Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/O3tc3OLHq8cB4loy7Fxi0BP8NNQ.roa
File:                     O3tc3OLHq8cB4loy7Fxi0BP8NNQ.roa (raw, json)
Hash identifier:          CkO+KiiM2ukYR9GxsF5rvvOLV2C/777PuHZR8Bn21G4=
Subject key identifier:   3B:7B:5C:DC:E2:C7:AB:C7:01:E2:5A:32:EC:5C:62:D0:13:FC:34:D4
Certificate issuer:       /CN=dac633a14cac7c7a0922ffd980de5f278a3be267
Certificate serial:       019763FDA99A918637C8C74B740F27DD41C8
Authority key identifier: DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/O3tc3OLHq8cB4loy7Fxi0BP8NNQ.roa
Signing time:             Thu 12 Jun 2025 11:54:17 +0000
ROA not before:           Thu 12 Jun 2025 11:54:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.233.61.0/24 maxlen: 24
                          185.179.176.0/24 maxlen: 24
                          213.5.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 23:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:fd:a9:9a:91:86:37:c8:c7:4b:74:0f:27:dd:41:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac633a14cac7c7a0922ffd980de5f278a3be267
        Validity
            Not Before: Jun 12 11:54:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b7b5cdce2c7abc701e25a32ec5c62d013fc34d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2d:84:48:70:c3:2a:0d:aa:b1:2f:4d:16:47:
                    d3:05:33:2b:bf:24:e2:1c:9b:b9:70:93:20:0f:9d:
                    d6:7f:6d:c1:68:c2:48:8f:14:6b:4d:7a:37:da:f4:
                    3e:c3:36:3b:a0:66:4b:7d:71:6c:dc:ba:87:e0:f7:
                    66:8a:97:74:23:a6:c2:d0:00:f3:7c:ca:c0:ce:c5:
                    f2:8e:f5:b0:39:66:bd:75:79:be:a0:fa:57:54:ae:
                    32:9a:83:2d:33:5a:d1:8f:6d:c7:e2:ec:17:3a:3b:
                    be:1f:3d:3f:72:7c:0b:6c:5b:d6:c3:04:88:1b:aa:
                    6f:4b:14:ac:7e:a8:3e:20:00:0a:e7:a9:22:c0:4f:
                    9a:00:29:80:62:bb:36:82:4f:ed:77:62:c7:37:49:
                    3f:04:bb:cb:77:cd:d5:b2:bd:7e:65:45:49:9c:6b:
                    f2:49:ce:1a:94:dd:b8:75:15:db:fb:88:90:4d:ac:
                    e0:59:0a:4b:82:47:ab:85:14:8f:d3:0c:6a:47:d9:
                    f2:06:20:a2:f7:d7:3a:be:96:da:e0:a8:3c:4a:f0:
                    99:e9:e7:42:c4:1e:3a:e9:ff:58:b5:26:7e:8a:0f:
                    8e:cc:48:a6:99:85:96:01:1e:0e:3f:88:f5:44:7f:
                    44:ae:b6:3d:4d:10:97:be:3e:20:3d:c2:8e:63:d5:
                    e6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:7B:5C:DC:E2:C7:AB:C7:01:E2:5A:32:EC:5C:62:D0:13:FC:34:D4
            X509v3 Authority Key Identifier:
                keyid:DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/O3tc3OLHq8cB4loy7Fxi0BP8NNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.61.0/24
                  185.179.176.0/24
                  213.5.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b3:67:b2:d1:c0:38:5f:6e:4d:29:27:06:cc:99:3b:8c:2b:
         9f:bb:33:49:b4:3b:df:ea:e7:1b:e9:48:41:93:8b:ca:72:01:
         f5:0a:44:0b:3c:0f:1e:2b:7f:b6:c5:ff:58:9a:f9:cb:80:5c:
         c4:70:4e:f2:0f:07:1d:0f:6c:50:54:13:7e:89:4a:b7:41:78:
         50:c8:fb:5f:e4:7f:e2:0a:d6:fb:cc:04:4b:01:79:1c:4f:2d:
         87:bd:94:59:06:66:fb:f0:61:63:28:c5:ac:af:ac:93:2c:07:
         60:e3:94:a8:bc:e8:59:ca:d6:b4:d6:52:5c:85:9c:1c:6c:fa:
         b8:08:94:13:0e:99:b5:e2:ee:ad:d3:7d:dd:68:0a:01:7b:a2:
         bd:76:bc:38:1a:5a:0e:d3:b2:1e:25:4b:ea:47:2f:11:3d:5a:
         a3:a0:ae:67:ff:e8:95:16:29:7e:3d:9f:cd:38:a1:27:92:7d:
         25:c5:ed:36:d6:98:dc:13:4a:25:ae:bb:3b:31:60:a5:00:e7:
         c4:ed:80:b5:90:06:a9:52:b4:0a:21:0d:1d:97:a4:7a:82:2e:
         63:46:6d:83:a3:36:1f:3d:8e:7f:8b:0c:b7:1f:16:7b:9e:14:
         32:8f:43:66:24:28:2f:05:1a:f6:28:89:c0:b2:b7:ec:7f:b9:
         5a:27:25:5a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdj/amakYY3yMdLdA8n3UHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzYzM2ExNGNhYzdjN2EwOTIyZmZkOTgwZGU1ZjI3OGEz
YmUyNjcwHhcNMjUwNjEyMTE1NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjdiNWNkY2UyYzdhYmM3MDFlMjVhMzJlYzVjNjJkMDEzZmMzNGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8i2ESHDDKg2qsS9NFkfTBTMrvyTi
HJu5cJMgD53Wf23BaMJIjxRrTXo32vQ+wzY7oGZLfXFs3LqH4Pdmipd0I6bC0ADz
fMrAzsXyjvWwOWa9dXm+oPpXVK4ymoMtM1rRj23H4uwXOju+Hz0/cnwLbFvWwwSI
G6pvSxSsfqg+IAAK56kiwE+aACmAYrs2gk/td2LHN0k/BLvLd83Vsr1+ZUVJnGvy
Sc4alN24dRXb+4iQTazgWQpLgkerhRSP0wxqR9nyBiCi99c6vpba4Kg8SvCZ6edC
xB466f9YtSZ+ig+OzEimmYWWAR4OP4j1RH9ErrY9TRCXvj4gPcKOY9XmkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDt7XNzix6vHAeJaMuxcYtAT/DTUMB8GA1UdIwQY
MBaAFNrGM6FMrHx6CSL/2YDeXyeKO+JnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWIt
MjQ1MTVhMTRjNDU2LzEvTzN0YzNPTEhxOGNCNGxveTdGeGkwQlA4Tk5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWItMjQ1MTVhMTRjNDU2
LzEvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+k9AwQA
ubOwAwQA1QXiMA0GCSqGSIb3DQEBCwUAA4IBAQB3s2ey0cA4X25NKScGzJk7jCuf
uzNJtDvf6ucb6UhBk4vKcgH1CkQLPA8eK3+2xf9YmvnLgFzEcE7yDwcdD2xQVBN+
iUq3QXhQyPtf5H/iCtb7zARLAXkcTy2HvZRZBmb78GFjKMWsr6yTLAdg45SovOhZ
yta01lJchZwcbPq4CJQTDpm14u6t033daAoBe6K9drw4GloO07IeJUvqRy8RPVqj
oK5n/+iVFil+PZ/NOKEnkn0lxe021pjcE0olrrs7MWClAOfE7YC1kAapUrQKIQ0d
l6R6gi5jRm2DozYfPY5/iwy3HxZ7nhQyj0NmJCgvBRr2KInAsrfsf7laJyVa
-----END CERTIFICATE-----