Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/DV3PY9YU5zk2EaQYZkZq4p-ZUYM.roa
File:                     DV3PY9YU5zk2EaQYZkZq4p-ZUYM.roa (raw, json)
Hash identifier:          iyl4yZuKkTsrQs+Y4JJy2vYNDSKm0/gIBzJQSKVyBGM=
Subject key identifier:   0D:5D:CF:63:D6:14:E7:39:36:11:A4:18:66:46:6A:E2:9F:99:51:83
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       0194236A02B453C7E0CAC8EDA0DD7012B4B4
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/DV3PY9YU5zk2EaQYZkZq4p-ZUYM.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207034
IP address blocks:        185.168.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:02:b4:53:c7:e0:ca:c8:ed:a0:dd:70:12:b4:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d5dcf63d614e7393611a41866466ae29f995183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:db:5f:32:a1:84:e9:58:18:13:65:02:79:71:
                    2e:7f:46:f8:67:df:05:b1:dc:cd:5a:df:bd:e2:f2:
                    a0:4c:18:f8:bf:11:c3:41:39:70:50:1a:d5:11:e1:
                    13:9b:31:f0:b6:a7:8b:7a:36:90:a4:1e:9c:ee:6e:
                    f4:63:c5:60:44:61:3f:f1:0b:16:77:9d:3d:da:a0:
                    23:49:3d:17:5c:15:6f:b1:a5:69:6c:d2:cc:6e:bc:
                    3d:0d:e7:01:64:91:09:18:a0:4e:00:0c:ee:04:bb:
                    dd:f0:ae:13:5d:fd:f6:fd:fa:4d:95:96:8e:d8:e5:
                    6e:21:57:7d:b7:c1:7d:a2:8a:f1:34:2a:92:1b:f9:
                    84:ae:3a:ef:56:d7:06:c8:ac:f7:13:9e:59:bf:b7:
                    ff:8b:34:21:30:16:0a:97:14:32:fc:b5:63:8f:d4:
                    25:23:de:9e:05:48:34:01:4b:83:44:0e:4f:b3:2b:
                    44:00:66:2d:47:98:66:f3:da:0a:17:b2:35:9e:f4:
                    53:bc:d6:4f:56:b2:1f:dd:8b:45:8f:7c:fa:08:31:
                    6c:17:8a:b1:39:c6:cd:4a:43:6b:fb:c1:14:53:39:
                    77:2b:e3:0a:ad:aa:2e:89:61:e0:c2:7b:42:e1:41:
                    8b:61:6c:04:25:d3:c6:64:e0:d7:f1:94:da:6b:07:
                    fe:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:5D:CF:63:D6:14:E7:39:36:11:A4:18:66:46:6A:E2:9F:99:51:83
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/DV3PY9YU5zk2EaQYZkZq4p-ZUYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:79:5c:08:19:32:ca:75:89:c0:da:0d:2d:9b:c1:ce:80:2e:
         6c:1c:46:f9:de:70:4e:de:b0:29:9b:68:ba:7e:27:e4:3d:9a:
         80:ed:63:3d:84:cf:e6:c0:c4:55:cb:00:7c:83:a1:1a:61:39:
         d7:26:89:38:83:96:f7:7a:d0:48:5f:53:fd:47:76:d3:c1:ca:
         8e:2f:62:3e:ff:5a:69:9c:02:fb:3c:21:bf:8b:4f:9d:71:4a:
         98:5a:e8:a9:22:9a:6f:da:12:11:13:22:d5:45:57:1c:5c:b8:
         b1:67:1d:a8:6c:5f:0a:df:54:92:fb:c6:82:62:1b:f5:77:3e:
         ec:9a:09:2e:a6:c5:2b:2d:94:67:67:66:c4:01:ea:18:28:08:
         45:25:2b:69:00:02:25:74:f7:49:b7:54:42:2e:6e:53:a8:27:
         57:48:2e:e6:1d:22:5d:eb:8c:93:35:cd:1b:a5:36:2a:47:5e:
         b7:5d:ab:6a:3e:a5:7a:a7:96:6f:61:19:48:a0:e6:b3:65:68:
         98:76:ca:96:56:95:83:2c:24:4c:cb:1c:61:09:f8:b8:64:ea:
         b4:20:41:69:5f:f2:90:d8:a2:16:76:bd:6f:ec:87:39:49:09:
         f3:be:5a:72:7b:74:27:bf:91:9b:29:da:8a:a9:8f:74:7f:4d:
         ef:31:05:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagK0U8fgysjtoN1wErS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDVkY2Y2M2Q2MTRlNzM5MzYxMWE0MTg2NjQ2NmFlMjlmOTk1MTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApttfMqGE6VgYE2UCeXEuf0b4Z98F
sdzNWt+94vKgTBj4vxHDQTlwUBrVEeETmzHwtqeLejaQpB6c7m70Y8VgRGE/8QsW
d5092qAjST0XXBVvsaVpbNLMbrw9DecBZJEJGKBOAAzuBLvd8K4TXf32/fpNlZaO
2OVuIVd9t8F9oorxNCqSG/mErjrvVtcGyKz3E55Zv7f/izQhMBYKlxQy/LVjj9Ql
I96eBUg0AUuDRA5PsytEAGYtR5hm89oKF7I1nvRTvNZPVrIf3YtFj3z6CDFsF4qx
OcbNSkNr+8EUUzl3K+MKraouiWHgwntC4UGLYWwEJdPGZODX8ZTaawf+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1dz2PWFOc5NhGkGGZGauKfmVGDMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvRFYzUFk5WVU1emsyRWFRWVprWnE0cC1aVVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagkMA0G
CSqGSIb3DQEBCwUAA4IBAQAOeVwIGTLKdYnA2g0tm8HOgC5sHEb53nBO3rApm2i6
fifkPZqA7WM9hM/mwMRVywB8g6EaYTnXJok4g5b3etBIX1P9R3bTwcqOL2I+/1pp
nAL7PCG/i0+dcUqYWuipIppv2hIREyLVRVccXLixZx2obF8K31SS+8aCYhv1dz7s
mgkupsUrLZRnZ2bEAeoYKAhFJStpAAIldPdJt1RCLm5TqCdXSC7mHSJd64yTNc0b
pTYqR163XatqPqV6p5ZvYRlIoOazZWiYdsqWVpWDLCRMyxxhCfi4ZOq0IEFpX/KQ
2KIWdr1v7Ic5SQnzvlpye3Qnv5GbKdqKqY90f03vMQUT
-----END CERTIFICATE-----