Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/3NU_jczsTwLqoaX-lCYDIDK-xK4.roa
File:                     3NU_jczsTwLqoaX-lCYDIDK-xK4.roa (raw, json)
Hash identifier:          8Hfke+9D8re50lqI3eIcpPcn6OSj6q+EHma6Ds52QuY=
Subject key identifier:   DC:D5:3F:8D:CC:EC:4F:02:EA:A1:A5:FE:94:26:03:20:32:BE:C4:AE
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       0199A3D5D18EC25D1FAA95C5D7834C65427C
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/3NU_jczsTwLqoaX-lCYDIDK-xK4.roa
Signing time:             Thu 02 Oct 2025 07:32:03 +0000
ROA not before:           Thu 02 Oct 2025 07:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        37.44.229.0/24 maxlen: 24
                          37.44.230.0/24 maxlen: 24
                          37.44.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:d5:d1:8e:c2:5d:1f:aa:95:c5:d7:83:4c:65:42:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Oct  2 07:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcd53f8dccec4f02eaa1a5fe9426032032bec4ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:75:52:64:2f:6f:a3:b4:34:b7:38:af:42:82:
                    c7:e6:b1:60:89:c7:73:d5:31:cb:12:c2:5e:39:e0:
                    26:5e:bc:54:53:78:d5:4e:34:9c:8c:58:db:fa:4f:
                    0a:df:a5:e2:64:90:17:b9:54:44:ed:73:fb:35:29:
                    7e:c2:70:b8:b3:de:6c:d3:86:53:bd:b7:60:49:27:
                    b7:2f:a5:a9:ca:ae:d8:1e:00:c8:ca:57:d7:7b:9f:
                    94:d0:8c:9d:b2:a7:1d:b7:35:07:a2:1c:42:d3:4e:
                    ea:fe:95:06:5b:e9:b6:3f:52:14:12:fe:90:42:b9:
                    16:02:e6:49:bb:8b:01:d4:96:93:57:27:f3:66:f0:
                    7a:d1:d2:e6:a3:8d:9b:ea:29:5c:5d:ef:1f:48:f9:
                    80:3b:2f:f6:a5:3b:64:f0:8c:13:08:bd:f1:cf:2c:
                    67:34:f9:eb:0d:71:b8:0c:5c:85:66:78:a7:68:d8:
                    39:69:7c:42:5f:1a:a0:ff:a1:f1:95:0d:4f:a4:b6:
                    d6:59:f2:da:82:f6:41:2d:f7:85:b2:61:fa:b6:38:
                    45:b4:12:82:25:90:65:3b:ae:2a:84:2e:e3:64:b1:
                    59:c4:e9:a6:c0:a2:98:97:95:69:ab:96:1a:1c:36:
                    e5:75:8f:df:55:00:f6:e3:c8:93:2d:5f:b4:93:36:
                    61:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D5:3F:8D:CC:EC:4F:02:EA:A1:A5:FE:94:26:03:20:32:BE:C4:AE
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/3NU_jczsTwLqoaX-lCYDIDK-xK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.229.0-37.44.231.255

    Signature Algorithm: sha256WithRSAEncryption
         27:b5:55:fa:94:54:1f:7a:c2:8a:d1:fd:e3:f5:5a:93:15:47:
         f8:fa:31:6f:38:fc:29:22:e1:a2:12:4f:fe:78:48:be:fa:1c:
         2a:49:92:5b:e5:0e:d6:ce:93:ac:06:47:2c:83:4a:c6:7c:b3:
         15:11:18:2d:7f:13:eb:88:c1:c2:73:d1:2b:aa:54:4e:5a:60:
         93:7b:d4:ec:94:12:ed:3f:77:1b:c0:12:48:75:f6:53:cd:53:
         ce:33:5f:4d:13:f5:ca:55:07:34:e1:2b:23:dd:c1:00:66:c2:
         13:45:dd:7f:ea:a7:65:20:f4:18:05:ac:47:ea:7d:a1:91:f3:
         c9:e4:be:4f:6e:cd:69:8f:de:1f:3a:1e:d1:01:9e:d2:c1:a1:
         f2:a4:e6:6b:44:bc:4e:59:fe:af:23:1a:eb:17:e5:cd:7c:8e:
         7a:3e:d2:b2:fc:f9:2c:af:8d:26:14:7f:88:39:63:92:15:03:
         e0:47:42:d4:b8:5a:f1:95:5b:f9:03:f6:79:a2:cd:2c:a8:e1:
         88:2a:08:6e:14:2d:88:1e:ce:c7:83:2d:94:84:4d:ac:71:dc:
         52:a0:63:88:3f:2d:2c:61:95:ec:ec:b5:a9:0a:b5:9e:2b:c4:
         5d:c8:75:52:70:af:91:84:3a:4a:0c:c6:54:05:56:58:35:0f:
         06:4b:93:ef
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZmj1dGOwl0fqpXF14NMZUJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUxMDAyMDczMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Q1M2Y4ZGNjZWM0ZjAyZWFhMWE1ZmU5NDI2MDMyMDMyYmVjNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznVSZC9vo7Q0tzivQoLH5rFgicdz
1THLEsJeOeAmXrxUU3jVTjScjFjb+k8K36XiZJAXuVRE7XP7NSl+wnC4s95s04ZT
vbdgSSe3L6Wpyq7YHgDIylfXe5+U0IydsqcdtzUHohxC007q/pUGW+m2P1IUEv6Q
QrkWAuZJu4sB1JaTVyfzZvB60dLmo42b6ilcXe8fSPmAOy/2pTtk8IwTCL3xzyxn
NPnrDXG4DFyFZninaNg5aXxCXxqg/6HxlQ1PpLbWWfLagvZBLfeFsmH6tjhFtBKC
JZBlO64qhC7jZLFZxOmmwKKYl5Vpq5YaHDbldY/fVQD248iTLV+0kzZhMwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNzVP43M7E8C6qGl/pQmAyAyvsSuMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvM05VX2pjenNUd0xxb2FYLWxDWURJREsteEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlLOUD
BAMlLOAwDQYJKoZIhvcNAQELBQADggEBACe1VfqUVB96worR/eP1WpMVR/j6MW84
/Cki4aIST/54SL76HCpJklvlDtbOk6wGRyyDSsZ8sxURGC1/E+uIwcJz0SuqVE5a
YJN71OyUEu0/dxvAEkh19lPNU84zX00T9cpVBzThKyPdwQBmwhNF3X/qp2Ug9BgF
rEfqfaGR88nkvk9uzWmP3h86HtEBntLBofKk5mtEvE5Z/q8jGusX5c18jno+0rL8
+SyvjSYUf4g5Y5IVA+BHQtS4WvGVW/kD9nmizSyo4YgqCG4ULYgezseDLZSETaxx
3FKgY4g/LSxhlezstakKtZ4rxF3IdVJwr5GEOkoMxlQFVlg1DwZLk+8=
-----END CERTIFICATE-----