Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15zXeTpEnEOhSN99vCFjTP2Mc6E.roa
File:                     15zXeTpEnEOhSN99vCFjTP2Mc6E.roa (raw, json)
Hash identifier:          bSWXXf83qVU43BRYggkB+ehaVpBF7Gzj+0SUW8YDwFA=
Subject key identifier:   D7:9C:D7:79:3A:44:9C:43:A1:48:DF:7D:BC:21:63:4C:FD:8C:73:A1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194CB0D7EE38DBEE35F46B8DDE18C019049
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15zXeTpEnEOhSN99vCFjTP2Mc6E.roa
Signing time:             Mon 03 Feb 2025 09:04:06 +0000
ROA not before:           Mon 03 Feb 2025 09:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215026
IP address blocks:        82.152.176.0/24 maxlen: 24
                          89.213.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cb:0d:7e:e3:8d:be:e3:5f:46:b8:dd:e1:8c:01:90:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  3 09:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d79cd7793a449c43a148df7dbc21634cfd8c73a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0b:a0:e5:0b:2d:63:2e:17:16:78:72:97:92:
                    56:4a:06:fd:7b:35:0f:83:9e:d6:b1:ca:15:d3:65:
                    1e:a5:6c:ae:7c:94:12:75:bc:72:3e:40:b2:c6:ca:
                    c9:cd:95:5b:81:c3:73:a1:11:50:d7:ed:c5:28:0f:
                    aa:16:93:7c:28:8d:07:1f:74:02:81:ea:79:bd:59:
                    74:21:21:18:39:92:a5:67:29:0a:1c:2b:d3:fa:69:
                    94:ab:90:9c:eb:99:30:b0:85:39:6b:e9:eb:25:a0:
                    9e:37:b3:31:4a:b2:21:26:98:e3:f5:7f:3a:52:e5:
                    cb:b3:6c:09:ad:89:66:d9:d0:59:cd:cd:61:a3:70:
                    76:86:24:eb:76:33:0c:99:7b:a5:fe:9a:f6:ec:1b:
                    39:a9:4b:ec:73:5e:00:4a:2f:b4:92:db:fc:eb:e6:
                    3a:e0:61:a3:2e:dd:90:98:4d:08:65:13:48:dc:3e:
                    5c:2b:9d:56:85:13:f6:24:a0:94:c0:11:1d:2e:a6:
                    50:08:a0:42:f5:80:08:c1:5e:34:07:69:a5:b8:cb:
                    50:8a:bb:d7:76:69:bc:e9:7d:33:ec:37:fe:77:fa:
                    ff:67:40:21:b2:4f:fb:a9:69:10:59:e6:b7:10:03:
                    c9:ac:dc:8d:fb:21:3f:96:e8:e1:4e:66:aa:9c:25:
                    ca:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9C:D7:79:3A:44:9C:43:A1:48:DF:7D:BC:21:63:4C:FD:8C:73:A1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/15zXeTpEnEOhSN99vCFjTP2Mc6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.176.0/24
                  89.213.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:af:f0:a3:51:10:82:d4:2e:55:35:94:b4:8c:2b:e1:73:e6:
         b4:40:f0:a9:c6:b6:a5:09:38:ab:b0:94:63:37:17:6b:80:f6:
         9c:42:ad:9d:05:5c:b6:14:c5:e7:e7:82:4c:ed:bd:44:f5:48:
         be:54:ac:c4:fa:71:34:77:69:8d:b5:78:ad:ca:a7:31:1d:8b:
         ab:72:13:b3:55:03:93:3b:15:85:d4:4c:33:7e:e9:1d:1d:aa:
         c5:e0:67:54:5d:86:98:fc:7b:4a:8d:d2:3e:a9:02:bb:d4:e9:
         17:31:f9:79:17:67:1b:70:74:6c:ce:05:fd:c4:d5:dd:0c:77:
         40:28:8e:d9:5f:c4:5b:90:de:46:40:ea:ca:88:2c:8e:01:f1:
         7e:93:ec:d0:1e:96:2f:d0:3a:d0:0e:9c:a8:eb:4d:7c:d8:fd:
         f9:94:63:92:52:ed:6f:f5:dc:a3:d2:c2:d4:f4:ec:22:52:18:
         d9:82:f8:90:46:33:de:96:1d:50:29:22:d2:54:6b:9c:29:61:
         0d:6a:45:28:cc:e5:c8:5d:20:bd:62:30:41:92:00:c4:1e:ab:
         f7:8e:93:54:34:b2:68:eb:e5:ea:fd:8a:27:a4:4b:d6:21:b1:
         80:3e:d1:c8:c4:18:ef:3c:0f:a0:08:17:06:8b:b2:6c:2e:57:
         27:ba:7c:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTLDX7jjb7jX0a43eGMAZBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMjAzMDkwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzljZDc3OTNhNDQ5YzQzYTE0OGRmN2RiYzIxNjM0Y2ZkOGM3M2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQug5QstYy4XFnhyl5JWSgb9ezUP
g57WscoV02UepWyufJQSdbxyPkCyxsrJzZVbgcNzoRFQ1+3FKA+qFpN8KI0HH3QC
gep5vVl0ISEYOZKlZykKHCvT+mmUq5Cc65kwsIU5a+nrJaCeN7MxSrIhJpjj9X86
UuXLs2wJrYlm2dBZzc1ho3B2hiTrdjMMmXul/pr27Bs5qUvsc14ASi+0ktv86+Y6
4GGjLt2QmE0IZRNI3D5cK51WhRP2JKCUwBEdLqZQCKBC9YAIwV40B2mluMtQirvX
dmm86X0z7Df+d/r/Z0Ahsk/7qWkQWea3EAPJrNyN+yE/lujhTmaqnCXKYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNec13k6RJxDoUjffbwhY0z9jHOhMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMTV6WGVUcEVuRU9oU045OXZDRmpUUDJNYzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpiwAwQA
WdVgMA0GCSqGSIb3DQEBCwUAA4IBAQA8r/CjURCC1C5VNZS0jCvhc+a0QPCpxral
CTirsJRjNxdrgPacQq2dBVy2FMXn54JM7b1E9Ui+VKzE+nE0d2mNtXityqcxHYur
chOzVQOTOxWF1EwzfukdHarF4GdUXYaY/HtKjdI+qQK71OkXMfl5F2cbcHRszgX9
xNXdDHdAKI7ZX8RbkN5GQOrKiCyOAfF+k+zQHpYv0DrQDpyo60182P35lGOSUu1v
9dyj0sLU9OwiUhjZgviQRjPelh1QKSLSVGucKWENakUozOXIXSC9YjBBkgDEHqv3
jpNUNLJo6+Xq/YonpEvWIbGAPtHIxBjvPA+gCBcGi7JsLlcnunxD
-----END CERTIFICATE-----