Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3dWabMZgy7CyCCq9iumkLDScB7U.roa
File:                     3dWabMZgy7CyCCq9iumkLDScB7U.roa (raw, json)
Hash identifier:          CRkc/x8b0aSsO6EJZfa2SgYak0jVCjiT0lQGS/Iiots=
Subject key identifier:   DD:D5:9A:6C:C6:60:CB:B0:B2:08:2A:BD:8A:E9:A4:2C:34:9C:07:B5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01955B9A65C8289F8F01AF5C2F3B9FE58A7E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3dWabMZgy7CyCCq9iumkLDScB7U.roa
Signing time:             Mon 03 Mar 2025 10:43:20 +0000
ROA not before:           Mon 03 Mar 2025 10:43:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        109.176.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 23:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:9a:65:c8:28:9f:8f:01:af:5c:2f:3b:9f:e5:8a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  3 10:43:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddd59a6cc660cbb0b2082abd8ae9a42c349c07b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3c:3f:31:ea:3b:8c:50:f5:18:b6:49:5b:a4:
                    14:9c:7e:7e:83:a0:5e:48:d7:7d:65:a0:bf:60:fb:
                    c0:d0:61:9c:63:f6:eb:65:a7:0c:32:47:a8:54:e4:
                    47:19:41:95:99:e8:46:58:4b:41:0d:26:ba:0d:5e:
                    54:d5:38:bc:e8:bf:7a:fe:f6:8e:90:bb:3d:c3:34:
                    35:b9:a4:78:cd:6e:42:df:7d:a4:9f:ff:8b:d7:cf:
                    1b:af:48:51:dd:8f:ad:98:c6:f2:2a:b5:f6:85:eb:
                    89:5b:ea:3b:e1:9a:b1:2a:08:a3:33:96:19:01:36:
                    8e:13:db:e4:d4:3f:5a:9a:79:7b:ad:e7:b7:f1:66:
                    66:3a:00:71:9c:3c:de:19:a8:8e:2b:e8:04:04:41:
                    68:b5:bf:a5:2b:6b:2c:cd:8d:2d:3c:34:cc:0d:2d:
                    f5:f0:9c:92:07:22:b2:c7:49:94:ae:9d:d6:3a:b4:
                    e2:4d:3c:a4:e9:d3:22:c3:81:58:b6:e8:0d:57:43:
                    2b:3e:33:1c:8a:12:af:55:cd:9a:20:41:00:8a:5d:
                    de:ae:55:fb:e7:31:c7:1d:05:f7:52:e1:ba:22:fc:
                    b2:b1:86:4e:eb:0f:30:e4:9c:a0:50:b9:ef:a8:50:
                    2d:5a:b8:05:8c:b0:a3:6a:44:b4:00:70:e9:7b:38:
                    80:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D5:9A:6C:C6:60:CB:B0:B2:08:2A:BD:8A:E9:A4:2C:34:9C:07:B5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3dWabMZgy7CyCCq9iumkLDScB7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:c1:51:6e:a6:00:63:56:db:ad:91:d6:a3:7c:19:06:4b:c2:
         87:e4:88:8c:d7:1a:1e:20:66:ef:5f:91:7c:28:41:cd:7b:1f:
         c7:c9:4c:e8:0e:61:7e:d9:6b:c7:15:e8:70:7b:d9:c7:0b:b2:
         e0:bf:56:be:ea:18:6a:55:7e:48:fb:19:6f:d8:50:41:1a:59:
         dc:65:53:19:b1:0d:3b:ea:f9:2c:6f:00:bb:eb:34:b3:6c:5c:
         80:51:82:c3:d0:ac:12:a8:4a:74:0a:9a:4c:f7:96:5d:72:4b:
         52:0c:9e:16:46:97:1f:de:dd:57:c6:6d:ad:a6:16:af:10:38:
         0f:ee:66:5a:de:54:34:39:a3:8b:88:98:fc:4d:b9:72:32:f6:
         e6:95:27:33:ef:0f:d0:91:0e:be:21:44:b0:73:fb:8b:dd:85:
         28:88:23:ce:10:fb:0f:24:50:a6:ea:dd:f1:39:12:d4:b3:b9:
         d9:03:34:03:b8:f6:e6:2e:db:43:8b:7a:38:f6:d2:90:3a:8e:
         f2:c8:e1:2e:ec:ab:42:14:21:27:d8:6a:bc:72:3b:d7:32:cc:
         ee:26:d2:57:48:b4:44:08:4a:92:92:e1:bf:80:5a:58:db:8c:
         d3:3a:b6:66:1c:da:3e:89:2c:74:6f:e3:3a:18:8a:a4:e8:6b:
         92:97:39:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVbmmXIKJ+PAa9cLzuf5Yp+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMzAzMTA0MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQ1OWE2Y2M2NjBjYmIwYjIwODJhYmQ4YWU5YTQyYzM0OWMwN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjw/Meo7jFD1GLZJW6QUnH5+g6Be
SNd9ZaC/YPvA0GGcY/brZacMMkeoVORHGUGVmehGWEtBDSa6DV5U1Ti86L96/vaO
kLs9wzQ1uaR4zW5C332kn/+L188br0hR3Y+tmMbyKrX2heuJW+o74ZqxKgijM5YZ
ATaOE9vk1D9amnl7ree38WZmOgBxnDzeGaiOK+gEBEFotb+lK2sszY0tPDTMDS31
8JySByKyx0mUrp3WOrTiTTyk6dMiw4FYtugNV0MrPjMcihKvVc2aIEEAil3erlX7
5zHHHQX3UuG6IvyysYZO6w8w5JygULnvqFAtWrgFjLCjakS0AHDpeziA0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3VmmzGYMuwsggqvYrppCw0nAe1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM2RXYWJNWmd5N0N5Q0NxOWl1bWtMRFNjQjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD4MA0G
CSqGSIb3DQEBCwUAA4IBAQBSwVFupgBjVtutkdajfBkGS8KH5IiM1xoeIGbvX5F8
KEHNex/HyUzoDmF+2WvHFehwe9nHC7Lgv1a+6hhqVX5I+xlv2FBBGlncZVMZsQ07
6vksbwC76zSzbFyAUYLD0KwSqEp0CppM95ZdcktSDJ4WRpcf3t1Xxm2tphavEDgP
7mZa3lQ0OaOLiJj8TblyMvbmlScz7w/QkQ6+IUSwc/uL3YUoiCPOEPsPJFCm6t3x
ORLUs7nZAzQDuPbmLttDi3o49tKQOo7yyOEu7KtCFCEn2Gq8cjvXMszuJtJXSLRE
CEqSkuG/gFpY24zTOrZmHNo+iSx0b+M6GIqk6GuSlzn1
-----END CERTIFICATE-----