Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/Ppb5boYiXbRg8kP3Bhy4bt1QLcg.roa
File:                     Ppb5boYiXbRg8kP3Bhy4bt1QLcg.roa (raw, json)
Hash identifier:          0L33zHKol9hXgWsMWn/f5Pc6ckvGf6PLGJPJHh/sytM=
Subject key identifier:   3E:96:F9:6E:86:22:5D:B4:60:F2:43:F7:06:1C:B8:6E:DD:50:2D:C8
Certificate issuer:       /CN=f32be982060a43734d0ad126ad46da2f395c9def
Certificate serial:       01969F9C1D11F2403378608042F36F9D5F6E
Authority key identifier: F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/Ppb5boYiXbRg8kP3Bhy4bt1QLcg.roa
Signing time:             Mon 05 May 2025 08:42:10 +0000
ROA not before:           Mon 05 May 2025 08:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.37.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 May 2025 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:9c:1d:11:f2:40:33:78:60:80:42:f3:6f:9d:5f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f32be982060a43734d0ad126ad46da2f395c9def
        Validity
            Not Before: May  5 08:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e96f96e86225db460f243f7061cb86edd502dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d6:80:a9:98:77:b6:87:fa:3c:c5:b4:78:fc:
                    68:4c:e4:25:55:a5:3b:50:03:e5:cf:f8:0c:47:bd:
                    54:06:2b:63:e4:69:d9:54:ab:e5:dc:c9:c3:02:68:
                    0d:2d:32:8d:74:e6:b5:b0:3e:51:82:37:d2:a0:16:
                    0a:8a:dd:71:e8:e8:60:a7:3d:b3:d4:c7:52:c6:0d:
                    31:47:de:80:fa:2d:b0:d3:c1:a7:3b:42:ca:24:c4:
                    a6:d6:ab:f1:e3:4e:b0:32:da:85:9e:79:70:cb:9c:
                    3b:be:85:65:99:e4:73:87:c2:72:ed:b9:24:d0:44:
                    63:0b:67:aa:0c:98:28:e6:7f:41:67:45:8d:1f:b3:
                    39:dd:ca:de:c2:b9:e5:62:31:3e:0f:62:3a:98:35:
                    bf:f7:da:c8:81:7e:a7:12:8c:9a:b2:ea:f7:71:29:
                    33:eb:50:f1:b5:ea:12:b4:04:68:2e:25:5a:4d:7c:
                    3f:0f:cd:e4:43:94:47:e2:a3:6d:c7:c6:ee:13:77:
                    6c:5e:03:fc:01:d8:d9:ff:35:0d:14:27:f5:f1:7a:
                    a3:f3:3a:75:bb:4b:2e:7e:63:e3:e2:8f:35:ba:70:
                    7e:d6:d4:37:f3:2f:27:f3:5c:d2:88:5f:38:dd:ba:
                    a0:94:d0:bc:eb:3d:c6:2a:c9:91:1f:31:6d:cd:36:
                    b7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:96:F9:6E:86:22:5D:B4:60:F2:43:F7:06:1C:B8:6E:DD:50:2D:C8
            X509v3 Authority Key Identifier:
                keyid:F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/Ppb5boYiXbRg8kP3Bhy4bt1QLcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:76:e3:bf:56:00:41:82:3a:10:96:3b:30:d2:18:d6:ec:57:
         19:d8:fd:25:0e:44:6c:1c:01:3a:16:be:4e:2b:d3:af:c8:0d:
         e0:09:78:51:33:39:75:b6:f2:52:94:f2:0a:1d:0d:2f:9c:5d:
         d1:00:0d:6b:f7:cb:4e:32:6d:89:e2:da:bc:8d:e8:88:cd:8a:
         31:df:07:f3:d2:a4:f2:94:5e:1e:fb:ca:8a:ae:ac:b1:fb:5d:
         cd:77:29:c0:33:e5:87:27:3e:51:93:54:8c:af:3d:7c:cb:ef:
         4c:0d:0c:87:9b:5a:d5:01:10:80:47:af:7a:f6:19:e6:19:40:
         67:af:09:d7:9a:c0:fd:7c:36:b8:e0:be:b6:b0:22:7c:10:c3:
         ab:9c:78:84:14:d9:6a:f5:05:85:3f:3c:ee:0e:90:9f:21:df:
         f7:31:73:df:11:86:95:69:7e:d9:a6:7c:81:02:d0:61:b2:34:
         22:a9:b0:e9:b3:35:84:c1:a6:9b:f0:19:e3:ae:db:74:d9:ef:
         cf:14:60:90:c9:ed:1b:a2:39:f2:ce:11:60:e5:49:7d:de:2f:
         11:b6:74:fa:24:45:4b:f6:ba:65:af:4c:78:50:b9:62:9b:67:
         2f:02:35:b1:14:06:ea:2f:2b:71:d0:6e:e5:6f:21:72:10:ad:
         2f:49:4e:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZafnB0R8kAzeGCAQvNvnV9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMmJlOTgyMDYwYTQzNzM0ZDBhZDEyNmFkNDZkYTJmMzk1
YzlkZWYwHhcNMjUwNTA1MDg0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTk2Zjk2ZTg2MjI1ZGI0NjBmMjQzZjcwNjFjYjg2ZWRkNTAyZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9aAqZh3tof6PMW0ePxoTOQlVaU7
UAPlz/gMR71UBitj5GnZVKvl3MnDAmgNLTKNdOa1sD5RgjfSoBYKit1x6Ohgpz2z
1MdSxg0xR96A+i2w08GnO0LKJMSm1qvx406wMtqFnnlwy5w7voVlmeRzh8Jy7bkk
0ERjC2eqDJgo5n9BZ0WNH7M53crewrnlYjE+D2I6mDW/99rIgX6nEoyasur3cSkz
61DxteoStARoLiVaTXw/D83kQ5RH4qNtx8buE3dsXgP8AdjZ/zUNFCf18Xqj8zp1
u0sufmPj4o81unB+1tQ38y8n81zSiF843bqglNC86z3GKsmRHzFtzTa3nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD6W+W6GIl20YPJD9wYcuG7dUC3IMB8GA1UdIwQY
MBaAFPMr6YIGCkNzTQrRJq1G2i85XJ3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGIt
OTliY2JlNmQ3ZjYzLzEvUHBiNWJvWWlYYlJnOGtQM0JoeTRidDFRTGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGItOTliY2JlNmQ3ZjYz
LzEvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSXLMA0G
CSqGSIb3DQEBCwUAA4IBAQCJduO/VgBBgjoQljsw0hjW7FcZ2P0lDkRsHAE6Fr5O
K9OvyA3gCXhRMzl1tvJSlPIKHQ0vnF3RAA1r98tOMm2J4tq8jeiIzYox3wfz0qTy
lF4e+8qKrqyx+13NdynAM+WHJz5Rk1SMrz18y+9MDQyHm1rVARCAR6969hnmGUBn
rwnXmsD9fDa44L62sCJ8EMOrnHiEFNlq9QWFPzzuDpCfId/3MXPfEYaVaX7ZpnyB
AtBhsjQiqbDpszWEwaab8Bnjrtt02e/PFGCQye0bojnyzhFg5Ul93i8RtnT6JEVL
9rplr0x4ULlim2cvAjWxFAbqLytx0G7lbyFyEK0vSU79
-----END CERTIFICATE-----