Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/v7oXpHU3utqPcpE8IZOXknEilLQ.roa
File:                     v7oXpHU3utqPcpE8IZOXknEilLQ.roa (raw, json)
Hash identifier:          xT1LDYq9CE+XvAeXgZKyo+QSTS/ITrGJ7mIZKZiK7C8=
Subject key identifier:   BF:BA:17:A4:75:37:BA:DA:8F:72:91:3C:21:93:97:92:71:22:94:B4
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       01974008094B24E20B2FCACAB600C6538371
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/v7oXpHU3utqPcpE8IZOXknEilLQ.roa
Signing time:             Thu 05 Jun 2025 12:19:17 +0000
ROA not before:           Thu 05 Jun 2025 12:19:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34661
IP address blocks:        109.122.0.0/20 maxlen: 20
                          109.122.16.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:08:09:4b:24:e2:0b:2f:ca:ca:b6:00:c6:53:83:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jun  5 12:19:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfba17a47537bada8f72913c21939792712294b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:fe:78:d7:3a:a5:fc:1d:f9:4a:3b:12:89:31:
                    49:9d:fe:e2:e6:a6:90:bd:01:1c:6b:ae:b1:d0:82:
                    d6:22:17:73:89:79:93:9b:cb:3a:99:f8:e9:eb:bc:
                    71:8f:a2:45:99:a5:a5:7f:2e:f3:ef:22:2f:36:f9:
                    f5:95:1b:2f:aa:d0:e0:21:7e:4e:5f:bf:35:5a:af:
                    8e:79:03:ac:25:ad:a3:9b:26:c8:5e:ac:6f:f0:e9:
                    65:ad:40:18:9b:26:bb:d3:45:d9:10:8c:6c:b5:04:
                    a8:19:35:8a:2f:6e:da:ce:5d:00:39:21:b6:df:19:
                    d1:a6:42:2b:76:7c:41:6e:b2:97:20:b6:14:8c:55:
                    22:68:b3:8e:02:ff:90:53:c9:7e:bf:de:12:62:33:
                    0c:c1:5a:99:7c:30:f3:c3:7c:52:7c:ea:be:ed:f5:
                    d7:7d:43:64:04:67:40:06:79:2d:b9:1e:60:58:d8:
                    60:76:28:76:60:bc:fa:d7:8e:d3:76:d7:f5:3d:0d:
                    7b:48:97:4d:a7:e6:36:e3:c0:2e:c9:2c:8e:a3:5b:
                    a2:f7:31:06:51:f8:6b:99:9b:94:59:3c:1a:6f:f6:
                    c7:25:98:a9:d5:50:44:30:14:9d:e3:ff:21:2b:75:
                    39:e4:da:69:af:0b:c4:22:ac:24:b3:8f:5a:30:8c:
                    3d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:BA:17:A4:75:37:BA:DA:8F:72:91:3C:21:93:97:92:71:22:94:B4
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/v7oXpHU3utqPcpE8IZOXknEilLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         31:a2:3f:a9:4e:66:89:8c:d0:68:e3:68:4a:8a:44:4f:c4:38:
         10:bd:0f:c4:c6:00:8d:a2:74:dd:70:36:b3:6e:cb:53:a1:eb:
         c1:06:6b:db:ae:fd:51:d5:3b:07:ff:6e:53:f6:aa:f5:79:69:
         ba:c8:c0:ba:37:68:29:b3:f9:b0:83:a2:fc:f4:b7:d4:7e:29:
         25:65:1e:f3:7d:58:6b:80:b9:38:03:8b:bd:c6:9b:4a:42:aa:
         a5:b5:7b:c1:10:d4:d8:81:18:56:66:b7:86:e8:10:f0:4f:84:
         7d:8f:ec:fd:91:2e:5f:87:87:9b:32:74:fd:9b:eb:d6:32:00:
         87:2f:0a:d7:25:98:aa:48:6a:5d:ba:69:f0:2b:16:3b:32:5d:
         a2:43:7c:7a:c1:f0:22:10:57:cf:87:a1:b5:4c:48:55:3d:af:
         c2:a6:b2:ac:5a:85:0f:25:58:0f:64:71:8a:96:21:71:24:47:
         ba:e9:70:f2:b1:44:6b:c5:ba:fb:e3:f4:55:f0:e1:ef:d3:e1:
         4f:11:15:ec:2a:9f:ba:8c:d1:f7:f8:a8:70:78:8a:a3:f4:fb:
         3f:90:26:0f:12:05:8c:df:14:69:86:3f:25:94:5f:1e:b6:26:
         ed:79:d8:bf:09:40:77:d3:e0:8b:10:92:83:ba:4a:d3:da:8e:
         3c:88:fc:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdACAlLJOILL8rKtgDGU4NxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNjA1MTIxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmJhMTdhNDc1MzdiYWRhOGY3MjkxM2MyMTkzOTc5MjcxMjI5NGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv541zql/B35SjsSiTFJnf7i5qaQ
vQEca66x0ILWIhdziXmTm8s6mfjp67xxj6JFmaWlfy7z7yIvNvn1lRsvqtDgIX5O
X781Wq+OeQOsJa2jmybIXqxv8OllrUAYmya700XZEIxstQSoGTWKL27azl0AOSG2
3xnRpkIrdnxBbrKXILYUjFUiaLOOAv+QU8l+v94SYjMMwVqZfDDzw3xSfOq+7fXX
fUNkBGdABnktuR5gWNhgdih2YLz6147Tdtf1PQ17SJdNp+Y248AuySyOo1ui9zEG
UfhrmZuUWTwab/bHJZip1VBEMBSd4/8hK3U55NpprwvEIqwks49aMIw9MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+6F6R1N7raj3KRPCGTl5JxIpS0MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvdjdvWHBIVTN1dHFQY3BFOElaT1hrbkVpbExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFbXoAMA0G
CSqGSIb3DQEBCwUAA4IBAQAxoj+pTmaJjNBo42hKikRPxDgQvQ/ExgCNonTdcDaz
bstToevBBmvbrv1R1TsH/25T9qr1eWm6yMC6N2gps/mwg6L89LfUfiklZR7zfVhr
gLk4A4u9xptKQqqltXvBENTYgRhWZreG6BDwT4R9j+z9kS5fh4ebMnT9m+vWMgCH
LwrXJZiqSGpdumnwKxY7Ml2iQ3x6wfAiEFfPh6G1TEhVPa/CprKsWoUPJVgPZHGK
liFxJEe66XDysURrxbr74/RV8OHv0+FPERXsKp+6jNH3+KhweIqj9Ps/kCYPEgWM
3xRphj8llF8etibtedi/CUB30+CLEJKDukrT2o48iPz7
-----END CERTIFICATE-----