Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/3OLIMizXOJwfjWRWiEBjpUKJwIU.roa
File:                     3OLIMizXOJwfjWRWiEBjpUKJwIU.roa (raw, json)
Hash identifier:          QMFZT0i3XGS+MsKzCsZOmKPi7vfVCyuG5tTyqhdATNA=
Subject key identifier:   DC:E2:C8:32:2C:D7:38:9C:1F:8D:64:56:88:40:63:A5:42:89:C0:85
Certificate issuer:       /CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
Certificate serial:       019769FB2BC1F6175735088DDE9D888D7EA0
Authority key identifier: 54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/3OLIMizXOJwfjWRWiEBjpUKJwIU.roa
Signing time:             Fri 13 Jun 2025 15:49:17 +0000
ROA not before:           Fri 13 Jun 2025 15:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197695
IP address blocks:        91.204.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 05:07:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:fb:2b:c1:f6:17:57:35:08:8d:de:9d:88:8d:7e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c5c34a62ffbed8fc0f0ec01b42c0c50ee7ef7
        Validity
            Not Before: Jun 13 15:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dce2c8322cd7389c1f8d6456884063a54289c085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:58:71:2b:5b:7d:a9:35:21:92:fe:3c:21:19:
                    c7:ef:b2:88:f7:7e:c0:0d:d8:db:89:29:a5:ee:b2:
                    79:24:d6:c8:44:de:f3:4e:90:fd:76:9a:a9:3f:56:
                    20:8f:2f:19:f2:79:7f:d6:a5:c7:15:fe:51:ae:bd:
                    bb:bc:60:12:fc:b1:ce:11:77:88:1c:fb:91:d7:db:
                    12:36:e9:f7:a4:b9:12:8f:87:17:b1:8d:eb:32:f6:
                    c1:ed:28:35:60:a0:df:32:0c:c0:a0:20:aa:32:6b:
                    b3:33:5c:bb:17:88:c3:e2:d8:3a:b7:12:25:84:d9:
                    a2:9b:27:22:55:c6:da:4d:f2:1a:2e:60:86:fd:c5:
                    54:5b:c9:59:67:c6:4d:53:fb:2b:b4:74:76:5e:cb:
                    fd:c8:89:95:3c:4f:ed:f1:3a:c2:ce:89:be:17:5f:
                    88:31:2c:69:b2:ba:32:4d:3c:9a:39:70:f9:70:3b:
                    05:34:fd:93:d6:b9:71:91:79:65:20:b9:76:02:dc:
                    31:40:4d:d6:70:d6:98:40:fb:5a:7c:f9:ef:1f:51:
                    a7:e9:db:ae:c6:99:c6:53:42:0d:54:03:33:55:48:
                    4b:16:13:dc:ba:22:ba:6d:9d:77:ee:8e:7e:48:b1:
                    af:f0:40:ca:be:37:25:48:27:02:5c:c1:f2:4e:d6:
                    9e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E2:C8:32:2C:D7:38:9C:1F:8D:64:56:88:40:63:A5:42:89:C0:85
            X509v3 Authority Key Identifier:
                keyid:54:3C:5C:34:A6:2F:FB:ED:8F:C0:F0:EC:01:B4:2C:0C:50:EE:7E:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxcNKYv--2PwPDsAbQsDFDufvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/3OLIMizXOJwfjWRWiEBjpUKJwIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/16e022-4da8-4684-85e6-f4f1f93e0467/1/VDxcNKYv--2PwPDsAbQsDFDufvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:24:2c:d8:bd:06:b5:6c:78:45:ac:ce:db:a6:f8:80:82:4e:
         3d:42:db:6a:c3:75:34:2e:f6:ec:21:f8:3d:b1:dc:7b:c7:20:
         4d:3e:88:d4:d2:46:ec:69:5d:86:50:d6:50:6a:82:52:dc:6b:
         2e:79:cf:f4:4b:e3:c4:c4:54:89:53:fe:5a:e1:90:2e:a5:fe:
         98:15:b4:ec:f0:31:3d:95:a0:d4:7e:c5:11:30:76:6a:cd:7e:
         e3:df:9a:61:0e:24:64:bd:39:3e:25:e8:3a:70:e5:ba:7d:92:
         78:8e:1d:f7:36:71:6e:79:1c:5f:f8:1f:33:73:b0:58:93:c3:
         a3:fe:e1:4b:1e:45:03:88:ce:53:f6:fb:fa:06:9a:7f:ed:55:
         24:9e:bd:b1:dd:c5:bc:2d:2b:6c:0c:19:c5:68:17:c9:3f:00:
         8b:d0:d4:c3:5b:22:6c:7f:93:20:03:da:d5:eb:11:b3:ec:fb:
         a8:02:66:bc:33:1a:21:bc:17:53:37:3a:02:a8:9e:c1:40:95:
         a5:ae:5d:bd:f7:63:f7:bd:50:d7:0c:e8:ef:97:46:68:2b:70:
         0d:81:69:24:df:53:ae:47:51:64:04:93:54:9d:84:cd:3e:d9:
         03:af:a9:ed:4c:b9:f3:ad:57:b0:43:9f:a2:73:8b:89:ef:78:
         e3:36:57:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdp+yvB9hdXNQiN3p2IjX6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M1YzM0YTYyZmZiZWQ4ZmMwZjBlYzAxYjQyYzBjNTBl
ZTdlZjcwHhcNMjUwNjEzMTU0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UyYzgzMjJjZDczODljMWY4ZDY0NTY4ODQwNjNhNTQyODljMDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFhxK1t9qTUhkv48IRnH77KI937A
DdjbiSml7rJ5JNbIRN7zTpD9dpqpP1Ygjy8Z8nl/1qXHFf5Rrr27vGAS/LHOEXeI
HPuR19sSNun3pLkSj4cXsY3rMvbB7Sg1YKDfMgzAoCCqMmuzM1y7F4jD4tg6txIl
hNmimyciVcbaTfIaLmCG/cVUW8lZZ8ZNU/srtHR2Xsv9yImVPE/t8TrCzom+F1+I
MSxpsroyTTyaOXD5cDsFNP2T1rlxkXllILl2AtwxQE3WcNaYQPtafPnvH1Gn6duu
xpnGU0INVAMzVUhLFhPcuiK6bZ137o5+SLGv8EDKvjclSCcCXMHyTtaeJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNziyDIs1zicH41kVohAY6VCicCFMB8GA1UdIwQY
MBaAFFQ8XDSmL/vtj8Dw7AG0LAxQ7n73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYt
ZjRmMWY5M2UwNDY3LzEvM09MSU1pelhPSndmaldSV2lFQmpwVUtKd0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8xNmUwMjItNGRhOC00Njg0LTg1ZTYtZjRmMWY5M2UwNDY3
LzEvVkR4Y05LWXYtLTJQd1BEc0FiUXNERkR1ZnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8xIMA0G
CSqGSIb3DQEBCwUAA4IBAQC4JCzYvQa1bHhFrM7bpviAgk49Qttqw3U0LvbsIfg9
sdx7xyBNPojU0kbsaV2GUNZQaoJS3Gsuec/0S+PExFSJU/5a4ZAupf6YFbTs8DE9
laDUfsURMHZqzX7j35phDiRkvTk+Jeg6cOW6fZJ4jh33NnFueRxf+B8zc7BYk8Oj
/uFLHkUDiM5T9vv6Bpp/7VUknr2x3cW8LStsDBnFaBfJPwCL0NTDWyJsf5MgA9rV
6xGz7PuoAma8MxohvBdTNzoCqJ7BQJWlrl2992P3vVDXDOjvl0ZoK3ANgWkk31Ou
R1FkBJNUnYTNPtkDr6ntTLnzrVewQ5+ic4uJ73jjNlco
-----END CERTIFICATE-----