Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/AKY3-lmq_F-hZTNjYE8VF5Dbfhg.roa
File:                     AKY3-lmq_F-hZTNjYE8VF5Dbfhg.roa (raw, json)
Hash identifier:          SNTyErzebd/AsxAYfH3hc+mIWE58J4HLCDSVxz7/7nE=
Subject key identifier:   00:A6:37:FA:59:AA:FC:5F:A1:65:33:63:60:4F:15:17:90:DB:7E:18
Certificate issuer:       /CN=d6fb452a0ae33dfa52aaaacba794df1af6bc4334
Certificate serial:       019426D9E9F2767ABBA8F5E2D17A16555BFB
Authority key identifier: D6:FB:45:2A:0A:E3:3D:FA:52:AA:AA:CB:A7:94:DF:1A:F6:BC:43:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/AKY3-lmq_F-hZTNjYE8VF5Dbfhg.roa
Signing time:             Thu 02 Jan 2025 11:50:02 +0000
ROA not before:           Thu 02 Jan 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60720
IP address blocks:        81.25.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e9:f2:76:7a:bb:a8:f5:e2:d1:7a:16:55:5b:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6fb452a0ae33dfa52aaaacba794df1af6bc4334
        Validity
            Not Before: Jan  2 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00a637fa59aafc5fa1653363604f151790db7e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ee:3e:d2:b4:97:3e:54:1d:4c:a7:85:19:f2:
                    8f:ee:b5:57:e9:16:da:83:0a:7e:98:4c:80:1a:ef:
                    0f:d6:79:09:70:26:d5:a3:0d:99:d8:23:45:18:ce:
                    46:0d:6e:95:7c:20:d3:87:0f:49:f8:42:a6:0c:d3:
                    9b:48:27:92:6c:28:ce:ca:e1:77:c5:44:9b:64:9d:
                    2f:bc:05:e7:47:4d:0c:97:cc:50:75:3d:74:b4:49:
                    67:54:b6:d5:88:3a:f8:b6:82:5f:9e:2b:88:6a:eb:
                    1d:44:5a:c2:ce:1f:42:71:24:60:cf:5a:75:dd:3c:
                    37:79:ae:7e:b1:d3:74:65:b9:02:01:17:a7:e2:c1:
                    7b:79:64:65:cd:ad:fb:98:06:e8:1d:47:ef:4a:04:
                    b5:44:1b:d7:ec:ab:e4:08:ad:c7:a5:48:28:82:a3:
                    fa:de:71:b8:1d:45:76:3a:b3:4e:e1:f1:19:b2:5f:
                    e7:a7:7b:6c:53:20:31:9f:d9:08:a7:13:5d:4a:0f:
                    21:8e:42:9a:0f:a6:32:6b:df:51:1a:86:3e:ce:a6:
                    3f:9f:ac:5d:bb:bb:66:f3:ea:43:8b:bc:df:f2:1a:
                    bb:09:5d:eb:cc:be:e0:a7:6e:fb:7c:01:ff:7e:3e:
                    15:33:0e:69:6e:e8:df:fd:d2:b0:20:4d:0d:82:cb:
                    fb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:A6:37:FA:59:AA:FC:5F:A1:65:33:63:60:4F:15:17:90:DB:7E:18
            X509v3 Authority Key Identifier:
                keyid:D6:FB:45:2A:0A:E3:3D:FA:52:AA:AA:CB:A7:94:DF:1A:F6:BC:43:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/AKY3-lmq_F-hZTNjYE8VF5Dbfhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:bf:a2:29:2e:b2:61:5a:bf:38:f6:23:e2:ed:36:79:aa:4d:
         ef:12:41:e4:01:14:81:d2:d1:a2:24:3c:2e:1a:9e:8d:0e:b5:
         e7:96:d4:5a:2c:bd:07:b0:6c:92:b6:ff:fb:dc:82:0f:00:3e:
         9a:d7:a8:03:c4:63:da:4b:e6:f5:fa:16:cb:8f:2b:81:0c:0e:
         02:87:48:6d:c2:b2:52:92:f6:c4:ca:8c:9b:94:d2:4f:9e:96:
         c0:eb:37:8a:73:63:eb:1a:fb:56:14:dd:49:d9:83:82:46:bc:
         dd:b6:39:52:da:f6:b6:a3:1f:db:08:76:ba:10:eb:78:82:4d:
         81:9d:bc:c9:19:a4:6d:1b:2d:94:80:0a:c5:e8:56:a2:ed:f9:
         53:b6:5c:59:df:42:25:82:61:8f:de:f9:d9:94:12:ee:07:eb:
         19:86:8b:ab:ee:b7:c1:f8:f2:27:7b:63:2b:e4:8c:9f:56:19:
         ad:39:20:c6:03:a8:41:1f:ee:66:f2:db:4a:cf:d3:18:11:13:
         9d:c1:e4:2b:98:14:26:71:9b:8e:18:ba:e6:3c:2d:51:0a:e3:
         63:cd:e7:36:fb:32:71:2c:a3:60:91:dc:f6:3c:27:62:c6:26:
         d9:e0:1f:7c:2e:41:d2:c3:63:6b:c5:a2:c5:6e:ef:ee:c0:f3:
         c4:44:27:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2enydnq7qPXi0XoWVVv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZmI0NTJhMGFlMzNkZmE1MmFhYWFjYmE3OTRkZjFhZjZi
YzQzMzQwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGE2MzdmYTU5YWFmYzVmYTE2NTMzNjM2MDRmMTUxNzkwZGI3ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwO4+0rSXPlQdTKeFGfKP7rVX6Rba
gwp+mEyAGu8P1nkJcCbVow2Z2CNFGM5GDW6VfCDThw9J+EKmDNObSCeSbCjOyuF3
xUSbZJ0vvAXnR00Ml8xQdT10tElnVLbViDr4toJfniuIausdRFrCzh9CcSRgz1p1
3Tw3ea5+sdN0ZbkCARen4sF7eWRlza37mAboHUfvSgS1RBvX7KvkCK3HpUgogqP6
3nG4HUV2OrNO4fEZsl/np3tsUyAxn9kIpxNdSg8hjkKaD6Yya99RGoY+zqY/n6xd
u7tm8+pDi7zf8hq7CV3rzL7gp277fAH/fj4VMw5pbujf/dKwIE0Ngsv7aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACmN/pZqvxfoWUzY2BPFReQ234YMB8GA1UdIwQY
MBaAFNb7RSoK4z36Uqqqy6eU3xr2vEM0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZ0RktncmpQZnBTcXFyTHA1VGZHdmE4UXpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYmRkN2UtYTcyOS00OWFkLTg1YWEt
Zjc1OTYyZDMwZTM2LzEvQUtZMy1sbXFfRi1oWlROallFOFZGNURiZmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYmRkN2UtYTcyOS00OWFkLTg1YWEtZjc1OTYyZDMwZTM2
LzEvMXZ0RktncmpQZnBTcXFyTHA1VGZHdmE4UXpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCURlAMA0G
CSqGSIb3DQEBCwUAA4IBAQB3v6IpLrJhWr849iPi7TZ5qk3vEkHkARSB0tGiJDwu
Gp6NDrXnltRaLL0HsGyStv/73IIPAD6a16gDxGPaS+b1+hbLjyuBDA4Ch0htwrJS
kvbEyoyblNJPnpbA6zeKc2PrGvtWFN1J2YOCRrzdtjlS2va2ox/bCHa6EOt4gk2B
nbzJGaRtGy2UgArF6Fai7flTtlxZ30IlgmGP3vnZlBLuB+sZhour7rfB+PIne2Mr
5IyfVhmtOSDGA6hBH+5m8ttKz9MYEROdweQrmBQmcZuOGLrmPC1RCuNjzec2+zJx
LKNgkdz2PCdixibZ4B98LkHSw2NrxaLFbu/uwPPERCey
-----END CERTIFICATE-----