Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5QpBT0THR8E4wAvSGpe3DiX8W4w.roa
File:                     5QpBT0THR8E4wAvSGpe3DiX8W4w.roa (raw, json)
Hash identifier:          usE7XsIW+K4DMVoZq27ZBoz6+b9+fmFEBWqMbEJeB7c=
Subject key identifier:   E5:0A:41:4F:44:C7:47:C1:38:C0:0B:D2:1A:97:B7:0E:25:FC:5B:8C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0195ADFCF1E95DBD47CC7CB69E04AA9DB900
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5QpBT0THR8E4wAvSGpe3DiX8W4w.roa
Signing time:             Wed 19 Mar 2025 10:39:50 +0000
ROA not before:           Wed 19 Mar 2025 10:39:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9002
IP address blocks:        213.218.244.0/24 maxlen: 24
                          213.218.245.0/24 maxlen: 24
                          213.218.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 23:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ad:fc:f1:e9:5d:bd:47:cc:7c:b6:9e:04:aa:9d:b9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 19 10:39:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e50a414f44c747c138c00bd21a97b70e25fc5b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:47:b1:cc:bb:9c:ad:5c:99:84:c5:7f:b7:4f:
                    4a:64:cb:4d:42:56:b3:5e:5a:90:c7:cf:48:2d:00:
                    a7:6f:86:a0:70:52:18:61:84:67:d0:4a:e5:2f:12:
                    80:3b:4c:55:25:0b:dc:27:54:5c:3b:45:70:e9:c4:
                    49:63:ef:f0:40:5f:5c:f4:50:6d:4b:d7:02:73:28:
                    e4:f9:c1:58:1d:5c:d2:e6:27:7d:7a:ab:ef:4e:df:
                    0d:f0:8a:cd:49:93:57:b5:67:89:bf:81:2b:32:3d:
                    44:a0:f7:7d:9e:e3:ea:6b:b9:98:14:51:b9:4c:bc:
                    75:90:bd:cd:b1:48:d2:ed:37:5f:9c:80:56:e4:7b:
                    74:a9:55:2b:cd:9b:52:43:25:4d:07:a4:9a:79:97:
                    64:84:10:be:22:65:69:88:13:2e:9a:62:6e:fd:04:
                    47:ce:6e:00:57:00:3e:91:c8:f8:ed:de:93:f9:3e:
                    3e:e8:64:07:e1:e9:b3:9b:d6:1b:d2:e4:a9:0b:10:
                    86:c7:b8:33:27:dc:07:f2:e9:92:9e:61:3d:6f:52:
                    78:6d:f6:a7:21:be:96:8d:b9:3a:61:d7:b4:b7:9e:
                    a5:66:ec:24:09:96:fe:33:46:01:81:d8:9a:77:5a:
                    ba:7e:1b:ac:eb:11:55:30:94:81:7a:31:45:79:21:
                    6b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0A:41:4F:44:C7:47:C1:38:C0:0B:D2:1A:97:B7:0E:25:FC:5B:8C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/5QpBT0THR8E4wAvSGpe3DiX8W4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.244.0-213.218.246.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:d9:84:75:86:5e:6c:d4:4f:75:24:63:52:8a:af:d0:9a:9e:
         73:91:28:4b:cc:2e:00:e0:40:44:a6:39:c4:b8:b6:70:55:bd:
         7d:37:f9:08:ba:d5:d4:c5:ed:b0:8d:ac:a4:f1:c5:57:53:d5:
         ad:bd:bb:be:2f:e8:6e:cf:c0:88:38:dc:27:99:6c:3d:aa:2b:
         13:c7:df:83:ed:44:04:cc:a5:42:d9:a5:a1:b7:36:da:ce:c6:
         74:7f:ab:ab:e6:57:b5:04:29:bd:9b:53:69:c1:34:93:ee:60:
         c8:05:8f:fb:fd:57:52:1d:4a:b9:05:ec:c9:91:a9:7e:21:ce:
         18:6a:6e:a0:67:7b:59:7f:c2:5e:55:3b:77:02:a3:41:14:4e:
         62:52:f7:0b:60:1a:c3:1d:4a:f9:ef:30:6e:ca:e9:10:62:a2:
         13:39:33:00:3e:4d:6f:24:8a:cf:b6:40:da:22:78:bf:3f:a0:
         fd:ff:20:09:d9:22:73:df:f5:44:94:85:76:93:a9:ed:b7:eb:
         e7:a5:33:93:83:f0:8f:cd:7d:7e:34:61:61:8b:ea:7f:01:27:
         df:3e:ca:2b:e5:9f:61:6b:c2:df:e1:70:a0:ef:ac:f1:8a:77:
         e4:4c:ac:50:01:0f:ca:61:34:5d:eb:4b:00:ac:52:71:5b:29:
         6a:fc:28:31
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZWt/PHpXb1HzHy2ngSqnbkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMzE5MTAzOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBhNDE0ZjQ0Yzc0N2MxMzhjMDBiZDIxYTk3YjcwZTI1ZmM1YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0exzLucrVyZhMV/t09KZMtNQlaz
XlqQx89ILQCnb4agcFIYYYRn0ErlLxKAO0xVJQvcJ1RcO0Vw6cRJY+/wQF9c9FBt
S9cCcyjk+cFYHVzS5id9eqvvTt8N8IrNSZNXtWeJv4ErMj1EoPd9nuPqa7mYFFG5
TLx1kL3NsUjS7TdfnIBW5Ht0qVUrzZtSQyVNB6SaeZdkhBC+ImVpiBMummJu/QRH
zm4AVwA+kcj47d6T+T4+6GQH4emzm9Yb0uSpCxCGx7gzJ9wH8umSnmE9b1J4bfan
Ib6Wjbk6Yde0t56lZuwkCZb+M0YBgdiad1q6fhus6xFVMJSBejFFeSFrAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOUKQU9Ex0fBOMAL0hqXtw4l/FuMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNVFwQlQwVEhSOEU0d0F2U0dwZTNEaVg4VzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALV2vQD
BADV2vYwDQYJKoZIhvcNAQELBQADggEBAFrZhHWGXmzUT3UkY1KKr9CannORKEvM
LgDgQESmOcS4tnBVvX03+Qi61dTF7bCNrKTxxVdT1a29u74v6G7PwIg43CeZbD2q
KxPH34PtRATMpULZpaG3NtrOxnR/q6vmV7UEKb2bU2nBNJPuYMgFj/v9V1IdSrkF
7MmRqX4hzhhqbqBne1l/wl5VO3cCo0EUTmJS9wtgGsMdSvnvMG7K6RBiohM5MwA+
TW8kis+2QNoieL8/oP3/IAnZInPf9USUhXaTqe236+elM5OD8I/NfX40YWGL6n8B
J98+yivln2Frwt/hcKDvrPGKd+RMrFABD8phNF3rSwCsUnFbKWr8KDE=
-----END CERTIFICATE-----