Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0Iq-NHFQ1NphPL1OmEMkpKCcZuQ.roa
File:                     0Iq-NHFQ1NphPL1OmEMkpKCcZuQ.roa (raw, json)
Hash identifier:          Dd4sfHjWpMM/5spCtM0sJA6F0zKJZnQPQPBXUvIWpUA=
Subject key identifier:   D0:8A:BE:34:71:50:D4:DA:61:3C:BD:4E:98:43:24:A4:A0:9C:66:E4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F8E97B73945382F33E7B80C7E8FB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0Iq-NHFQ1NphPL1OmEMkpKCcZuQ.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140224
IP address blocks:        213.218.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f8:e9:7b:73:94:53:82:f3:3e:7b:80:c7:e8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d08abe347150d4da613cbd4e984324a4a09c66e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f8:5f:06:dc:db:c2:64:58:e0:f3:b4:59:7d:
                    3f:1d:70:e0:01:9c:43:59:44:7f:a8:37:41:3f:e7:
                    74:f3:70:29:cb:64:d3:01:29:62:d3:3f:a3:f4:69:
                    be:17:f9:f5:d8:b5:54:ec:e0:1e:ea:6e:d1:5a:11:
                    b2:93:2f:7e:5c:bf:ec:9f:64:d1:39:24:b8:39:56:
                    d0:42:4f:59:b1:5c:2c:ac:d3:dc:68:ec:df:b7:8c:
                    12:f0:27:07:93:4f:49:28:2f:00:af:84:fe:de:00:
                    cf:55:37:d3:e2:51:99:83:15:64:e8:1a:65:51:41:
                    0d:49:e1:36:ce:2e:21:9b:b3:7e:cd:a0:b2:6f:db:
                    0b:1c:c9:80:99:83:3f:e8:54:03:53:a4:e6:35:00:
                    b5:32:49:5c:5b:09:dd:a0:6f:c0:a3:2e:bb:a3:aa:
                    39:ed:d5:f2:28:74:9a:a9:12:fe:b1:c6:35:87:dc:
                    39:e0:4a:6f:85:52:95:18:50:bd:b4:07:5a:a2:8b:
                    27:e4:5e:17:07:4b:6d:fd:45:d4:b9:f4:d5:bc:ca:
                    d8:7c:f9:31:69:4e:a2:b5:6f:2e:be:6e:b9:05:c2:
                    dc:27:a9:bb:6f:31:e7:72:a8:f8:64:d2:e2:d4:a8:
                    2c:ee:27:a3:a9:dd:79:b0:ef:c6:ee:27:c8:4b:27:
                    e5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8A:BE:34:71:50:D4:DA:61:3C:BD:4E:98:43:24:A4:A0:9C:66:E4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0Iq-NHFQ1NphPL1OmEMkpKCcZuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:29:95:d1:28:38:b1:89:17:ce:f4:e5:11:82:16:3e:c6:4c:
         60:5a:f3:55:b7:e1:38:e6:30:5a:69:05:e9:06:a0:65:1f:4e:
         17:bd:49:c3:4c:22:4d:4e:96:32:ee:25:a0:d7:ce:08:00:5a:
         1f:8b:26:82:93:ae:82:de:6b:af:03:cb:23:df:05:ea:60:28:
         a7:6a:2b:b3:63:02:98:b4:a0:c1:0c:83:9e:62:66:8b:87:d8:
         6c:ef:dc:31:90:0e:7c:ed:48:57:03:55:a8:11:c6:58:fc:cc:
         3f:9d:15:6a:fe:56:af:37:be:8e:8e:a8:79:46:a2:82:d7:aa:
         ec:49:d1:39:db:90:ef:00:a0:a6:1e:a5:8d:f2:4d:bb:a4:70:
         ef:d9:0d:8b:2b:98:39:86:4f:c8:90:a2:b3:1a:72:fe:e9:3f:
         72:dc:10:53:47:c4:ff:ec:12:62:5d:7c:30:99:54:8b:e8:dc:
         13:50:6d:43:f2:fd:2a:ff:11:a7:8b:f2:8b:07:ae:b1:d5:e6:
         10:78:78:15:2b:26:b6:24:9b:ac:49:49:f0:2c:5e:b5:cd:fd:
         3f:bc:db:62:96:65:c1:6b:93:48:80:b5:fd:77:0d:3f:15:d7:
         1a:74:1a:a3:ec:4b:4a:1e:f6:4f:0e:96:48:ee:9d:7b:80:40:
         d0:ef:54:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/jpe3OUU4LzPnuAx+j7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDhhYmUzNDcxNTBkNGRhNjEzY2JkNGU5ODQzMjRhNGEwOWM2NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/hfBtzbwmRY4PO0WX0/HXDgAZxD
WUR/qDdBP+d083Apy2TTASli0z+j9Gm+F/n12LVU7OAe6m7RWhGyky9+XL/sn2TR
OSS4OVbQQk9ZsVwsrNPcaOzft4wS8CcHk09JKC8Ar4T+3gDPVTfT4lGZgxVk6Bpl
UUENSeE2zi4hm7N+zaCyb9sLHMmAmYM/6FQDU6TmNQC1MklcWwndoG/Aoy67o6o5
7dXyKHSaqRL+scY1h9w54EpvhVKVGFC9tAdaoosn5F4XB0tt/UXUufTVvMrYfPkx
aU6itW8uvm65BcLcJ6m7bzHncqj4ZNLi1Kgs7iejqd15sO/G7ifISyflGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCKvjRxUNTaYTy9TphDJKSgnGbkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMElxLU5IRlExTnBoUEwxT21FTWtwS0NjWnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drYMA0G
CSqGSIb3DQEBCwUAA4IBAQB6KZXRKDixiRfO9OURghY+xkxgWvNVt+E45jBaaQXp
BqBlH04XvUnDTCJNTpYy7iWg184IAFofiyaCk66C3muvA8sj3wXqYCinaiuzYwKY
tKDBDIOeYmaLh9hs79wxkA587UhXA1WoEcZY/Mw/nRVq/lavN76Ojqh5RqKC16rs
SdE525DvAKCmHqWN8k27pHDv2Q2LK5g5hk/IkKKzGnL+6T9y3BBTR8T/7BJiXXww
mVSL6NwTUG1D8v0q/xGni/KLB66x1eYQeHgVKya2JJusSUnwLF61zf0/vNtilmXB
a5NIgLX9dw0/FdcadBqj7EtKHvZPDpZI7p17gEDQ71Qv
-----END CERTIFICATE-----