Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/KTzVRdJZBa5vUHuUiFITIPL2MxQ.roa
File:                     KTzVRdJZBa5vUHuUiFITIPL2MxQ.roa (raw, json)
Hash identifier:          p8lCAiX+p391b10Os5I/j2nT1/wyA7qAGwMc1jacaeM=
Subject key identifier:   29:3C:D5:45:D2:59:05:AE:6F:50:7B:94:88:52:13:20:F2:F6:33:14
Certificate issuer:       /CN=3ee770f47fd903925d80ac58e05e076f3baa110b
Certificate serial:       01969C05D6D209D2A21B5E8B31E2BD1B25F4
Authority key identifier: 3E:E7:70:F4:7F:D9:03:92:5D:80:AC:58:E0:5E:07:6F:3B:AA:11:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/KTzVRdJZBa5vUHuUiFITIPL2MxQ.roa
Signing time:             Sun 04 May 2025 15:59:10 +0000
ROA not before:           Sun 04 May 2025 15:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.38.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9c:05:d6:d2:09:d2:a2:1b:5e:8b:31:e2:bd:1b:25:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee770f47fd903925d80ac58e05e076f3baa110b
        Validity
            Not Before: May  4 15:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=293cd545d25905ae6f507b9488521320f2f63314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:0b:8f:85:eb:a5:75:27:fa:42:38:8e:bf:33:
                    ec:39:9c:a3:73:98:b3:3c:d2:db:1e:c4:e3:ff:82:
                    54:25:57:28:8f:99:d4:63:d3:cc:32:d4:2e:65:bd:
                    9f:94:05:b3:9b:94:1a:7e:3b:f8:77:77:5e:a1:86:
                    de:d9:52:dd:bf:2f:4d:39:34:1f:2b:97:8d:31:e2:
                    7a:3a:0e:a5:5a:12:a1:50:af:c4:ac:b7:a6:a3:2e:
                    80:3b:a0:2f:79:d0:3d:0d:c9:91:92:0a:21:7c:e6:
                    bb:b7:94:c7:87:af:3a:60:f2:d7:12:eb:9c:70:c7:
                    88:c0:c1:2a:bf:3b:f2:f6:2e:31:0a:9c:90:9b:84:
                    ee:d6:3f:4d:f9:41:9d:73:a5:21:9f:99:dd:21:6b:
                    70:30:60:96:54:d7:b6:39:84:1c:a3:71:e7:05:7f:
                    80:ab:af:9d:74:b1:db:f2:b6:43:23:a8:c7:10:bf:
                    db:67:92:8b:b6:0b:27:a3:5f:01:a8:5f:7c:4c:da:
                    71:96:e8:61:79:b3:c5:be:3d:27:58:0b:d3:6a:09:
                    59:f9:36:9e:9c:3e:6b:2e:70:e8:02:be:14:51:38:
                    ac:b7:bc:c9:f1:ec:98:67:5c:10:6c:4a:d6:c2:06:
                    cf:55:cc:d4:13:83:cc:44:f0:7c:e6:49:71:23:15:
                    23:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3C:D5:45:D2:59:05:AE:6F:50:7B:94:88:52:13:20:F2:F6:33:14
            X509v3 Authority Key Identifier:
                keyid:3E:E7:70:F4:7F:D9:03:92:5D:80:AC:58:E0:5E:07:6F:3B:AA:11:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/KTzVRdJZBa5vUHuUiFITIPL2MxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/434344-323e-48f8-ade2-624f83682169/1/Pudw9H_ZA5JdgKxY4F4HbzuqEQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:a0:2b:0b:e5:12:b1:be:ff:5c:91:2c:30:05:4d:65:cf:92:
         87:ab:2e:bc:3d:68:8e:c8:2c:b1:81:87:d7:96:08:dc:ed:6b:
         20:24:29:dc:38:0d:6e:fd:0c:bf:b8:a0:d7:37:e7:e9:08:1e:
         7c:e6:03:75:c5:5e:58:fb:ab:f7:4c:7c:57:91:03:d7:cd:52:
         54:df:1d:34:79:03:39:73:5d:58:74:43:33:9f:fb:ab:3a:48:
         5e:b7:e8:d3:26:a3:e1:90:eb:0c:aa:6b:f4:43:08:22:e3:96:
         7f:06:1f:29:da:89:30:27:c6:e2:b6:c2:d0:31:65:61:f6:06:
         93:a6:c6:36:69:c9:e7:25:e4:de:9d:9f:f1:04:79:4a:ff:82:
         f9:58:7c:a0:b6:8f:b6:1b:f7:98:2f:c7:78:98:02:14:dd:3c:
         45:95:0f:34:dc:61:76:37:95:43:42:a5:2d:9a:1c:99:12:42:
         02:ab:4a:0f:6e:b6:24:81:f4:a0:cd:b4:6e:51:73:6e:a0:6b:
         db:85:ba:9e:f2:9c:c9:30:7d:ed:c0:9f:dd:7f:39:ae:91:80:
         09:f2:3b:47:f1:6d:86:4b:ac:31:5f:e5:8f:ba:a5:63:1a:87:
         23:7d:00:06:80:57:35:5a:3c:fa:c6:a4:d0:9f:76:2d:16:5a:
         b6:67:f3:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZacBdbSCdKiG16LMeK9GyX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTc3MGY0N2ZkOTAzOTI1ZDgwYWM1OGUwNWUwNzZmM2Jh
YTExMGIwHhcNMjUwNTA0MTU1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNjZDU0NWQyNTkwNWFlNmY1MDdiOTQ4ODUyMTMyMGYyZjYzMzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQuPheuldSf6QjiOvzPsOZyjc5iz
PNLbHsTj/4JUJVcoj5nUY9PMMtQuZb2flAWzm5Qafjv4d3deoYbe2VLdvy9NOTQf
K5eNMeJ6Og6lWhKhUK/ErLemoy6AO6AvedA9DcmRkgohfOa7t5THh686YPLXEuuc
cMeIwMEqvzvy9i4xCpyQm4Tu1j9N+UGdc6Uhn5ndIWtwMGCWVNe2OYQco3HnBX+A
q6+ddLHb8rZDI6jHEL/bZ5KLtgsno18BqF98TNpxluhhebPFvj0nWAvTaglZ+Tae
nD5rLnDoAr4UUTist7zJ8eyYZ1wQbErWwgbPVczUE4PMRPB85klxIxUj3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCk81UXSWQWub1B7lIhSEyDy9jMUMB8GA1UdIwQY
MBaAFD7ncPR/2QOSXYCsWOBeB287qhELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHVkdzlIX1pBNUpkZ0t4WTRGNEhienVxRVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80MzQzNDQtMzIzZS00OGY4LWFkZTIt
NjI0ZjgzNjgyMTY5LzEvS1R6VlJkSlpCYTV2VUh1VWlGSVRJUEwyTXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80MzQzNDQtMzIzZS00OGY4LWFkZTItNjI0ZjgzNjgyMTY5
LzEvUHVkdzlIX1pBNUpkZ0t4WTRGNEhienVxRVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSYaMA0G
CSqGSIb3DQEBCwUAA4IBAQA7oCsL5RKxvv9ckSwwBU1lz5KHqy68PWiOyCyxgYfX
lgjc7WsgJCncOA1u/Qy/uKDXN+fpCB585gN1xV5Y+6v3THxXkQPXzVJU3x00eQM5
c11YdEMzn/urOkhet+jTJqPhkOsMqmv0Qwgi45Z/Bh8p2okwJ8bitsLQMWVh9gaT
psY2acnnJeTenZ/xBHlK/4L5WHygto+2G/eYL8d4mAIU3TxFlQ803GF2N5VDQqUt
mhyZEkICq0oPbrYkgfSgzbRuUXNuoGvbhbqe8pzJMH3twJ/dfzmukYAJ8jtH8W2G
S6wxX+WPuqVjGocjfQAGgFc1Wjz6xqTQn3YtFlq2Z/MM
-----END CERTIFICATE-----