Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2P-QErBr-TGI0Z64KdVg6X7VyBw.roa
File:                     2P-QErBr-TGI0Z64KdVg6X7VyBw.roa (raw, json)
Hash identifier:          ap1tZIw8/TG1mgJVYqAROYITK+qzaf6UHHWZd2u+88s=
Subject key identifier:   D8:FF:90:12:B0:6B:F9:31:88:D1:9E:B8:29:D5:60:E9:7E:D5:C8:1C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421442AE8097FC3543BF7801FFF5B703E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2P-QErBr-TGI0Z64KdVg6X7VyBw.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215184
IP address blocks:        82.152.105.0/24 maxlen: 24
                          213.130.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2a:e8:09:7f:c3:54:3b:f7:80:1f:ff:5b:70:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8ff9012b06bf93188d19eb829d560e97ed5c81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:38:39:7a:0b:c4:1e:a6:7f:8a:38:05:7b:6a:
                    fe:86:40:3d:ca:ef:4f:3a:96:0b:35:cb:a9:8b:6d:
                    dd:d0:81:c2:4e:c0:74:8c:12:49:09:8c:37:60:2a:
                    3e:47:62:ff:f9:5c:06:ca:73:e2:24:d1:a0:76:61:
                    92:85:cc:a9:1f:03:2e:bb:70:21:b7:ee:75:d0:ac:
                    ca:c9:fd:62:bb:81:da:8c:87:23:ec:c7:2d:21:00:
                    f6:d1:27:17:c1:ef:cb:ae:6d:db:fe:dc:97:05:2e:
                    5e:09:42:61:a3:7b:f1:ff:36:02:ab:46:51:2a:d1:
                    b4:a3:ac:2a:ec:f8:16:99:0c:73:c2:31:21:be:60:
                    75:b2:fa:e7:97:77:59:f0:db:bf:fa:6f:30:67:1f:
                    af:3e:f8:5f:e0:5d:71:c4:be:04:34:61:13:7a:97:
                    8e:3b:f8:90:f5:36:25:72:d3:54:dc:a3:68:88:bf:
                    bd:31:f0:f7:96:fe:81:29:e6:7e:14:71:95:65:9e:
                    d6:2f:2d:dc:b6:5c:e4:ad:3b:f3:d4:72:2e:95:be:
                    6c:e3:5d:e3:24:88:59:1b:1d:51:90:0f:be:e9:74:
                    fd:9b:f4:de:56:79:c3:11:ee:3f:59:c6:c1:bb:72:
                    d0:c3:29:e0:b7:29:14:fe:d9:b1:3c:83:a9:29:67:
                    8a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FF:90:12:B0:6B:F9:31:88:D1:9E:B8:29:D5:60:E9:7E:D5:C8:1C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2P-QErBr-TGI0Z64KdVg6X7VyBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.105.0/24
                  213.130.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:6d:78:de:41:29:7b:d1:39:31:aa:4d:ac:da:eb:db:b3:91:
         2c:c7:8a:5b:be:9e:72:10:51:16:02:ee:25:ba:62:1a:18:a6:
         da:86:9f:c3:ce:63:81:43:56:30:36:8d:b1:02:3c:b9:13:cf:
         7a:11:2c:2c:b9:8c:fe:de:63:44:ba:36:f1:fe:22:f4:ec:00:
         6f:59:fb:ba:56:64:91:04:3e:46:3b:fa:40:99:23:b9:3c:f5:
         a2:6f:71:01:b3:7e:8f:6f:b2:5e:5d:a7:ec:e9:e5:ed:41:89:
         f0:02:2a:ac:48:ab:e9:d3:d7:28:25:77:c6:70:cb:44:38:21:
         09:1b:a3:e4:a3:6e:a9:24:0a:49:f0:c1:11:c3:4f:aa:ea:18:
         3d:de:af:8b:3d:9c:e1:1c:c0:4e:ac:18:f1:b3:f9:21:9c:7b:
         ad:21:e9:00:1c:12:eb:51:d9:fb:93:14:7d:6b:35:ec:b3:76:
         0f:fc:2a:a7:06:3e:94:6a:6a:6c:13:cc:4a:0b:50:29:a3:0c:
         e4:15:c9:a5:0c:13:1c:c2:ea:32:2c:03:25:b6:88:99:6b:89:
         76:9f:30:0e:c6:ff:50:ce:d1:09:1e:b3:09:48:fb:2d:73:72:
         bc:6c:cb:74:0f:9f:b1:cb:29:c5:c2:46:8b:b6:b4:32:1c:a3:
         69:1a:94:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRCroCX/DVDv3gB//W3A+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGZmOTAxMmIwNmJmOTMxODhkMTllYjgyOWQ1NjBlOTdlZDVjODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDg5egvEHqZ/ijgFe2r+hkA9yu9P
OpYLNcupi23d0IHCTsB0jBJJCYw3YCo+R2L/+VwGynPiJNGgdmGShcypHwMuu3Ah
t+510KzKyf1iu4HajIcj7MctIQD20ScXwe/Lrm3b/tyXBS5eCUJho3vx/zYCq0ZR
KtG0o6wq7PgWmQxzwjEhvmB1svrnl3dZ8Nu/+m8wZx+vPvhf4F1xxL4ENGETepeO
O/iQ9TYlctNU3KNoiL+9MfD3lv6BKeZ+FHGVZZ7WLy3ctlzkrTvz1HIulb5s413j
JIhZGx1RkA++6XT9m/TeVnnDEe4/WcbBu3LQwyngtykU/tmxPIOpKWeKGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNj/kBKwa/kxiNGeuCnVYOl+1cgcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMlAtUUVyQnItVEdJMFo2NEtkVmc2WDdWeUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUphpAwQC
1YKMMA0GCSqGSIb3DQEBCwUAA4IBAQCmbXjeQSl70Tkxqk2s2uvbs5Esx4pbvp5y
EFEWAu4lumIaGKbahp/DzmOBQ1YwNo2xAjy5E896ESwsuYz+3mNEujbx/iL07ABv
Wfu6VmSRBD5GO/pAmSO5PPWib3EBs36Pb7JeXafs6eXtQYnwAiqsSKvp09coJXfG
cMtEOCEJG6Pko26pJApJ8MERw0+q6hg93q+LPZzhHMBOrBjxs/khnHutIekAHBLr
Udn7kxR9azXss3YP/CqnBj6UampsE8xKC1ApowzkFcmlDBMcwuoyLAMltoiZa4l2
nzAOxv9QztEJHrMJSPstc3K8bMt0D5+xyynFwkaLtrQyHKNpGpQ5
-----END CERTIFICATE-----