Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/BbO3Y81u57rZF7WlM500MsuZpRM.roa
File:                     BbO3Y81u57rZF7WlM500MsuZpRM.roa (raw, json)
Hash identifier:          ENegZhckEyjrMTUEgK0PeHY3+6b9WA+KNwr6cWbkGV8=
Subject key identifier:   05:B3:B7:63:CD:6E:E7:BA:D9:17:B5:A5:33:9D:34:32:CB:99:A5:13
Certificate issuer:       /CN=603831a61bc8a8f4cb85887022fb6f86397345dc
Certificate serial:       0196AF11EF8EC4B8869364CA30D4692391F8
Authority key identifier: 60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/BbO3Y81u57rZF7WlM500MsuZpRM.roa
Signing time:             Thu 08 May 2025 08:45:10 +0000
ROA not before:           Thu 08 May 2025 08:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.34.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:11:ef:8e:c4:b8:86:93:64:ca:30:d4:69:23:91:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=603831a61bc8a8f4cb85887022fb6f86397345dc
        Validity
            Not Before: May  8 08:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05b3b763cd6ee7bad917b5a5339d3432cb99a513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c1:74:d2:16:a0:9e:08:ff:82:0d:05:07:9a:
                    01:46:c4:ab:79:70:1c:18:49:30:78:06:3f:59:d2:
                    92:96:bf:a0:5d:9d:3f:1d:b0:1a:f0:68:01:2c:c8:
                    47:1f:c8:cf:8e:08:fc:5a:9f:31:45:44:3d:4a:f7:
                    21:4c:25:be:42:d0:38:b8:cc:ed:c6:58:f9:40:d0:
                    50:c8:24:fd:33:ad:f4:41:b3:1e:77:43:3f:9d:83:
                    5b:5d:07:f3:cb:74:01:bc:87:ed:10:18:d0:08:84:
                    bc:5c:4a:b6:ab:da:c5:06:a0:dd:c0:d1:84:b2:63:
                    1d:7f:92:e5:34:4b:f9:72:7c:68:7a:9a:c4:c7:12:
                    f1:fa:71:23:62:82:77:95:60:13:85:31:e5:3c:f6:
                    73:56:ac:e6:57:6b:c9:8f:64:04:33:34:d8:44:a3:
                    cf:ff:89:2d:f9:71:84:f4:93:72:d0:77:14:4d:73:
                    2b:74:52:92:18:30:ea:df:f9:e9:c4:c3:7c:d8:e1:
                    2b:cb:0d:54:36:7c:69:c5:c7:bb:64:cd:66:c1:b8:
                    db:0e:db:3a:3b:c1:77:21:98:14:2c:81:31:65:08:
                    e8:31:8e:b5:12:ca:5a:a1:ef:51:2b:38:5c:91:e5:
                    17:25:16:aa:51:80:5e:38:a2:20:42:67:27:18:0b:
                    82:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B3:B7:63:CD:6E:E7:BA:D9:17:B5:A5:33:9D:34:32:CB:99:A5:13
            X509v3 Authority Key Identifier:
                keyid:60:38:31:A6:1B:C8:A8:F4:CB:85:88:70:22:FB:6F:86:39:73:45:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDgxphvIqPTLhYhwIvtvhjlzRdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/BbO3Y81u57rZF7WlM500MsuZpRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ac3276-50ad-4ebc-a2a6-9808545933c9/1/YDgxphvIqPTLhYhwIvtvhjlzRdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:37:bc:31:93:9d:ab:32:89:76:6f:50:84:78:0f:5f:be:a3:
         67:87:51:65:d3:91:3d:b8:6a:0c:10:3d:76:11:d4:b4:9e:69:
         f1:19:93:ae:6e:79:aa:67:d0:db:fc:d0:fb:e9:0e:03:71:09:
         18:92:c5:74:9e:dc:aa:2e:74:35:63:37:9b:7d:cf:c4:cf:b3:
         ca:ca:9d:be:5a:32:4d:ef:dd:8c:3b:53:d9:b9:a7:d7:06:62:
         28:2c:86:a3:8f:cc:36:08:35:46:78:1a:4c:98:c4:84:2a:6f:
         a6:01:fa:c2:76:de:7b:97:a7:7d:01:8c:3c:d2:02:46:7a:37:
         a1:c0:12:31:12:c9:b0:57:0c:46:ea:2b:0a:42:19:9a:f8:87:
         6a:7a:ee:aa:ab:0b:fd:93:73:20:d0:42:f2:38:4b:e3:3f:1f:
         2c:4d:eb:6b:30:e9:16:25:40:2e:f8:32:88:a4:de:67:4e:75:
         be:5e:91:f9:ef:37:53:1b:1c:78:0b:b3:8b:0a:32:15:49:a4:
         01:21:c2:55:d5:42:3e:83:db:1e:c2:b7:ad:4f:47:57:5e:78:
         f8:e4:37:e1:f8:a5:59:04:69:dc:cc:f7:a3:66:02:50:99:57:
         7b:76:5b:02:b7:0a:14:2a:df:6c:da:a9:5b:30:8d:d2:e5:8d:
         cb:a1:1e:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZavEe+OxLiGk2TKMNRpI5H4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzgzMWE2MWJjOGE4ZjRjYjg1ODg3MDIyZmI2Zjg2Mzk3
MzQ1ZGMwHhcNMjUwNTA4MDg0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWIzYjc2M2NkNmVlN2JhZDkxN2I1YTUzMzlkMzQzMmNiOTlhNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcF00hagngj/gg0FB5oBRsSreXAc
GEkweAY/WdKSlr+gXZ0/HbAa8GgBLMhHH8jPjgj8Wp8xRUQ9SvchTCW+QtA4uMzt
xlj5QNBQyCT9M630QbMed0M/nYNbXQfzy3QBvIftEBjQCIS8XEq2q9rFBqDdwNGE
smMdf5LlNEv5cnxoeprExxLx+nEjYoJ3lWAThTHlPPZzVqzmV2vJj2QEMzTYRKPP
/4kt+XGE9JNy0HcUTXMrdFKSGDDq3/npxMN82OEryw1UNnxpxce7ZM1mwbjbDts6
O8F3IZgULIExZQjoMY61Espaoe9RKzhckeUXJRaqUYBeOKIgQmcnGAuCQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWzt2PNbue62Re1pTOdNDLLmaUTMB8GA1UdIwQY
MBaAFGA4MaYbyKj0y4WIcCL7b4Y5c0XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYt
OTgwODU0NTkzM2M5LzEvQmJPM1k4MXU1N3JaRjdXbE01MDBNc3VacFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hYzMyNzYtNTBhZC00ZWJjLWEyYTYtOTgwODU0NTkzM2M5
LzEvWURneHBodklxUFRMaFlod0l2dHZoamx6UmR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSLjMA0G
CSqGSIb3DQEBCwUAA4IBAQAYN7wxk52rMol2b1CEeA9fvqNnh1Fl05E9uGoMED12
EdS0nmnxGZOubnmqZ9Db/ND76Q4DcQkYksV0ntyqLnQ1Yzebfc/Ez7PKyp2+WjJN
792MO1PZuafXBmIoLIajj8w2CDVGeBpMmMSEKm+mAfrCdt57l6d9AYw80gJGejeh
wBIxEsmwVwxG6isKQhma+Idqeu6qqwv9k3Mg0ELyOEvjPx8sTetrMOkWJUAu+DKI
pN5nTnW+XpH57zdTGxx4C7OLCjIVSaQBIcJV1UI+g9sewretT0dXXnj45Dfh+KVZ
BGnczPejZgJQmVd7dlsCtwoUKt9s2qlbMI3S5Y3LoR7F
-----END CERTIFICATE-----