Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/3TVClxL9tUdWtWDj9UREjWkFohU.roa
File:                     3TVClxL9tUdWtWDj9UREjWkFohU.roa (raw, json)
Hash identifier:          +vJmVafXgubdHZxYLqjjQYcFZx26RsVlteodw65+RHY=
Subject key identifier:   DD:35:42:97:12:FD:B5:47:56:B5:60:E3:F5:44:44:8D:69:05:A2:15
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64BC2F729B3C351F90AB941D6AA59F
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/3TVClxL9tUdWtWDj9UREjWkFohU.roa
Signing time:             Thu 09 Jan 2025 09:28:23 +0000
ROA not before:           Thu 09 Jan 2025 09:28:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200805
IP address blocks:        130.185.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:bc:2f:72:9b:3c:35:1f:90:ab:94:1d:6a:a5:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd35429712fdb54756b560e3f544448d6905a215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ed:62:13:1d:01:23:85:bf:02:2e:d3:9f:e3:
                    50:2b:13:e6:8d:03:42:78:f5:7d:6a:3e:b6:cc:2b:
                    f8:84:41:e7:c1:89:65:21:4a:3a:73:b8:61:2c:06:
                    a9:d5:84:68:2f:5f:9f:c9:87:e7:56:3c:24:14:4f:
                    1a:f2:35:ea:50:bc:b4:72:53:b9:c6:ee:7a:fb:c5:
                    ea:29:6b:bc:08:8a:8f:d6:a8:4e:e1:c6:0d:92:7a:
                    a2:42:6c:dd:04:bf:f6:c4:22:03:e6:1c:e3:39:db:
                    e8:2e:d1:88:17:d4:03:a5:5e:1c:44:aa:30:29:10:
                    5a:c2:02:6f:c4:2c:9a:be:4e:10:6f:13:d5:7e:d4:
                    06:04:dc:60:62:f9:7b:0e:03:03:8b:05:33:d8:1e:
                    92:8b:f3:35:fe:0f:81:a9:d3:62:d5:cb:7b:a1:3b:
                    52:2d:86:12:d2:ef:89:6e:c3:23:d4:92:ed:e6:9e:
                    b8:62:6e:eb:56:7d:b2:77:69:34:7f:2c:c0:7c:21:
                    c4:62:c9:f7:b7:2b:10:3f:d6:88:09:01:b4:32:a3:
                    ed:68:ad:31:a2:2e:56:78:71:8a:4c:f5:54:a1:51:
                    58:91:44:40:a6:64:8a:8f:8a:dc:39:bb:f5:11:ec:
                    e8:e3:26:07:6a:ed:42:48:84:c4:34:d7:3c:f0:fd:
                    c1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:35:42:97:12:FD:B5:47:56:B5:60:E3:F5:44:44:8D:69:05:A2:15
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/3TVClxL9tUdWtWDj9UREjWkFohU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:62:fd:c9:4d:23:fd:25:0c:f3:33:90:55:5c:29:5a:d2:51:
         9f:6c:e9:29:28:43:78:d0:a1:22:3e:e3:03:5f:b3:82:4c:3a:
         66:43:49:ae:ea:8b:94:3f:1f:42:cd:5c:62:37:f4:d3:ae:ea:
         8c:27:79:15:2e:a2:c0:f6:83:7d:7a:5c:f6:69:f3:c1:8f:57:
         1f:f8:26:7f:48:94:03:03:c4:f2:08:d0:eb:a6:28:e2:d2:28:
         2d:11:5a:1e:6b:e8:2c:c6:14:4b:1b:2e:c4:0d:c4:80:04:e3:
         91:a6:6a:23:f7:dc:53:bc:5a:62:88:da:83:58:01:0e:d2:f5:
         ce:e3:1f:94:b4:b5:86:3c:52:e3:b1:01:e1:54:9f:aa:76:64:
         4b:f0:75:20:a7:0e:44:18:6e:c7:b9:2d:7c:e0:65:d4:7a:58:
         e2:04:21:16:b4:15:24:99:39:8f:ac:16:bc:c9:8b:24:0b:e6:
         fc:6d:5f:32:00:00:c3:51:9c:1d:2c:e6:d5:fc:da:a7:14:18:
         67:23:b4:b2:8d:0b:0d:eb:a5:34:87:c6:aa:c6:67:38:37:a2:
         00:cf:3f:b2:45:d6:62:64:ee:18:a3:a0:33:1f:d1:ac:32:7f:
         ac:5c:e6:49:fa:55:0c:2f:1e:8a:a5:f1:5e:32:59:39:bf:28:
         1c:8d:57:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKZLwvcps8NR+Qq5QdaqWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM1NDI5NzEyZmRiNTQ3NTZiNTYwZTNmNTQ0NDQ4ZDY5MDVhMjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9e1iEx0BI4W/Ai7Tn+NQKxPmjQNC
ePV9aj62zCv4hEHnwYllIUo6c7hhLAap1YRoL1+fyYfnVjwkFE8a8jXqULy0clO5
xu56+8XqKWu8CIqP1qhO4cYNknqiQmzdBL/2xCID5hzjOdvoLtGIF9QDpV4cRKow
KRBawgJvxCyavk4QbxPVftQGBNxgYvl7DgMDiwUz2B6Si/M1/g+BqdNi1ct7oTtS
LYYS0u+JbsMj1JLt5p64Ym7rVn2yd2k0fyzAfCHEYsn3tysQP9aICQG0MqPtaK0x
oi5WeHGKTPVUoVFYkURApmSKj4rcObv1Eezo4yYHau1CSITENNc88P3BZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN01QpcS/bVHVrVg4/VERI1pBaIVMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvM1RWQ2x4TDl0VWRXdFdEajlVUkVqV2tGb2hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgrn/MA0G
CSqGSIb3DQEBCwUAA4IBAQBYYv3JTSP9JQzzM5BVXCla0lGfbOkpKEN40KEiPuMD
X7OCTDpmQ0mu6ouUPx9CzVxiN/TTruqMJ3kVLqLA9oN9elz2afPBj1cf+CZ/SJQD
A8TyCNDrpiji0igtEVoea+gsxhRLGy7EDcSABOORpmoj99xTvFpiiNqDWAEO0vXO
4x+UtLWGPFLjsQHhVJ+qdmRL8HUgpw5EGG7HuS184GXUeljiBCEWtBUkmTmPrBa8
yYskC+b8bV8yAADDUZwdLObV/NqnFBhnI7SyjQsN66U0h8aqxmc4N6IAzz+yRdZi
ZO4Yo6AzH9GsMn+sXOZJ+lUMLx6KpfFeMlk5vygcjVeq
-----END CERTIFICATE-----