Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/rq9aneEoVWHNrooCWNRA9paJqvA.roa
File:                     rq9aneEoVWHNrooCWNRA9paJqvA.roa (raw, json)
Hash identifier:          yfPP93JQllNK5aLLASi/RUmEtM270jETA3o9ZRbSPvY=
Subject key identifier:   AE:AF:5A:9D:E1:28:55:61:CD:AE:8A:02:58:D4:40:F6:96:89:AA:F0
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       01941FFA10EDED1149B9829618EBA38EEAED
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/rq9aneEoVWHNrooCWNRA9paJqvA.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        86.36.48.0/24 maxlen: 24
                          86.36.49.0/24 maxlen: 24
                          86.36.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:10:ed:ed:11:49:b9:82:96:18:eb:a3:8e:ea:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeaf5a9de1285561cdae8a0258d440f69689aaf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:1c:2b:b4:44:e9:9b:a3:cd:d8:f0:54:b9:6d:
                    45:11:c0:5d:66:6b:bd:82:b1:c1:33:ac:60:70:26:
                    ea:71:cb:72:00:b3:97:9d:e8:bd:45:5e:c8:4d:9d:
                    1a:9e:92:af:81:45:40:7c:7e:03:99:50:fa:0e:45:
                    8a:b8:72:e8:75:f1:fd:32:44:d7:21:3f:bf:86:10:
                    d5:37:d9:72:a3:09:cc:17:83:c2:38:d0:4a:c7:31:
                    85:49:2c:01:d8:59:21:2c:6c:37:ee:03:7d:11:4a:
                    f7:f2:dc:71:9a:3a:73:fc:4a:26:26:35:f7:c7:af:
                    e6:f1:21:e9:b8:34:ba:f8:78:16:ad:2d:b2:b0:ee:
                    05:e8:ea:dc:15:c3:b6:3f:d6:86:b8:1a:18:a2:8d:
                    7a:92:1c:ca:89:51:0f:65:d6:52:b6:b1:5f:eb:ad:
                    5e:e3:cd:ec:55:98:0b:e9:56:db:2d:6a:ab:40:37:
                    d3:75:0d:ce:f1:e7:7d:89:7d:11:e8:dc:14:65:fd:
                    f9:bf:4d:de:66:32:a2:66:64:41:46:d4:62:6b:9a:
                    55:5d:58:b1:3b:1a:09:07:f2:28:2a:16:9a:ea:11:
                    c5:02:c8:4f:fc:87:3b:e3:78:88:2a:d2:9f:83:31:
                    6b:47:3b:a7:95:83:e0:50:83:0f:e8:68:4d:85:36:
                    85:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:AF:5A:9D:E1:28:55:61:CD:AE:8A:02:58:D4:40:F6:96:89:AA:F0
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/rq9aneEoVWHNrooCWNRA9paJqvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.48.0/23
                  86.36.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:8a:41:17:a0:6d:c5:b0:55:7f:65:38:b2:cd:e9:59:62:fc:
         54:63:46:b6:a7:8e:cb:79:cf:b8:fe:a3:3b:16:1d:56:50:4c:
         4e:f6:8a:34:91:81:c9:8a:4c:47:ec:47:85:9f:10:7b:0d:df:
         c0:d4:bb:ff:46:95:ec:f3:d0:6d:86:8a:32:85:9e:10:8b:9e:
         0e:58:9e:60:8a:6b:40:03:86:05:b6:8b:cf:24:5a:37:73:24:
         7e:5e:14:90:c1:86:07:7b:27:a6:02:95:68:2b:19:44:46:56:
         de:b8:37:b3:35:9a:99:10:61:d4:f7:ec:e4:bd:d7:f1:04:4d:
         f4:71:4d:b4:e1:d8:5b:99:5c:f1:30:ec:54:8d:e1:76:ac:2f:
         ff:0c:6f:4d:b0:f3:96:a1:b2:2f:22:37:cc:ae:d7:9d:b5:48:
         57:62:86:03:56:49:9a:5b:55:2b:3f:95:c4:4d:fe:f0:2c:28:
         a6:53:8e:f8:f0:e1:93:fc:d3:76:9b:99:3c:e0:21:ad:2d:95:
         6a:c9:9d:86:37:f5:2b:97:0c:a7:b4:f9:5d:4e:3d:6b:bf:ee:
         8d:93:a2:98:26:60:2c:27:d9:5a:5e:7c:b3:c4:77:ea:5f:10:
         35:bb:a5:75:eb:ae:be:46:e4:5f:e0:10:f0:b0:7f:85:2e:8d:
         27:50:dd:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+hDt7RFJuYKWGOujjurtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGQzZmIwNDRlYjFjMGExMWJlMDYwMmFjZWVmODhlNWY1
ZDJkZGYwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWFmNWE5ZGUxMjg1NTYxY2RhZThhMDI1OGQ0NDBmNjk2ODlhYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBwrtETpm6PN2PBUuW1FEcBdZmu9
grHBM6xgcCbqcctyALOXnei9RV7ITZ0anpKvgUVAfH4DmVD6DkWKuHLodfH9MkTX
IT+/hhDVN9lyownMF4PCONBKxzGFSSwB2FkhLGw37gN9EUr38txxmjpz/EomJjX3
x6/m8SHpuDS6+HgWrS2ysO4F6OrcFcO2P9aGuBoYoo16khzKiVEPZdZStrFf661e
483sVZgL6VbbLWqrQDfTdQ3O8ed9iX0R6NwUZf35v03eZjKiZmRBRtRia5pVXVix
OxoJB/IoKhaa6hHFAshP/Ic743iIKtKfgzFrRzunlYPgUIMP6GhNhTaFiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK6vWp3hKFVhza6KAljUQPaWiarwMB8GA1UdIwQY
MBaAFDxNP7BE6xwKEb4GAqzu+I5fXS3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEt
YjE4NGUzZjRiNTBlLzEvcnE5YW5lRW9WV0hOcm9vQ1dOUkE5cGFKcXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEtYjE4NGUzZjRiNTBl
LzEvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBViQwAwQA
ViRoMA0GCSqGSIb3DQEBCwUAA4IBAQCCikEXoG3FsFV/ZTiyzelZYvxUY0a2p47L
ec+4/qM7Fh1WUExO9oo0kYHJikxH7EeFnxB7Dd/A1Lv/RpXs89BthooyhZ4Qi54O
WJ5gimtAA4YFtovPJFo3cyR+XhSQwYYHeyemApVoKxlERlbeuDezNZqZEGHU9+zk
vdfxBE30cU204dhbmVzxMOxUjeF2rC//DG9NsPOWobIvIjfMrtedtUhXYoYDVkma
W1UrP5XETf7wLCimU4748OGT/NN2m5k84CGtLZVqyZ2GN/UrlwyntPldTj1rv+6N
k6KYJmAsJ9laXnyzxHfqXxA1u6V1666+RuRf4BDwsH+FLo0nUN2l
-----END CERTIFICATE-----