Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/3TbJq9j2geNORTi2E9xTbbuvxTw.roa
File:                     3TbJq9j2geNORTi2E9xTbbuvxTw.roa (raw, json)
Hash identifier:          GEQQroPBoH2N7pLErfqXNmjkVTV09NRy63LB6YJ9qVU=
Subject key identifier:   DD:36:C9:AB:D8:F6:81:E3:4E:45:38:B6:13:DC:53:6D:BB:AF:C5:3C
Certificate issuer:       /CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
Certificate serial:       01958F83BBE7F5B0D0EBD8B0855433BEBD72
Authority key identifier: F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/3TbJq9j2geNORTi2E9xTbbuvxTw.roa
Signing time:             Thu 13 Mar 2025 12:38:49 +0000
ROA not before:           Thu 13 Mar 2025 12:38:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59819
IP address blocks:        2a03:6947:1400::/40 maxlen: 40
                          2a03:6947:1500::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:83:bb:e7:f5:b0:d0:eb:d8:b0:85:54:33:be:bd:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
        Validity
            Not Before: Mar 13 12:38:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd36c9abd8f681e34e4538b613dc536dbbafc53c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:48:b7:c3:a6:00:bf:a2:b9:9c:ea:c2:c2:76:
                    92:90:0c:bd:51:5e:5d:74:8f:c5:d5:b7:89:ad:be:
                    6e:77:e4:1f:c0:62:f6:59:35:3e:88:dc:f9:d7:37:
                    c0:40:3b:73:78:d9:71:8c:a2:07:1c:9b:47:c8:4f:
                    ad:04:cf:de:d4:ad:bd:60:c6:71:5c:a5:bd:dd:10:
                    08:b4:16:e0:84:d9:79:2e:2f:f8:77:8c:5f:5b:26:
                    66:50:ec:81:ec:fa:63:d8:22:63:4f:e8:7d:13:d9:
                    d4:63:c1:78:40:8d:ac:61:5a:44:ad:42:0f:45:f8:
                    ab:0c:63:3d:e9:c1:1a:f8:34:bf:fe:4d:1b:7f:b7:
                    39:16:1a:a2:65:16:c2:df:48:73:c4:2f:2f:e1:8e:
                    a9:1c:77:5f:bf:90:a5:47:e9:25:69:41:4c:58:c0:
                    6e:5b:86:6c:7f:67:1e:2e:72:2c:3f:71:03:db:55:
                    40:92:8d:c5:12:71:3a:97:6b:8e:09:d7:6b:4e:db:
                    49:3f:33:15:28:12:b7:3e:3c:9f:49:79:21:8b:43:
                    6c:db:58:68:df:d9:8c:73:e6:6d:f6:92:14:8b:fa:
                    40:00:89:f7:3a:53:5d:38:62:2b:e0:44:b8:f5:44:
                    97:49:39:ea:50:eb:37:42:b4:4a:b3:84:f5:9f:70:
                    ef:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:36:C9:AB:D8:F6:81:E3:4E:45:38:B6:13:DC:53:6D:BB:AF:C5:3C
            X509v3 Authority Key Identifier:
                keyid:F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/3TbJq9j2geNORTi2E9xTbbuvxTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6947:1400::/39

    Signature Algorithm: sha256WithRSAEncryption
         54:37:9b:44:65:81:79:20:e7:cf:db:a8:73:c7:02:23:c7:76:
         3a:39:09:08:c7:df:a5:de:e3:23:32:96:b5:c1:ed:3e:6c:b7:
         dd:19:ce:4e:ca:35:95:52:48:1d:fe:5b:d3:9c:75:b5:0b:ec:
         7f:8c:d6:e1:38:5d:41:6e:88:22:d3:86:18:6f:a3:05:e1:c4:
         2f:d4:03:8c:83:14:05:3c:09:c3:81:81:45:52:52:58:a8:5c:
         81:e2:96:cb:a9:f0:70:c4:e3:74:8a:94:fe:91:df:7b:e3:03:
         56:75:ac:c3:d7:e7:00:5d:f9:f6:eb:d3:03:5e:01:31:61:1c:
         89:c3:ef:e0:2a:db:0b:63:5a:7e:80:39:4e:84:4d:65:32:45:
         1a:47:05:ae:46:d8:01:59:a2:37:fa:9b:42:8e:08:25:22:17:
         75:cc:49:f0:bf:f7:a4:71:dd:81:5c:8f:d0:54:08:cb:7d:2c:
         14:9b:1f:bf:7f:8c:39:31:cb:00:02:cb:88:bc:10:1f:1a:d4:
         a1:a6:f4:05:ab:48:ee:61:0f:b4:fd:50:d2:81:78:4e:63:ae:
         dc:d2:f4:16:31:bd:dc:d0:97:c0:ae:2b:ea:06:f7:9f:3b:f0:
         13:9c:86:83:fe:51:1b:90:e6:5b:65:47:a0:3d:1a:81:5a:42:
         66:34:d1:b0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZWPg7vn9bDQ69iwhVQzvr1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjkwNzgxZGJiZWJkYjhlYzQyYmFmNjY0ODgwNTllYTU4
NjZhYWMwHhcNMjUwMzEzMTIzODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM2YzlhYmQ4ZjY4MWUzNGU0NTM4YjYxM2RjNTM2ZGJiYWZjNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ki3w6YAv6K5nOrCwnaSkAy9UV5d
dI/F1beJrb5ud+QfwGL2WTU+iNz51zfAQDtzeNlxjKIHHJtHyE+tBM/e1K29YMZx
XKW93RAItBbghNl5Li/4d4xfWyZmUOyB7Ppj2CJjT+h9E9nUY8F4QI2sYVpErUIP
RfirDGM96cEa+DS//k0bf7c5FhqiZRbC30hzxC8v4Y6pHHdfv5ClR+klaUFMWMBu
W4Zsf2ceLnIsP3ED21VAko3FEnE6l2uOCddrTttJPzMVKBK3PjyfSXkhi0Ns21ho
39mMc+Zt9pIUi/pAAIn3OlNdOGIr4ES49USXSTnqUOs3QrRKs4T1n3DvKQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFN02yavY9oHjTkU4thPcU227r8U8MB8GA1UdIwQY
MBaAFPO5B4Hbvr247EK69mSIBZ6lhmqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAt
M2VmNWViN2M4NTk4LzEvM1RiSnE5ajJnZU5PUlRpMkU5eFRiYnV2eFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAtM2VmNWViN2M4NTk4
LzEvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKgNpRxQw
DQYJKoZIhvcNAQELBQADggEBAFQ3m0RlgXkg58/bqHPHAiPHdjo5CQjH36Xe4yMy
lrXB7T5st90Zzk7KNZVSSB3+W9OcdbUL7H+M1uE4XUFuiCLThhhvowXhxC/UA4yD
FAU8CcOBgUVSUlioXIHilsup8HDE43SKlP6R33vjA1Z1rMPX5wBd+fbr0wNeATFh
HInD7+Aq2wtjWn6AOU6ETWUyRRpHBa5G2AFZojf6m0KOCCUiF3XMSfC/96Rx3YFc
j9BUCMt9LBSbH79/jDkxywACy4i8EB8a1KGm9AWrSO5hD7T9UNKBeE5jrtzS9BYx
vdzQl8CuK+oG95878BOchoP+URuQ5ltlR6A9GoFaQmY00bA=
-----END CERTIFICATE-----