Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/03reENBif9rdl4OxZA33fs5fSvY.roa
File:                     03reENBif9rdl4OxZA33fs5fSvY.roa (raw, json)
Hash identifier:          fvtKNYuk7zt3HOI/BIZScveMRSphhbLSoKnI+iAgvTc=
Subject key identifier:   D3:7A:DE:10:D0:62:7F:DA:DD:97:83:B1:64:0D:F7:7E:CE:5F:4A:F6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194B717F245C46F25A9508652F5F7C9EEBF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/03reENBif9rdl4OxZA33fs5fSvY.roa
Signing time:             Thu 30 Jan 2025 12:03:07 +0000
ROA not before:           Thu 30 Jan 2025 12:03:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213515
IP address blocks:        213.210.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:17:f2:45:c4:6f:25:a9:50:86:52:f5:f7:c9:ee:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 30 12:03:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d37ade10d0627fdadd9783b1640df77ece5f4af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:35:4e:d6:4b:df:a7:02:f7:08:84:72:9f:74:
                    18:e3:19:b7:97:cb:f5:53:12:ed:01:aa:65:2a:08:
                    26:e8:59:21:23:0e:28:0c:5c:39:f1:d2:66:95:07:
                    0b:c3:62:fd:0d:7f:ba:1e:ba:a8:b6:e4:92:d8:f9:
                    bd:74:10:24:eb:e8:9a:85:0b:0d:d4:45:85:7a:af:
                    0e:6f:62:5e:16:87:68:8e:a9:3d:39:30:73:45:bc:
                    87:83:e4:1f:97:76:45:25:f0:88:36:81:c0:be:8d:
                    a7:25:17:94:cc:88:ab:f0:a5:af:03:bb:f1:30:a6:
                    57:4e:53:18:88:9e:af:de:d3:f8:9f:7c:2a:9d:b0:
                    4f:82:4e:a0:4a:50:ba:64:4a:a9:1f:ff:89:ec:40:
                    5e:12:40:86:76:cc:0b:72:9a:3f:b7:90:9b:28:0d:
                    0c:71:2d:f0:bf:60:12:66:90:f3:f9:30:79:ec:a8:
                    be:e7:2f:1b:84:24:de:c9:85:4b:b7:21:bb:05:a3:
                    b1:42:ec:9b:54:54:6f:39:2c:dc:d5:96:36:49:77:
                    d0:36:c7:8a:08:cb:02:08:c5:28:b5:8d:df:5e:e9:
                    d2:94:94:4e:38:de:35:16:f0:d8:02:7d:74:f6:1d:
                    e8:df:1f:26:38:4a:64:17:cd:25:1c:96:29:47:ed:
                    7a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:7A:DE:10:D0:62:7F:DA:DD:97:83:B1:64:0D:F7:7E:CE:5F:4A:F6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/03reENBif9rdl4OxZA33fs5fSvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:1b:0a:c1:f8:9b:7f:a2:1d:b3:7b:6e:ec:49:81:8d:00:8f:
         67:90:91:dd:c4:17:07:1e:a1:7e:95:7a:ce:1a:c7:a8:a5:0d:
         04:da:9f:2d:40:61:55:12:44:83:a7:27:41:0d:f1:7f:88:a6:
         96:1b:4d:d4:5b:da:78:48:76:5a:33:fa:00:ac:e6:cd:fc:9a:
         f7:71:54:e2:f7:ac:b2:1f:05:d1:b1:15:3c:f4:53:f3:0a:ce:
         b2:c6:3b:87:0f:53:55:33:36:3b:09:c7:c1:8a:44:d1:82:cd:
         85:d5:1d:c6:37:29:97:8d:88:f6:4d:cf:7e:68:08:29:07:bc:
         71:c1:50:f1:02:f8:24:38:d9:0b:29:21:23:9c:f7:df:90:1c:
         94:b7:16:11:df:ba:39:52:b4:ab:75:a7:19:0b:c1:e3:f1:6b:
         2d:ce:68:7b:2d:32:66:53:4b:0e:b6:52:11:62:f0:43:7c:2d:
         c6:57:11:49:c4:21:8d:c1:5c:99:03:e0:59:0d:28:7a:3e:b1:
         9d:ce:83:21:91:87:dc:c4:60:e8:21:6d:1a:bc:3f:74:d0:05:
         e9:73:39:34:53:ba:73:c5:a1:88:9c:5d:dd:ca:6b:0b:c7:2d:
         2b:89:27:4d:83:4c:b9:8e:05:92:2c:bb:60:86:3e:f7:35:9d:
         db:48:20:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS3F/JFxG8lqVCGUvX3ye6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTMwMTIwMzA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzdhZGUxMGQwNjI3ZmRhZGQ5NzgzYjE2NDBkZjc3ZWNlNWY0YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TVO1kvfpwL3CIRyn3QY4xm3l8v1
UxLtAaplKggm6FkhIw4oDFw58dJmlQcLw2L9DX+6HrqotuSS2Pm9dBAk6+iahQsN
1EWFeq8Ob2JeFodojqk9OTBzRbyHg+Qfl3ZFJfCINoHAvo2nJReUzIir8KWvA7vx
MKZXTlMYiJ6v3tP4n3wqnbBPgk6gSlC6ZEqpH/+J7EBeEkCGdswLcpo/t5CbKA0M
cS3wv2ASZpDz+TB57Ki+5y8bhCTeyYVLtyG7BaOxQuybVFRvOSzc1ZY2SXfQNseK
CMsCCMUotY3fXunSlJROON41FvDYAn109h3o3x8mOEpkF80lHJYpR+16rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNN63hDQYn/a3ZeDsWQN937OX0r2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMDNyZUVOQmlmOXJkbDRPeFpBMzNmczVmU3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIiMA0G
CSqGSIb3DQEBCwUAA4IBAQBbGwrB+Jt/oh2ze27sSYGNAI9nkJHdxBcHHqF+lXrO
GseopQ0E2p8tQGFVEkSDpydBDfF/iKaWG03UW9p4SHZaM/oArObN/Jr3cVTi96yy
HwXRsRU89FPzCs6yxjuHD1NVMzY7CcfBikTRgs2F1R3GNymXjYj2Tc9+aAgpB7xx
wVDxAvgkONkLKSEjnPffkByUtxYR37o5UrSrdacZC8Hj8Wstzmh7LTJmU0sOtlIR
YvBDfC3GVxFJxCGNwVyZA+BZDSh6PrGdzoMhkYfcxGDoIW0avD900AXpczk0U7pz
xaGInF3dymsLxy0riSdNg0y5jgWSLLtghj73NZ3bSCCp
-----END CERTIFICATE-----