Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/790_0aC0pIVxZhv7VxK50ulYRQA.roa
File:                     790_0aC0pIVxZhv7VxK50ulYRQA.roa (raw, json)
Hash identifier:          Omml7Q0FvpnQPClJTkXnFHAOdNcYGcFxuVbnF3UpV4k=
Subject key identifier:   EF:DD:3F:D1:A0:B4:A4:85:71:66:1B:FB:57:12:B9:D2:E9:58:45:00
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       01941FFA113B6B5FBF15D5143A1D9CC91E93
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/790_0aC0pIVxZhv7VxK50ulYRQA.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29384
IP address blocks:        86.36.48.0/24 maxlen: 24
                          86.36.49.0/24 maxlen: 24
                          86.36.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:11:3b:6b:5f:bf:15:d5:14:3a:1d:9c:c9:1e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efdd3fd1a0b4a48571661bfb5712b9d2e9584500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d7:0c:04:8d:a5:af:8f:19:2c:bd:32:ee:68:
                    e8:9f:76:f0:8a:1f:37:51:62:bd:c4:a6:ff:dd:a6:
                    c1:a9:a8:df:de:13:7f:1b:52:73:cf:34:c7:9b:bd:
                    b0:3d:d1:ca:7f:5a:9d:17:1a:1f:e8:83:20:55:2c:
                    d9:2b:bc:e6:06:fe:32:5c:ea:9a:48:52:81:83:9a:
                    a9:2f:e8:3c:81:d1:dc:db:be:19:13:35:6c:76:70:
                    6e:bd:c6:c5:3c:bd:02:91:98:4a:8c:42:a9:f8:d5:
                    da:5d:1c:0a:d3:4c:0f:2f:6f:71:84:35:25:01:3f:
                    76:41:64:6e:21:d1:be:16:b6:fb:05:4a:02:55:eb:
                    23:54:d1:89:d8:74:87:e0:55:81:1b:99:a0:c9:01:
                    0e:84:d1:17:0a:b7:e6:a1:95:f0:bd:c6:ce:0f:01:
                    37:89:70:7d:68:1c:8e:47:4f:f2:8d:2c:a7:36:05:
                    c5:d1:83:d1:e5:37:34:03:11:f9:16:40:64:9d:8e:
                    86:f6:bc:1d:e7:3e:61:b1:95:87:20:a1:38:b4:e0:
                    38:2c:9e:3b:99:3c:8e:88:85:76:7f:13:8e:4b:e5:
                    1f:20:91:96:68:74:83:8e:a6:b4:4f:cf:c6:85:ea:
                    41:a2:6b:cb:54:f8:31:87:d9:bf:30:7f:9d:86:33:
                    f7:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:DD:3F:D1:A0:B4:A4:85:71:66:1B:FB:57:12:B9:D2:E9:58:45:00
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/790_0aC0pIVxZhv7VxK50ulYRQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.48.0/23
                  86.36.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:0e:28:f2:56:4d:38:97:45:1f:c9:85:0b:68:c9:3c:e4:bb:
         a9:a3:1c:a8:c4:1d:e1:ff:66:b3:34:30:bd:32:28:55:c6:11:
         84:9a:bd:f3:2b:31:a8:1f:dc:e7:8a:b0:f3:5e:09:4f:1f:1d:
         f8:6a:a9:63:fa:c9:2e:99:7f:79:ab:51:d4:92:ec:51:bb:5a:
         85:86:29:38:e5:88:0b:0e:39:c7:c5:68:06:04:4b:1d:9d:b3:
         34:13:d6:f9:b2:f2:9c:d6:91:8a:69:61:cc:f5:d7:50:5a:e8:
         63:a4:ae:cd:d3:46:73:ab:6d:b0:f0:b9:d5:8c:a4:a0:72:2d:
         dc:61:52:1a:df:9c:a6:62:d2:c9:f8:b1:63:d0:00:82:0d:d2:
         46:c9:32:4a:05:9a:7d:54:6a:d1:4b:46:48:c6:bc:91:29:ba:
         5a:a8:c9:d7:25:ae:38:ee:44:6d:25:6d:94:9c:b0:8e:36:4b:
         cf:de:dc:8c:66:10:a9:ab:53:a1:89:40:89:86:bf:d5:40:01:
         92:f9:ad:52:84:d1:aa:3d:87:aa:73:61:d2:c0:ff:cd:8e:f2:
         18:f6:36:6e:fb:07:ad:97:a7:2a:66:8b:34:28:da:6a:83:84:
         2e:48:62:f2:41:84:cd:b3:78:f6:bb:bf:61:c8:78:f8:c8:a3:
         32:f0:f4:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+hE7a1+/FdUUOh2cyR6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGQzZmIwNDRlYjFjMGExMWJlMDYwMmFjZWVmODhlNWY1
ZDJkZGYwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmRkM2ZkMWEwYjRhNDg1NzE2NjFiZmI1NzEyYjlkMmU5NTg0NTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNcMBI2lr48ZLL0y7mjon3bwih83
UWK9xKb/3abBqajf3hN/G1JzzzTHm72wPdHKf1qdFxof6IMgVSzZK7zmBv4yXOqa
SFKBg5qpL+g8gdHc274ZEzVsdnBuvcbFPL0CkZhKjEKp+NXaXRwK00wPL29xhDUl
AT92QWRuIdG+Frb7BUoCVesjVNGJ2HSH4FWBG5mgyQEOhNEXCrfmoZXwvcbODwE3
iXB9aByOR0/yjSynNgXF0YPR5Tc0AxH5FkBknY6G9rwd5z5hsZWHIKE4tOA4LJ47
mTyOiIV2fxOOS+UfIJGWaHSDjqa0T8/GhepBomvLVPgxh9m/MH+dhjP3LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO/dP9GgtKSFcWYb+1cSudLpWEUAMB8GA1UdIwQY
MBaAFDxNP7BE6xwKEb4GAqzu+I5fXS3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEt
YjE4NGUzZjRiNTBlLzEvNzkwXzBhQzBwSVZ4Wmh2N1Z4SzUwdWxZUlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEtYjE4NGUzZjRiNTBl
LzEvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBViQwAwQA
ViRoMA0GCSqGSIb3DQEBCwUAA4IBAQA2DijyVk04l0UfyYULaMk85LupoxyoxB3h
/2azNDC9MihVxhGEmr3zKzGoH9znirDzXglPHx34aqlj+skumX95q1HUkuxRu1qF
hik45YgLDjnHxWgGBEsdnbM0E9b5svKc1pGKaWHM9ddQWuhjpK7N00Zzq22w8LnV
jKSgci3cYVIa35ymYtLJ+LFj0ACCDdJGyTJKBZp9VGrRS0ZIxryRKbpaqMnXJa44
7kRtJW2UnLCONkvP3tyMZhCpq1OhiUCJhr/VQAGS+a1ShNGqPYeqc2HSwP/NjvIY
9jZu+wetl6cqZos0KNpqg4QuSGLyQYTNs3j2u79hyHj4yKMy8PR+
-----END CERTIFICATE-----