Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/3q6-YPpyRU0SXTuI1scDeTuMZEI.roa
File:                     3q6-YPpyRU0SXTuI1scDeTuMZEI.roa (raw, json)
Hash identifier:          zcjue8I7/Ud383gBlguymoi9BmtOE5qsj15wQFoYezc=
Subject key identifier:   DE:AE:BE:60:FA:72:45:4D:12:5D:3B:88:D6:C7:03:79:3B:8C:64:42
Certificate issuer:       /CN=421f108882a9e2d72782db6527da4d9adeeb19cc
Certificate serial:       0194228D5B1CF62EF565EBBC7FAB8A163728
Authority key identifier: 42:1F:10:88:82:A9:E2:D7:27:82:DB:65:27:DA:4D:9A:DE:EB:19:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/3q6-YPpyRU0SXTuI1scDeTuMZEI.roa
Signing time:             Wed 01 Jan 2025 15:47:56 +0000
ROA not before:           Wed 01 Jan 2025 15:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.86.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:5b:1c:f6:2e:f5:65:eb:bc:7f:ab:8a:16:37:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421f108882a9e2d72782db6527da4d9adeeb19cc
        Validity
            Not Before: Jan  1 15:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deaebe60fa72454d125d3b88d6c703793b8c6442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e2:6c:c1:04:5e:1a:e8:ae:6c:90:a9:fd:3b:
                    6b:1d:09:99:ab:9f:37:74:f2:30:cb:f4:41:50:e9:
                    68:7a:b5:86:5b:cd:73:17:d5:20:bb:06:5a:e8:4a:
                    8c:52:66:d9:61:73:0e:e5:e3:f0:21:3c:d3:1c:2c:
                    7a:d9:a6:48:73:aa:ea:77:c4:03:5f:ca:bf:a3:42:
                    c7:94:64:3b:5b:43:4b:15:50:c0:f9:23:ab:26:20:
                    6c:20:9c:95:4e:e9:82:5a:19:2a:a3:7a:e9:44:eb:
                    5a:af:fa:e0:b1:45:f9:f4:54:3d:2f:f5:70:a0:f1:
                    59:2f:e9:6d:14:08:17:3b:22:03:1b:b0:29:f6:0d:
                    42:fc:8e:bc:44:20:22:39:76:cf:e5:c9:e3:c3:e9:
                    49:5a:9d:8d:d7:10:f5:b0:88:5c:53:8e:50:59:ae:
                    2a:5d:3b:a5:9b:82:6a:b6:8e:b9:32:24:31:03:5c:
                    5c:eb:5f:47:4c:ef:27:63:37:b8:2f:f8:bf:98:d4:
                    de:95:62:3b:42:07:a4:2f:ee:3a:d8:6b:cb:d8:54:
                    48:dc:0f:67:86:13:e7:ac:5e:48:42:4c:32:16:fa:
                    19:98:00:a3:0f:94:de:3c:2c:cb:8d:2e:1c:dd:83:
                    50:58:8b:1b:1a:b0:5f:a3:b8:0a:64:c3:c1:b1:3f:
                    1b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AE:BE:60:FA:72:45:4D:12:5D:3B:88:D6:C7:03:79:3B:8C:64:42
            X509v3 Authority Key Identifier:
                keyid:42:1F:10:88:82:A9:E2:D7:27:82:DB:65:27:DA:4D:9A:DE:EB:19:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qh8QiIKp4tcngttlJ9pNmt7rGcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/3q6-YPpyRU0SXTuI1scDeTuMZEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/21922a-dd79-4f56-83be-0a069dec100a/1/Qh8QiIKp4tcngttlJ9pNmt7rGcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:dc:5f:cc:1f:e3:a9:5c:c3:c5:e3:b0:e2:7b:d6:06:b2:69:
         10:5b:58:10:40:2e:44:b0:59:74:a5:f8:26:38:c5:8f:99:50:
         a2:8e:80:51:37:eb:60:75:41:eb:39:e4:d4:23:99:9d:d8:f3:
         1f:ce:d6:6d:79:a4:b0:d7:b0:3a:af:59:10:d3:ec:98:f2:b1:
         e2:84:5b:f5:2c:f5:39:62:63:40:ce:4f:6c:c1:12:e2:ad:7d:
         a4:11:f9:f6:7d:ed:ea:a2:6a:b0:08:de:6d:d9:c9:7a:52:dd:
         ba:27:8f:df:ee:cb:85:e1:4c:6c:35:c5:08:a2:4c:99:7d:2f:
         f9:f8:9e:91:5b:f8:ec:60:4b:da:73:3d:e2:62:fe:57:7f:5d:
         53:56:7d:90:72:6c:f1:7b:d5:a1:c2:ff:5b:d9:19:93:b8:9e:
         51:84:14:39:e5:44:d3:4a:37:6a:7a:c6:42:4f:9f:ad:19:07:
         59:8b:6c:8c:9a:91:4c:b1:1a:12:00:fc:78:ec:86:e5:79:4d:
         3c:7c:79:15:e5:ba:cd:58:03:3e:48:c5:5d:30:01:54:a6:83:
         b4:66:19:45:33:74:0e:7c:16:d2:76:bb:27:ba:35:a0:fa:f0:
         d4:40:84:c2:1f:f2:89:1e:16:ec:0b:f7:ea:c4:55:f2:da:c5:
         ee:7d:b4:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijVsc9i71Zeu8f6uKFjcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWYxMDg4ODJhOWUyZDcyNzgyZGI2NTI3ZGE0ZDlhZGVl
YjE5Y2MwHhcNMjUwMTAxMTU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWFlYmU2MGZhNzI0NTRkMTI1ZDNiODhkNmM3MDM3OTNiOGM2NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+JswQReGuiubJCp/TtrHQmZq583
dPIwy/RBUOloerWGW81zF9UguwZa6EqMUmbZYXMO5ePwITzTHCx62aZIc6rqd8QD
X8q/o0LHlGQ7W0NLFVDA+SOrJiBsIJyVTumCWhkqo3rpROtar/rgsUX59FQ9L/Vw
oPFZL+ltFAgXOyIDG7Ap9g1C/I68RCAiOXbP5cnjw+lJWp2N1xD1sIhcU45QWa4q
XTulm4Jqto65MiQxA1xc619HTO8nYze4L/i/mNTelWI7QgekL+462GvL2FRI3A9n
hhPnrF5IQkwyFvoZmACjD5TePCzLjS4c3YNQWIsbGrBfo7gKZMPBsT8brwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6uvmD6ckVNEl07iNbHA3k7jGRCMB8GA1UdIwQY
MBaAFEIfEIiCqeLXJ4LbZSfaTZre6xnMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWg4UWlJS3A0dGNuZ3R0bEo5cE5tdDdyR2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8yMTkyMmEtZGQ3OS00ZjU2LTgzYmUt
MGEwNjlkZWMxMDBhLzEvM3E2LVlQcHlSVTBTWFR1STFzY0RlVHVNWkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8yMTkyMmEtZGQ3OS00ZjU2LTgzYmUtMGEwNjlkZWMxMDBh
LzEvUWg4UWlJS3A0dGNuZ3R0bEo5cE5tdDdyR2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZwMA0G
CSqGSIb3DQEBCwUAA4IBAQCM3F/MH+OpXMPF47Die9YGsmkQW1gQQC5EsFl0pfgm
OMWPmVCijoBRN+tgdUHrOeTUI5md2PMfztZteaSw17A6r1kQ0+yY8rHihFv1LPU5
YmNAzk9swRLirX2kEfn2fe3qomqwCN5t2cl6Ut26J4/f7suF4UxsNcUIokyZfS/5
+J6RW/jsYEvacz3iYv5Xf11TVn2Qcmzxe9Whwv9b2RmTuJ5RhBQ55UTTSjdqesZC
T5+tGQdZi2yMmpFMsRoSAPx47IbleU08fHkV5brNWAM+SMVdMAFUpoO0ZhlFM3QO
fBbSdrsnujWg+vDUQITCH/KJHhbsC/fqxFXy2sXufbQf
-----END CERTIFICATE-----