Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2b__4Pf9dw66JpJVZgxXQkadIa0.roa
File:                     2b__4Pf9dw66JpJVZgxXQkadIa0.roa (raw, json)
Hash identifier:          +R0TqwcOXBpTWFkWtYnjJPKHmbzsVbin2fG125IYBUU=
Subject key identifier:   D9:BF:FF:E0:F7:FD:77:0E:BA:26:92:55:66:0C:57:42:46:9D:21:AD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421443EBC29B7D02BA647425A26B8EDDD
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2b__4Pf9dw66JpJVZgxXQkadIa0.roa
Signing time:             Wed 01 Jan 2025 09:48:28 +0000
ROA not before:           Wed 01 Jan 2025 09:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401479
IP address blocks:        77.93.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3e:bc:29:b7:d0:2b:a6:47:42:5a:26:b8:ed:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9bfffe0f7fd770eba269255660c5742469d21ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3c:8f:88:43:ac:f1:1a:83:00:b2:a6:8e:46:
                    0a:17:40:cc:94:9e:ac:d8:04:aa:e0:a4:e4:c9:75:
                    37:dd:24:b8:ca:e6:3e:07:4e:2f:c9:b1:4c:5a:12:
                    ea:9a:7a:46:63:67:30:c8:31:31:04:1f:5f:47:e5:
                    92:ab:cf:cf:66:40:b0:d1:0c:e9:cd:ed:eb:62:9c:
                    d1:e7:5d:48:c3:e2:1e:85:cc:3a:5f:c7:2f:61:6d:
                    65:05:9d:09:9f:cd:02:af:5b:ef:f8:84:89:69:e7:
                    22:24:a3:e4:ba:dd:aa:a0:2f:45:4f:19:cd:ae:9d:
                    59:1b:3a:d6:97:34:1c:bf:e1:ed:27:08:c7:dd:b3:
                    2b:f6:81:0d:43:b7:8b:90:b1:b1:c1:2f:d0:c0:7a:
                    2a:38:98:2a:ef:1b:b6:e0:1e:3e:f0:07:04:fd:fa:
                    d4:82:19:69:af:59:66:2b:bf:d1:81:2d:b3:d4:fc:
                    1e:5e:99:92:b4:da:92:2c:73:dd:b6:52:f2:9b:b6:
                    74:6b:ef:b8:26:93:d1:19:4f:75:a4:d5:ae:53:ab:
                    98:75:78:ca:c1:88:ff:b9:48:c2:d0:2a:87:49:d2:
                    0f:4a:ba:ff:ff:eb:ea:a4:35:1c:d0:39:05:94:35:
                    45:9f:f7:1e:79:ab:1b:11:a7:67:1d:86:f4:4e:e5:
                    83:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BF:FF:E0:F7:FD:77:0E:BA:26:92:55:66:0C:57:42:46:9D:21:AD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2b__4Pf9dw66JpJVZgxXQkadIa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:0a:0a:7c:17:a3:8d:8f:00:f0:a3:d5:48:49:fa:11:6a:24:
         01:dd:07:a6:0f:be:ef:86:53:8d:49:8a:95:3c:f5:37:4c:cd:
         74:2f:05:e6:44:f1:dd:53:56:a2:1d:b6:e5:f9:2e:c2:33:ee:
         47:d2:18:99:bc:bb:56:2a:ee:16:de:f0:c8:39:c5:4c:d2:ee:
         8b:e1:62:50:64:db:fc:21:d4:b0:86:7a:15:9c:43:46:95:dc:
         b8:fb:df:a1:ab:e7:e7:e9:ed:01:4b:94:7e:99:34:a7:83:ee:
         1f:4b:82:f9:e5:91:f5:70:8d:44:c3:3b:24:24:3b:90:02:8e:
         ac:16:72:0e:4c:4e:10:5d:fa:6c:a3:28:37:28:66:77:47:8b:
         6e:ac:60:b0:f5:ce:6a:df:31:d5:1d:aa:f8:da:84:a3:f6:1b:
         b9:dd:29:89:33:c1:e1:d5:c7:d2:c8:d3:c3:47:7d:d2:60:ad:
         cb:7e:9d:04:6b:57:3e:44:db:09:a5:11:d4:a4:27:57:6e:b2:
         2e:2e:00:d9:8a:9d:20:39:f9:af:7f:ae:62:db:ab:8f:28:77:
         56:cb:95:bf:40:67:43:fe:5e:16:9d:76:cc:58:42:9d:75:19:
         4c:31:85:af:f4:e3:45:e9:67:be:07:e0:fc:a7:bd:67:17:ea:
         c1:3d:06:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRD68KbfQK6ZHQlomuO3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWJmZmZlMGY3ZmQ3NzBlYmEyNjkyNTU2NjBjNTc0MjQ2OWQyMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjyPiEOs8RqDALKmjkYKF0DMlJ6s
2ASq4KTkyXU33SS4yuY+B04vybFMWhLqmnpGY2cwyDExBB9fR+WSq8/PZkCw0Qzp
ze3rYpzR511Iw+Iehcw6X8cvYW1lBZ0Jn80Cr1vv+ISJaeciJKPkut2qoC9FTxnN
rp1ZGzrWlzQcv+HtJwjH3bMr9oENQ7eLkLGxwS/QwHoqOJgq7xu24B4+8AcE/frU
ghlpr1lmK7/RgS2z1PweXpmStNqSLHPdtlLym7Z0a++4JpPRGU91pNWuU6uYdXjK
wYj/uUjC0CqHSdIPSrr//+vqpDUc0DkFlDVFn/ceeasbEadnHYb0TuWDwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNm//+D3/XcOuiaSVWYMV0JGnSGtMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMmJfXzRQZjlkdzY2SnBKVlpneFhRa2FkSWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTV2YMA0G
CSqGSIb3DQEBCwUAA4IBAQAQCgp8F6ONjwDwo9VISfoRaiQB3QemD77vhlONSYqV
PPU3TM10LwXmRPHdU1aiHbbl+S7CM+5H0hiZvLtWKu4W3vDIOcVM0u6L4WJQZNv8
IdSwhnoVnENGldy4+9+hq+fn6e0BS5R+mTSng+4fS4L55ZH1cI1EwzskJDuQAo6s
FnIOTE4QXfpsoyg3KGZ3R4turGCw9c5q3zHVHar42oSj9hu53SmJM8Hh1cfSyNPD
R33SYK3Lfp0Ea1c+RNsJpRHUpCdXbrIuLgDZip0gOfmvf65i26uPKHdWy5W/QGdD
/l4WnXbMWEKddRlMMYWv9ONF6We+B+D8p71nF+rBPQbQ
-----END CERTIFICATE-----