Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/3FVtAmT4CuSQyPiethz-XgOvP58.roa
File:                     3FVtAmT4CuSQyPiethz-XgOvP58.roa (raw, json)
Hash identifier:          IEGrgBrOkw8YlrSrNv8kZ3M0U4oFphY6duIZ/wFLP30=
Subject key identifier:   DC:55:6D:02:64:F8:0A:E4:90:C8:F8:9E:B6:1C:FE:5E:03:AF:3F:9F
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0194DAFA562843200FC9AACEAA3606741823
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/3FVtAmT4CuSQyPiethz-XgOvP58.roa
Signing time:             Thu 06 Feb 2025 11:17:06 +0000
ROA not before:           Thu 06 Feb 2025 11:17:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35263
IP address blocks:        86.109.64.0/20 maxlen: 20
                          2a00:1b90::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:da:fa:56:28:43:20:0f:c9:aa:ce:aa:36:06:74:18:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Feb  6 11:17:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc556d0264f80ae490c8f89eb61cfe5e03af3f9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7e:63:aa:c8:5c:cc:26:1a:8e:61:92:17:6a:
                    8e:fd:f0:64:b3:2e:27:c3:17:8a:c4:00:b2:3d:0f:
                    d0:37:a3:11:5b:e0:6a:62:cd:f4:87:57:16:75:bb:
                    fd:93:85:85:cd:7b:39:b1:05:89:46:2f:f7:9a:c9:
                    aa:aa:f9:81:f9:f8:5f:c6:5a:c5:0e:01:ee:53:cd:
                    c6:d3:d4:c2:af:6b:e7:f0:93:d4:75:9f:eb:49:09:
                    19:9c:75:fd:9f:06:0c:39:5a:21:4b:c0:a5:56:92:
                    0c:1a:59:9a:a4:65:0b:64:19:66:76:6c:3c:4e:2c:
                    a0:6a:84:87:29:6b:cb:72:8e:cf:ef:56:35:6d:0d:
                    22:4d:f6:53:63:68:8d:76:b0:8b:79:1a:f7:f0:0b:
                    ce:93:8b:45:44:f5:58:94:99:15:64:68:cf:8e:23:
                    61:bd:2e:3b:21:38:ae:97:ab:d0:5b:a7:67:86:bc:
                    8a:40:ff:ad:39:fc:da:5f:a8:d2:65:23:55:e0:4d:
                    65:3b:bc:4a:e9:46:56:85:ca:b9:0c:f3:70:79:9b:
                    c7:c0:e3:09:bc:23:3c:b5:6b:9e:a6:e6:19:98:64:
                    6f:c1:9c:17:ce:1c:43:6d:22:64:93:61:09:d3:db:
                    86:22:0a:85:51:fe:02:49:3d:b5:76:1a:d9:44:89:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:55:6D:02:64:F8:0A:E4:90:C8:F8:9E:B6:1C:FE:5E:03:AF:3F:9F
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/3FVtAmT4CuSQyPiethz-XgOvP58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.64.0/20
                IPv6:
                  2a00:1b90::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:99:f7:22:54:69:11:2c:1f:01:2b:10:5a:a6:68:65:d4:07:
         94:6c:bd:6a:4d:06:82:cf:c8:be:bc:6e:43:e3:7b:f6:23:03:
         54:76:d1:ea:1c:1b:55:1e:54:b0:66:ed:8f:da:1c:84:f5:59:
         f4:5d:71:cd:4f:15:b3:cd:fe:94:f6:b7:e6:0f:c5:f7:4f:28:
         53:af:2e:c5:f3:e8:7e:d6:cd:6e:83:f3:51:17:60:b5:2b:fb:
         1b:07:fa:54:52:b1:12:3e:89:35:97:1a:49:df:4f:d4:f8:e1:
         ec:3b:57:9c:4e:8b:d9:c7:0e:4f:7e:c1:11:a6:37:9a:00:1f:
         dc:65:73:cf:22:3c:83:8b:6d:44:06:50:1a:ef:a4:00:a5:e8:
         0b:cf:4a:9d:a8:bd:5f:d9:28:48:17:3d:17:14:68:3f:dd:ab:
         c8:b3:3a:79:88:fa:dc:5a:d2:e3:dd:a0:4a:18:59:f7:c9:43:
         58:10:5c:da:57:d7:33:81:5b:ae:a3:6a:79:f1:82:6b:e3:47:
         01:d8:35:4c:14:4d:53:99:03:e0:61:55:10:60:c3:21:87:81:
         37:5f:74:94:f8:4e:10:84:e6:c7:3d:c2:61:65:ee:a5:78:1c:
         8c:64:de:79:b5:5e:d2:ad:c7:38:54:15:97:31:d5:3b:d7:ad:
         b6:fe:51:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZTa+lYoQyAPyarOqjYGdBgjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwMjA2MTExNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU1NmQwMjY0ZjgwYWU0OTBjOGY4OWViNjFjZmU1ZTAzYWYzZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnX5jqshczCYajmGSF2qO/fBksy4n
wxeKxACyPQ/QN6MRW+BqYs30h1cWdbv9k4WFzXs5sQWJRi/3msmqqvmB+fhfxlrF
DgHuU83G09TCr2vn8JPUdZ/rSQkZnHX9nwYMOVohS8ClVpIMGlmapGULZBlmdmw8
TiygaoSHKWvLco7P71Y1bQ0iTfZTY2iNdrCLeRr38AvOk4tFRPVYlJkVZGjPjiNh
vS47ITiul6vQW6dnhryKQP+tOfzaX6jSZSNV4E1lO7xK6UZWhcq5DPNweZvHwOMJ
vCM8tWuepuYZmGRvwZwXzhxDbSJkk2EJ09uGIgqFUf4CST21dhrZRImOvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNxVbQJk+ArkkMj4nrYc/l4Drz+fMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvM0ZWdEFtVDRDdVNReVBpZXRoei1YZ092UDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEVm1AMA0E
AgACMAcDBQAqABuQMA0GCSqGSIb3DQEBCwUAA4IBAQBAmfciVGkRLB8BKxBapmhl
1AeUbL1qTQaCz8i+vG5D43v2IwNUdtHqHBtVHlSwZu2P2hyE9Vn0XXHNTxWzzf6U
9rfmD8X3TyhTry7F8+h+1s1ug/NRF2C1K/sbB/pUUrESPok1lxpJ30/U+OHsO1ec
TovZxw5PfsERpjeaAB/cZXPPIjyDi21EBlAa76QApegLz0qdqL1f2ShIFz0XFGg/
3avIszp5iPrcWtLj3aBKGFn3yUNYEFzaV9czgVuuo2p58YJr40cB2DVMFE1TmQPg
YVUQYMMhh4E3X3SU+E4QhObHPcJhZe6leByMZN55tV7Srcc4VBWXMdU71622/lEm
-----END CERTIFICATE-----