Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/3Fu2GPkXt0-Lzz3eaID7XSP4YTw.roa
File:                     3Fu2GPkXt0-Lzz3eaID7XSP4YTw.roa (raw, json)
Hash identifier:          tPKlbY89OsoO7XSwsKbenfBYaxCQfRLF8VeeCCHr/TY=
Subject key identifier:   DC:5B:B6:18:F9:17:B7:4F:8B:CF:3D:DE:68:80:FB:5D:23:F8:61:3C
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01942445551B9377D2728E9DDF4A2BAFC135
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/3Fu2GPkXt0-Lzz3eaID7XSP4YTw.roa
Signing time:             Wed 01 Jan 2025 23:48:30 +0000
ROA not before:           Wed 01 Jan 2025 23:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395374
IP address blocks:        79.98.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:55:1b:93:77:d2:72:8e:9d:df:4a:2b:af:c1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc5bb618f917b74f8bcf3dde6880fb5d23f8613c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f2:72:75:7d:2e:59:67:dc:b3:c1:9e:2e:33:
                    ff:19:44:d7:15:06:32:ab:fb:0b:0f:17:f2:d6:f6:
                    bf:51:5c:ff:76:f1:20:e0:4f:8e:de:4d:97:fa:7c:
                    4b:45:b6:8b:3e:73:4e:42:ce:c3:e6:ae:bb:58:29:
                    ed:c6:23:50:7a:d5:69:f6:d7:42:b5:1d:9f:6e:56:
                    83:f7:80:e1:26:44:17:77:9f:25:d9:5b:18:b3:e6:
                    4e:7e:5f:87:51:e8:b5:8e:cd:1a:82:e6:52:ae:c4:
                    18:e7:18:e4:d3:96:07:30:32:3d:3f:ac:cd:a8:5f:
                    c6:cf:2f:05:a8:80:43:83:f3:8d:47:9b:d4:65:25:
                    19:be:a5:46:88:49:43:73:07:6b:78:bf:61:4a:84:
                    10:ed:af:05:d9:47:a6:a3:c1:e0:f7:c2:7b:05:de:
                    56:d2:3c:10:8f:55:74:fc:0e:1d:ed:c0:9f:a7:ab:
                    58:db:19:22:9a:f2:4c:5e:e6:0a:16:3c:59:a4:d7:
                    0c:54:1c:bd:ca:d4:78:d8:0b:f4:97:64:85:58:6c:
                    fa:29:01:cc:47:1f:fa:50:25:85:73:b7:28:fb:91:
                    65:c3:7e:4a:26:5c:83:71:72:03:b6:f2:c7:7d:28:
                    7b:d2:ad:b6:b8:eb:c8:d9:6a:d6:0e:27:25:05:fb:
                    4c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:5B:B6:18:F9:17:B7:4F:8B:CF:3D:DE:68:80:FB:5D:23:F8:61:3C
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/3Fu2GPkXt0-Lzz3eaID7XSP4YTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:b2:68:57:df:1c:a2:4a:0e:4a:07:13:c9:51:46:66:b4:fc:
         c6:f0:29:06:69:2c:97:05:40:60:4a:a8:0f:06:18:50:20:84:
         47:72:5b:56:c0:89:18:60:77:fa:ac:d9:3b:35:41:ee:05:9d:
         8a:81:d0:65:03:67:7e:8d:6e:a4:79:2a:eb:c9:76:d6:8f:36:
         36:4a:34:50:85:49:87:64:01:ee:77:33:b5:8c:9c:6b:d6:dd:
         99:d2:0a:1f:3f:7f:35:40:d2:86:1b:7d:06:86:36:ef:18:93:
         e3:02:8d:ad:6c:ce:af:a5:81:ec:da:18:62:69:2b:66:45:e4:
         da:c7:f6:35:52:c2:d5:55:f8:3e:08:4a:20:10:1b:be:dd:f1:
         7f:da:1a:c4:eb:ad:a0:c8:d2:49:91:d5:70:c4:e1:94:36:f7:
         f8:3e:b8:93:f3:a8:7d:03:66:7e:25:86:9f:84:ee:e8:14:14:
         a1:ea:8f:73:55:6e:05:71:19:40:01:9c:43:75:5a:3f:46:17:
         5d:0e:9c:80:24:2e:86:20:46:3e:95:ef:5a:8a:3d:0d:49:19:
         2f:7d:93:9c:21:8d:73:11:e6:d1:19:f7:99:8e:68:b2:82:70:
         95:ee:33:4c:61:20:d4:6e:a6:05:14:57:65:8c:74:1a:39:ff:
         63:d7:a1:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVUbk3fSco6d30orr8E1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzViYjYxOGY5MTdiNzRmOGJjZjNkZGU2ODgwZmI1ZDIzZjg2MTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfJydX0uWWfcs8GeLjP/GUTXFQYy
q/sLDxfy1va/UVz/dvEg4E+O3k2X+nxLRbaLPnNOQs7D5q67WCntxiNQetVp9tdC
tR2fblaD94DhJkQXd58l2VsYs+ZOfl+HUei1js0aguZSrsQY5xjk05YHMDI9P6zN
qF/Gzy8FqIBDg/ONR5vUZSUZvqVGiElDcwdreL9hSoQQ7a8F2Uemo8Hg98J7Bd5W
0jwQj1V0/A4d7cCfp6tY2xkimvJMXuYKFjxZpNcMVBy9ytR42Av0l2SFWGz6KQHM
Rx/6UCWFc7co+5Flw35KJlyDcXIDtvLHfSh70q22uOvI2WrWDiclBftMtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxbthj5F7dPi8893miA+10j+GE8MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvM0Z1MkdQa1h0MC1MenozZWFJRDdYU1A0WVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2L2MA0G
CSqGSIb3DQEBCwUAA4IBAQDTsmhX3xyiSg5KBxPJUUZmtPzG8CkGaSyXBUBgSqgP
BhhQIIRHcltWwIkYYHf6rNk7NUHuBZ2KgdBlA2d+jW6keSrryXbWjzY2SjRQhUmH
ZAHudzO1jJxr1t2Z0gofP381QNKGG30GhjbvGJPjAo2tbM6vpYHs2hhiaStmReTa
x/Y1UsLVVfg+CEogEBu+3fF/2hrE662gyNJJkdVwxOGUNvf4PriT86h9A2Z+JYaf
hO7oFBSh6o9zVW4FcRlAAZxDdVo/RhddDpyAJC6GIEY+le9aij0NSRkvfZOcIY1z
EebRGfeZjmiygnCV7jNMYSDUbqYFFFdljHQaOf9j16Eq
-----END CERTIFICATE-----