Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/lThuEEXjbOk9kIBiQn4XNJSri60.roa
File:                     lThuEEXjbOk9kIBiQn4XNJSri60.roa (raw, json)
Hash identifier:          saUcIO3Pzwx9suP3W1g5k4dgT0dO1lpuD0PTK3qh6JE=
Subject key identifier:   95:38:6E:10:45:E3:6C:E9:3D:90:80:62:42:7E:17:34:94:AB:8B:AD
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0195CD12B4A97A2F9B30604336A135C8D92D
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/lThuEEXjbOk9kIBiQn4XNJSri60.roa
Signing time:             Tue 25 Mar 2025 11:31:49 +0000
ROA not before:           Tue 25 Mar 2025 11:31:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58325
IP address blocks:        86.109.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:12:b4:a9:7a:2f:9b:30:60:43:36:a1:35:c8:d9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Mar 25 11:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95386e1045e36ce93d908062427e173494ab8bad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:60:2d:a8:da:80:ca:11:d1:a4:6e:fe:89:70:
                    08:ee:2a:a6:cf:19:5c:44:bd:49:44:48:55:57:1f:
                    76:7f:ce:af:0c:e0:4e:62:c8:c7:a2:9c:f4:ac:c5:
                    45:b1:78:eb:8f:11:34:7b:bd:40:1f:95:f9:c9:f9:
                    e2:14:ab:4c:03:69:86:5f:9c:ae:7d:90:f8:b4:68:
                    66:3a:db:4e:f9:a5:71:40:d5:9d:ec:89:6b:1d:e1:
                    0f:12:a0:b2:67:c2:13:1f:b7:53:01:53:f8:8a:25:
                    1f:60:ee:fb:a4:ef:b3:1e:f0:ec:52:a2:8c:f3:11:
                    fc:fe:fe:aa:a9:1c:1e:93:db:f2:f4:cc:de:63:ef:
                    6f:3f:86:44:7f:43:e0:5f:59:73:9a:57:8e:df:74:
                    e7:05:93:8e:d1:df:38:14:dc:0f:6a:a4:15:70:dd:
                    76:89:11:07:80:60:e8:26:65:24:55:ae:a6:d5:72:
                    ce:a3:e3:77:e1:74:fa:13:37:c0:8d:cb:bf:5f:d4:
                    cc:56:c2:54:aa:5b:39:5e:98:a9:2c:a9:6c:5f:5e:
                    7e:0c:27:e4:0c:0f:1c:35:48:67:74:85:24:10:4f:
                    bc:f7:ab:e5:74:02:d6:71:1b:50:95:a1:73:d9:2a:
                    54:e9:a0:65:92:de:0a:dc:20:ad:2b:0a:56:9b:a3:
                    e8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:38:6E:10:45:E3:6C:E9:3D:90:80:62:42:7E:17:34:94:AB:8B:AD
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/lThuEEXjbOk9kIBiQn4XNJSri60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:c8:34:f5:60:ef:c5:31:d1:84:35:8b:45:45:3b:ca:65:08:
         6e:06:52:f0:d4:61:1a:78:25:15:a0:3e:e1:57:05:22:28:66:
         b9:8e:8b:07:7f:c5:35:ac:34:3f:f6:08:52:92:16:8d:d3:4c:
         ff:e9:bd:fb:4c:6f:d2:1e:1c:c1:63:06:04:bf:b4:67:44:63:
         d7:f0:fd:fc:46:45:8e:a5:62:3c:0e:c8:ee:4b:20:34:84:af:
         c0:21:be:70:72:b5:cc:82:b6:18:f8:e1:4a:24:3b:79:73:32:
         8f:ce:fc:19:01:ec:1e:d9:cb:b2:7f:5f:d2:be:ad:38:55:ad:
         83:0f:5b:c1:f6:a6:ba:18:82:39:6e:8f:91:ac:91:53:89:0c:
         e1:5e:94:26:ea:39:2d:76:3d:a7:10:2f:14:8d:57:3e:fa:60:
         74:56:8c:b0:00:71:68:01:ba:e5:ef:b3:a0:d9:f2:f0:d1:4c:
         1e:c2:b3:83:0e:6a:e7:ea:dd:9e:01:a1:10:46:ba:b9:bf:f0:
         3d:da:ad:e4:d9:4b:b5:d7:ef:8b:5d:b8:57:f0:39:fd:cb:43:
         65:74:15:99:35:49:d7:82:ea:6d:d7:a7:a6:d0:fa:08:1d:b0:
         d8:1e:53:91:1e:5f:de:1f:03:db:a9:8f:14:68:95:b5:c5:0b:
         93:77:73:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXNErSpei+bMGBDNqE1yNktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwMzI1MTEzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTM4NmUxMDQ1ZTM2Y2U5M2Q5MDgwNjI0MjdlMTczNDk0YWI4YmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmAtqNqAyhHRpG7+iXAI7iqmzxlc
RL1JREhVVx92f86vDOBOYsjHopz0rMVFsXjrjxE0e71AH5X5yfniFKtMA2mGX5yu
fZD4tGhmOttO+aVxQNWd7IlrHeEPEqCyZ8ITH7dTAVP4iiUfYO77pO+zHvDsUqKM
8xH8/v6qqRwek9vy9MzeY+9vP4ZEf0PgX1lzmleO33TnBZOO0d84FNwPaqQVcN12
iREHgGDoJmUkVa6m1XLOo+N34XT6EzfAjcu/X9TMVsJUqls5XpipLKlsX15+DCfk
DA8cNUhndIUkEE+896vldALWcRtQlaFz2SpU6aBlkt4K3CCtKwpWm6PouQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU4bhBF42zpPZCAYkJ+FzSUq4utMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvbFRodUVFWGpiT2s5a0lCaVFuNFhOSlNyaTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVm1YMA0G
CSqGSIb3DQEBCwUAA4IBAQCMyDT1YO/FMdGENYtFRTvKZQhuBlLw1GEaeCUVoD7h
VwUiKGa5josHf8U1rDQ/9ghSkhaN00z/6b37TG/SHhzBYwYEv7RnRGPX8P38RkWO
pWI8DsjuSyA0hK/AIb5wcrXMgrYY+OFKJDt5czKPzvwZAewe2cuyf1/Svq04Va2D
D1vB9qa6GII5bo+RrJFTiQzhXpQm6jktdj2nEC8UjVc++mB0VoywAHFoAbrl77Og
2fLw0UwewrODDmrn6t2eAaEQRrq5v/A92q3k2Uu11++LXbhX8Dn9y0NldBWZNUnX
gupt16em0PoIHbDYHlORHl/eHwPbqY8UaJW1xQuTd3M7
-----END CERTIFICATE-----