Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/3FLOlTCLI1G1gTETun5ejoasBuA.roa
File:                     3FLOlTCLI1G1gTETun5ejoasBuA.roa (raw, json)
Hash identifier:          ZqTUajmkPh8jnrRO1gF7H9NNj5iQ+rkTS+4qDwUhPQw=
Subject key identifier:   DC:52:CE:95:30:8B:23:51:B5:81:31:13:BA:7E:5E:8E:86:AC:06:E0
Certificate issuer:       /CN=e180ebbbca0f890de353891421a83dd5b653d940
Certificate serial:       019426D962329F01CB44F4948412AFA3E7D6
Authority key identifier: E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/3FLOlTCLI1G1gTETun5ejoasBuA.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215074
IP address blocks:        185.182.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:62:32:9f:01:cb:44:f4:94:84:12:af:a3:e7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e180ebbbca0f890de353891421a83dd5b653d940
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc52ce95308b2351b5813113ba7e5e8e86ac06e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a5:ab:34:5e:62:8e:5a:d4:97:2b:f1:b4:09:
                    c5:af:8e:92:4e:ff:ef:54:1c:ab:27:71:d6:ea:f0:
                    b6:d8:1a:19:1d:df:ff:a6:5e:69:0a:a3:db:15:8d:
                    bc:92:dc:66:a9:fa:b2:5a:7d:3e:c2:cb:e7:f3:a7:
                    8d:ee:51:48:2f:f2:47:2b:bc:d1:ef:64:ef:28:55:
                    4e:e3:67:22:c8:8e:28:7c:54:81:fb:ef:31:02:7e:
                    2c:93:76:44:72:ad:dc:8e:f5:66:dc:83:70:01:13:
                    1a:e4:05:7c:e4:1e:33:b5:42:38:14:ad:c0:97:e3:
                    e4:db:c4:f1:ee:4e:48:ec:30:a6:ad:55:b7:b0:2b:
                    61:0c:e4:70:2f:79:a1:bd:e3:5f:ea:83:6a:88:01:
                    d4:58:35:8a:c9:cf:1b:e5:20:a4:ea:e3:6e:7a:ab:
                    96:2d:89:db:76:cc:5f:1a:fe:4d:c8:48:92:f6:5f:
                    1f:f0:37:a6:92:75:9f:f9:6e:32:82:2b:b5:ed:60:
                    a3:d2:92:3a:08:9c:23:1b:89:03:0f:04:9a:9e:88:
                    b4:c9:8f:29:04:69:a0:8f:5d:96:9e:d3:6b:e0:b6:
                    20:54:1c:db:42:80:6d:a9:70:6b:ac:48:7f:d8:c6:
                    3e:91:af:28:7f:4f:d8:74:24:06:b3:50:7b:0f:ef:
                    13:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:52:CE:95:30:8B:23:51:B5:81:31:13:BA:7E:5E:8E:86:AC:06:E0
            X509v3 Authority Key Identifier:
                keyid:E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/3FLOlTCLI1G1gTETun5ejoasBuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:06:e5:04:0d:8e:02:c5:60:1b:e4:ca:e9:81:9c:84:4c:2e:
         07:19:f0:1c:08:fe:2e:ed:8a:79:82:02:e1:d8:4d:cc:94:cb:
         26:3a:e2:c1:67:2f:1c:11:ca:e4:63:97:d9:87:e5:c5:bf:db:
         a7:23:d0:93:52:33:22:4d:56:35:d3:0a:f9:15:93:55:2d:57:
         ff:8f:b8:73:78:13:c3:d4:93:10:24:7e:24:21:cc:a7:82:08:
         4e:9a:d6:92:a9:d6:c8:b8:51:65:2f:cf:f1:f4:23:e9:4f:8d:
         0a:12:9c:78:4b:2b:f9:37:0c:f3:ca:67:9d:8b:55:71:ae:db:
         90:15:93:af:a6:a3:f5:0c:36:63:1e:77:f8:c6:5d:fa:4d:43:
         38:3a:8a:d5:84:40:7d:ae:cc:50:fa:23:a5:7e:bb:23:24:94:
         45:45:5e:a2:6f:36:43:7e:99:d5:b3:8d:05:02:67:00:3f:c6:
         14:a3:e1:86:87:79:6e:46:13:14:b9:f3:ee:36:e0:16:a8:5e:
         2f:2b:3d:67:e0:dd:47:4d:b6:19:a9:30:4e:14:50:ff:a6:6b:
         91:73:23:25:a7:8d:e6:10:df:26:1e:14:29:70:2d:88:e8:ba:
         7f:66:97:b1:06:c6:65:02:33:12:3b:22:29:07:d3:7a:82:91:
         ec:61:9d:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2WIynwHLRPSUhBKvo+fWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODBlYmJiY2EwZjg5MGRlMzUzODkxNDIxYTgzZGQ1YjY1
M2Q5NDAwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzUyY2U5NTMwOGIyMzUxYjU4MTMxMTNiYTdlNWU4ZTg2YWMwNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqWrNF5ijlrUlyvxtAnFr46STv/v
VByrJ3HW6vC22BoZHd//pl5pCqPbFY28ktxmqfqyWn0+wsvn86eN7lFIL/JHK7zR
72TvKFVO42ciyI4ofFSB++8xAn4sk3ZEcq3cjvVm3INwARMa5AV85B4ztUI4FK3A
l+Pk28Tx7k5I7DCmrVW3sCthDORwL3mhveNf6oNqiAHUWDWKyc8b5SCk6uNuequW
LYnbdsxfGv5NyEiS9l8f8DemknWf+W4ygiu17WCj0pI6CJwjG4kDDwSanoi0yY8p
BGmgj12WntNr4LYgVBzbQoBtqXBrrEh/2MY+ka8of0/YdCQGs1B7D+8T6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxSzpUwiyNRtYExE7p+Xo6GrAbgMB8GA1UdIwQY
MBaAFOGA67vKD4kN41OJFCGoPdW2U9lAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEt
MDU1NTY5NTljNDU1LzEvM0ZMT2xUQ0xJMUcxZ1RFVHVuNWVqb2FzQnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEtMDU1NTY5NTljNDU1
LzEvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubZsMA0G
CSqGSIb3DQEBCwUAA4IBAQCwBuUEDY4CxWAb5MrpgZyETC4HGfAcCP4u7Yp5ggLh
2E3MlMsmOuLBZy8cEcrkY5fZh+XFv9unI9CTUjMiTVY10wr5FZNVLVf/j7hzeBPD
1JMQJH4kIcyngghOmtaSqdbIuFFlL8/x9CPpT40KEpx4Syv5Nwzzymedi1VxrtuQ
FZOvpqP1DDZjHnf4xl36TUM4OorVhEB9rsxQ+iOlfrsjJJRFRV6ibzZDfpnVs40F
AmcAP8YUo+GGh3luRhMUufPuNuAWqF4vKz1n4N1HTbYZqTBOFFD/pmuRcyMlp43m
EN8mHhQpcC2I6Lp/ZpexBsZlAjMSOyIpB9N6gpHsYZ0G
-----END CERTIFICATE-----