Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/3_PU79fuHYEhPlNdsJUuZYubgqE.roa
File:                     3_PU79fuHYEhPlNdsJUuZYubgqE.roa (raw, json)
Hash identifier:          XJWOGH/fcmWGI7b/RAY8L2wuvZcYBFbJ22ImnM+pQlo=
Subject key identifier:   DF:F3:D4:EF:D7:EE:1D:81:21:3E:53:5D:B0:95:2E:65:8B:9B:82:A1
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019427B487E17CEA74BFDBA95F4F0A23BC5D
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/3_PU79fuHYEhPlNdsJUuZYubgqE.roa
Signing time:             Thu 02 Jan 2025 15:48:49 +0000
ROA not before:           Thu 02 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215074
IP address blocks:        185.185.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:87:e1:7c:ea:74:bf:db:a9:5f:4f:0a:23:bc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan  2 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dff3d4efd7ee1d81213e535db0952e658b9b82a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c4:f2:a4:67:a2:91:fd:6e:d0:99:ca:3b:d1:
                    7f:97:e5:52:b7:f7:f1:69:78:b8:1d:e8:a2:a4:5c:
                    cb:e8:06:26:db:b0:d7:8e:d3:7f:f2:87:f9:89:0c:
                    99:fe:34:7d:5b:b5:78:94:4c:82:e7:c0:96:96:ef:
                    29:c4:5b:49:15:f4:d6:3f:29:49:8d:a1:27:77:98:
                    19:8a:b5:23:cb:1d:b9:50:95:ac:9b:a3:69:9d:17:
                    3e:0f:41:85:21:ef:8c:02:5e:bc:b1:39:d6:3c:90:
                    13:17:7f:38:ed:77:e7:69:76:21:96:33:e8:b4:da:
                    8a:3e:c5:3a:ea:3e:0c:03:2c:48:3a:68:42:c0:2c:
                    9d:42:80:29:92:b7:a8:9a:57:c5:5a:fd:be:be:a1:
                    aa:f3:23:a2:4b:b1:33:0e:81:71:b3:f2:68:40:2d:
                    60:cc:e7:03:a0:d7:15:2b:a5:8f:e2:b0:c5:d9:84:
                    10:ae:49:ed:03:4f:9b:e9:9b:62:49:94:b1:52:a6:
                    fb:38:b2:55:10:80:ea:f9:90:47:fa:e7:17:d7:38:
                    af:b9:1a:85:4c:80:96:32:02:68:08:27:dc:ec:79:
                    d2:0a:7b:99:b6:da:03:68:1c:a9:63:38:f8:b9:a4:
                    22:bb:a9:08:65:09:df:ed:b4:a6:3f:00:87:85:3e:
                    04:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F3:D4:EF:D7:EE:1D:81:21:3E:53:5D:B0:95:2E:65:8B:9B:82:A1
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/3_PU79fuHYEhPlNdsJUuZYubgqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:10:6c:34:8a:90:86:21:46:fd:f5:93:d6:fa:71:e8:fa:ed:
         03:23:0b:77:84:50:7f:f9:ce:67:79:35:c7:7e:93:cc:b8:8f:
         c7:34:21:4d:b3:d1:4c:57:12:f7:ef:d7:9d:90:86:9c:d9:27:
         46:43:7d:e8:04:1f:9c:03:11:2b:0e:4d:c8:44:d3:0b:67:20:
         1a:78:b9:a1:ee:13:35:dc:ff:17:1e:68:54:a1:e9:63:19:a0:
         11:ae:ba:69:0b:86:40:7a:4a:39:ff:56:48:50:55:a7:6d:06:
         c4:65:be:42:54:9b:ca:31:d6:60:e6:c9:5c:df:29:95:a4:a2:
         ce:e5:0b:2b:4a:73:ed:e6:be:78:08:68:6c:fa:71:ff:5f:8e:
         5e:ac:c6:bb:90:0a:5e:03:0f:54:6a:fc:25:19:9d:2a:b6:75:
         5a:0f:60:9d:21:fa:62:15:de:4c:a6:bd:0a:35:ff:42:4c:73:
         da:ca:3f:ff:bd:dd:fb:bd:75:79:69:6a:58:97:a2:c8:d0:7e:
         a4:8a:cb:9e:ae:1f:ce:e9:e3:06:b4:e9:bf:aa:c7:81:f2:aa:
         74:57:82:76:6a:ca:6b:60:af:c3:40:66:0e:2f:18:71:f6:7d:
         e7:84:64:65:8f:e1:33:39:e0:97:e6:97:e6:bf:9f:e2:77:b6:
         51:31:2f:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntIfhfOp0v9upX08KI7xdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjUwMTAyMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmYzZDRlZmQ3ZWUxZDgxMjEzZTUzNWRiMDk1MmU2NThiOWI4MmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMTypGeikf1u0JnKO9F/l+VSt/fx
aXi4HeiipFzL6AYm27DXjtN/8of5iQyZ/jR9W7V4lEyC58CWlu8pxFtJFfTWPylJ
jaEnd5gZirUjyx25UJWsm6NpnRc+D0GFIe+MAl68sTnWPJATF3847XfnaXYhljPo
tNqKPsU66j4MAyxIOmhCwCydQoApkreomlfFWv2+vqGq8yOiS7EzDoFxs/JoQC1g
zOcDoNcVK6WP4rDF2YQQrkntA0+b6ZtiSZSxUqb7OLJVEIDq+ZBH+ucX1zivuRqF
TICWMgJoCCfc7HnSCnuZttoDaBypYzj4uaQiu6kIZQnf7bSmPwCHhT4EqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/z1O/X7h2BIT5TXbCVLmWLm4KhMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvM19QVTc5ZnVIWUVoUGxOZHNKVXVaWXViZ3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubmNMA0G
CSqGSIb3DQEBCwUAA4IBAQBgEGw0ipCGIUb99ZPW+nHo+u0DIwt3hFB/+c5neTXH
fpPMuI/HNCFNs9FMVxL379edkIac2SdGQ33oBB+cAxErDk3IRNMLZyAaeLmh7hM1
3P8XHmhUoeljGaARrrppC4ZAeko5/1ZIUFWnbQbEZb5CVJvKMdZg5slc3ymVpKLO
5QsrSnPt5r54CGhs+nH/X45erMa7kApeAw9UavwlGZ0qtnVaD2CdIfpiFd5Mpr0K
Nf9CTHPayj//vd37vXV5aWpYl6LI0H6kisuerh/O6eMGtOm/qseB8qp0V4J2aspr
YK/DQGYOLxhx9n3nhGRlj+EzOeCX5pfmv5/id7ZRMS/v
-----END CERTIFICATE-----