Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/4uaLh2b-bHV2NsxIJY_pK9e3698.roa
File:                     4uaLh2b-bHV2NsxIJY_pK9e3698.roa (raw, json)
Hash identifier:          sMeMy3i5FoQg0v9xzPREgO0rI8VqgJmcA0uZMgg0uts=
Subject key identifier:   E2:E6:8B:87:66:FE:6C:75:76:36:CC:48:25:8F:E9:2B:D7:B7:EB:DF
Certificate issuer:       /CN=3e70c14bf26faf0198f1e7b24729cd71b33518de
Certificate serial:       01942521F261CBAA922616BD5F1D967F9CF0
Authority key identifier: 3E:70:C1:4B:F2:6F:AF:01:98:F1:E7:B2:47:29:CD:71:B3:35:18:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnDBS_JvrwGY8eeyRynNcbM1GN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/4uaLh2b-bHV2NsxIJY_pK9e3698.roa
Signing time:             Thu 02 Jan 2025 03:49:29 +0000
ROA not before:           Thu 02 Jan 2025 03:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212808
IP address blocks:        185.175.88.0/24 maxlen: 24
                          2a10:45c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/PnDBS_JvrwGY8eeyRynNcbM1GN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/PnDBS_JvrwGY8eeyRynNcbM1GN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnDBS_JvrwGY8eeyRynNcbM1GN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f2:61:cb:aa:92:26:16:bd:5f:1d:96:7f:9c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e70c14bf26faf0198f1e7b24729cd71b33518de
        Validity
            Not Before: Jan  2 03:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2e68b8766fe6c757636cc48258fe92bd7b7ebdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c4:62:ac:25:76:75:65:61:dc:56:ee:da:e8:
                    d8:f6:a1:10:e1:fd:ff:1d:c6:97:80:ba:36:49:1d:
                    18:37:69:2c:39:57:68:7a:c7:65:49:1a:34:ad:6e:
                    f3:dc:6e:08:9a:45:f2:92:14:66:fb:79:2e:cf:a2:
                    88:1b:56:7c:31:06:7c:3e:22:a4:2e:f4:4c:17:a7:
                    7b:1f:f1:7a:4e:10:ec:2c:45:17:81:ee:cf:b5:1f:
                    54:39:7f:cc:89:66:65:f7:01:fa:a1:25:23:13:a9:
                    28:ae:d1:cf:3b:9d:ca:4b:4b:61:03:58:28:e8:e6:
                    30:57:6f:da:80:21:a3:8b:96:74:4b:81:a0:69:c6:
                    3e:9a:74:24:94:16:43:d5:c7:01:58:eb:44:62:9c:
                    60:72:7d:c9:0d:95:af:56:9e:f0:9d:75:7b:ab:b5:
                    52:02:bf:e9:b9:82:fc:d8:82:66:52:78:4b:fe:fc:
                    85:94:cf:ab:8d:56:b9:4a:f3:c5:b7:86:10:ae:5b:
                    82:a4:21:a1:45:9e:47:e9:ad:0e:44:15:7b:e6:1e:
                    41:6b:1c:4b:1d:0f:5e:1c:ec:6f:3c:9e:ac:31:bc:
                    cc:61:18:84:80:29:59:d0:c3:cf:e9:83:08:9f:be:
                    ae:f4:54:44:37:6a:39:1d:33:d1:36:e9:e5:7d:94:
                    0e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E6:8B:87:66:FE:6C:75:76:36:CC:48:25:8F:E9:2B:D7:B7:EB:DF
            X509v3 Authority Key Identifier:
                keyid:3E:70:C1:4B:F2:6F:AF:01:98:F1:E7:B2:47:29:CD:71:B3:35:18:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnDBS_JvrwGY8eeyRynNcbM1GN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/4uaLh2b-bHV2NsxIJY_pK9e3698.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/1d2df9-8f82-4716-853e-53859490d26f/1/PnDBS_JvrwGY8eeyRynNcbM1GN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.88.0/24
                IPv6:
                  2a10:45c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:a7:d2:2f:23:dc:ec:c8:98:3e:29:12:c1:44:7c:af:5a:1c:
         97:b5:73:54:56:4d:7e:da:82:04:59:05:04:80:16:dc:24:5b:
         d6:cb:87:98:7f:ca:52:d4:94:48:83:20:2a:66:4e:0f:ca:8d:
         71:a1:75:be:23:85:05:1e:7c:af:4e:78:97:f2:8f:71:b7:90:
         c1:94:a3:d9:84:1b:c0:6f:f0:a1:bf:c8:b1:f1:43:0d:7f:80:
         5b:e9:38:55:2f:db:4e:52:9f:7f:7d:91:b1:dd:e5:cc:d0:6b:
         81:47:7c:13:0b:16:73:64:8a:cd:a7:b3:f4:8b:b5:21:a8:29:
         a9:0f:58:68:93:a6:48:c1:e9:d1:c6:78:c9:8f:5e:99:bd:4e:
         39:ed:70:75:16:de:3c:6d:9c:80:b3:27:40:8f:3f:2c:75:71:
         0c:04:fa:4a:24:c9:ca:43:10:c5:10:31:1c:70:28:eb:0b:7f:
         50:70:2a:12:56:58:d6:1d:64:35:76:b7:fc:fa:9a:69:6b:57:
         4e:7f:62:37:34:39:d3:79:64:bf:db:30:d1:3c:16:4e:70:4e:
         df:89:63:84:0e:54:b1:0a:76:63:21:cb:10:bc:fc:29:99:81:
         fd:f9:f4:0e:4b:9c:3c:50:eb:d3:ac:93:18:ea:b9:f4:0d:66:
         1d:d9:8f:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIfJhy6qSJha9Xx2Wf5zwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzBjMTRiZjI2ZmFmMDE5OGYxZTdiMjQ3MjljZDcxYjMz
NTE4ZGUwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmU2OGI4NzY2ZmU2Yzc1NzYzNmNjNDgyNThmZTkyYmQ3YjdlYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8RirCV2dWVh3Fbu2ujY9qEQ4f3/
HcaXgLo2SR0YN2ksOVdoesdlSRo0rW7z3G4ImkXykhRm+3kuz6KIG1Z8MQZ8PiKk
LvRMF6d7H/F6ThDsLEUXge7PtR9UOX/MiWZl9wH6oSUjE6kortHPO53KS0thA1go
6OYwV2/agCGji5Z0S4GgacY+mnQklBZD1ccBWOtEYpxgcn3JDZWvVp7wnXV7q7VS
Ar/puYL82IJmUnhL/vyFlM+rjVa5SvPFt4YQrluCpCGhRZ5H6a0ORBV75h5BaxxL
HQ9eHOxvPJ6sMbzMYRiEgClZ0MPP6YMIn76u9FREN2o5HTPRNunlfZQOSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOLmi4dm/mx1djbMSCWP6SvXt+vfMB8GA1UdIwQY
MBaAFD5wwUvyb68BmPHnskcpzXGzNRjeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5EQlNfSnZyd0dZOGVleVJ5bk5jYk0xR040LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8xZDJkZjktOGY4Mi00NzE2LTg1M2Ut
NTM4NTk0OTBkMjZmLzEvNHVhTGgyYi1iSFYyTnN4SUpZX3BLOWUzNjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8xZDJkZjktOGY4Mi00NzE2LTg1M2UtNTM4NTk0OTBkMjZm
LzEvUG5EQlNfSnZyd0dZOGVleVJ5bk5jYk0xR040LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAua9YMA0E
AgACMAcDBQAqEEXAMA0GCSqGSIb3DQEBCwUAA4IBAQAwp9IvI9zsyJg+KRLBRHyv
WhyXtXNUVk1+2oIEWQUEgBbcJFvWy4eYf8pS1JRIgyAqZk4Pyo1xoXW+I4UFHnyv
TniX8o9xt5DBlKPZhBvAb/Chv8ix8UMNf4Bb6ThVL9tOUp9/fZGx3eXM0GuBR3wT
CxZzZIrNp7P0i7UhqCmpD1hok6ZIwenRxnjJj16ZvU457XB1Ft48bZyAsydAjz8s
dXEMBPpKJMnKQxDFEDEccCjrC39QcCoSVljWHWQ1drf8+pppa1dOf2I3NDnTeWS/
2zDRPBZOcE7fiWOEDlSxCnZjIcsQvPwpmYH9+fQOS5w8UOvTrJMY6rn0DWYd2Y+2
-----END CERTIFICATE-----