Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/d3a2WBeR1A3tJcpu4fWQBY6byfA.roa
File:                     d3a2WBeR1A3tJcpu4fWQBY6byfA.roa (raw, json)
Hash identifier:          Zp2NY2sCUEQGxT621HkEtGngfanR7ZMZDlkAzEAeyIw=
Subject key identifier:   77:76:B6:58:17:91:D4:0D:ED:25:CA:6E:E1:F5:90:05:8E:9B:C9:F0
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       0194266B5F38968AF7E74C14529F6BC6235A
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/d3a2WBeR1A3tJcpu4fWQBY6byfA.roa
Signing time:             Thu 02 Jan 2025 09:49:18 +0000
ROA not before:           Thu 02 Jan 2025 09:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50338
IP address blocks:        5.39.202.0/23 maxlen: 23
                          2a04:7bc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:5f:38:96:8a:f7:e7:4c:14:52:9f:6b:c6:23:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  2 09:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7776b6581791d40ded25ca6ee1f590058e9bc9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:35:7c:ff:fb:c8:03:51:c0:5a:0d:b3:bb:6d:
                    8c:4d:00:87:c5:50:2e:19:49:f4:24:1d:f4:14:5a:
                    6d:30:78:f1:2f:f7:95:01:e2:37:ca:ef:e7:8e:bd:
                    85:05:3b:4a:d6:ee:1a:a7:df:15:e8:ec:dd:f3:59:
                    5b:80:20:19:e8:63:ae:a9:d8:aa:36:45:08:17:43:
                    99:d1:ca:68:14:64:04:2d:2d:86:47:51:47:91:df:
                    97:8c:96:33:e4:44:09:17:37:22:28:de:2e:ee:c6:
                    67:50:e9:da:03:7c:58:b8:66:d3:94:be:79:ac:50:
                    d3:89:21:c7:8f:ae:02:05:09:e3:ff:57:b5:71:66:
                    34:78:a0:db:12:f5:21:fb:42:f9:5c:b5:11:ef:9b:
                    6d:f7:71:03:30:9c:05:21:5f:66:f7:40:7c:7b:5d:
                    96:b7:1d:5b:2d:73:fc:73:c4:30:b8:b8:31:68:d1:
                    29:76:6b:14:7c:cd:cc:ed:ef:d6:b0:47:e4:4f:d7:
                    87:dc:6f:ac:18:ed:68:3c:9f:dd:cf:2e:38:83:9f:
                    14:62:10:a8:73:44:1f:db:5c:e8:56:64:f0:d7:9f:
                    cf:48:24:8d:3c:87:a7:26:54:77:46:4e:8a:d8:d3:
                    a2:6b:4b:bf:e6:54:84:7a:ff:8f:76:70:32:b2:b9:
                    f4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:76:B6:58:17:91:D4:0D:ED:25:CA:6E:E1:F5:90:05:8E:9B:C9:F0
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/d3a2WBeR1A3tJcpu4fWQBY6byfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.202.0/23
                IPv6:
                  2a04:7bc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:49:02:63:f1:06:34:f1:f6:8f:97:d1:55:3b:12:ad:40:81:
         97:a5:66:88:94:04:e5:81:8a:bc:1e:c4:cd:0e:93:b2:f3:40:
         d4:d6:1e:be:81:5a:ab:1a:e8:3a:4f:0c:ac:56:3b:2c:5f:95:
         75:85:fa:b2:3b:bd:2f:63:84:21:71:61:9c:79:3f:29:26:1c:
         c3:f6:b0:e4:18:2c:a9:5f:2d:cf:4e:c6:93:ed:26:ce:23:c6:
         34:7b:57:ed:31:12:45:c5:e2:dc:69:04:31:0f:37:17:0e:21:
         af:72:90:5e:94:0a:61:0b:4f:9a:e7:70:68:9e:8f:ea:d6:86:
         78:ed:6c:1a:99:ce:a2:7d:24:46:89:dd:e9:54:23:56:a5:35:
         a0:74:27:d3:44:93:ee:7a:c6:38:80:79:d6:6f:07:1f:d3:2a:
         8f:4c:88:19:0d:58:f0:b8:9e:5e:d1:b4:76:79:23:41:f3:7e:
         17:08:3a:48:7c:f0:78:a2:92:bc:ec:30:11:e3:9e:a7:e3:fb:
         fa:12:de:85:92:a0:f6:83:0f:e8:3e:5e:21:a9:a7:0d:4c:6e:
         22:c3:56:c0:d0:fe:01:a5:90:fd:2e:89:1e:dd:fd:70:c0:fb:
         c7:ba:91:25:f9:3e:06:28:86:c1:c4:a7:21:a0:52:62:33:4a:
         ad:ec:7d:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma184lor350wUUp9rxiNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwMTAyMDk0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Nzc2YjY1ODE3OTFkNDBkZWQyNWNhNmVlMWY1OTAwNThlOWJjOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzV8//vIA1HAWg2zu22MTQCHxVAu
GUn0JB30FFptMHjxL/eVAeI3yu/njr2FBTtK1u4ap98V6Ozd81lbgCAZ6GOuqdiq
NkUIF0OZ0cpoFGQELS2GR1FHkd+XjJYz5EQJFzciKN4u7sZnUOnaA3xYuGbTlL55
rFDTiSHHj64CBQnj/1e1cWY0eKDbEvUh+0L5XLUR75tt93EDMJwFIV9m90B8e12W
tx1bLXP8c8QwuLgxaNEpdmsUfM3M7e/WsEfkT9eH3G+sGO1oPJ/dzy44g58UYhCo
c0Qf21zoVmTw15/PSCSNPIenJlR3Rk6K2NOia0u/5lSEev+PdnAysrn0IwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHd2tlgXkdQN7SXKbuH1kAWOm8nwMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvZDNhMldCZVIxQTN0SmNwdTRmV1FCWTZieWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBBSfKMA0E
AgACMAcDBQAqBHvBMA0GCSqGSIb3DQEBCwUAA4IBAQCVSQJj8QY08faPl9FVOxKt
QIGXpWaIlATlgYq8HsTNDpOy80DU1h6+gVqrGug6TwysVjssX5V1hfqyO70vY4Qh
cWGceT8pJhzD9rDkGCypXy3PTsaT7SbOI8Y0e1ftMRJFxeLcaQQxDzcXDiGvcpBe
lAphC0+a53Bono/q1oZ47Wwamc6ifSRGid3pVCNWpTWgdCfTRJPuesY4gHnWbwcf
0yqPTIgZDVjwuJ5e0bR2eSNB834XCDpIfPB4opK87DAR456n4/v6Et6FkqD2gw/o
Pl4hqacNTG4iw1bA0P4BpZD9Loke3f1wwPvHupEl+T4GKIbBxKchoFJiM0qt7H2o
-----END CERTIFICATE-----