Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/39uZACTSDsyZc1z9pZ9piIjXgrM.roa
File:                     39uZACTSDsyZc1z9pZ9piIjXgrM.roa (raw, json)
Hash identifier:          lrwDObLsL0bVXG5xcClaOQGlK9SeexNPUf2U/l/AVmg=
Subject key identifier:   DF:DB:99:00:24:D2:0E:CC:99:73:5C:FD:A5:9F:69:88:88:D7:82:B3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144203B6DF9A562498A2775B7F973AB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/39uZACTSDsyZc1z9pZ9piIjXgrM.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214346
IP address blocks:        194.105.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:20:3b:6d:f9:a5:62:49:8a:27:75:b7:f9:73:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfdb990024d20ecc99735cfda59f698888d782b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d0:06:0c:8e:b9:c5:2d:4c:48:e8:a6:48:ea:
                    94:2e:ab:25:9a:2e:d4:f6:17:26:bf:0b:72:94:fb:
                    1b:0d:78:e9:2f:88:27:f6:1b:5d:a9:fb:57:69:75:
                    a4:f2:ae:02:b2:68:f5:f5:ee:7b:af:bc:84:45:2d:
                    37:19:7d:46:6b:72:51:ba:da:2e:58:85:2e:db:14:
                    d3:8a:b5:df:62:c0:3f:0f:55:30:3a:73:36:07:12:
                    c2:d8:cd:a2:82:7b:81:f1:17:89:60:82:3e:15:92:
                    f4:74:a7:2e:80:d0:79:a3:63:d5:82:b4:ac:7a:2c:
                    d2:6d:a9:fd:15:ce:4b:02:d0:89:11:de:87:b1:65:
                    78:e7:76:a6:33:00:2b:fb:31:b9:99:94:6b:35:9a:
                    46:37:fb:7e:71:a6:00:4c:72:a8:54:d7:aa:16:5e:
                    f8:9c:c7:96:da:06:f9:06:5d:aa:7e:92:89:14:a2:
                    a1:28:ad:6f:3f:22:7b:61:76:f6:e3:80:fe:2f:ab:
                    cc:26:e7:de:08:16:73:5f:65:06:57:a2:be:10:95:
                    e9:5b:d4:2a:fe:6b:b2:64:05:5f:09:39:f2:df:e7:
                    dd:8a:3e:79:c2:32:26:44:59:ae:2d:77:06:8e:92:
                    6c:6b:1c:52:d1:d4:92:89:f1:ba:2f:e8:d1:ae:fe:
                    53:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DB:99:00:24:D2:0E:CC:99:73:5C:FD:A5:9F:69:88:88:D7:82:B3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/39uZACTSDsyZc1z9pZ9piIjXgrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:68:ea:76:ff:c9:cc:ff:ad:80:ed:2f:6e:cc:2f:41:fb:3c:
         7c:63:dd:66:38:05:31:23:45:d6:0f:30:7a:52:34:55:5a:17:
         40:90:43:fa:e4:f9:91:95:b0:9d:4d:06:11:cc:f4:08:b5:02:
         b2:85:cb:f3:c4:43:7c:e1:e7:e4:82:60:10:c0:6d:4c:b1:0d:
         8c:df:ef:b2:9f:ea:73:e4:47:d8:23:a3:80:35:4b:82:a6:a1:
         5b:4b:61:ea:ba:ba:50:b3:34:99:59:68:1d:49:ea:e6:f8:f4:
         9b:b8:0c:c7:e1:44:d2:2c:d0:63:10:b6:49:80:9f:85:25:b1:
         75:97:62:95:e7:1b:ab:03:12:da:a3:73:5b:3e:b6:05:17:08:
         25:66:d3:ae:a0:d7:a1:24:5d:27:66:c9:a0:04:2c:f0:68:9a:
         04:70:c5:5a:14:f3:87:66:93:f8:7b:95:75:bd:90:66:7d:fe:
         8b:ff:b0:2d:80:9b:f6:a6:9c:81:8b:0b:25:b9:dc:c2:a5:4c:
         a7:2f:7a:85:0d:86:de:4a:06:ac:33:0a:a1:a1:3a:9f:3e:d2:
         ed:2d:58:bc:dd:d7:45:4c:d1:f9:89:fc:21:ab:e8:1c:31:8c:
         be:33:85:44:13:7e:0c:71:41:1e:25:61:81:8d:90:3e:1b:96:
         30:26:f3:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCA7bfmlYkmKJ3W3+XOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRiOTkwMDI0ZDIwZWNjOTk3MzVjZmRhNTlmNjk4ODg4ZDc4MmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstAGDI65xS1MSOimSOqULqslmi7U
9hcmvwtylPsbDXjpL4gn9htdqftXaXWk8q4Csmj19e57r7yERS03GX1Ga3JRutou
WIUu2xTTirXfYsA/D1UwOnM2BxLC2M2ignuB8ReJYII+FZL0dKcugNB5o2PVgrSs
eizSban9Fc5LAtCJEd6HsWV453amMwAr+zG5mZRrNZpGN/t+caYATHKoVNeqFl74
nMeW2gb5Bl2qfpKJFKKhKK1vPyJ7YXb244D+L6vMJufeCBZzX2UGV6K+EJXpW9Qq
/muyZAVfCTny3+fdij55wjImRFmuLXcGjpJsaxxS0dSSifG6L+jRrv5TuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/bmQAk0g7MmXNc/aWfaYiI14KzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMzl1WkFDVFNEc3laYzF6OXBaOXBpSWpYZ3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmlbMA0G
CSqGSIb3DQEBCwUAA4IBAQCIaOp2/8nM/62A7S9uzC9B+zx8Y91mOAUxI0XWDzB6
UjRVWhdAkEP65PmRlbCdTQYRzPQItQKyhcvzxEN84efkgmAQwG1MsQ2M3++yn+pz
5EfYI6OANUuCpqFbS2HqurpQszSZWWgdSerm+PSbuAzH4UTSLNBjELZJgJ+FJbF1
l2KV5xurAxLao3NbPrYFFwglZtOuoNehJF0nZsmgBCzwaJoEcMVaFPOHZpP4e5V1
vZBmff6L/7AtgJv2ppyBiwsludzCpUynL3qFDYbeSgasMwqhoTqfPtLtLVi83ddF
TNH5ifwhq+gcMYy+M4VEE34McUEeJWGBjZA+G5YwJvP5
-----END CERTIFICATE-----