Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/3wW5MOLSStojI9xiPbeDzYTIyjU.roa
File:                     3wW5MOLSStojI9xiPbeDzYTIyjU.roa (raw, json)
Hash identifier:          2XAYsLytjrXYCpBJtfGxqKAam2Z4NRRhSRFoEEd4Llk=
Subject key identifier:   DF:05:B9:30:E2:D2:4A:DA:23:23:DC:62:3D:B7:83:CD:84:C8:CA:35
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       019422FB76879DD940BDC123435492567A9E
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/3wW5MOLSStojI9xiPbeDzYTIyjU.roa
Signing time:             Wed 01 Jan 2025 17:48:12 +0000
ROA not before:           Wed 01 Jan 2025 17:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        194.15.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 19:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:76:87:9d:d9:40:bd:c1:23:43:54:92:56:7a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Jan  1 17:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df05b930e2d24ada2323dc623db783cd84c8ca35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c5:ed:51:16:b2:67:58:f1:61:9a:b0:f8:0b:
                    9d:8b:01:96:3c:d9:69:cf:f5:2d:7f:af:68:99:d3:
                    49:08:94:f6:16:c1:f1:19:07:92:e4:c7:9a:c6:69:
                    86:d5:a1:a4:16:43:90:22:c9:56:50:6c:31:1d:6e:
                    58:4d:17:bc:0f:da:42:37:ee:ee:b5:30:d1:b6:91:
                    03:8d:a1:d8:3c:9e:3e:cf:b2:9d:2c:e1:e3:9c:86:
                    60:f0:c5:d5:ce:5c:86:ad:c4:39:18:3f:89:89:e1:
                    5c:62:62:4f:8b:14:59:27:eb:c6:ee:4b:e6:a7:03:
                    f7:db:b2:dc:b8:96:d1:2a:e3:f5:b6:2e:55:0b:e0:
                    91:00:79:8e:b8:9f:cf:65:10:e5:24:2b:92:2e:fc:
                    20:d3:bf:aa:25:4e:eb:e9:18:c5:05:22:20:3b:22:
                    2d:ea:ff:a5:ca:d1:34:52:69:1b:df:ce:6a:b1:15:
                    fb:54:ee:6a:bc:be:31:e3:a8:83:8e:70:78:da:9f:
                    c5:b3:da:3d:ba:da:dc:40:65:b3:c5:bc:21:0c:53:
                    21:d3:84:bc:23:1f:29:a8:92:66:31:6f:45:0e:d9:
                    1c:89:88:e5:1f:33:4d:c7:c8:15:ac:d2:e3:3b:72:
                    f9:08:4f:60:37:1e:06:30:9e:ec:0b:28:2c:b8:b6:
                    71:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:05:B9:30:E2:D2:4A:DA:23:23:DC:62:3D:B7:83:CD:84:C8:CA:35
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/3wW5MOLSStojI9xiPbeDzYTIyjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:53:d1:6f:66:45:bd:df:28:68:f6:e9:69:8d:fd:fe:5f:b8:
         2b:7c:52:4b:86:c6:90:0c:99:28:c3:5d:16:cd:76:a7:86:e1:
         76:3f:d0:46:e6:2a:59:79:47:e6:8d:62:07:e7:48:f9:98:e6:
         00:03:a4:00:7c:62:00:c6:ee:61:6b:c7:21:b2:d9:b2:89:bd:
         c7:03:38:b7:79:90:55:0a:8c:22:07:b8:a4:b5:1d:89:34:89:
         04:be:b7:a6:50:f4:4e:b5:ad:6a:2b:46:89:f2:fd:fc:8e:d9:
         f4:b3:f3:50:a0:f8:c4:bd:28:28:d3:85:39:b2:67:a5:dc:20:
         f3:df:5b:2c:33:fc:ae:cb:df:b0:24:05:3e:94:96:9d:c9:9f:
         70:72:83:b2:20:db:d4:c0:02:dc:81:7b:67:d1:c0:85:55:ef:
         fc:bd:1c:f7:f7:07:5d:b6:f3:94:26:fc:61:70:5b:28:bc:55:
         57:25:a3:b9:41:f7:89:a2:99:72:9a:8b:28:76:3a:4b:60:a0:
         cf:b2:e9:8d:a0:27:89:82:24:4b:03:db:d4:2b:a5:d1:13:2e:
         24:cb:d9:8a:39:0a:14:04:83:54:6b:7d:d9:7b:bb:d2:04:4e:
         10:09:dd:e6:0f:29:4a:33:1f:9c:1e:b7:8b:1f:7e:e2:0f:af:
         02:36:25:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+3aHndlAvcEjQ1SSVnqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGM5YzU1ZTE1OTdlODg1NjRkYWY1NjdlNWE0NjY1OTc4
YzdiODUwHhcNMjUwMTAxMTc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjA1YjkzMGUyZDI0YWRhMjMyM2RjNjIzZGI3ODNjZDg0YzhjYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8XtURayZ1jxYZqw+AudiwGWPNlp
z/Utf69omdNJCJT2FsHxGQeS5MeaxmmG1aGkFkOQIslWUGwxHW5YTRe8D9pCN+7u
tTDRtpEDjaHYPJ4+z7KdLOHjnIZg8MXVzlyGrcQ5GD+JieFcYmJPixRZJ+vG7kvm
pwP327LcuJbRKuP1ti5VC+CRAHmOuJ/PZRDlJCuSLvwg07+qJU7r6RjFBSIgOyIt
6v+lytE0Umkb385qsRX7VO5qvL4x46iDjnB42p/Fs9o9utrcQGWzxbwhDFMh04S8
Ix8pqJJmMW9FDtkciYjlHzNNx8gVrNLjO3L5CE9gNx4GMJ7sCygsuLZx/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8FuTDi0kraIyPcYj23g82EyMo1MB8GA1UdIwQY
MBaAFIXcnFXhWX6IVk2vVn5aRmWXjHuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0Mjkt
ODZlYTE5ZDI5MTYzLzEvM3dXNU1PTFNTdG9qSTl4aVBiZUR6WVRJeWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0MjktODZlYTE5ZDI5MTYz
LzEvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg9zMA0G
CSqGSIb3DQEBCwUAA4IBAQDKU9FvZkW93yho9ulpjf3+X7grfFJLhsaQDJkow10W
zXanhuF2P9BG5ipZeUfmjWIH50j5mOYAA6QAfGIAxu5ha8chstmyib3HAzi3eZBV
CowiB7iktR2JNIkEvremUPROta1qK0aJ8v38jtn0s/NQoPjEvSgo04U5smel3CDz
31ssM/yuy9+wJAU+lJadyZ9wcoOyINvUwALcgXtn0cCFVe/8vRz39wddtvOUJvxh
cFsovFVXJaO5QfeJoplymosodjpLYKDPsumNoCeJgiRLA9vUK6XREy4ky9mKOQoU
BINUa33Ze7vSBE4QCd3mDylKMx+cHreLH37iD68CNiXb
-----END CERTIFICATE-----