Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-ebznkPhArOoR0g4f9d912Hgr48.roa
File:                     1-ebznkPhArOoR0g4f9d912Hgr48.roa (raw, json)
Hash identifier:          MROZdONR88KVrFmP1O6ApB/SGhmcXfz/zpYykxgDPm8=
Subject key identifier:   F9:E6:F3:9E:43:E1:02:B3:A8:47:48:38:7F:D7:7D:D7:61:E0:AF:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019242FF6DE59321A163CAB1551BF512C3B5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-ebznkPhArOoR0g4f9d912Hgr48.roa
Signing time:             Mon 30 Sep 2024 12:54:48 +0000
ROA not before:           Mon 30 Sep 2024 12:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        213.210.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:ff:6d:e5:93:21:a1:63:ca:b1:55:1b:f5:12:c3:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 30 12:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9e6f39e43e102b3a84748387fd77dd761e0af8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1d:65:77:79:a8:21:f4:22:3a:95:73:7b:9c:
                    27:cf:ce:b0:52:c0:c6:fd:73:c8:1d:7f:59:93:21:
                    74:e3:33:79:0e:1e:c1:73:40:89:20:33:00:e0:fc:
                    4a:35:37:2a:30:d1:d2:09:89:a9:81:a5:b1:84:ad:
                    40:4d:02:9b:c6:ff:f9:7c:55:93:be:08:a4:82:d2:
                    47:77:08:cf:a1:10:77:dd:97:66:fc:85:aa:e9:78:
                    2d:ed:21:c5:42:69:fd:db:fb:eb:44:ff:7a:d9:57:
                    82:ac:a4:9a:ce:48:64:ce:c4:72:da:15:28:fd:39:
                    00:ab:0b:26:c5:64:78:58:28:1d:c4:bd:fd:3d:fb:
                    2e:5e:91:ee:67:95:22:9d:08:a2:25:56:09:f6:f1:
                    0b:ef:fe:74:9d:a4:0e:4d:62:39:5b:58:8a:89:56:
                    b7:c6:87:f5:a5:fb:12:dd:d7:bf:16:d2:11:b5:2d:
                    02:15:8b:7b:9f:c4:19:13:25:e7:42:66:6b:b8:9b:
                    25:f5:b1:c6:94:95:44:fe:1a:63:8c:e4:30:73:90:
                    2f:4c:2e:e2:47:a0:3e:02:46:1f:6c:8f:89:ff:2f:
                    19:66:80:3f:8c:f6:97:25:4d:5e:5f:4d:2e:1c:ce:
                    5a:f1:fd:4e:85:d6:a0:23:9d:25:21:7c:ff:39:0c:
                    1e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E6:F3:9E:43:E1:02:B3:A8:47:48:38:7F:D7:7D:D7:61:E0:AF:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-ebznkPhArOoR0g4f9d912Hgr48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ce:37:d5:c2:c6:7c:d0:a8:17:b6:58:4e:4e:95:00:d6:47:
         20:3e:e3:81:d5:cb:67:43:a5:e8:0d:a2:37:00:bb:93:e1:9d:
         cb:86:5c:eb:20:71:e1:3a:54:9f:a2:7d:c1:88:44:93:da:2c:
         57:0f:cf:59:71:46:5e:1a:3b:f5:46:cc:4f:37:87:8a:a6:c1:
         9e:ce:b0:58:64:10:8b:95:c5:f4:a0:af:40:97:18:fb:b6:5b:
         7f:50:28:1c:62:34:5a:3b:1b:38:9e:53:7b:ec:6c:6d:24:06:
         c1:8a:1f:d6:51:73:06:25:ff:cd:60:1d:ed:87:14:7f:f9:6a:
         a6:a5:f6:15:cd:e5:39:04:c8:da:c6:ee:ca:b3:f1:87:51:ed:
         15:61:7d:f7:5d:4a:aa:89:cf:c6:1c:8e:f3:45:9b:8a:29:f7:
         ad:11:6b:c7:e5:4a:ef:0d:ba:2f:ee:f5:f8:43:17:05:b6:9b:
         29:de:61:ac:ab:68:40:c6:16:6a:fa:4e:0e:e6:09:ab:20:02:
         b1:6b:bd:f9:5e:b5:40:b4:d7:a2:e7:15:ae:5e:73:66:b3:2b:
         17:13:ed:40:6d:41:1c:11:46:af:31:1f:82:4c:f7:a4:d4:5b:
         e6:4c:c0:31:fc:06:d8:cc:01:fb:b4:28:6c:4e:99:e3:3f:d2:
         18:37:48:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJC/23lkyGhY8qxVRv1EsO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTMwMTI1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWU2ZjM5ZTQzZTEwMmIzYTg0NzQ4Mzg3ZmQ3N2RkNzYxZTBhZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3x1ld3moIfQiOpVze5wnz86wUsDG
/XPIHX9ZkyF04zN5Dh7Bc0CJIDMA4PxKNTcqMNHSCYmpgaWxhK1ATQKbxv/5fFWT
vgikgtJHdwjPoRB33Zdm/IWq6Xgt7SHFQmn92/vrRP962VeCrKSazkhkzsRy2hUo
/TkAqwsmxWR4WCgdxL39PfsuXpHuZ5UinQiiJVYJ9vEL7/50naQOTWI5W1iKiVa3
xof1pfsS3de/FtIRtS0CFYt7n8QZEyXnQmZruJsl9bHGlJVE/hpjjOQwc5AvTC7i
R6A+AkYfbI+J/y8ZZoA/jPaXJU1eX00uHM5a8f1OhdagI50lIXz/OQwe/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnm855D4QKzqEdIOH/Xfddh4K+PMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1lYnpua1BoQXJPb1IwZzRmOWQ5MTJIZ3I0OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANXSIjAN
BgkqhkiG9w0BAQsFAAOCAQEAcM431cLGfNCoF7ZYTk6VANZHID7jgdXLZ0Ol6A2i
NwC7k+Gdy4Zc6yBx4TpUn6J9wYhEk9osVw/PWXFGXho79UbMTzeHiqbBns6wWGQQ
i5XF9KCvQJcY+7Zbf1AoHGI0WjsbOJ5Te+xsbSQGwYof1lFzBiX/zWAd7YcUf/lq
pqX2Fc3lOQTI2sbuyrPxh1HtFWF9911KqonPxhyO80Wbiin3rRFrx+VK7w26L+71
+EMXBbabKd5hrKtoQMYWavpODuYJqyACsWu9+V61QLTXoucVrl5zZrMrFxPtQG1B
HBFGrzEfgkz3pNRb5kzAMfwG2MwB+7QobE6Z4z/SGDdIgg==
-----END CERTIFICATE-----