Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/egFuI4j1tSqmMyCo2O_VLk5J4W8.roa
File:                     egFuI4j1tSqmMyCo2O_VLk5J4W8.roa (raw, json)
Hash identifier:          riJ4XmyUDKgoAOVmghjhYkwOJVRfnqTxtiIU9WcKX40=
Subject key identifier:   7A:01:6E:23:88:F5:B5:2A:A6:33:20:A8:D8:EF:D5:2E:4E:49:E1:6F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EA9D68DF860A2791B2C1892B5B89480B4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/egFuI4j1tSqmMyCo2O_VLk5J4W8.roa
Signing time:             Thu 04 Apr 2024 15:59:54 +0000
ROA not before:           Thu 04 Apr 2024 15:59:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216022
IP address blocks:        82.152.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:d6:8d:f8:60:a2:79:1b:2c:18:92:b5:b8:94:80:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  4 15:59:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a016e2388f5b52aa63320a8d8efd52e4e49e16f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:44:24:a6:3b:2c:dc:7f:34:52:a0:85:37:8b:
                    1f:19:d1:de:2c:be:cc:c9:ca:07:c3:0e:3f:a8:53:
                    5d:da:f2:76:19:8d:12:03:47:57:aa:12:4d:60:7f:
                    e0:60:32:ee:4e:d6:1c:9c:c6:87:97:36:36:16:1c:
                    30:69:de:20:a0:fd:9e:ca:3a:44:bd:16:8c:a8:9a:
                    a9:19:e2:de:8c:83:eb:8d:da:01:62:a7:d3:b5:1d:
                    03:a6:67:3d:de:25:5f:ea:8c:9e:4b:c1:5b:21:5e:
                    20:65:92:88:91:e9:f1:8d:4c:73:99:de:ca:22:08:
                    0a:95:18:35:01:f3:d5:5c:44:7a:b9:99:8b:50:41:
                    90:77:96:c8:1a:a4:fa:0d:23:e0:04:f3:57:08:42:
                    bf:e0:d8:25:dd:ff:17:c7:34:dc:41:e4:f4:a9:24:
                    77:b9:78:dc:37:1f:6c:a2:9c:5b:0d:b5:36:23:8e:
                    fe:49:36:63:49:0b:e4:b6:17:6c:ce:d9:7d:80:2e:
                    ac:b8:8e:90:d9:cc:4c:05:b4:8c:71:44:76:5a:30:
                    b5:6b:39:62:79:c0:f3:78:10:da:b0:49:84:9e:dc:
                    01:75:72:3e:13:22:e6:3c:8d:04:ba:7b:2c:ad:eb:
                    82:97:c1:b8:ab:ad:79:7a:5b:12:88:a8:cb:bc:5d:
                    cc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:01:6E:23:88:F5:B5:2A:A6:33:20:A8:D8:EF:D5:2E:4E:49:E1:6F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/egFuI4j1tSqmMyCo2O_VLk5J4W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:eb:c6:a0:d3:32:2d:c1:79:09:6e:f4:39:57:92:23:01:41:
         9a:03:9e:4b:5e:63:5a:38:02:82:14:75:27:02:b6:fb:b3:6a:
         ff:29:e4:89:c6:86:cb:e4:21:06:9b:d8:84:cb:cc:a1:5e:98:
         3c:b4:31:e5:87:43:9b:f6:bd:15:c7:09:0e:24:ba:93:2b:be:
         b9:b0:b3:be:38:cd:e0:5a:fc:4a:d9:19:8c:17:ae:1c:1d:6a:
         b9:24:e2:a2:97:ac:b3:ad:4f:9f:7f:f8:7c:38:eb:97:32:64:
         06:77:ae:8b:73:dc:4e:74:6a:17:1b:e7:2b:ed:96:09:42:84:
         fd:7c:21:f4:32:fc:4e:7f:7e:17:91:a6:08:ba:c1:1c:09:ea:
         b1:53:5e:91:7f:30:3a:75:94:26:8f:0f:56:c0:a6:88:e3:da:
         2b:28:7a:6d:72:ad:e7:16:ac:dc:d0:8b:f4:21:82:3e:1e:8d:
         27:ef:fd:ab:3e:ec:ef:8f:a0:c3:e3:7a:68:8d:61:e4:4b:97:
         eb:a2:5c:97:a0:c6:ae:44:ab:ea:8b:f8:2d:57:dd:84:c4:eb:
         c2:5e:7f:9e:68:36:61:1f:13:a6:04:29:ab:df:08:7d:46:77:
         1f:84:61:39:d6:a3:36:d2:29:0a:e9:78:b9:e0:09:16:89:1f:
         15:f3:c6:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6p1o34YKJ5GywYkrW4lIC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDA0MTU1OTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTAxNmUyMzg4ZjViNTJhYTYzMzIwYThkOGVmZDUyZTRlNDllMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkQkpjss3H80UqCFN4sfGdHeLL7M
ycoHww4/qFNd2vJ2GY0SA0dXqhJNYH/gYDLuTtYcnMaHlzY2Fhwwad4goP2eyjpE
vRaMqJqpGeLejIPrjdoBYqfTtR0Dpmc93iVf6oyeS8FbIV4gZZKIkenxjUxzmd7K
IggKlRg1AfPVXER6uZmLUEGQd5bIGqT6DSPgBPNXCEK/4Ngl3f8XxzTcQeT0qSR3
uXjcNx9sopxbDbU2I47+STZjSQvkthdsztl9gC6suI6Q2cxMBbSMcUR2WjC1azli
ecDzeBDasEmEntwBdXI+EyLmPI0EunssreuCl8G4q615elsSiKjLvF3MXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoBbiOI9bUqpjMgqNjv1S5OSeFvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZWdGdUk0ajF0U3FtTXlDbzJPX1ZMazVKNFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpj5MA0G
CSqGSIb3DQEBCwUAA4IBAQCO68ag0zItwXkJbvQ5V5IjAUGaA55LXmNaOAKCFHUn
Arb7s2r/KeSJxobL5CEGm9iEy8yhXpg8tDHlh0Ob9r0VxwkOJLqTK765sLO+OM3g
WvxK2RmMF64cHWq5JOKil6yzrU+ff/h8OOuXMmQGd66Lc9xOdGoXG+cr7ZYJQoT9
fCH0MvxOf34XkaYIusEcCeqxU16RfzA6dZQmjw9WwKaI49orKHptcq3nFqzc0Iv0
IYI+Ho0n7/2rPuzvj6DD43pojWHkS5frolyXoMauRKvqi/gtV92ExOvCXn+eaDZh
HxOmBCmr3wh9RncfhGE51qM20ikK6Xi54AkWiR8V88bU
-----END CERTIFICATE-----