Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/3sB3aUZzgp59-HFBvNQodKC4E9A.roa
File:                     3sB3aUZzgp59-HFBvNQodKC4E9A.roa (raw, json)
Hash identifier:          tsfiWLVTpBOnmIi4ExJozNgkUIYcTlDOU2SU9FDb/+M=
Subject key identifier:   DE:C0:77:69:46:73:82:9E:7D:F8:71:41:BC:D4:28:74:A0:B8:13:D0
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747BD0C6C2C6745D79D9819D67C4158
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/3sB3aUZzgp59-HFBvNQodKC4E9A.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39087
IP address blocks:        46.8.6.0/23 maxlen: 32
                          109.248.36.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bd:0c:6c:2c:67:45:d7:9d:98:19:d6:7c:41:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dec077694673829e7df87141bcd42874a0b813d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a4:ee:ca:dd:cb:3b:3c:c8:44:24:b8:52:71:
                    09:07:17:17:b7:bc:43:b8:1e:22:02:81:f5:79:fa:
                    9a:36:da:2d:78:e9:f4:10:74:63:61:cf:fb:59:7b:
                    cc:f7:e0:40:4d:3c:b1:17:a6:4e:04:d5:dd:e6:de:
                    f5:8e:e1:ea:37:e5:49:83:1c:5e:f3:ab:8f:22:02:
                    b9:e6:76:e7:1b:17:02:a6:3e:c2:05:29:26:32:f2:
                    c5:3b:c1:f9:cd:a9:27:c7:11:1d:3e:59:ca:a9:35:
                    66:a3:fb:ba:cc:80:c6:3f:fe:9b:e7:1c:92:2a:fc:
                    56:98:64:51:2b:0e:d5:4f:52:db:2e:eb:a0:16:65:
                    a6:62:99:61:06:25:d0:07:6d:0a:2c:df:ea:03:bd:
                    da:6b:47:2f:1d:a1:9e:2c:46:99:dd:e2:31:6e:a6:
                    42:ae:fd:a0:a4:4e:51:bd:8d:0d:34:84:50:58:97:
                    95:15:e6:36:c1:f3:02:f8:4d:24:7c:c2:3c:5a:b8:
                    87:87:ab:12:e8:bd:28:de:e0:6a:a2:c1:a9:96:bb:
                    a5:8c:05:7a:14:5b:fb:e0:fb:84:b6:b4:d6:4d:cf:
                    8e:22:b9:fb:a6:e4:d7:6a:a8:fd:26:af:97:ba:ea:
                    10:51:b4:89:cd:b3:f1:ef:1e:66:b9:3b:5d:88:b6:
                    97:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C0:77:69:46:73:82:9E:7D:F8:71:41:BC:D4:28:74:A0:B8:13:D0
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/3sB3aUZzgp59-HFBvNQodKC4E9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.6.0/23
                  109.248.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:63:b2:75:a7:9d:8f:ad:b2:77:8c:43:07:bb:ae:28:53:2c:
         a2:82:76:59:d0:fd:9b:98:28:51:d5:ba:58:fa:d9:37:4c:66:
         81:be:f6:ba:d6:e0:06:37:8a:4b:ce:fa:fc:ef:05:35:7d:3a:
         18:96:77:1d:82:04:d6:cb:e4:2e:bc:7f:dc:28:7a:72:92:07:
         93:54:e5:19:71:30:5b:99:44:a8:2c:fc:a3:2b:93:96:9b:d9:
         2a:e0:b1:6e:55:e8:fc:f5:70:6c:d6:e8:c7:f2:9d:83:6d:24:
         48:8c:6b:dc:fb:dc:52:3b:76:dd:f9:c4:35:b0:6b:c6:b3:00:
         30:22:6a:83:5b:ee:a5:ab:e0:63:1e:26:ba:41:03:51:59:f8:
         75:e8:bd:65:12:31:26:8b:52:13:11:1b:f1:60:4b:c6:3c:1b:
         46:75:f2:19:4e:30:39:48:a1:e8:d6:0b:23:86:e4:68:02:a3:
         46:ad:6b:6f:d2:dd:94:04:bd:f9:55:c1:82:28:36:3f:62:3b:
         83:2e:e3:48:d0:05:a8:fb:ac:c4:12:35:23:91:4a:bd:e8:7b:
         bf:98:3e:78:df:90:4a:aa:16:f5:4a:3b:b5:e1:e9:b7:9e:59:
         8f:0d:ad:3b:99:26:1d:e2:c4:70:d0:27:27:7c:cd:a5:3e:f4:
         52:16:d9:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR70MbCxnRdedmBnWfEFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWMwNzc2OTQ2NzM4MjllN2RmODcxNDFiY2Q0Mjg3NGEwYjgxM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6Tuyt3LOzzIRCS4UnEJBxcXt7xD
uB4iAoH1efqaNtoteOn0EHRjYc/7WXvM9+BATTyxF6ZOBNXd5t71juHqN+VJgxxe
86uPIgK55nbnGxcCpj7CBSkmMvLFO8H5zaknxxEdPlnKqTVmo/u6zIDGP/6b5xyS
KvxWmGRRKw7VT1LbLuugFmWmYplhBiXQB20KLN/qA73aa0cvHaGeLEaZ3eIxbqZC
rv2gpE5RvY0NNIRQWJeVFeY2wfMC+E0kfMI8WriHh6sS6L0o3uBqosGplruljAV6
FFv74PuEtrTWTc+OIrn7puTXaqj9Jq+XuuoQUbSJzbPx7x5muTtdiLaX7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN7Ad2lGc4KeffhxQbzUKHSguBPQMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvM3NCM2FVWnpncDU5LUhGQnZOUW9kS0M0RTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLggGAwQB
bfgkMA0GCSqGSIb3DQEBCwUAA4IBAQBzY7J1p52PrbJ3jEMHu64oUyyignZZ0P2b
mChR1bpY+tk3TGaBvva61uAGN4pLzvr87wU1fToYlncdggTWy+QuvH/cKHpykgeT
VOUZcTBbmUSoLPyjK5OWm9kq4LFuVej89XBs1ujH8p2DbSRIjGvc+9xSO3bd+cQ1
sGvGswAwImqDW+6lq+BjHia6QQNRWfh16L1lEjEmi1ITERvxYEvGPBtGdfIZTjA5
SKHo1gsjhuRoAqNGrWtv0t2UBL35VcGCKDY/YjuDLuNI0AWo+6zEEjUjkUq96Hu/
mD5435BKqhb1Sju14em3nlmPDa07mSYd4sRw0CcnfM2lPvRSFtl5
-----END CERTIFICATE-----