Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/3JAEN9EbT-8U1Ya6UWaCXxstYZc.roa
File:                     3JAEN9EbT-8U1Ya6UWaCXxstYZc.roa (raw, json)
Hash identifier:          0fuAIqmPDRkWFXfAv2FIIkCS0Zkvt8nwCTkSzdKAt8o=
Subject key identifier:   DC:90:04:37:D1:1B:4F:EF:14:D5:86:BA:51:66:82:5F:1B:2D:61:97
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019185C9395AF79745AB5D1D6EDF159D1F68
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/3JAEN9EbT-8U1Ya6UWaCXxstYZc.roa
Signing time:             Sat 24 Aug 2024 19:07:22 +0000
ROA not before:           Sat 24 Aug 2024 19:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20057
IP address blocks:        109.121.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:85:c9:39:5a:f7:97:45:ab:5d:1d:6e:df:15:9d:1f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug 24 19:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc900437d11b4fef14d586ba5166825f1b2d6197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b0:ab:58:17:70:7c:5e:cf:84:cd:55:9c:38:
                    9a:a7:e3:35:06:5d:05:f0:6f:a7:d4:aa:79:32:2e:
                    bd:2a:43:13:2d:4a:51:5e:b2:3f:c2:3f:08:e6:f0:
                    07:52:e1:37:20:f4:c8:97:7d:ce:83:70:06:54:56:
                    7f:ad:b4:a9:00:59:f3:98:47:bd:87:7a:05:95:06:
                    d3:25:71:01:1a:bd:f9:63:ee:08:81:c1:0c:bc:cc:
                    75:5a:03:b1:d5:cb:ae:12:6e:20:ce:42:44:cc:bf:
                    07:de:a8:24:db:5d:7a:f8:a3:5f:93:ea:52:d3:3a:
                    d6:47:9f:83:8d:ab:8d:87:aa:b3:33:12:23:85:64:
                    f9:ab:0f:7e:96:77:49:89:65:57:fc:51:20:93:39:
                    86:ad:dd:26:fa:45:2d:ea:9b:d2:92:fa:eb:87:82:
                    84:72:21:c4:b7:fb:db:4f:b4:ce:45:87:58:ec:3a:
                    a3:c3:b1:80:b8:03:3d:a3:7a:22:f6:be:41:60:b5:
                    7f:e3:22:2e:90:0f:a0:4e:ba:95:d5:f6:09:a2:d4:
                    5a:2d:7e:b9:28:0f:45:f9:96:9c:32:f9:90:33:b9:
                    a1:25:33:cd:51:91:d8:d7:8a:15:ce:fe:fd:c7:d5:
                    da:a9:82:c0:2c:5b:b4:9f:d8:54:01:5e:0b:6a:04:
                    06:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:90:04:37:D1:1B:4F:EF:14:D5:86:BA:51:66:82:5F:1B:2D:61:97
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/3JAEN9EbT-8U1Ya6UWaCXxstYZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:96:53:9c:b2:ee:77:ce:50:34:9a:92:4e:e3:ae:48:12:81:
         a6:15:74:b4:9a:2a:f2:7a:64:e7:80:14:14:c2:3b:0a:e9:53:
         46:6e:d4:c0:67:f9:8f:c4:0a:93:ef:8d:f5:83:a3:bc:0d:77:
         ab:98:28:62:d1:c2:c0:3b:e4:af:b7:e2:30:79:db:55:b2:b2:
         ce:5c:90:22:72:14:69:49:01:1a:4f:b5:34:f4:84:ce:a7:89:
         2e:7a:27:e6:bb:00:df:d1:8e:b1:6e:5e:f7:17:72:af:17:c0:
         3a:4e:ab:7a:10:fe:d8:5f:86:60:e8:f0:fc:2b:c4:18:d0:58:
         36:76:89:21:c7:d8:86:3c:c0:65:cc:16:b0:af:2c:78:96:8a:
         06:4b:70:4c:cc:2c:c3:b2:75:7c:1a:c2:81:81:08:5b:c3:f2:
         9f:69:21:a4:93:6c:37:b4:68:e9:cd:38:b7:97:b6:8f:f9:96:
         5d:1e:3b:3e:25:16:69:e7:3b:e0:3e:20:30:1d:a6:c6:fa:10:
         82:66:df:96:8b:46:1d:8f:ff:57:98:31:97:34:e9:ed:3e:42:
         41:5b:74:96:af:32:ef:ea:96:44:a0:91:50:b1:78:13:d8:dc:
         b8:f4:a2:53:72:f6:bd:20:d3:28:0c:c0:0b:3c:63:00:39:82:
         27:66:e1:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGFyTla95dFq10dbt8VnR9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwODI0MTkwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzkwMDQzN2QxMWI0ZmVmMTRkNTg2YmE1MTY2ODI1ZjFiMmQ2MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLCrWBdwfF7PhM1VnDiap+M1Bl0F
8G+n1Kp5Mi69KkMTLUpRXrI/wj8I5vAHUuE3IPTIl33Og3AGVFZ/rbSpAFnzmEe9
h3oFlQbTJXEBGr35Y+4IgcEMvMx1WgOx1cuuEm4gzkJEzL8H3qgk2116+KNfk+pS
0zrWR5+DjauNh6qzMxIjhWT5qw9+lndJiWVX/FEgkzmGrd0m+kUt6pvSkvrrh4KE
ciHEt/vbT7TORYdY7Dqjw7GAuAM9o3oi9r5BYLV/4yIukA+gTrqV1fYJotRaLX65
KA9F+ZacMvmQM7mhJTPNUZHY14oVzv79x9XaqYLALFu0n9hUAV4LagQG+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyQBDfRG0/vFNWGulFmgl8bLWGXMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvM0pBRU45RWJULThVMVlhNlVXYUNYeHN0WVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXkiMA0G
CSqGSIb3DQEBCwUAA4IBAQBWllOcsu53zlA0mpJO465IEoGmFXS0miryemTngBQU
wjsK6VNGbtTAZ/mPxAqT7431g6O8DXermChi0cLAO+Svt+IwedtVsrLOXJAichRp
SQEaT7U09ITOp4kueifmuwDf0Y6xbl73F3KvF8A6Tqt6EP7YX4Zg6PD8K8QY0Fg2
dokhx9iGPMBlzBawryx4looGS3BMzCzDsnV8GsKBgQhbw/KfaSGkk2w3tGjpzTi3
l7aP+ZZdHjs+JRZp5zvgPiAwHabG+hCCZt+Wi0Ydj/9XmDGXNOntPkJBW3SWrzLv
6pZEoJFQsXgT2Ny49KJTcva9INMoDMALPGMAOYInZuFa
-----END CERTIFICATE-----