Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/o9q2JQ00Lo7O0_z_aqMtBQ9SI-Q.roa
File:                     o9q2JQ00Lo7O0_z_aqMtBQ9SI-Q.roa (raw, json)
Hash identifier:          c7Lnbxm4y6lyv6AKHBsrqU4UNx9RuY/tSBlM800K4Ig=
Subject key identifier:   A3:DA:B6:25:0D:34:2E:8E:CE:D3:FC:FF:6A:A3:2D:05:0F:52:23:E4
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0192D331009154E2C58D7198D5C502946A38
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/o9q2JQ00Lo7O0_z_aqMtBQ9SI-Q.roa
Signing time:             Mon 28 Oct 2024 12:54:16 +0000
ROA not before:           Mon 28 Oct 2024 12:54:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215419
IP address blocks:        81.29.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:31:00:91:54:e2:c5:8d:71:98:d5:c5:02:94:6a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Oct 28 12:54:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3dab6250d342e8eced3fcff6aa32d050f5223e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d3:e7:9f:2d:25:55:43:2c:b2:fb:7b:e8:12:
                    79:3a:59:ad:d0:5b:c7:82:e6:db:91:ef:02:58:de:
                    09:7f:d8:1a:0f:f2:eb:18:8f:63:56:3f:73:5f:a3:
                    c5:2a:a5:12:f3:e6:72:4c:da:cf:81:92:45:0c:48:
                    5d:64:37:9f:3f:63:86:68:c0:a0:86:cf:c8:44:75:
                    2a:0b:9f:85:0e:df:17:d7:b8:41:6d:24:6d:e2:12:
                    d6:1e:29:01:f0:9f:b8:fd:2a:d3:53:bc:7a:c6:1e:
                    f2:3e:12:b7:9b:46:13:ee:18:db:3c:5a:58:75:df:
                    33:ec:b0:d7:f0:f3:0c:90:7c:d8:5f:79:81:5f:dd:
                    78:c9:aa:60:26:02:96:4f:25:b3:8e:fd:96:d8:75:
                    99:f6:c3:1d:eb:ae:f4:25:3e:50:33:57:b4:b7:f1:
                    b9:ba:6f:0b:96:f0:cb:90:cd:da:29:cf:c2:21:d8:
                    dd:39:d5:be:2d:01:ad:69:e3:02:9c:32:de:0e:7c:
                    1f:7b:50:c0:f5:71:c8:2e:5a:18:08:81:68:24:6d:
                    b6:30:c4:ca:08:81:7b:b2:68:5b:0d:67:dd:70:db:
                    61:33:32:52:19:a7:cd:a6:87:30:de:50:ba:78:8c:
                    71:9d:66:ea:05:ee:79:b5:dc:33:42:d7:88:b8:81:
                    73:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:DA:B6:25:0D:34:2E:8E:CE:D3:FC:FF:6A:A3:2D:05:0F:52:23:E4
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/o9q2JQ00Lo7O0_z_aqMtBQ9SI-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:06:1a:66:d1:b1:99:1d:00:b4:c0:e0:b0:53:6c:64:12:91:
         5e:71:5c:48:b5:ca:f3:cd:e7:59:8c:0e:66:84:d0:ed:3f:c9:
         03:77:ba:b1:d9:70:a4:a8:20:99:a7:6b:23:59:07:6b:15:c2:
         fd:b1:80:f1:fe:c6:57:e0:26:9f:d9:e2:4b:f5:ca:21:90:57:
         60:81:b7:58:76:15:c9:5a:a5:7d:ae:c3:ec:2e:68:a5:f7:a2:
         ef:e4:56:c9:0b:bc:77:1e:c1:4f:8a:9a:ea:7e:88:09:22:e5:
         57:1d:fd:b4:be:2b:97:33:fb:ed:95:66:a1:d0:0e:76:70:6a:
         cd:4e:c7:bc:5c:e2:77:8e:63:91:38:c4:5e:ea:92:e7:80:50:
         ec:7d:29:24:a9:a7:22:64:24:e7:8a:9c:c0:4f:22:69:19:7f:
         3a:af:32:9c:5d:1a:f7:18:e7:49:8e:73:56:20:a0:29:88:61:
         d3:3c:cb:13:4e:ca:b6:90:2d:e3:c0:90:b2:63:7c:dc:45:a5:
         f9:26:60:27:ed:da:22:5f:d5:f2:0b:7b:1d:d5:88:98:2c:f5:
         d9:17:4e:a5:49:2b:0b:ee:b2:81:ed:c0:2a:12:28:45:8e:ab:
         cc:f9:91:86:75:66:87:24:3a:e8:05:4a:8b:1c:ce:09:d2:4f:
         88:b1:99:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLTMQCRVOLFjXGY1cUClGo4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQxMDI4MTI1NDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2RhYjYyNTBkMzQyZThlY2VkM2ZjZmY2YWEzMmQwNTBmNTIyM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9Pnny0lVUMssvt76BJ5Olmt0FvH
gubbke8CWN4Jf9gaD/LrGI9jVj9zX6PFKqUS8+ZyTNrPgZJFDEhdZDefP2OGaMCg
hs/IRHUqC5+FDt8X17hBbSRt4hLWHikB8J+4/SrTU7x6xh7yPhK3m0YT7hjbPFpY
dd8z7LDX8PMMkHzYX3mBX914yapgJgKWTyWzjv2W2HWZ9sMd6670JT5QM1e0t/G5
um8LlvDLkM3aKc/CIdjdOdW+LQGtaeMCnDLeDnwfe1DA9XHILloYCIFoJG22MMTK
CIF7smhbDWfdcNthMzJSGafNpocw3lC6eIxxnWbqBe55tdwzQteIuIFzjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPatiUNNC6OztP8/2qjLQUPUiPkMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvbzlxMkpRMDBMbzdPMF96X2FxTXRCUTlTSS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2eMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Bhpm0bGZHQC0wOCwU2xkEpFecVxItcrzzedZjA5m
hNDtP8kDd7qx2XCkqCCZp2sjWQdrFcL9sYDx/sZX4Caf2eJL9cohkFdggbdYdhXJ
WqV9rsPsLmil96Lv5FbJC7x3HsFPiprqfogJIuVXHf20viuXM/vtlWah0A52cGrN
Tse8XOJ3jmOROMRe6pLngFDsfSkkqaciZCTnipzATyJpGX86rzKcXRr3GOdJjnNW
IKApiGHTPMsTTsq2kC3jwJCyY3zcRaX5JmAn7doiX9XyC3sd1YiYLPXZF06lSSsL
7rKB7cAqEihFjqvM+ZGGdWaHJDroBUqLHM4J0k+IsZmC
-----END CERTIFICATE-----