Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/1qkc6Y9jXUF8IhL-xIP9OmQuRxQ.roa
File:                     1qkc6Y9jXUF8IhL-xIP9OmQuRxQ.roa (raw, json)
Hash identifier:          FyT7i1iA2UYuQa2unCvmYr0/izQdX0gwOaXqE1QmUDA=
Subject key identifier:   D6:A9:1C:E9:8F:63:5D:41:7C:22:12:FE:C4:83:FD:3A:64:2E:47:14
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       01941FFA1195DDD06A614F7B2EF5E3A8AF54
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/1qkc6Y9jXUF8IhL-xIP9OmQuRxQ.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34945
IP address blocks:        86.36.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:11:95:dd:d0:6a:61:4f:7b:2e:f5:e3:a8:af:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6a91ce98f635d417c2212fec483fd3a642e4714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:60:d8:c3:c8:b6:b4:5c:5f:ed:26:52:6b:c1:
                    22:39:8f:f4:a3:42:c0:b3:c5:2b:70:83:11:44:18:
                    c6:73:3d:e6:9a:b1:8f:de:b0:09:8b:c0:3c:ff:8c:
                    27:66:c5:98:54:ea:b3:2e:c6:73:1f:7c:4a:1d:76:
                    48:a6:a9:16:1f:49:2c:62:a3:1a:0e:16:90:bc:4d:
                    da:d8:8c:f2:07:dd:71:08:65:8e:13:98:e3:05:a0:
                    a2:97:55:48:c5:10:72:58:83:e8:b0:11:bc:8a:8f:
                    c1:fe:be:2c:f2:26:8b:f3:c1:d7:d4:61:b1:fe:d6:
                    82:e3:28:56:03:09:b1:9b:63:f9:61:0a:c4:79:1e:
                    ab:37:35:c2:85:02:e8:4b:4f:6e:9f:3d:2f:bd:ee:
                    1a:91:0d:93:e9:3e:16:80:8f:51:81:f9:e8:ab:70:
                    9a:e2:32:0d:e6:39:ca:98:eb:29:0b:32:bd:10:e1:
                    b7:72:95:77:18:ce:52:2f:2a:67:02:e0:46:1b:85:
                    29:f2:55:6d:44:aa:e0:8a:f4:66:89:34:08:46:60:
                    2f:9a:a7:32:de:33:77:62:9d:69:51:b3:c2:8b:d1:
                    90:c9:89:1b:17:6d:e2:91:cc:d9:17:ad:27:26:e8:
                    b7:3c:01:50:19:72:99:31:e9:c7:07:46:1a:d3:13:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A9:1C:E9:8F:63:5D:41:7C:22:12:FE:C4:83:FD:3A:64:2E:47:14
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/1qkc6Y9jXUF8IhL-xIP9OmQuRxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:18:be:a0:02:07:9b:a7:b7:ef:45:ae:3f:d9:8e:a8:39:7f:
         bd:a0:e9:76:16:f7:4c:f4:e0:52:96:bf:99:ba:5b:ee:43:7c:
         0c:c8:8f:1f:26:5e:29:9f:27:64:77:5a:5f:d9:3e:2f:2f:81:
         be:e4:c5:ed:88:01:3d:bf:1e:49:4e:b6:86:ad:1d:c9:83:6e:
         74:18:10:aa:a2:0c:de:5c:4b:83:b9:c8:10:cd:a6:00:bb:16:
         e7:a2:30:80:14:da:4e:be:96:e5:a0:35:fb:1a:9e:0d:23:4c:
         1a:4a:ec:20:6a:34:88:10:87:95:41:b1:c3:0a:0b:bb:44:84:
         02:6f:b7:ec:71:69:35:6c:f8:30:4b:dc:4c:dd:5a:32:5e:9b:
         c4:b9:a6:c1:e9:c1:fb:e2:4c:79:a7:40:4e:87:81:c0:c7:cd:
         73:28:43:72:7c:ac:5b:47:37:27:c8:dc:4c:ad:85:39:19:5e:
         25:94:dd:79:10:13:4c:f4:64:56:2c:99:a0:6c:f8:82:6d:cd:
         c6:b5:e9:22:45:13:9b:39:d2:82:7a:33:68:0c:70:06:76:27:
         23:e1:b7:5a:4b:2f:c5:80:95:92:5f:d6:d6:0d:63:81:af:00:
         be:4f:9f:1e:2c:54:a8:5e:63:43:98:ca:ad:60:18:5e:d6:d8:
         59:25:f9:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hGV3dBqYU97LvXjqK9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGQzZmIwNDRlYjFjMGExMWJlMDYwMmFjZWVmODhlNWY1
ZDJkZGYwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmE5MWNlOThmNjM1ZDQxN2MyMjEyZmVjNDgzZmQzYTY0MmU0NzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGDYw8i2tFxf7SZSa8EiOY/0o0LA
s8UrcIMRRBjGcz3mmrGP3rAJi8A8/4wnZsWYVOqzLsZzH3xKHXZIpqkWH0ksYqMa
DhaQvE3a2IzyB91xCGWOE5jjBaCil1VIxRByWIPosBG8io/B/r4s8iaL88HX1GGx
/taC4yhWAwmxm2P5YQrEeR6rNzXChQLoS09unz0vve4akQ2T6T4WgI9Rgfnoq3Ca
4jIN5jnKmOspCzK9EOG3cpV3GM5SLypnAuBGG4Up8lVtRKrgivRmiTQIRmAvmqcy
3jN3Yp1pUbPCi9GQyYkbF23ikczZF60nJui3PAFQGXKZMenHB0Ya0xP7kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNapHOmPY11BfCIS/sSD/TpkLkcUMB8GA1UdIwQY
MBaAFDxNP7BE6xwKEb4GAqzu+I5fXS3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEt
YjE4NGUzZjRiNTBlLzEvMXFrYzZZOWpYVUY4SWhMLXhJUDlPbVF1UnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEtYjE4NGUzZjRiNTBl
LzEvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCViQUMA0G
CSqGSIb3DQEBCwUAA4IBAQB8GL6gAgebp7fvRa4/2Y6oOX+9oOl2FvdM9OBSlr+Z
ulvuQ3wMyI8fJl4pnydkd1pf2T4vL4G+5MXtiAE9vx5JTraGrR3Jg250GBCqogze
XEuDucgQzaYAuxbnojCAFNpOvpbloDX7Gp4NI0waSuwgajSIEIeVQbHDCgu7RIQC
b7fscWk1bPgwS9xM3VoyXpvEuabB6cH74kx5p0BOh4HAx81zKENyfKxbRzcnyNxM
rYU5GV4llN15EBNM9GRWLJmgbPiCbc3GtekiRRObOdKCejNoDHAGdicj4bdaSy/F
gJWSX9bWDWOBrwC+T58eLFSoXmNDmMqtYBhe1thZJfkD
-----END CERTIFICATE-----