Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/FmkKEcHCN4SKkKjvm4wbiP2rqGc.roa
File:                     FmkKEcHCN4SKkKjvm4wbiP2rqGc.roa (raw, json)
Hash identifier:          BxDXl5Xd1DRGy1evvpUKKCLNhtBpKlkHYmd1XWHZ6n8=
Subject key identifier:   16:69:0A:11:C1:C2:37:84:8A:90:A8:EF:9B:8C:1B:88:FD:AB:A8:67
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0198A43F3CFDB55966DCC33A5F0B98F48FB0
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/FmkKEcHCN4SKkKjvm4wbiP2rqGc.roa
Signing time:             Wed 13 Aug 2025 16:24:24 +0000
ROA not before:           Wed 13 Aug 2025 16:24:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399989
IP address blocks:        86.109.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a4:3f:3c:fd:b5:59:66:dc:c3:3a:5f:0b:98:f4:8f:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Aug 13 16:24:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16690a11c1c237848a90a8ef9b8c1b88fdaba867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:56:bf:92:6d:d4:90:8c:19:f8:df:8f:15:ab:
                    f1:be:1c:e5:5e:00:67:66:c4:38:57:d4:b6:a2:3b:
                    19:9a:04:7b:23:a6:ba:9e:54:43:18:66:61:7e:83:
                    7a:51:87:7a:d3:35:c5:9c:db:df:cc:82:b0:0e:23:
                    97:ca:28:c8:41:e0:0e:ed:c8:90:cc:35:2a:c8:c7:
                    2c:9b:8a:e4:a5:7f:f9:7d:35:d7:30:8e:90:96:93:
                    3f:82:57:bc:1b:b4:30:d9:59:2d:d4:ec:a5:c6:f7:
                    31:70:29:27:d7:98:05:8e:36:72:8e:fd:f2:34:72:
                    c4:d6:fb:5d:e5:23:ca:a1:cd:89:ac:46:cb:c7:65:
                    48:1b:a4:a6:7f:fb:69:5c:2d:73:4d:42:18:c6:5c:
                    47:fd:4a:64:9d:89:43:7f:78:c9:66:90:4d:5c:18:
                    75:6a:25:f6:dd:99:e1:70:76:df:9d:fe:37:11:7c:
                    a7:cf:4f:1c:36:47:0d:ea:a2:1a:7a:ef:82:81:9e:
                    08:e5:25:e4:3e:12:19:8f:4d:10:c6:f7:5b:89:49:
                    84:db:cb:99:34:1a:67:19:62:40:0a:99:e6:ad:fe:
                    dd:0e:2d:ec:ea:7e:ed:31:49:e9:7a:e8:25:2a:25:
                    31:a8:4f:c6:ce:65:d8:ca:cb:39:02:88:09:45:4a:
                    92:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:69:0A:11:C1:C2:37:84:8A:90:A8:EF:9B:8C:1B:88:FD:AB:A8:67
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/FmkKEcHCN4SKkKjvm4wbiP2rqGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:2e:f7:8d:f2:77:2b:f4:d2:2d:a5:14:13:99:38:83:ee:21:
         48:4c:80:4b:1b:1d:e3:53:e3:50:da:a8:4d:e8:b3:35:4d:3e:
         cd:51:0a:c1:75:52:9d:b0:b5:33:06:02:a4:b6:66:ad:49:f6:
         69:eb:55:b0:97:59:a0:51:73:dc:15:b0:27:6d:b2:dc:6f:02:
         0f:c2:e1:5c:f5:c3:1a:f1:4a:c0:e4:98:a5:30:47:d3:7c:d5:
         14:9c:60:50:e9:2a:26:a9:5a:cb:1f:bd:cc:96:f2:8a:5d:59:
         2a:9d:12:6e:82:77:a5:34:98:a1:70:f1:66:49:54:6b:44:01:
         cf:ef:62:f2:84:a8:2c:06:47:d7:56:f0:19:bc:51:13:2a:f3:
         81:d3:e7:0d:bf:ee:8b:5c:ed:9b:75:45:bc:9f:1d:ea:81:b4:
         94:d3:a9:59:7e:09:17:2b:42:ce:a4:ea:93:9c:68:00:5e:52:
         14:0f:8a:2b:f6:93:ed:5a:15:21:39:00:c9:d3:ff:83:ac:8a:
         11:84:e4:bd:ce:ae:ac:b8:85:d4:43:6a:81:c6:1e:8e:ef:b7:
         a4:d1:0d:94:38:b4:56:5f:a7:43:c9:f3:e1:4c:8f:53:49:23:
         7b:16:d6:c0:db:43:44:c4:df:e6:47:01:d3:4d:cf:85:b4:58:
         11:fb:87:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZikPzz9tVlm3MM6XwuY9I+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwODEzMTYyNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjY5MGExMWMxYzIzNzg0OGE5MGE4ZWY5YjhjMWI4OGZkYWJhODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVa/km3UkIwZ+N+PFavxvhzlXgBn
ZsQ4V9S2ojsZmgR7I6a6nlRDGGZhfoN6UYd60zXFnNvfzIKwDiOXyijIQeAO7ciQ
zDUqyMcsm4rkpX/5fTXXMI6QlpM/gle8G7Qw2Vkt1OylxvcxcCkn15gFjjZyjv3y
NHLE1vtd5SPKoc2JrEbLx2VIG6Smf/tpXC1zTUIYxlxH/UpknYlDf3jJZpBNXBh1
aiX23ZnhcHbfnf43EXynz08cNkcN6qIaeu+CgZ4I5SXkPhIZj00QxvdbiUmE28uZ
NBpnGWJACpnmrf7dDi3s6n7tMUnpeuglKiUxqE/GzmXYyss5AogJRUqSpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZpChHBwjeEipCo75uMG4j9q6hnMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvRm1rS0VjSENONFNLa0tqdm00d2JpUDJycUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVm1MMA0G
CSqGSIb3DQEBCwUAA4IBAQAeLveN8ncr9NItpRQTmTiD7iFITIBLGx3jU+NQ2qhN
6LM1TT7NUQrBdVKdsLUzBgKktmatSfZp61Wwl1mgUXPcFbAnbbLcbwIPwuFc9cMa
8UrA5JilMEfTfNUUnGBQ6SomqVrLH73MlvKKXVkqnRJugnelNJihcPFmSVRrRAHP
72LyhKgsBkfXVvAZvFETKvOB0+cNv+6LXO2bdUW8nx3qgbSU06lZfgkXK0LOpOqT
nGgAXlIUD4or9pPtWhUhOQDJ0/+DrIoRhOS9zq6suIXUQ2qBxh6O77ek0Q2UOLRW
X6dDyfPhTI9TSSN7FtbA20NExN/mRwHTTc+FtFgR+4fs
-----END CERTIFICATE-----