Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/3M8ohd4vZsoKlPACyKdzUGtkgrU.roa
File:                     3M8ohd4vZsoKlPACyKdzUGtkgrU.roa (raw, json)
Hash identifier:          NriHifjaJM/ZNQ2f3LLNISQiISu1fzsqY4Jv31tLHmo=
Subject key identifier:   DC:CF:28:85:DE:2F:66:CA:0A:94:F0:02:C8:A7:73:50:6B:64:82:B5
Certificate issuer:       /CN=1af16a3cf8116721afad8c1e5b3e83a2959ceb99
Certificate serial:       018CC3B6BBB7593B8F32470DA43A8A759568
Authority key identifier: 1A:F1:6A:3C:F8:11:67:21:AF:AD:8C:1E:5B:3E:83:A2:95:9C:EB:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/3M8ohd4vZsoKlPACyKdzUGtkgrU.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49321
IP address blocks:        185.128.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:bb:b7:59:3b:8f:32:47:0d:a4:3a:8a:75:95:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1af16a3cf8116721afad8c1e5b3e83a2959ceb99
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dccf2885de2f66ca0a94f002c8a773506b6482b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3f:a8:3c:e1:92:8e:3f:5f:a7:7d:d7:71:15:
                    ed:95:e4:e3:ca:cd:4c:89:d6:20:78:1c:dc:66:47:
                    07:1a:be:a9:13:06:0e:b0:ab:31:8c:64:78:5d:83:
                    37:9e:53:db:f7:4c:1c:98:13:28:9b:f7:31:8b:08:
                    49:42:a0:dc:2a:22:88:b5:6d:39:77:1b:4e:44:65:
                    55:5a:74:41:d7:56:a0:3e:ff:ca:db:d5:94:28:c9:
                    27:5a:2a:03:41:7c:9a:e5:13:e6:5b:c9:9b:42:84:
                    17:0d:0b:c7:29:f8:d5:61:13:96:1d:01:d7:cb:8e:
                    d8:7f:43:4d:18:9f:18:15:5e:68:45:12:6c:c1:54:
                    4d:1c:be:a6:eb:a0:91:4d:ed:b0:32:b6:68:10:a9:
                    0d:1a:d2:ae:bf:ec:7c:2d:5b:70:f8:d4:bb:9e:8d:
                    69:a1:f7:21:11:7a:8b:b7:0f:38:a0:17:96:3b:97:
                    02:c4:ec:c0:60:b9:c7:c3:67:2e:8d:0e:1e:6d:33:
                    a4:b9:c8:38:39:a6:12:f0:16:62:20:ee:7d:de:0e:
                    9e:c9:54:c5:f9:45:33:28:16:9c:99:70:a2:c2:57:
                    e9:a5:22:61:ba:88:ba:8d:48:fc:18:34:17:c6:5a:
                    09:f6:94:8f:5e:bb:eb:e8:4b:17:16:09:81:77:25:
                    ea:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:CF:28:85:DE:2F:66:CA:0A:94:F0:02:C8:A7:73:50:6B:64:82:B5
            X509v3 Authority Key Identifier:
                keyid:1A:F1:6A:3C:F8:11:67:21:AF:AD:8C:1E:5B:3E:83:A2:95:9C:EB:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GvFqPPgRZyGvrYweWz6DopWc65k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/3M8ohd4vZsoKlPACyKdzUGtkgrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7a5fd3-faae-4120-a4a8-1dc2a52368c1/1/GvFqPPgRZyGvrYweWz6DopWc65k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:88:8c:07:bf:3e:ca:8a:b3:e0:bd:ec:b8:55:3f:88:69:e1:
         89:65:3a:b9:d7:ad:3a:cf:a4:39:cf:53:3d:88:c5:d1:ee:63:
         17:6b:9d:cd:c4:f9:5d:99:53:a2:e3:a7:d9:64:90:93:cf:ce:
         4a:2a:3f:b2:e7:f9:c7:39:b8:e8:e2:a8:f9:e0:9e:a4:b5:fe:
         e4:2a:3c:e2:4d:dc:35:4e:5d:b8:e2:8f:fd:cf:f3:74:66:52:
         69:0b:c8:84:e5:3f:63:c5:1f:cc:e1:a4:c2:38:ac:cf:86:ff:
         d8:ae:94:bd:c6:9b:5d:7b:a6:1b:39:19:16:f7:4e:c0:f0:6c:
         49:e3:cc:03:31:5b:6e:c8:af:8c:90:24:b6:70:9a:b4:65:62:
         ec:67:d6:d4:8e:9e:1c:8e:72:90:e6:94:d7:c8:a3:7d:f6:d5:
         fc:31:bf:e7:9e:20:b8:b4:49:3a:60:50:a6:53:76:51:e7:11:
         93:44:18:25:bb:69:34:ae:50:b5:76:61:79:3a:59:16:45:79:
         6f:df:a6:ad:7a:8a:c4:c3:2a:69:ca:45:04:e9:41:ef:d2:9d:
         c5:4c:11:c3:9f:49:da:9c:ac:da:eb:ae:33:26:70:12:4b:0d:
         d2:52:39:a2:a6:a2:aa:62:2a:ae:ae:8f:57:e2:ba:f7:01:6d:
         6f:45:fd:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtru3WTuPMkcNpDqKdZVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZjE2YTNjZjgxMTY3MjFhZmFkOGMxZTViM2U4M2EyOTU5
Y2ViOTkwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2NmMjg4NWRlMmY2NmNhMGE5NGYwMDJjOGE3NzM1MDZiNjQ4MmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqj+oPOGSjj9fp33XcRXtleTjys1M
idYgeBzcZkcHGr6pEwYOsKsxjGR4XYM3nlPb90wcmBMom/cxiwhJQqDcKiKItW05
dxtORGVVWnRB11agPv/K29WUKMknWioDQXya5RPmW8mbQoQXDQvHKfjVYROWHQHX
y47Yf0NNGJ8YFV5oRRJswVRNHL6m66CRTe2wMrZoEKkNGtKuv+x8LVtw+NS7no1p
ofchEXqLtw84oBeWO5cCxOzAYLnHw2cujQ4ebTOkucg4OaYS8BZiIO593g6eyVTF
+UUzKBacmXCiwlfppSJhuoi6jUj8GDQXxloJ9pSPXrvr6EsXFgmBdyXqmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzPKIXeL2bKCpTwAsinc1BrZIK1MB8GA1UdIwQY
MBaAFBrxajz4EWchr62MHls+g6KVnOuZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3ZGcVBQZ1JaeUd2cll3ZVd6NkRvcFdjNjVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83YTVmZDMtZmFhZS00MTIwLWE0YTgt
MWRjMmE1MjM2OGMxLzEvM004b2hkNHZac29LbFBBQ3lLZHpVR3RrZ3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83YTVmZDMtZmFhZS00MTIwLWE0YTgtMWRjMmE1MjM2OGMx
LzEvR3ZGcVBQZ1JaeUd2cll3ZVd6NkRvcFdjNjVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDhMA0G
CSqGSIb3DQEBCwUAA4IBAQCaiIwHvz7KirPgvey4VT+IaeGJZTq51606z6Q5z1M9
iMXR7mMXa53NxPldmVOi46fZZJCTz85KKj+y5/nHObjo4qj54J6ktf7kKjziTdw1
Tl244o/9z/N0ZlJpC8iE5T9jxR/M4aTCOKzPhv/YrpS9xptde6YbORkW907A8GxJ
48wDMVtuyK+MkCS2cJq0ZWLsZ9bUjp4cjnKQ5pTXyKN99tX8Mb/nniC4tEk6YFCm
U3ZR5xGTRBglu2k0rlC1dmF5OlkWRXlv36ateorEwyppykUE6UHv0p3FTBHDn0na
nKza664zJnASSw3SUjmipqKqYiquro9X4rr3AW1vRf2a
-----END CERTIFICATE-----