Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/3FvXOaH1rr-NzPW9JMrL6HxXPAA.roa
File:                     3FvXOaH1rr-NzPW9JMrL6HxXPAA.roa (raw, json)
Hash identifier:          4XvaZztEinRzWxk24SgFcPl5wZRZT64IYtvVavLHnkI=
Subject key identifier:   DC:5B:D7:39:A1:F5:AE:BF:8D:CC:F5:BD:24:CA:CB:E8:7C:57:3C:00
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0191F4F2F78491D0112AAE1F269A5EF21E16
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/3FvXOaH1rr-NzPW9JMrL6HxXPAA.roa
Signing time:             Sun 15 Sep 2024 09:10:49 +0000
ROA not before:           Sun 15 Sep 2024 09:10:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        149.126.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f4:f2:f7:84:91:d0:11:2a:ae:1f:26:9a:5e:f2:1e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Sep 15 09:10:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc5bd739a1f5aebf8dccf5bd24cacbe87c573c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b2:9c:0b:a0:33:e0:d7:6c:a1:b7:26:a8:c2:
                    e2:2c:67:7a:d5:bc:e9:82:df:c8:e9:26:da:bf:da:
                    95:e6:67:66:3f:42:af:7d:37:ff:41:b3:f2:f8:ee:
                    a5:b6:21:68:c2:99:c0:86:a0:9f:29:5e:41:c4:5c:
                    9a:52:94:d9:0e:0a:2a:9b:4d:af:6f:bb:bc:63:c2:
                    e3:1d:fa:98:28:73:d0:70:81:ff:2d:50:b3:d9:17:
                    38:e8:6d:b5:10:3d:76:58:23:7e:84:3d:f9:64:83:
                    87:97:7d:17:86:6c:62:e0:79:ff:68:73:0c:d8:a8:
                    59:89:bf:79:28:a6:c4:ce:3e:5f:d6:96:c4:76:ac:
                    95:0d:d9:14:dc:af:b0:12:3d:24:79:2c:68:f2:ab:
                    dd:5a:c3:26:fb:9c:2f:fe:f2:43:a6:c7:48:e5:7d:
                    56:6c:d2:f9:eb:59:f2:22:20:91:1a:b2:6d:64:0a:
                    25:68:8e:a5:f9:61:e2:e8:ac:a2:66:a9:01:f1:03:
                    c7:cd:9b:21:c9:50:b9:1a:4c:f5:ba:68:d7:0d:73:
                    c9:90:27:1b:13:3f:c7:c7:e9:89:21:24:5c:19:91:
                    18:55:f4:af:54:07:0b:70:8c:24:e7:e5:67:9c:9a:
                    c7:11:bb:91:4b:05:eb:0d:88:86:69:db:85:53:79:
                    2c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:5B:D7:39:A1:F5:AE:BF:8D:CC:F5:BD:24:CA:CB:E8:7C:57:3C:00
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/3FvXOaH1rr-NzPW9JMrL6HxXPAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:c2:30:c2:30:11:a2:e9:6c:06:e5:1b:9e:8d:01:8f:ea:56:
         05:19:a6:46:32:37:a4:54:ae:68:fb:60:ed:bc:ec:27:77:d6:
         2f:2b:db:e7:9c:89:ee:2d:40:5f:5c:38:d4:2b:14:4b:20:dc:
         51:60:1a:1f:d9:60:dc:3d:a8:19:b4:dd:98:70:55:a2:fc:ae:
         51:14:8f:f9:96:ed:89:f5:98:fa:24:e1:94:59:51:34:f0:23:
         6c:0b:8c:f0:56:4e:b6:a5:45:42:ec:92:44:ef:35:6b:e7:bc:
         80:22:be:04:40:63:99:01:65:cc:8c:a6:76:e4:b4:61:3d:8a:
         ab:4f:8d:dd:34:7a:46:f8:7b:14:e5:c1:53:4c:c4:e6:15:bc:
         4e:40:d6:2f:3a:89:6e:62:aa:ab:20:5f:b6:e5:c7:4f:31:06:
         96:03:76:07:87:4e:6f:6f:42:2d:a0:17:35:23:2e:23:7b:0b:
         bf:eb:31:55:1d:37:09:d9:3a:0c:d2:8b:ba:93:84:4a:0a:0b:
         c1:cb:16:53:cc:73:3a:ac:66:ff:85:e7:18:5c:3a:fa:df:f7:
         02:38:8d:d4:f8:16:40:94:f9:a8:ff:6c:e2:9c:9f:0c:5f:5c:
         66:e9:fc:4a:d8:0c:2b:ee:84:87:d4:1b:95:65:71:d7:c1:85:
         ca:30:98:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH08veEkdARKq4fJppe8h4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwOTE1MDkxMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzViZDczOWExZjVhZWJmOGRjY2Y1YmQyNGNhY2JlODdjNTczYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrKcC6Az4NdsobcmqMLiLGd61bzp
gt/I6Sbav9qV5mdmP0KvfTf/QbPy+O6ltiFowpnAhqCfKV5BxFyaUpTZDgoqm02v
b7u8Y8LjHfqYKHPQcIH/LVCz2Rc46G21ED12WCN+hD35ZIOHl30Xhmxi4Hn/aHMM
2KhZib95KKbEzj5f1pbEdqyVDdkU3K+wEj0keSxo8qvdWsMm+5wv/vJDpsdI5X1W
bNL561nyIiCRGrJtZAolaI6l+WHi6KyiZqkB8QPHzZshyVC5Gkz1umjXDXPJkCcb
Ez/Hx+mJISRcGZEYVfSvVAcLcIwk5+VnnJrHEbuRSwXrDYiGaduFU3kseQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxb1zmh9a6/jcz1vSTKy+h8VzwAMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvM0Z2WE9hSDFyci1OelBXOUpNckw2SHhYUEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClX5cMA0G
CSqGSIb3DQEBCwUAA4IBAQACwjDCMBGi6WwG5RuejQGP6lYFGaZGMjekVK5o+2Dt
vOwnd9YvK9vnnInuLUBfXDjUKxRLINxRYBof2WDcPagZtN2YcFWi/K5RFI/5lu2J
9Zj6JOGUWVE08CNsC4zwVk62pUVC7JJE7zVr57yAIr4EQGOZAWXMjKZ25LRhPYqr
T43dNHpG+HsU5cFTTMTmFbxOQNYvOoluYqqrIF+25cdPMQaWA3YHh05vb0ItoBc1
Iy4jewu/6zFVHTcJ2ToM0ou6k4RKCgvByxZTzHM6rGb/hecYXDr63/cCOI3U+BZA
lPmo/2zinJ8MX1xm6fxK2Awr7oSH1BuVZXHXwYXKMJin
-----END CERTIFICATE-----