Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/3vr6MmTJusXLHnoomZaTFzf2R_Y.roa
File:                     3vr6MmTJusXLHnoomZaTFzf2R_Y.roa (raw, json)
Hash identifier:          wwVRXCGEVqcIpkBMKuCLGQDGcvT246U/Ud4fDza9yz4=
Subject key identifier:   DE:FA:FA:32:64:C9:BA:C5:CB:1E:7A:28:99:96:93:17:37:F6:47:F6
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       0196237154AD98979D74CFE1925B0560FCF8
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/3vr6MmTJusXLHnoomZaTFzf2R_Y.roa
Signing time:             Fri 11 Apr 2025 06:02:31 +0000
ROA not before:           Fri 11 Apr 2025 06:02:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        163.171.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:23:71:54:ad:98:97:9d:74:cf:e1:92:5b:05:60:fc:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Apr 11 06:02:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=defafa3264c9bac5cb1e7a289996931737f647f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:4f:82:be:c8:6e:d5:b5:e3:59:98:9c:d2:
                    bb:d1:a4:2e:0c:c0:97:e4:eb:88:3e:78:5b:2d:48:
                    88:7e:0c:86:0a:4e:02:54:64:eb:d4:d2:bf:93:58:
                    e6:1d:97:a6:07:12:71:a7:be:27:5d:35:ab:6f:04:
                    02:40:4a:61:fc:3b:76:c7:8e:15:01:a7:88:42:a6:
                    fb:00:28:8e:6a:34:0c:98:04:f4:f6:50:64:4d:e2:
                    e4:fd:a6:fc:60:b3:a9:f9:66:45:bf:c7:c1:4f:71:
                    5b:bb:fd:05:fc:df:df:ba:cb:83:86:fa:5e:aa:ea:
                    38:07:c7:d3:50:10:02:48:1c:df:e7:4e:05:54:23:
                    24:12:70:e6:bb:34:28:d3:3f:e4:4e:07:db:74:e0:
                    fd:e4:0a:89:74:9c:9d:35:bc:33:d3:63:fc:8d:f6:
                    3f:58:99:43:ee:72:cd:b5:34:3e:4d:e1:44:5b:04:
                    6f:f2:94:ab:2f:c6:96:06:1a:4d:90:eb:89:86:a6:
                    bb:f6:77:77:a7:bc:ad:2f:1f:9b:02:e2:ab:92:e2:
                    a1:32:38:4d:fb:63:55:72:49:eb:5c:f4:1c:0f:2c:
                    0b:be:70:df:ee:85:3b:d1:ba:fc:e3:23:85:e9:47:
                    91:26:60:f7:c5:37:3f:d5:9a:ab:02:1a:84:b8:d3:
                    c5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FA:FA:32:64:C9:BA:C5:CB:1E:7A:28:99:96:93:17:37:F6:47:F6
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/3vr6MmTJusXLHnoomZaTFzf2R_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.171.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:99:cc:c0:4f:9d:57:b4:2d:cc:a8:c9:67:cb:e6:73:ed:e0:
         be:bb:0d:b9:bf:a6:4a:8a:76:50:4e:14:21:2f:14:18:a9:1f:
         58:f1:33:97:84:54:bc:f2:d3:df:96:78:b5:d8:05:8a:ab:7c:
         c4:de:85:ce:40:82:80:27:d6:54:91:67:c9:fc:6d:f8:3e:47:
         eb:3b:a2:8b:08:de:5e:8e:8a:6d:54:af:56:e7:48:40:d8:46:
         09:cd:6a:ef:13:9e:55:ad:02:72:b7:fc:c9:d8:6d:0c:46:ad:
         87:88:f8:19:97:ef:3d:a4:d0:2f:73:c2:0f:0f:d7:7c:f6:3d:
         f3:8e:a1:0c:05:a9:24:0e:ee:bc:68:b8:33:4b:12:ea:dc:81:
         db:b2:d1:44:26:19:55:0a:b3:82:6a:1f:76:13:71:a2:cc:d6:
         8a:2b:a1:46:f5:0d:d4:9f:02:45:56:f9:b1:66:99:47:29:0c:
         07:98:d0:39:13:7c:2f:1b:10:29:c4:c0:34:6d:a6:b0:91:d6:
         18:82:2b:19:6f:af:f4:cf:a0:9b:aa:85:6d:0b:2f:3e:55:e0:
         62:1a:96:97:08:17:39:fc:22:78:0d:39:28:bc:d0:8b:2d:f5:
         37:55:4f:c1:5f:74:85:cc:81:72:2c:b0:7c:a3:52:43:04:bc:
         ac:f5:58:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYjcVStmJeddM/hklsFYPz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwNDExMDYwMjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWZhZmEzMjY0YzliYWM1Y2IxZTdhMjg5OTk2OTMxNzM3ZjY0N2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6JPgr7IbtW141mYnNK70aQuDMCX
5OuIPnhbLUiIfgyGCk4CVGTr1NK/k1jmHZemBxJxp74nXTWrbwQCQEph/Dt2x44V
AaeIQqb7ACiOajQMmAT09lBkTeLk/ab8YLOp+WZFv8fBT3Fbu/0F/N/fusuDhvpe
quo4B8fTUBACSBzf504FVCMkEnDmuzQo0z/kTgfbdOD95AqJdJydNbwz02P8jfY/
WJlD7nLNtTQ+TeFEWwRv8pSrL8aWBhpNkOuJhqa79nd3p7ytLx+bAuKrkuKhMjhN
+2NVcknrXPQcDywLvnDf7oU70br84yOF6UeRJmD3xTc/1ZqrAhqEuNPFJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN76+jJkybrFyx56KJmWkxc39kf2MB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvM3ZyNk1tVEp1c1hMSG5vb21aYVRGemYyUl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo6tZMA0G
CSqGSIb3DQEBCwUAA4IBAQDUmczAT51XtC3MqMlny+Zz7eC+uw25v6ZKinZQThQh
LxQYqR9Y8TOXhFS88tPflni12AWKq3zE3oXOQIKAJ9ZUkWfJ/G34PkfrO6KLCN5e
joptVK9W50hA2EYJzWrvE55VrQJyt/zJ2G0MRq2HiPgZl+89pNAvc8IPD9d89j3z
jqEMBakkDu68aLgzSxLq3IHbstFEJhlVCrOCah92E3GizNaKK6FG9Q3UnwJFVvmx
ZplHKQwHmNA5E3wvGxApxMA0baawkdYYgisZb6/0z6CbqoVtCy8+VeBiGpaXCBc5
/CJ4DTkovNCLLfU3VU/BX3SFzIFyLLB8o1JDBLys9Vh3
-----END CERTIFICATE-----