Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/pPSUgW-kch1wzV-mL74GjoJRYas.roa
File:                     pPSUgW-kch1wzV-mL74GjoJRYas.roa (raw, json)
Hash identifier:          14IsY2Pcu5B3SjJ5ycOJDXddH4w35As15arfEbi1nXc=
Subject key identifier:   A4:F4:94:81:6F:A4:72:1D:70:CD:5F:A6:2F:BE:06:8E:82:51:61:AB
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       019426D9C730237F44B1DEB7D08D09C98FBA
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/pPSUgW-kch1wzV-mL74GjoJRYas.roa
Signing time:             Thu 02 Jan 2025 11:49:54 +0000
ROA not before:           Thu 02 Jan 2025 11:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57666
IP address blocks:        84.108.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c7:30:23:7f:44:b1:de:b7:d0:8d:09:c9:8f:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  2 11:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4f494816fa4721d70cd5fa62fbe068e825161ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:13:9b:0b:5b:46:1d:27:ed:fe:cb:8a:8e:01:
                    d6:4e:6a:84:08:47:08:6c:6b:90:f7:6c:fd:84:fb:
                    3c:72:df:67:bf:3a:05:1a:d1:4e:c2:8b:b5:06:c9:
                    ec:40:02:d3:f1:23:fd:87:50:bf:97:a9:63:59:41:
                    52:f0:e3:8c:e6:b8:29:65:8b:61:2c:48:06:c4:10:
                    b5:a5:57:2b:46:84:e1:b1:fb:01:8a:78:03:2a:3b:
                    19:b5:df:65:e4:6e:57:37:05:fa:01:c9:e4:2e:2f:
                    61:87:29:2b:be:a9:ad:a6:b5:c9:9f:67:b5:ca:6a:
                    a7:ed:9e:e9:da:c1:4e:0b:e6:59:c2:4d:e3:0b:f0:
                    db:0a:e8:e4:00:f4:cd:1a:81:54:63:e4:a2:35:3a:
                    60:98:46:c7:6d:92:7b:03:81:90:2f:89:f7:cf:eb:
                    e1:5e:f2:4a:e9:af:32:f5:35:3e:2b:aa:b2:66:26:
                    55:a7:1c:fa:20:8f:df:1a:0e:74:ed:52:ca:fe:eb:
                    50:ad:80:80:b5:dc:54:e1:84:ec:3f:06:f8:30:8b:
                    32:dc:4f:4b:f4:8c:b9:65:12:f9:a9:8f:0f:a9:0f:
                    ce:ee:1f:18:06:67:6b:00:6b:79:f2:a1:63:8b:4f:
                    73:01:fb:57:75:5c:49:9e:69:19:8b:cd:db:b5:21:
                    7f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F4:94:81:6F:A4:72:1D:70:CD:5F:A6:2F:BE:06:8E:82:51:61:AB
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/pPSUgW-kch1wzV-mL74GjoJRYas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.108.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:91:02:6d:0a:ff:39:15:c0:44:82:04:1d:3e:22:1a:90:5c:
         bd:c8:a4:c3:83:88:37:f5:3e:89:93:80:4e:10:25:0f:29:c0:
         21:6d:0e:8e:28:67:dd:1f:ef:2f:32:88:34:14:78:74:9b:b1:
         38:c7:32:56:42:a2:be:22:92:58:32:33:13:d5:41:22:4f:dd:
         67:dc:a7:10:ac:61:1d:61:af:03:fa:f4:2d:18:f2:e3:13:73:
         ec:ae:61:f2:57:92:ac:6e:8b:89:20:07:3f:1f:71:69:6e:be:
         1d:14:fb:9f:ae:ad:99:bf:c4:ae:02:54:39:c0:f5:e1:4b:d0:
         b7:7d:9b:43:6c:8e:5a:f9:2a:95:aa:19:1a:fe:31:08:ab:4c:
         21:bd:6c:97:9d:2e:07:e3:f0:50:11:44:5c:5b:04:f1:f2:97:
         67:9a:b6:49:dc:d6:78:56:7b:ac:77:d5:9c:fb:2d:3c:99:24:
         51:d8:fc:83:62:29:ee:3e:21:69:a9:06:a3:a2:f9:81:2e:ef:
         b9:c3:1f:5b:15:1f:73:1c:a2:1e:d0:9c:d3:f7:3b:84:23:38:
         fc:04:d4:4a:de:44:cf:75:a3:e3:6b:03:86:eb:38:fc:38:44:
         18:2d:1d:1a:b0:a3:9b:47:d6:37:40:af:9f:cf:26:f8:66:89:
         91:72:45:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ccwI39Esd630I0JyY+6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjUwMTAyMTE0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY0OTQ4MTZmYTQ3MjFkNzBjZDVmYTYyZmJlMDY4ZTgyNTE2MWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBObC1tGHSft/suKjgHWTmqECEcI
bGuQ92z9hPs8ct9nvzoFGtFOwou1BsnsQALT8SP9h1C/l6ljWUFS8OOM5rgpZYth
LEgGxBC1pVcrRoThsfsBingDKjsZtd9l5G5XNwX6AcnkLi9hhykrvqmtprXJn2e1
ymqn7Z7p2sFOC+ZZwk3jC/DbCujkAPTNGoFUY+SiNTpgmEbHbZJ7A4GQL4n3z+vh
XvJK6a8y9TU+K6qyZiZVpxz6II/fGg507VLK/utQrYCAtdxU4YTsPwb4MIsy3E9L
9Iy5ZRL5qY8PqQ/O7h8YBmdrAGt58qFji09zAftXdVxJnmkZi83btSF/7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT0lIFvpHIdcM1fpi++Bo6CUWGrMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvcFBTVWdXLWtjaDF3elYtbUw3NEdqb0pSWWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVGwIMA0G
CSqGSIb3DQEBCwUAA4IBAQBpkQJtCv85FcBEggQdPiIakFy9yKTDg4g39T6Jk4BO
ECUPKcAhbQ6OKGfdH+8vMog0FHh0m7E4xzJWQqK+IpJYMjMT1UEiT91n3KcQrGEd
Ya8D+vQtGPLjE3PsrmHyV5KsbouJIAc/H3Fpbr4dFPufrq2Zv8SuAlQ5wPXhS9C3
fZtDbI5a+SqVqhka/jEIq0whvWyXnS4H4/BQEURcWwTx8pdnmrZJ3NZ4Vnusd9Wc
+y08mSRR2PyDYinuPiFpqQajovmBLu+5wx9bFR9zHKIe0JzT9zuEIzj8BNRK3kTP
daPjawOG6zj8OEQYLR0asKObR9Y3QK+fzyb4ZomRckXq
-----END CERTIFICATE-----