Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/f3t_UNJWKVLbbqTSRagtMmmMKZw.roa
File:                     f3t_UNJWKVLbbqTSRagtMmmMKZw.roa (raw, json)
Hash identifier:          ovleolAf657e+Xkh7kQLw0Pswx9FL3alnCQ2UDw7zkQ=
Subject key identifier:   7F:7B:7F:50:D2:56:29:52:DB:6E:A4:D2:45:A8:2D:32:69:8C:29:9C
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       01968162132AE36C4B5428B2C9BBA6AE8B32
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/f3t_UNJWKVLbbqTSRagtMmmMKZw.roa
Signing time:             Tue 29 Apr 2025 11:50:10 +0000
ROA not before:           Tue 29 Apr 2025 11:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40994
IP address blocks:        194.150.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:62:13:2a:e3:6c:4b:54:28:b2:c9:bb:a6:ae:8b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Apr 29 11:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f7b7f50d2562952db6ea4d245a82d32698c299c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:00:a6:d0:e5:40:e1:a7:8a:e0:87:0d:e6:78:
                    87:44:f0:b7:6d:23:1b:d7:42:59:3d:b3:39:b1:16:
                    2f:ae:21:af:db:f6:6f:b8:ea:d7:b1:ca:6c:71:d3:
                    b8:11:2c:a6:5a:59:84:d6:35:63:1f:bc:e7:77:05:
                    22:0c:64:7b:b6:5f:32:ea:4c:51:07:69:46:8b:69:
                    9d:b2:74:3d:c5:16:0c:c6:af:06:cd:0e:e9:eb:42:
                    27:73:4e:14:1d:38:3d:19:0b:fc:fb:cf:df:c3:ad:
                    b3:17:7d:fb:bc:18:d5:e7:4a:f6:ff:94:ed:ed:8a:
                    82:1f:32:a6:e5:3b:57:61:9f:7f:10:b2:96:f9:1e:
                    4e:a0:ef:61:7b:da:91:69:57:fb:e1:d1:7c:ff:aa:
                    1a:28:45:6a:b8:13:cc:b8:24:a3:f0:4e:1a:37:92:
                    ad:1f:b5:0d:88:f4:07:a9:a0:46:45:8e:71:80:c1:
                    7a:b7:10:5e:3f:1a:d7:d1:73:e8:6a:d2:a9:04:6c:
                    4c:ce:5a:f0:40:c6:ee:0f:01:2c:ed:49:79:f7:31:
                    f9:37:62:3c:b2:1f:b4:b5:83:9b:8b:a8:4c:ea:77:
                    d2:3e:c8:1a:5c:dc:ed:4d:4c:58:4c:8e:c0:78:7c:
                    52:9a:38:b7:ac:30:f8:74:45:65:38:fd:e1:22:88:
                    79:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7B:7F:50:D2:56:29:52:DB:6E:A4:D2:45:A8:2D:32:69:8C:29:9C
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/f3t_UNJWKVLbbqTSRagtMmmMKZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:97:6f:8d:c0:02:48:b9:8e:be:b9:4c:e3:a5:54:12:f6:ad:
         4f:eb:51:ae:48:0d:0b:ef:ae:ae:c2:08:83:64:fd:6b:77:53:
         d2:54:fe:f9:a8:79:cb:9f:36:c9:26:12:92:ed:82:2f:c9:c8:
         77:7a:1a:22:6c:b2:57:cb:fa:5e:ec:71:13:fa:b3:40:7c:33:
         01:cd:f3:f7:36:7c:da:69:60:48:6b:d8:6c:2b:a4:41:76:8c:
         91:27:6c:ab:45:1d:9d:2b:a6:ca:7b:25:bf:77:99:a1:c0:c0:
         85:63:99:2b:ad:08:63:36:13:28:cc:f4:b8:28:e0:6a:94:71:
         fc:cc:07:c3:62:40:1e:33:b6:b5:6e:be:9b:52:8a:b6:9b:ce:
         c6:cc:0d:e7:d8:88:0f:9f:0c:cc:99:1b:35:71:4e:f4:2e:08:
         bb:32:c7:e1:48:17:b6:08:8e:81:60:72:8d:a1:4b:e0:ec:eb:
         3f:ac:ef:0a:a7:46:b2:29:5c:d5:51:d3:bf:0a:66:72:9a:e6:
         e2:1a:70:95:bf:50:e3:d6:2a:5f:cb:d7:7d:e5:0b:ea:73:8f:
         f5:9c:34:b6:fa:4a:4d:fa:ec:f1:2c:70:c7:f6:b5:22:51:40:
         9b:e3:fb:eb:c5:2a:ad:08:ed:ff:5d:26:47:45:3e:0c:f2:62:
         41:6c:bb:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBYhMq42xLVCiyybumrosyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjUwNDI5MTE1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjdiN2Y1MGQyNTYyOTUyZGI2ZWE0ZDI0NWE4MmQzMjY5OGMyOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQCm0OVA4aeK4IcN5niHRPC3bSMb
10JZPbM5sRYvriGv2/ZvuOrXscpscdO4ESymWlmE1jVjH7zndwUiDGR7tl8y6kxR
B2lGi2mdsnQ9xRYMxq8GzQ7p60Inc04UHTg9GQv8+8/fw62zF337vBjV50r2/5Tt
7YqCHzKm5TtXYZ9/ELKW+R5OoO9he9qRaVf74dF8/6oaKEVquBPMuCSj8E4aN5Kt
H7UNiPQHqaBGRY5xgMF6txBePxrX0XPoatKpBGxMzlrwQMbuDwEs7Ul59zH5N2I8
sh+0tYObi6hM6nfSPsgaXNztTUxYTI7AeHxSmji3rDD4dEVlOP3hIoh5HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH97f1DSVilS226k0kWoLTJpjCmcMB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvZjN0X1VOSldLVkxiYnFUU1JhZ3RNbW1NS1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZKMA0G
CSqGSIb3DQEBCwUAA4IBAQBfl2+NwAJIuY6+uUzjpVQS9q1P61GuSA0L766uwgiD
ZP1rd1PSVP75qHnLnzbJJhKS7YIvych3ehoibLJXy/pe7HET+rNAfDMBzfP3Nnza
aWBIa9hsK6RBdoyRJ2yrRR2dK6bKeyW/d5mhwMCFY5krrQhjNhMozPS4KOBqlHH8
zAfDYkAeM7a1br6bUoq2m87GzA3n2IgPnwzMmRs1cU70Lgi7MsfhSBe2CI6BYHKN
oUvg7Os/rO8Kp0ayKVzVUdO/CmZymubiGnCVv1Dj1ipfy9d95Qvqc4/1nDS2+kpN
+uzxLHDH9rUiUUCb4/vrxSqtCO3/XSZHRT4M8mJBbLt8
-----END CERTIFICATE-----