Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/3XfxhYPaNkk8RYgtHf2GQ9-31bw.roa
File:                     3XfxhYPaNkk8RYgtHf2GQ9-31bw.roa (raw, json)
Hash identifier:          IyuGzJvfjXAVgnfQEKPJlaaX+BmI0xIhxqPUz3ur7Ug=
Subject key identifier:   DD:77:F1:85:83:DA:36:49:3C:45:88:2D:1D:FD:86:43:DF:B7:D5:BC
Certificate issuer:       /CN=b19f07669e58ec32b9d9132e2ca6d19c2e949360
Certificate serial:       0194266B7743FCA9E53E1548166F27F48040
Authority key identifier: B1:9F:07:66:9E:58:EC:32:B9:D9:13:2E:2C:A6:D1:9C:2E:94:93:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/3XfxhYPaNkk8RYgtHf2GQ9-31bw.roa
Signing time:             Thu 02 Jan 2025 09:49:24 +0000
ROA not before:           Thu 02 Jan 2025 09:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206160
IP address blocks:        185.141.253.0/24 maxlen: 24
                          2a07:2781:a4a3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:77:43:fc:a9:e5:3e:15:48:16:6f:27:f4:80:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b19f07669e58ec32b9d9132e2ca6d19c2e949360
        Validity
            Not Before: Jan  2 09:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd77f18583da36493c45882d1dfd8643dfb7d5bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:36:e0:06:91:08:5b:c6:9e:9b:3a:86:86:95:
                    a0:a9:a3:c3:cb:22:68:a5:83:d2:95:a6:0f:c7:e9:
                    65:bb:c6:eb:2b:7e:4f:f8:50:b2:68:49:14:ef:6b:
                    4a:33:ff:ed:c3:58:b8:8b:d0:41:3c:79:46:2b:f8:
                    98:b7:a1:22:6f:6b:d2:b1:ff:55:48:c2:2b:ba:29:
                    42:01:66:f8:71:b6:68:b7:92:5e:55:9f:cc:4d:ce:
                    4a:47:59:8a:d4:3e:5d:87:8b:af:f1:bf:21:74:7c:
                    63:3a:ab:1b:2d:bd:6a:e2:08:9d:a1:77:02:c5:28:
                    2c:95:92:b7:2f:e0:01:6a:16:c5:ab:ab:6f:44:24:
                    b0:08:1d:05:c4:48:eb:36:dc:a6:4f:d5:ef:bc:a6:
                    69:16:2b:0e:66:26:9b:8c:b2:a7:c5:ec:70:fe:25:
                    c1:c4:2e:b3:74:b8:6c:ee:fe:49:d6:9d:4a:a6:91:
                    8e:ab:58:92:24:0c:b6:86:ee:2c:2b:6b:12:4b:5f:
                    0f:04:5b:93:70:96:dc:b2:f8:f6:95:0d:6d:3e:6f:
                    c7:7f:be:f9:1e:f6:df:ee:99:c7:7f:f6:67:dc:3b:
                    07:66:02:84:72:d6:f5:5a:a6:a1:ad:1e:4f:cd:8f:
                    49:dd:34:24:57:59:ff:69:74:b1:c5:d1:b3:17:35:
                    8c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:77:F1:85:83:DA:36:49:3C:45:88:2D:1D:FD:86:43:DF:B7:D5:BC
            X509v3 Authority Key Identifier:
                keyid:B1:9F:07:66:9E:58:EC:32:B9:D9:13:2E:2C:A6:D1:9C:2E:94:93:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/3XfxhYPaNkk8RYgtHf2GQ9-31bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.253.0/24
                IPv6:
                  2a07:2781:a4a3::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:7b:94:20:da:04:e1:03:4a:4c:3c:21:03:99:1c:d2:21:4e:
         60:32:33:52:26:16:2b:c4:13:01:0c:3d:a8:1b:a7:9f:9f:5d:
         8f:90:04:94:f3:3e:f2:95:19:63:37:26:4a:7b:fe:af:93:12:
         36:d4:d8:dc:df:8d:d7:c0:70:35:85:df:65:45:84:92:b2:31:
         f1:49:0c:70:72:df:37:40:22:33:79:70:c2:42:a4:ff:70:3c:
         9c:97:71:c0:92:25:b9:b9:cb:1c:da:2a:ca:c6:8d:06:f1:20:
         2e:b1:8a:ac:c0:be:cd:0a:2f:c2:31:e3:8e:8b:21:8e:c6:10:
         58:24:94:fc:52:0c:f0:9f:92:40:42:77:c6:72:5d:9e:d1:f7:
         ef:4c:d6:73:bf:89:b8:bd:83:01:ba:62:c0:62:c9:a6:c8:ca:
         22:05:f5:0d:56:50:bf:ac:6b:75:3d:db:93:63:bd:be:2b:02:
         29:3d:6b:74:a3:13:b1:47:bd:fb:5e:0e:d7:a8:fa:b9:8e:8a:
         05:f1:2f:59:2d:e4:86:fa:8a:68:02:cc:bb:98:c9:a9:88:58:
         d6:8e:db:33:d4:51:e9:77:72:d4:76:e2:5a:38:bf:fc:d7:d9:
         11:a3:0f:d8:8e:ad:72:92:36:13:65:40:2b:dc:f7:9f:5c:67:
         a9:0a:d6:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQma3dD/KnlPhVIFm8n9IBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOWYwNzY2OWU1OGVjMzJiOWQ5MTMyZTJjYTZkMTljMmU5
NDkzNjAwHhcNMjUwMTAyMDk0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc3ZjE4NTgzZGEzNjQ5M2M0NTg4MmQxZGZkODY0M2RmYjdkNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jbgBpEIW8aemzqGhpWgqaPDyyJo
pYPSlaYPx+llu8brK35P+FCyaEkU72tKM//tw1i4i9BBPHlGK/iYt6Eib2vSsf9V
SMIruilCAWb4cbZot5JeVZ/MTc5KR1mK1D5dh4uv8b8hdHxjOqsbLb1q4gidoXcC
xSgslZK3L+ABahbFq6tvRCSwCB0FxEjrNtymT9XvvKZpFisOZiabjLKnxexw/iXB
xC6zdLhs7v5J1p1KppGOq1iSJAy2hu4sK2sSS18PBFuTcJbcsvj2lQ1tPm/Hf775
Hvbf7pnHf/Zn3DsHZgKEctb1WqahrR5PzY9J3TQkV1n/aXSxxdGzFzWMyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN138YWD2jZJPEWILR39hkPft9W8MB8GA1UdIwQY
MBaAFLGfB2aeWOwyudkTLiym0ZwulJNgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1o4SFpwNVk3REs1MlJNdUxLYlJuQzZVazJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy82MjZlZWYtMTJkMC00N2ZhLWI2MzMt
NjQxZGQ0Mjg4YzQwLzEvM1hmeGhZUGFOa2s4UllndEhmMkdROS0zMWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy82MjZlZWYtMTJkMC00N2ZhLWI2MzMtNjQxZGQ0Mjg4YzQw
LzEvc1o4SFpwNVk3REs1MlJNdUxLYlJuQzZVazJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuY39MA8E
AgACMAkDBwAqByeBpKMwDQYJKoZIhvcNAQELBQADggEBACl7lCDaBOEDSkw8IQOZ
HNIhTmAyM1ImFivEEwEMPagbp5+fXY+QBJTzPvKVGWM3Jkp7/q+TEjbU2NzfjdfA
cDWF32VFhJKyMfFJDHBy3zdAIjN5cMJCpP9wPJyXccCSJbm5yxzaKsrGjQbxIC6x
iqzAvs0KL8Ix446LIY7GEFgklPxSDPCfkkBCd8ZyXZ7R9+9M1nO/ibi9gwG6YsBi
yabIyiIF9Q1WUL+sa3U925Njvb4rAik9a3SjE7FHvfteDteo+rmOigXxL1kt5Ib6
imgCzLuYyamIWNaO2zPUUel3ctR24lo4v/zX2RGjD9iOrXKSNhNlQCvc959cZ6kK
1h8=
-----END CERTIFICATE-----