Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2NPsirOcqCDHsTyHJO4rpaCr9bc.roa
File:                     2NPsirOcqCDHsTyHJO4rpaCr9bc.roa (raw, json)
Hash identifier:          WgiHpZN0GgIGLN43imewxlIuhQik5HOFd/0wrgzhNCU=
Subject key identifier:   D8:D3:EC:8A:B3:9C:A8:20:C7:B1:3C:87:24:EE:2B:A5:A0:AB:F5:B7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421441EC4D7EB79C4307EEE6E9E5AC2C6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2NPsirOcqCDHsTyHJO4rpaCr9bc.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214174
IP address blocks:        109.176.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1e:c4:d7:eb:79:c4:30:7e:ee:6e:9e:5a:c2:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8d3ec8ab39ca820c7b13c8724ee2ba5a0abf5b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:64:d2:01:ad:a4:e2:11:6c:6a:f4:a6:01:b4:
                    f7:d3:ca:3a:8b:37:2d:3d:5c:82:a0:65:ae:69:77:
                    ce:ec:35:1c:26:74:75:58:33:12:0e:65:14:57:62:
                    ce:d7:22:c9:98:69:02:9e:a8:85:76:7f:b0:6f:13:
                    78:f8:e8:7e:0d:8b:44:73:af:ea:07:cb:e1:65:f3:
                    da:77:d9:1f:08:29:3b:be:bb:8d:57:1e:de:f1:86:
                    3b:9d:82:ca:d7:f8:2c:31:55:67:22:51:5a:78:70:
                    23:ce:30:6c:99:2e:95:da:d0:69:8d:be:9f:96:fc:
                    34:44:dc:68:b1:8d:d1:f4:59:79:78:7c:65:e5:d3:
                    30:44:dd:66:34:ef:01:f4:35:ba:c1:33:ed:e7:8e:
                    ff:d7:6a:7d:e2:e1:e2:28:05:45:59:ee:48:c2:12:
                    aa:6e:82:24:30:71:94:12:75:29:dd:9a:44:46:91:
                    fc:94:be:df:66:a7:56:5a:3e:e0:6d:d1:33:ce:4d:
                    b1:3c:cc:5d:1a:2a:b7:e0:f8:cc:99:27:0f:62:13:
                    ef:66:60:6a:34:58:33:cb:00:9c:aa:68:c6:ab:22:
                    dc:66:73:e7:e3:18:5b:5a:2d:44:b0:63:4c:7e:1b:
                    a1:81:21:b3:2c:2e:3e:53:c9:5e:78:39:61:b6:ce:
                    6c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D3:EC:8A:B3:9C:A8:20:C7:B1:3C:87:24:EE:2B:A5:A0:AB:F5:B7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2NPsirOcqCDHsTyHJO4rpaCr9bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:cc:79:f2:d1:1b:d8:eb:3d:a8:51:16:dd:17:3e:3b:7b:c9:
         e1:e8:ed:85:78:2f:75:eb:37:89:db:d0:f0:ac:33:98:6c:7d:
         43:5e:2f:d4:c9:66:75:5e:c1:c5:58:ea:87:f5:b1:1a:11:cf:
         4e:02:c3:35:9a:0a:d4:c8:02:c4:63:c7:9f:6a:40:d1:b9:db:
         b6:b7:f1:bc:e2:c7:13:6b:c2:70:25:40:c3:fc:ec:72:db:20:
         0b:aa:a7:72:a4:26:16:05:41:4d:ed:3e:64:6f:78:24:d8:82:
         5d:08:8b:da:8c:a5:ab:ba:1f:3d:1f:08:2b:e5:62:76:4c:4b:
         4d:5f:39:7d:bc:2e:4c:cf:36:15:ce:41:f3:40:75:de:66:8e:
         c4:60:89:41:a7:3a:8a:d1:bc:5d:35:08:30:d8:cc:c6:ef:fd:
         4a:10:97:6e:36:09:37:1d:88:00:70:4e:37:2c:9f:57:cc:33:
         34:bb:42:08:24:3e:48:d1:f3:ca:cc:23:65:65:ca:a2:de:0c:
         65:d0:c0:a9:e0:a2:75:ac:69:03:f5:97:17:72:bb:3e:9c:a0:
         9d:b8:47:a4:75:08:32:2b:b3:16:ee:18:cd:e2:ca:6a:20:1e:
         2f:90:36:78:37:a4:89:03:0b:bb:53:8b:b1:79:57:42:88:fb:
         b8:4e:47:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRB7E1+t5xDB+7m6eWsLGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGQzZWM4YWIzOWNhODIwYzdiMTNjODcyNGVlMmJhNWEwYWJmNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WTSAa2k4hFsavSmAbT308o6izct
PVyCoGWuaXfO7DUcJnR1WDMSDmUUV2LO1yLJmGkCnqiFdn+wbxN4+Oh+DYtEc6/q
B8vhZfPad9kfCCk7vruNVx7e8YY7nYLK1/gsMVVnIlFaeHAjzjBsmS6V2tBpjb6f
lvw0RNxosY3R9Fl5eHxl5dMwRN1mNO8B9DW6wTPt547/12p94uHiKAVFWe5IwhKq
boIkMHGUEnUp3ZpERpH8lL7fZqdWWj7gbdEzzk2xPMxdGiq34PjMmScPYhPvZmBq
NFgzywCcqmjGqyLcZnPn4xhbWi1EsGNMfhuhgSGzLC4+U8leeDlhts5stQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjT7IqznKggx7E8hyTuK6Wgq/W3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMk5Qc2lyT2NxQ0RIc1R5SEpPNHJwYUNyOWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAUMA0G
CSqGSIb3DQEBCwUAA4IBAQAXzHny0RvY6z2oURbdFz47e8nh6O2FeC916zeJ29Dw
rDOYbH1DXi/UyWZ1XsHFWOqH9bEaEc9OAsM1mgrUyALEY8efakDRudu2t/G84scT
a8JwJUDD/Oxy2yALqqdypCYWBUFN7T5kb3gk2IJdCIvajKWruh89Hwgr5WJ2TEtN
Xzl9vC5MzzYVzkHzQHXeZo7EYIlBpzqK0bxdNQgw2MzG7/1KEJduNgk3HYgAcE43
LJ9XzDM0u0IIJD5I0fPKzCNlZcqi3gxl0MCp4KJ1rGkD9ZcXcrs+nKCduEekdQgy
K7MW7hjN4spqIB4vkDZ4N6SJAwu7U4uxeVdCiPu4Tkcx
-----END CERTIFICATE-----