Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/3e775d-b117-40dd-ae6a-2d502e956c04/1/PHU8bveJ4V86SqIQTMnWW43DqBE.roa
File:                     PHU8bveJ4V86SqIQTMnWW43DqBE.roa (raw, json)
Hash identifier:          3OhBnf8f8HGM5ArwPPNt9UU72cQZdAdKTbSA4Z11k2Y=
Subject key identifier:   3C:75:3C:6E:F7:89:E1:5F:3A:4A:A2:10:4C:C9:D6:5B:8D:C3:A8:11
Certificate issuer:       /CN=4c9d6c55be1be8a84ad2dfd5a7ffa5848f54d409
Certificate serial:       019421B1BC599AE175071ECDA7793D0CB800
Authority key identifier: 4C:9D:6C:55:BE:1B:E8:A8:4A:D2:DF:D5:A7:FF:A5:84:8F:54:D4:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJ1sVb4b6KhK0t_Vp_-lhI9U1Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/3e775d-b117-40dd-ae6a-2d502e956c04/1/PHU8bveJ4V86SqIQTMnWW43DqBE.roa
Signing time:             Wed 01 Jan 2025 11:48:03 +0000
ROA not before:           Wed 01 Jan 2025 11:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207332
IP address blocks:        91.212.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/3e775d-b117-40dd-ae6a-2d502e956c04/1/TJ1sVb4b6KhK0t_Vp_-lhI9U1Ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/3e775d-b117-40dd-ae6a-2d502e956c04/1/TJ1sVb4b6KhK0t_Vp_-lhI9U1Ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJ1sVb4b6KhK0t_Vp_-lhI9U1Ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:bc:59:9a:e1:75:07:1e:cd:a7:79:3d:0c:b8:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c9d6c55be1be8a84ad2dfd5a7ffa5848f54d409
        Validity
            Not Before: Jan  1 11:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c753c6ef789e15f3a4aa2104cc9d65b8dc3a811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f9:40:35:0d:a9:bd:6a:ea:5a:db:a0:1a:6d:
                    52:74:c6:6e:d2:ca:14:c9:80:c9:5c:53:74:84:12:
                    1e:7b:7e:69:46:2e:3f:cd:ec:65:38:19:89:0f:7c:
                    9b:0a:30:9b:b2:92:19:ac:4d:04:ff:c4:56:64:52:
                    68:a7:46:85:8c:89:21:c9:09:c5:10:cd:9d:2b:6d:
                    9b:8c:65:1f:2e:23:4e:b7:17:8c:0d:04:d8:49:01:
                    30:7a:a9:18:e3:7e:4c:ee:9c:fd:05:20:62:90:da:
                    6f:90:cc:80:2c:a6:de:5c:08:88:d8:99:8a:37:74:
                    53:be:f0:9d:f0:62:cd:4c:7b:ea:24:87:81:9d:f6:
                    3d:c3:42:bf:51:85:fb:95:56:5d:3c:6f:5b:9b:8a:
                    1b:3b:60:85:bd:e4:9c:d4:39:11:da:5f:35:64:51:
                    63:5d:ba:6f:50:55:88:e0:5c:94:5a:43:dd:f0:74:
                    3e:49:8d:d8:6a:e1:11:fd:0a:ad:60:61:64:9d:0e:
                    f9:45:e9:28:36:65:9d:73:6d:c9:6b:22:be:15:e0:
                    25:90:58:9c:10:73:cc:0a:1d:72:8d:64:a4:4f:18:
                    93:09:65:71:f2:69:7b:3e:02:7b:67:b1:87:54:c9:
                    49:a5:a0:a3:b7:a3:e0:4d:a6:90:6b:7c:fa:a7:c3:
                    aa:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:75:3C:6E:F7:89:E1:5F:3A:4A:A2:10:4C:C9:D6:5B:8D:C3:A8:11
            X509v3 Authority Key Identifier:
                keyid:4C:9D:6C:55:BE:1B:E8:A8:4A:D2:DF:D5:A7:FF:A5:84:8F:54:D4:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJ1sVb4b6KhK0t_Vp_-lhI9U1Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/3e775d-b117-40dd-ae6a-2d502e956c04/1/PHU8bveJ4V86SqIQTMnWW43DqBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/3e775d-b117-40dd-ae6a-2d502e956c04/1/TJ1sVb4b6KhK0t_Vp_-lhI9U1Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:02:27:9c:c0:79:7e:38:f0:83:8d:de:15:2a:76:8c:6c:0f:
         2c:d4:d2:6e:d6:7f:a2:02:3f:6e:32:0f:ae:41:2b:14:37:11:
         97:e5:95:7c:e3:fb:e8:bc:e4:f6:69:2f:e2:84:c8:45:f1:8f:
         2d:26:89:8c:68:01:2e:8a:0a:df:4c:82:ad:8e:c5:b5:f7:20:
         b8:81:9d:d6:30:a5:4f:5a:12:77:89:68:20:8b:49:0c:be:58:
         44:47:67:12:62:dc:f5:e7:7f:55:2e:4b:ee:04:08:0e:36:ee:
         5f:f7:fa:b5:ed:ab:fe:ba:32:55:7b:47:04:5b:52:a3:23:75:
         86:09:99:9f:ec:41:47:ba:b7:51:b5:ba:29:48:1e:d8:7d:ff:
         32:fb:3e:33:91:77:bb:5c:a9:ff:08:70:4c:1f:fa:02:7c:f3:
         bf:72:df:14:8b:c8:5e:d8:e2:f7:6a:83:d4:67:40:57:60:66:
         77:07:c9:6d:4a:b2:9e:b3:15:ea:5a:9d:50:d8:ba:ca:0f:64:
         d3:60:cc:99:fc:5d:aa:79:3a:ab:bf:34:71:74:98:ff:85:24:
         46:8e:7f:43:f8:1f:35:e3:87:54:9d:c9:99:5d:08:3d:07:c2:
         f2:3d:11:c2:e4:31:48:a9:1c:c8:4b:a8:77:55:ba:f8:ef:88:
         29:81:23:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbxZmuF1Bx7Np3k9DLgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOWQ2YzU1YmUxYmU4YTg0YWQyZGZkNWE3ZmZhNTg0OGY1
NGQ0MDkwHhcNMjUwMTAxMTE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc1M2M2ZWY3ODllMTVmM2E0YWEyMTA0Y2M5ZDY1YjhkYzNhODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvlANQ2pvWrqWtugGm1SdMZu0soU
yYDJXFN0hBIee35pRi4/zexlOBmJD3ybCjCbspIZrE0E/8RWZFJop0aFjIkhyQnF
EM2dK22bjGUfLiNOtxeMDQTYSQEweqkY435M7pz9BSBikNpvkMyALKbeXAiI2JmK
N3RTvvCd8GLNTHvqJIeBnfY9w0K/UYX7lVZdPG9bm4obO2CFveSc1DkR2l81ZFFj
XbpvUFWI4FyUWkPd8HQ+SY3YauER/QqtYGFknQ75RekoNmWdc23JayK+FeAlkFic
EHPMCh1yjWSkTxiTCWVx8ml7PgJ7Z7GHVMlJpaCjt6PgTaaQa3z6p8OqlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx1PG73ieFfOkqiEEzJ1luNw6gRMB8GA1UdIwQY
MBaAFEydbFW+G+ioStLf1af/pYSPVNQJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEoxc1ZiNGI2S2hLMHRfVnBfLWxoSTlVMUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8zZTc3NWQtYjExNy00MGRkLWFlNmEt
MmQ1MDJlOTU2YzA0LzEvUEhVOGJ2ZUo0Vjg2U3FJUVRNbldXNDNEcUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8zZTc3NWQtYjExNy00MGRkLWFlNmEtMmQ1MDJlOTU2YzA0
LzEvVEoxc1ZiNGI2S2hLMHRfVnBfLWxoSTlVMUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QAMA0G
CSqGSIb3DQEBCwUAA4IBAQACAiecwHl+OPCDjd4VKnaMbA8s1NJu1n+iAj9uMg+u
QSsUNxGX5ZV84/vovOT2aS/ihMhF8Y8tJomMaAEuigrfTIKtjsW19yC4gZ3WMKVP
WhJ3iWggi0kMvlhER2cSYtz1539VLkvuBAgONu5f9/q17av+ujJVe0cEW1KjI3WG
CZmf7EFHurdRtbopSB7Yff8y+z4zkXe7XKn/CHBMH/oCfPO/ct8Ui8he2OL3aoPU
Z0BXYGZ3B8ltSrKesxXqWp1Q2LrKD2TTYMyZ/F2qeTqrvzRxdJj/hSRGjn9D+B81
44dUncmZXQg9B8LyPRHC5DFIqRzIS6h3Vbr474gpgSOK
-----END CERTIFICATE-----