgb50ShGiM6RK3BqNkyMLppni32jjqTlewXGLGhYW8Qw6dWooD5PQmX6P1/U7m33
Pa6CMQUXiGPOSkqf7EoH5k5rbd5I0Y0jqKNUnkDGHWl/dLpX6+kz+o37A4ZjeBKk
bUY=
-----END CERTIFICATE-----