Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/ZA1mwjKR7_7569CyCMJfpDsJl3M.roa
File:                     ZA1mwjKR7_7569CyCMJfpDsJl3M.roa (raw, json)
Hash identifier:          HYD+j34t1ndEQo/JB/oE14Ibls9UlENhpbw/0fKKgMw=
Subject key identifier:   64:0D:66:C2:32:91:EF:FE:F9:EB:D0:B2:08:C2:5F:A4:3B:09:97:73
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0194EF67BD1A8C9BE00EA8F5B4F07FD55CE8
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/ZA1mwjKR7_7569CyCMJfpDsJl3M.roa
Signing time:             Mon 10 Feb 2025 10:29:00 +0000
ROA not before:           Mon 10 Feb 2025 10:29:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11426
IP address blocks:        86.109.80.0/23 maxlen: 24
                          86.109.82.0/23 maxlen: 24
                          86.109.84.0/23 maxlen: 24
                          86.109.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ef:67:bd:1a:8c:9b:e0:0e:a8:f5:b4:f0:7f:d5:5c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Feb 10 10:29:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=640d66c23291effef9ebd0b208c25fa43b099773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c7:0a:7a:5f:cf:c5:0e:9f:0f:30:6e:ff:6b:
                    7c:ad:c9:19:6e:d0:a5:34:af:0f:8d:be:b7:74:78:
                    3d:21:ef:3d:c2:a4:d0:b4:a6:33:fc:2d:ab:15:66:
                    18:5c:08:38:5e:d0:c8:96:a2:54:87:cb:2c:24:43:
                    b3:9d:ee:5f:fa:de:87:e8:6a:77:d9:b4:09:69:0d:
                    be:e7:34:46:fe:66:09:02:d3:eb:2e:6d:e5:f2:e1:
                    8c:23:ed:fa:e2:47:16:80:68:10:b0:ef:ce:0f:cd:
                    a6:b9:0f:25:c4:c4:a6:25:f8:7b:e3:38:03:0f:5d:
                    08:42:fc:e0:f6:e1:fd:2b:d4:d9:f1:67:e9:2d:ad:
                    c0:36:99:c1:94:2b:3b:ea:c7:f7:b4:68:65:8d:07:
                    55:24:1d:1c:dc:c1:1e:59:e3:9b:e4:92:f5:5e:0d:
                    a4:aa:eb:29:27:91:57:7a:f1:a4:7b:94:e2:6d:41:
                    07:16:c5:3e:77:34:9e:08:ec:63:6f:1f:b8:a9:13:
                    94:bc:e7:f0:52:37:ca:90:d5:eb:0d:27:39:f3:04:
                    66:f4:e6:21:3a:38:26:4a:7b:be:89:21:4e:be:5e:
                    69:82:22:4e:23:82:77:c4:3e:98:0b:71:31:47:11:
                    35:9e:71:fb:b6:b1:fb:a4:cc:d0:3d:f8:24:1a:37:
                    9a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:0D:66:C2:32:91:EF:FE:F9:EB:D0:B2:08:C2:5F:A4:3B:09:97:73
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/ZA1mwjKR7_7569CyCMJfpDsJl3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:86:d6:fc:8f:d7:2f:ce:ae:b9:ee:d7:6a:d5:55:cd:29:5c:
         b8:9e:88:c4:2a:24:49:f1:99:e3:ae:d8:ee:4b:89:e2:4e:81:
         be:fc:27:99:dc:4c:5f:59:28:1b:dd:f2:b3:0a:e7:ce:b5:f5:
         dd:8d:1e:d1:23:47:c8:72:7d:8c:08:55:27:47:0c:ed:0c:62:
         30:40:1e:50:8e:ff:3b:bd:1a:ac:a7:2d:2f:c8:d2:be:40:3d:
         73:7a:6a:32:54:28:e7:26:0e:6c:93:6f:fb:b7:5e:70:c3:b7:
         fa:01:07:37:e4:a1:4a:64:ed:1a:45:fa:38:5f:13:f0:8b:bd:
         31:b7:df:d3:ca:fd:a2:87:ec:72:39:dd:d2:96:99:f8:4b:fe:
         5a:81:10:8f:34:b6:9a:d8:93:ab:3a:4f:7f:0e:c9:64:bc:c9:
         87:aa:74:a2:30:77:e2:d8:b6:08:79:8a:0c:33:5b:6b:8f:75:
         46:eb:b7:5e:c8:f7:23:e0:52:8f:88:64:82:a8:bc:56:55:02:
         69:45:1c:5d:01:c0:d8:15:a4:14:dc:b5:40:19:51:2b:f5:43:
         58:8a:72:b5:ea:0f:bd:3c:83:b1:ac:f1:fe:d2:0c:57:d6:52:
         11:64:de:f1:e7:a9:4c:f3:a8:08:08:68:c9:6a:ce:d3:5e:28:
         a9:f2:b9:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTvZ70ajJvgDqj1tPB/1VzoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwMjEwMTAyOTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDBkNjZjMjMyOTFlZmZlZjllYmQwYjIwOGMyNWZhNDNiMDk5NzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMcKel/PxQ6fDzBu/2t8rckZbtCl
NK8Pjb63dHg9Ie89wqTQtKYz/C2rFWYYXAg4XtDIlqJUh8ssJEOzne5f+t6H6Gp3
2bQJaQ2+5zRG/mYJAtPrLm3l8uGMI+364kcWgGgQsO/OD82muQ8lxMSmJfh74zgD
D10IQvzg9uH9K9TZ8WfpLa3ANpnBlCs76sf3tGhljQdVJB0c3MEeWeOb5JL1Xg2k
quspJ5FXevGke5TibUEHFsU+dzSeCOxjbx+4qROUvOfwUjfKkNXrDSc58wRm9OYh
OjgmSnu+iSFOvl5pgiJOI4J3xD6YC3ExRxE1nnH7trH7pMzQPfgkGjeaswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQNZsIyke/++evQsgjCX6Q7CZdzMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvWkExbXdqS1I3Xzc1NjlDeUNNSmZwRHNKbDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVm1QMA0G
CSqGSIb3DQEBCwUAA4IBAQADhtb8j9cvzq657tdq1VXNKVy4nojEKiRJ8Znjrtju
S4niToG+/CeZ3ExfWSgb3fKzCufOtfXdjR7RI0fIcn2MCFUnRwztDGIwQB5Qjv87
vRqspy0vyNK+QD1zemoyVCjnJg5sk2/7t15ww7f6AQc35KFKZO0aRfo4XxPwi70x
t9/Tyv2ih+xyOd3Slpn4S/5agRCPNLaa2JOrOk9/DslkvMmHqnSiMHfi2LYIeYoM
M1trj3VG67deyPcj4FKPiGSCqLxWVQJpRRxdAcDYFaQU3LVAGVEr9UNYinK16g+9
PIOxrPH+0gxX1lIRZN7x56lM86gICGjJas7TXiip8rnP
-----END CERTIFICATE-----