Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/R3hdyvcGqSNq9MuuQgsgENnLqRc.roa
File:                     R3hdyvcGqSNq9MuuQgsgENnLqRc.roa (raw, json)
Hash identifier:          p4vr1woIgR7A2etkhsE5WicuvE4bBuEK3XJxuDU+KOU=
Subject key identifier:   47:78:5D:CA:F7:06:A9:23:6A:F4:CB:AE:42:0B:20:10:D9:CB:A9:17
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       019553B3FEE6FC5F4E133282E3D90695C06A
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/R3hdyvcGqSNq9MuuQgsgENnLqRc.roa
Signing time:             Sat 01 Mar 2025 21:54:19 +0000
ROA not before:           Sat 01 Mar 2025 21:54:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.224.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:53:b3:fe:e6:fc:5f:4e:13:32:82:e3:d9:06:95:c0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Mar  1 21:54:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47785dcaf706a9236af4cbae420b2010d9cba917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:df:c3:3e:b1:05:ab:d9:1b:39:7e:ee:18:98:
                    c4:46:44:ea:06:55:78:54:18:3b:72:ce:ff:9d:79:
                    72:ac:94:29:0f:b9:e1:28:69:2a:a5:77:44:0a:db:
                    1a:a2:70:e7:b8:52:49:60:4a:95:a9:48:2b:46:03:
                    aa:5d:00:2d:69:53:e3:34:f7:3e:9a:00:23:9d:9b:
                    f0:96:3b:2d:64:00:df:85:b3:4d:65:c0:0f:21:ff:
                    6f:83:01:76:00:d0:7e:4b:dd:92:fe:f2:1c:03:5b:
                    1a:09:96:f0:2a:56:f0:d9:1f:a2:70:7f:7a:e2:56:
                    60:cd:6e:7f:37:09:87:5a:74:47:70:48:33:ad:19:
                    1a:4d:e9:24:90:e9:44:36:69:d1:18:26:d2:35:4a:
                    ee:99:67:52:9d:eb:4b:fa:c4:62:c0:25:23:60:69:
                    8a:7d:db:21:a8:bb:94:52:3d:bc:1d:29:38:cd:77:
                    d1:42:d3:96:13:39:f2:91:0b:7c:26:66:04:ff:bc:
                    81:78:c5:83:54:32:ec:9e:96:ec:00:d7:4d:12:e5:
                    26:a5:95:41:cd:75:42:d6:8d:76:04:cd:c2:87:ea:
                    3b:25:82:1f:83:bb:75:5f:16:e6:c6:39:c3:93:82:
                    b2:44:58:45:40:7d:db:6c:94:99:04:38:fb:f6:fc:
                    a9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:78:5D:CA:F7:06:A9:23:6A:F4:CB:AE:42:0B:20:10:D9:CB:A9:17
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/R3hdyvcGqSNq9MuuQgsgENnLqRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:92:3b:13:81:94:b7:e0:3b:27:21:51:97:e3:78:6e:01:db:
         56:4d:d1:3b:03:cd:dd:1b:6f:67:18:0e:58:68:71:a2:d1:c4:
         07:43:ff:90:8e:3d:14:45:1d:a6:46:26:11:a0:c7:76:06:d3:
         ac:94:6d:94:7d:84:67:0b:10:29:b3:c2:81:14:35:89:f2:b6:
         7a:96:24:4b:ad:41:2a:55:0f:44:e6:b5:1d:78:92:4b:8f:ae:
         11:e1:bf:dc:c5:b8:af:4f:32:8f:63:c0:3e:02:f3:40:13:69:
         80:17:20:85:bc:46:a2:91:0d:29:a4:e6:7a:20:11:a5:c6:e3:
         1f:9b:d3:56:48:f7:a2:1c:bc:cb:b8:55:d3:37:f9:98:5e:3a:
         d6:c6:4a:7b:6b:7c:0e:8b:8d:0b:89:31:87:e8:1e:c9:66:fa:
         48:c5:bd:91:02:74:63:70:89:9c:0c:37:8c:d9:f2:01:6d:4a:
         c8:b0:3a:24:d1:dc:27:5e:d0:9c:e8:c6:f3:18:69:75:38:19:
         a0:d5:97:25:97:0e:7d:fd:9d:55:77:5d:50:ba:ed:e9:34:7c:
         3f:eb:05:63:e6:6a:91:1f:8b:56:08:be:e0:b9:f3:e0:ea:c4:
         43:c4:81:01:b5:4d:1f:81:90:78:96:39:25:c0:35:a2:d4:3a:
         ec:8a:4f:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVTs/7m/F9OEzKC49kGlcBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwMzAxMjE1NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzc4NWRjYWY3MDZhOTIzNmFmNGNiYWU0MjBiMjAxMGQ5Y2JhOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA89/DPrEFq9kbOX7uGJjERkTqBlV4
VBg7cs7/nXlyrJQpD7nhKGkqpXdECtsaonDnuFJJYEqVqUgrRgOqXQAtaVPjNPc+
mgAjnZvwljstZADfhbNNZcAPIf9vgwF2ANB+S92S/vIcA1saCZbwKlbw2R+icH96
4lZgzW5/NwmHWnRHcEgzrRkaTekkkOlENmnRGCbSNUrumWdSnetL+sRiwCUjYGmK
fdshqLuUUj28HSk4zXfRQtOWEznykQt8JmYE/7yBeMWDVDLsnpbsANdNEuUmpZVB
zXVC1o12BM3Ch+o7JYIfg7t1XxbmxjnDk4KyRFhFQH3bbJSZBDj79vypMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd4Xcr3BqkjavTLrkILIBDZy6kXMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvUjNoZHl2Y0dxU05xOU11dVFnc2dFTm5McVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueAAMA0G
CSqGSIb3DQEBCwUAA4IBAQARkjsTgZS34DsnIVGX43huAdtWTdE7A83dG29nGA5Y
aHGi0cQHQ/+Qjj0URR2mRiYRoMd2BtOslG2UfYRnCxAps8KBFDWJ8rZ6liRLrUEq
VQ9E5rUdeJJLj64R4b/cxbivTzKPY8A+AvNAE2mAFyCFvEaikQ0ppOZ6IBGlxuMf
m9NWSPeiHLzLuFXTN/mYXjrWxkp7a3wOi40LiTGH6B7JZvpIxb2RAnRjcImcDDeM
2fIBbUrIsDok0dwnXtCc6MbzGGl1OBmg1Zcllw59/Z1Vd11Quu3pNHw/6wVj5mqR
H4tWCL7gufPg6sRDxIEBtU0fgZB4ljklwDWi1Drsik8Q
-----END CERTIFICATE-----