Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/O3Tnl_hQ-xazPyPalSQiMw8uws4.roa
File:                     O3Tnl_hQ-xazPyPalSQiMw8uws4.roa (raw, json)
Hash identifier:          on+ud1ImXk9PCKeavsxsVmZkBwEQpMfUP3g2Be5WDiE=
Subject key identifier:   3B:74:E7:97:F8:50:FB:16:B3:3F:23:DA:95:24:22:33:0F:2E:C2:CE
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0198A3AE96A15A4C57509DCAC58527FF7DEA
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/O3Tnl_hQ-xazPyPalSQiMw8uws4.roa
Signing time:             Wed 13 Aug 2025 13:46:24 +0000
ROA not before:           Wed 13 Aug 2025 13:46:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58212
IP address blocks:        86.109.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:ae:96:a1:5a:4c:57:50:9d:ca:c5:85:27:ff:7d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Aug 13 13:46:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b74e797f850fb16b33f23da952422330f2ec2ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:42:c6:bb:67:3d:7a:6b:4e:b7:ab:53:01:19:
                    84:83:92:e7:86:95:43:5e:63:c1:43:17:64:58:ac:
                    df:76:cb:1c:41:c2:96:34:2c:4c:07:34:05:40:bc:
                    58:33:22:8a:c6:c1:f5:b4:4b:47:c7:b5:04:08:33:
                    49:77:dd:f8:02:05:81:24:14:7d:bb:49:76:07:e4:
                    30:07:30:76:8d:a7:94:1c:1a:37:c8:68:85:93:a4:
                    5c:19:b0:ba:08:9e:85:c1:1c:5c:0e:e7:f9:d5:5f:
                    f4:d0:1f:b3:99:ea:2d:26:f8:7f:3c:99:45:1a:82:
                    67:ca:b6:1e:43:df:6c:61:10:9f:53:3e:bd:bc:51:
                    41:01:ba:44:d3:4e:23:61:86:b7:55:02:41:77:2e:
                    7a:51:1e:f5:21:35:42:7b:39:5a:7f:f3:ce:3e:1a:
                    10:ab:8c:07:4e:73:e2:d0:f0:a4:a8:07:ed:2a:2e:
                    35:63:e5:55:9e:e8:e8:07:5f:75:bf:50:79:50:15:
                    88:f1:1f:ee:76:02:c9:5d:81:76:f5:24:9f:70:58:
                    85:12:67:66:27:82:2a:a4:7d:40:9e:ec:b0:f6:24:
                    e4:05:3a:7b:d9:e2:8d:86:d6:0a:f7:19:25:6b:6e:
                    e5:a4:1f:77:a1:72:fc:92:ee:7e:64:ec:06:d6:42:
                    ad:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:74:E7:97:F8:50:FB:16:B3:3F:23:DA:95:24:22:33:0F:2E:C2:CE
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/O3Tnl_hQ-xazPyPalSQiMw8uws4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:36:70:8b:e0:c0:0b:f5:b5:11:47:83:3b:8f:48:3c:b1:da:
         9e:d7:b6:e5:d7:23:72:81:2c:f6:d3:e7:5a:d2:e7:07:a1:d8:
         0a:bd:1e:64:68:bb:bd:25:94:03:4d:9e:c8:ab:48:f1:70:78:
         83:73:51:f6:28:1e:9f:d8:12:19:4c:18:b4:4c:85:f2:d4:6f:
         95:89:b1:7a:61:ed:d6:90:8d:a4:70:6d:5f:56:c2:83:0c:e4:
         f8:22:dc:52:e5:d1:71:c3:aa:e3:94:f9:33:6c:1d:cf:41:39:
         b7:37:c0:6c:cc:0a:57:f4:90:69:62:9c:e3:87:8d:df:85:da:
         fe:ad:73:d1:cc:18:93:6b:1c:12:4c:d0:b8:3c:ab:24:5b:3d:
         f4:b3:89:34:99:e4:a3:f1:1d:ff:7b:f0:c6:24:4f:f1:c3:9d:
         42:c6:cd:14:30:ac:50:b6:b7:3a:71:82:d1:a1:d2:af:04:f8:
         3d:11:1f:b8:3e:04:97:6c:d1:08:92:bb:5d:07:84:75:8e:80:
         a2:4e:9f:fd:0a:d2:2a:86:a6:9b:1f:eb:9b:b7:f0:d3:da:1e:
         dc:0b:32:df:34:ac:98:b9:cb:13:0c:36:a3:1c:e4:95:93:50:
         37:5d:e7:bc:de:f5:90:df:b7:a0:c4:66:f7:2c:40:ee:21:fa:
         1b:ea:27:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijrpahWkxXUJ3KxYUn/33qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwODEzMTM0NjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc0ZTc5N2Y4NTBmYjE2YjMzZjIzZGE5NTI0MjIzMzBmMmVjMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00LGu2c9emtOt6tTARmEg5LnhpVD
XmPBQxdkWKzfdsscQcKWNCxMBzQFQLxYMyKKxsH1tEtHx7UECDNJd934AgWBJBR9
u0l2B+QwBzB2jaeUHBo3yGiFk6RcGbC6CJ6FwRxcDuf51V/00B+zmeotJvh/PJlF
GoJnyrYeQ99sYRCfUz69vFFBAbpE004jYYa3VQJBdy56UR71ITVCezlaf/POPhoQ
q4wHTnPi0PCkqAftKi41Y+VVnujoB191v1B5UBWI8R/udgLJXYF29SSfcFiFEmdm
J4IqpH1Anuyw9iTkBTp72eKNhtYK9xkla27lpB93oXL8ku5+ZOwG1kKt4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt055f4UPsWsz8j2pUkIjMPLsLOMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvTzNUbmxfaFEteGF6UHlQYWxTUWlNdzh1d3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm1KMA0G
CSqGSIb3DQEBCwUAA4IBAQBsNnCL4MAL9bURR4M7j0g8sdqe17bl1yNygSz20+da
0ucHodgKvR5kaLu9JZQDTZ7Iq0jxcHiDc1H2KB6f2BIZTBi0TIXy1G+VibF6Ye3W
kI2kcG1fVsKDDOT4ItxS5dFxw6rjlPkzbB3PQTm3N8BszApX9JBpYpzjh43fhdr+
rXPRzBiTaxwSTNC4PKskWz30s4k0meSj8R3/e/DGJE/xw51Cxs0UMKxQtrc6cYLR
odKvBPg9ER+4PgSXbNEIkrtdB4R1joCiTp/9CtIqhqabH+ubt/DT2h7cCzLfNKyY
ucsTDDajHOSVk1A3Xee83vWQ37egxGb3LEDuIfob6icE
-----END CERTIFICATE-----