Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/_O2K9lYrU1ufrJyVF92JtVYbIao.roa
File:                     _O2K9lYrU1ufrJyVF92JtVYbIao.roa (raw, json)
Hash identifier:          opCkasUjE09S1Hv7hZM9HKqW92oCRoLsRmm8L97k62Q=
Subject key identifier:   FC:ED:8A:F6:56:2B:53:5B:9F:AC:9C:95:17:DD:89:B5:56:1B:21:AA
Certificate issuer:       /CN=9d3ebba9fa2cad286ac91276575745f615e8fa71
Certificate serial:       019420D650AD36B537928543416459856ACA
Authority key identifier: 9D:3E:BB:A9:FA:2C:AD:28:6A:C9:12:76:57:57:45:F6:15:E8:FA:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/_O2K9lYrU1ufrJyVF92JtVYbIao.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199996
IP address blocks:        81.30.100.0/24 maxlen: 24
                          185.35.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:50:ad:36:b5:37:92:85:43:41:64:59:85:6a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d3ebba9fa2cad286ac91276575745f615e8fa71
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fced8af6562b535b9fac9c9517dd89b5561b21aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3b:b3:98:c3:4e:3e:e0:fe:62:8c:7c:f7:c1:
                    76:89:ab:28:98:ae:dc:dd:52:f7:1b:8c:e5:98:b0:
                    64:a5:15:af:57:51:83:06:76:29:fe:1a:77:73:b7:
                    0a:54:97:12:a2:53:89:d1:90:27:be:31:11:40:82:
                    5b:fe:b0:98:a2:50:26:9b:a6:85:b5:a8:23:43:ae:
                    41:76:0f:5e:e1:0b:da:39:b9:f0:0f:0d:b2:fe:94:
                    5e:76:2e:0c:d3:48:53:c4:df:9b:cf:2d:e6:3c:c8:
                    be:e8:af:8c:b5:e9:e9:29:01:da:c9:16:3b:a9:17:
                    8f:d6:6b:24:69:1f:47:0f:67:a8:ec:d9:6f:d2:35:
                    b0:1e:cb:53:2b:79:ed:95:a0:11:e6:98:13:7b:18:
                    b4:91:fa:a6:39:ac:08:26:6f:70:e5:79:45:cb:7b:
                    c5:6e:61:92:ba:89:32:bf:a1:fd:36:52:ad:2e:14:
                    d6:5e:20:98:26:7c:ca:20:02:6c:72:80:36:92:56:
                    41:ac:74:5a:13:1a:40:99:08:f3:43:ca:1d:e7:3a:
                    5d:12:fe:4f:d2:d7:69:16:f6:5e:13:09:30:1e:84:
                    17:f7:6a:73:81:8c:95:0e:2d:15:ff:5f:98:ef:fb:
                    98:5d:3f:9e:79:11:c2:c5:d7:64:81:53:88:fc:cb:
                    62:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:ED:8A:F6:56:2B:53:5B:9F:AC:9C:95:17:DD:89:B5:56:1B:21:AA
            X509v3 Authority Key Identifier:
                keyid:9D:3E:BB:A9:FA:2C:AD:28:6A:C9:12:76:57:57:45:F6:15:E8:FA:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nT67qfosrShqyRJ2V1dF9hXo-nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/_O2K9lYrU1ufrJyVF92JtVYbIao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9ff9c7-d329-45a6-898a-9d959abce526/1/nT67qfosrShqyRJ2V1dF9hXo-nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.100.0/24
                  185.35.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:5b:cc:af:69:cb:e3:a0:8e:13:e9:f5:ce:c1:22:f6:71:c6:
         66:d2:87:ad:96:12:8c:31:1f:63:ff:ec:25:08:1c:97:e9:ba:
         d4:be:e6:13:b4:b5:8b:05:14:02:56:f1:39:15:0f:f3:2c:f5:
         67:8d:c0:6c:7d:2b:7b:0d:d6:b1:95:52:d8:f2:eb:af:76:e6:
         30:6f:c0:ea:97:15:f9:1a:70:18:db:bd:38:7b:eb:f9:45:24:
         52:a1:38:11:0f:74:23:19:73:a3:80:96:95:d2:51:de:f2:ea:
         06:10:71:17:f5:9d:48:73:14:61:46:ab:f9:81:f0:e0:52:c9:
         d8:a9:41:16:b7:e7:40:3f:c1:11:a3:fd:37:54:4d:c9:bf:f9:
         8d:8d:b2:ce:ea:2a:9b:f3:c7:ab:4e:cc:7b:55:8c:78:25:93:
         36:cd:40:81:79:4a:5d:1d:15:49:1b:ec:57:4e:9b:62:fe:09:
         e7:82:d7:d8:27:8b:37:9b:cc:7f:0f:37:e4:1c:f3:9b:3e:c3:
         50:73:79:81:ec:e3:cc:fd:fa:2c:77:86:67:55:e5:39:ed:72:
         fa:ba:34:3c:0a:e6:15:99:fd:9b:1a:1c:c8:a2:fc:f9:a9:33:
         15:ae:f6:63:b2:09:21:38:80:27:d8:37:4e:e2:1f:3f:c7:ef:
         61:25:01:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1lCtNrU3koVDQWRZhWrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkM2ViYmE5ZmEyY2FkMjg2YWM5MTI3NjU3NTc0NWY2MTVl
OGZhNzEwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2VkOGFmNjU2MmI1MzViOWZhYzljOTUxN2RkODliNTU2MWIyMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjuzmMNOPuD+Yox898F2iasomK7c
3VL3G4zlmLBkpRWvV1GDBnYp/hp3c7cKVJcSolOJ0ZAnvjERQIJb/rCYolAmm6aF
tagjQ65Bdg9e4QvaObnwDw2y/pRedi4M00hTxN+bzy3mPMi+6K+MtenpKQHayRY7
qReP1mskaR9HD2eo7Nlv0jWwHstTK3ntlaAR5pgTexi0kfqmOawIJm9w5XlFy3vF
bmGSuokyv6H9NlKtLhTWXiCYJnzKIAJscoA2klZBrHRaExpAmQjzQ8od5zpdEv5P
0tdpFvZeEwkwHoQX92pzgYyVDi0V/1+Y7/uYXT+eeRHCxddkgVOI/MtiMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPztivZWK1Nbn6yclRfdibVWGyGqMB8GA1UdIwQY
MBaAFJ0+u6n6LK0oaskSdldXRfYV6PpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblQ2N3Fmb3NyU2hxeVJKMlYxZEY5aFhvLW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85ZmY5YzctZDMyOS00NWE2LTg5OGEt
OWQ5NTlhYmNlNTI2LzEvX08ySzlsWXJVMXVmckp5VkY5Mkp0VlliSWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85ZmY5YzctZDMyOS00NWE2LTg5OGEtOWQ5NTlhYmNlNTI2
LzEvblQ2N3Fmb3NyU2hxeVJKMlYxZEY5aFhvLW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUR5kAwQC
uSOwMA0GCSqGSIb3DQEBCwUAA4IBAQCyW8yvacvjoI4T6fXOwSL2ccZm0oetlhKM
MR9j/+wlCByX6brUvuYTtLWLBRQCVvE5FQ/zLPVnjcBsfSt7DdaxlVLY8uuvduYw
b8DqlxX5GnAY2704e+v5RSRSoTgRD3QjGXOjgJaV0lHe8uoGEHEX9Z1IcxRhRqv5
gfDgUsnYqUEWt+dAP8ERo/03VE3Jv/mNjbLO6iqb88erTsx7VYx4JZM2zUCBeUpd
HRVJG+xXTpti/gnngtfYJ4s3m8x/DzfkHPObPsNQc3mB7OPM/fosd4ZnVeU57XL6
ujQ8CuYVmf2bGhzIovz5qTMVrvZjsgkhOIAn2DdO4h8/x+9hJQFa
-----END CERTIFICATE-----