Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pq7pcdWVikTQ-KOe2gcv9i1f2qY.roa
File:                     pq7pcdWVikTQ-KOe2gcv9i1f2qY.roa (raw, json)
Hash identifier:          Y8V4SfgPnXyIoDPEtSOpbGM1xvThRgl/bKwf/VdzxaU=
Subject key identifier:   A6:AE:E9:71:D5:95:8A:44:D0:F8:A3:9E:DA:07:2F:F6:2D:5F:DA:A6
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5AD453DBE77E953AA025EF41437C7
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pq7pcdWVikTQ-KOe2gcv9i1f2qY.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34661
IP address blocks:        109.122.0.0/20 maxlen: 20
                          109.122.16.0/20 maxlen: 20
                          109.122.32.0/22 maxlen: 22
                          109.122.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ad:45:3d:be:77:e9:53:aa:02:5e:f4:14:37:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6aee971d5958a44d0f8a39eda072ff62d5fdaa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c7:48:62:33:87:37:75:09:3f:78:8d:f0:48:
                    ee:1f:1d:d0:92:e9:e1:00:27:cf:44:20:0a:a0:16:
                    a5:1e:d5:90:1d:83:4b:47:38:51:63:76:f3:09:44:
                    29:c3:a2:4f:e1:a0:2b:32:53:27:bb:12:6f:70:fb:
                    d6:57:61:d7:a9:fb:10:6a:ba:d3:bb:e3:ef:d9:e0:
                    61:22:fa:e1:e2:69:1e:bd:25:cb:c0:5a:25:5d:9b:
                    3d:e4:1c:43:76:f5:82:a5:60:ab:a0:7b:d0:db:87:
                    eb:58:b8:f6:db:a5:58:d1:0f:cb:09:96:34:68:9b:
                    4b:da:59:54:5b:3d:56:94:35:d7:ee:30:95:ad:fe:
                    c5:f2:fa:fa:5a:87:bd:16:66:2f:4a:3d:dd:47:19:
                    7f:e6:18:ac:ec:c6:b5:10:58:51:84:54:2f:10:7b:
                    f0:12:44:0f:f1:c6:a3:fa:5b:0d:1a:be:a9:1a:a4:
                    ee:3f:2f:c6:52:d2:f3:2e:8a:db:d8:18:6a:69:2f:
                    1f:1f:93:f3:7a:af:40:bf:86:50:dc:20:4c:60:23:
                    ff:88:6f:a0:b1:cf:02:16:77:64:87:00:57:4e:1f:
                    67:38:05:e1:fe:28:59:4a:b8:21:f6:ce:a6:d3:34:
                    03:98:0e:5e:87:42:da:e2:ee:f3:b0:5b:53:f3:9c:
                    20:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AE:E9:71:D5:95:8A:44:D0:F8:A3:9E:DA:07:2F:F6:2D:5F:DA:A6
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/pq7pcdWVikTQ-KOe2gcv9i1f2qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.0.0-109.122.39.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:92:16:00:59:bb:d7:49:01:65:ad:59:72:c2:20:2d:4e:f5:
         a6:1f:e5:53:f9:33:a5:d5:3e:58:79:19:e1:45:41:2e:8f:8f:
         34:a9:6a:a8:e7:f3:56:68:32:57:ca:71:fb:4c:c0:da:df:c2:
         12:e2:ba:65:2d:ee:ee:74:77:1a:3e:b6:ad:4e:d1:cb:e2:83:
         d5:07:b3:a4:34:83:4d:7f:be:3c:ba:1d:b4:e4:97:b4:32:8b:
         9d:9c:5a:97:19:70:e3:4e:6c:d1:89:bb:6c:4b:fa:8a:f4:bb:
         54:fa:94:27:8c:79:3c:82:a7:5e:6f:56:20:29:ae:7c:b7:f4:
         2a:96:6e:72:f8:f5:0f:75:7c:ca:cf:6a:fd:50:90:91:27:3c:
         de:bf:3b:b7:42:81:1c:fc:61:0e:ab:ba:3a:7d:8a:5a:00:d9:
         87:bc:24:67:7e:d3:57:e1:3c:ad:b2:12:c3:18:bf:94:de:24:
         b4:81:e8:53:90:c6:85:57:c8:0f:0c:35:78:4e:33:d5:7d:d1:
         85:c0:e8:02:a8:96:e5:6b:e7:ca:da:b6:c7:13:b3:e7:dd:4d:
         46:a4:37:b4:ba:b9:31:ca:0b:ab:0a:a0:80:cc:89:09:9c:a3:
         bf:f3:45:ba:c9:2c:0a:84:cc:07:70:e5:ba:3b:ef:88:64:a4:
         8b:d5:69:93
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQnta1FPb536VOqAl70FDfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmFlZTk3MWQ1OTU4YTQ0ZDBmOGEzOWVkYTA3MmZmNjJkNWZkYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMdIYjOHN3UJP3iN8EjuHx3Qkunh
ACfPRCAKoBalHtWQHYNLRzhRY3bzCUQpw6JP4aArMlMnuxJvcPvWV2HXqfsQarrT
u+Pv2eBhIvrh4mkevSXLwFolXZs95BxDdvWCpWCroHvQ24frWLj226VY0Q/LCZY0
aJtL2llUWz1WlDXX7jCVrf7F8vr6Woe9FmYvSj3dRxl/5his7Ma1EFhRhFQvEHvw
EkQP8caj+lsNGr6pGqTuPy/GUtLzLorb2BhqaS8fH5Pzeq9Av4ZQ3CBMYCP/iG+g
sc8CFndkhwBXTh9nOAXh/ihZSrgh9s6m0zQDmA5eh0La4u7zsFtT85wgpwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFKau6XHVlYpE0PijntoHL/YtX9qmMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvcHE3cGNkV1Zpa1RRLUtPZTJnY3Y5aTFmMnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwFtegME
A216IDANBgkqhkiG9w0BAQsFAAOCAQEALpIWAFm710kBZa1ZcsIgLU71ph/lU/kz
pdU+WHkZ4UVBLo+PNKlqqOfzVmgyV8px+0zA2t/CEuK6ZS3u7nR3Gj62rU7Ry+KD
1QezpDSDTX++PLodtOSXtDKLnZxalxlw405s0Ym7bEv6ivS7VPqUJ4x5PIKnXm9W
ICmufLf0KpZucvj1D3V8ys9q/VCQkSc83r87t0KBHPxhDqu6On2KWgDZh7wkZ37T
V+E8rbISwxi/lN4ktIHoU5DGhVfIDww1eE4z1X3RhcDoAqiW5Wvnytq2xxOz591N
RqQ3tLq5McoLqwqggMyJCZyjv/NFusksCoTMB3DlujvviGSki9Vpkw==
-----END CERTIFICATE-----