Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/t3r2cSXLI7fMZi5tra_aZAQyFak.roa
File:                     t3r2cSXLI7fMZi5tra_aZAQyFak.roa (raw, json)
Hash identifier:          v065bTN3/ayGHNsmj2ZNOgQk8b4xLfobBPDbQcgY5/Q=
Subject key identifier:   B7:7A:F6:71:25:CB:23:B7:CC:66:2E:6D:AD:AF:DA:64:04:32:15:A9
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       019426D9B3A80FAC4D0B1A5874D8BAFD67A9
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/t3r2cSXLI7fMZi5tra_aZAQyFak.roa
Signing time:             Thu 02 Jan 2025 11:49:48 +0000
ROA not before:           Thu 02 Jan 2025 11:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39001
IP address blocks:        85.140.32.0/21 maxlen: 21
                          85.140.64.0/21 maxlen: 21
                          85.140.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b3:a8:0f:ac:4d:0b:1a:58:74:d8:ba:fd:67:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b77af67125cb23b7cc662e6dadafda64043215a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:83:89:54:13:ac:c3:fa:00:4d:8d:fb:a7:25:
                    1a:c2:ac:20:1e:f3:57:9e:70:61:3d:ee:73:62:e9:
                    c1:fb:33:00:a3:d7:6c:f2:83:3e:40:b7:1a:4e:f5:
                    c3:ce:f1:a2:1e:51:9f:7c:8f:74:ea:83:e5:e5:ae:
                    40:51:9e:a3:f8:fb:81:2d:fd:11:87:3f:0d:a9:b3:
                    27:f6:75:5c:de:bf:2d:ff:2f:0b:ea:14:ec:52:a1:
                    db:41:28:8e:73:37:6c:04:6d:24:b0:e8:fc:39:50:
                    29:f5:0b:58:ac:22:72:e9:b1:d4:4a:3f:55:1f:86:
                    8b:c9:e4:6c:35:f1:41:69:9a:07:6e:50:ff:c6:0c:
                    99:5a:08:6b:3e:af:e9:20:12:ca:a5:5c:15:c4:ec:
                    06:63:3a:02:92:13:8b:b4:3b:6f:90:4d:17:a0:ab:
                    b2:49:e7:42:40:60:49:97:9b:f6:1c:25:65:ee:7a:
                    09:c8:2f:07:08:07:d4:73:a5:b0:52:fa:71:93:47:
                    32:15:06:a9:ac:12:f0:39:7b:15:89:07:a4:d5:f3:
                    99:ee:a9:02:6d:9e:47:5b:4a:3d:c6:fb:ff:79:50:
                    c2:38:4d:b7:5f:82:69:3b:ff:8e:03:fa:61:11:14:
                    6e:41:12:80:ed:e6:b2:97:e4:c2:02:fb:d8:2e:70:
                    58:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:7A:F6:71:25:CB:23:B7:CC:66:2E:6D:AD:AF:DA:64:04:32:15:A9
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/t3r2cSXLI7fMZi5tra_aZAQyFak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.140.32.0/21
                  85.140.64.0/21
                  85.140.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:a3:df:d9:4c:f6:ad:38:42:a7:e3:d0:74:56:ec:ee:50:88:
         7d:ef:d2:4f:db:e6:bb:d9:1b:95:56:1b:26:0d:79:ad:f3:4f:
         c7:71:ee:8f:b0:aa:89:82:cc:ba:a8:cb:79:06:30:79:bc:a3:
         35:a6:e0:06:cf:f9:a0:8a:e5:71:d9:25:90:c1:9e:c4:0d:02:
         2b:1f:6f:1e:14:d6:2b:a8:02:18:f1:67:e8:9d:dc:ad:ca:6a:
         ac:21:9f:d7:ad:5c:d7:9e:f5:a7:e1:27:d9:20:2c:ee:6a:a9:
         45:80:38:0f:83:a9:5f:4a:46:cb:8a:32:06:20:59:cd:8e:fd:
         ee:d6:6c:40:70:29:73:86:a7:41:0c:3d:02:ff:9e:10:17:65:
         a7:c4:8d:60:d1:ae:d2:d7:19:a5:4c:70:1a:18:4b:43:c6:2c:
         59:d0:4a:f0:00:76:24:5d:24:f5:75:5d:6a:5c:54:ec:b5:6a:
         57:1f:0c:d7:ab:03:7e:5f:1e:c0:31:b0:34:32:44:8c:0a:2a:
         b8:f7:92:b7:a4:21:cb:68:18:34:12:aa:d9:b8:61:e8:3a:f7:
         58:f9:d5:c1:6e:e0:66:d3:c8:48:18:5a:2e:da:ba:48:62:75:
         ca:3f:91:21:2b:98:b1:93:c6:fe:ff:f1:c1:ca:a8:02:6f:81:
         d8:60:13:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2bOoD6xNCxpYdNi6/WepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzdhZjY3MTI1Y2IyM2I3Y2M2NjJlNmRhZGFmZGE2NDA0MzIxNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoOJVBOsw/oATY37pyUawqwgHvNX
nnBhPe5zYunB+zMAo9ds8oM+QLcaTvXDzvGiHlGffI906oPl5a5AUZ6j+PuBLf0R
hz8NqbMn9nVc3r8t/y8L6hTsUqHbQSiOczdsBG0ksOj8OVAp9QtYrCJy6bHUSj9V
H4aLyeRsNfFBaZoHblD/xgyZWghrPq/pIBLKpVwVxOwGYzoCkhOLtDtvkE0XoKuy
SedCQGBJl5v2HCVl7noJyC8HCAfUc6WwUvpxk0cyFQaprBLwOXsViQek1fOZ7qkC
bZ5HW0o9xvv/eVDCOE23X4JpO/+OA/phERRuQRKA7eayl+TCAvvYLnBYLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLd69nElyyO3zGYuba2v2mQEMhWpMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvdDNyMmNTWExJN2ZNWmk1dHJhX2FaQVF5RmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDVYwgAwQD
VYxAAwQDVYxQMA0GCSqGSIb3DQEBCwUAA4IBAQBSo9/ZTPatOEKn49B0VuzuUIh9
79JP2+a72RuVVhsmDXmt80/Hce6PsKqJgsy6qMt5BjB5vKM1puAGz/mgiuVx2SWQ
wZ7EDQIrH28eFNYrqAIY8WfondytymqsIZ/XrVzXnvWn4SfZICzuaqlFgDgPg6lf
SkbLijIGIFnNjv3u1mxAcClzhqdBDD0C/54QF2WnxI1g0a7S1xmlTHAaGEtDxixZ
0ErwAHYkXST1dV1qXFTstWpXHwzXqwN+Xx7AMbA0MkSMCiq495K3pCHLaBg0EqrZ
uGHoOvdY+dXBbuBm08hIGFou2rpIYnXKP5EhK5ixk8b+//HByqgCb4HYYBP/
-----END CERTIFICATE-----