Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3HeJCjomLuBV7Nu2smTmbYxJTSM.roa
File:                     3HeJCjomLuBV7Nu2smTmbYxJTSM.roa (raw, json)
Hash identifier:          QuuG+6gPtKybcDA6EBkbNPewG0wp7PB/yt9+O7R49VM=
Subject key identifier:   DC:77:89:0A:3A:26:2E:E0:55:EC:DB:B6:B2:64:E6:6D:8C:49:4D:23
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F452189A3C503A55070DF056BCF4BCECC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3HeJCjomLuBV7Nu2smTmbYxJTSM.roa
Signing time:             Sat 04 May 2024 19:42:56 +0000
ROA not before:           Sat 04 May 2024 19:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        89.213.120.0/24 maxlen: 24
                          213.210.39.0/24 maxlen: 24
                          213.218.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:45:21:89:a3:c5:03:a5:50:70:df:05:6b:cf:4b:ce:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  4 19:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc77890a3a262ee055ecdbb6b264e66d8c494d23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:25:ad:6e:aa:0b:a8:80:42:a1:e4:d8:64:a0:
                    9f:53:9f:13:ed:75:e0:a9:59:36:e6:72:2a:9f:2c:
                    a8:0f:55:51:6f:b0:00:e3:d6:25:9b:cd:bf:cd:c6:
                    d9:0a:fe:86:01:41:c0:0c:36:1a:44:b1:d3:aa:61:
                    07:88:1e:db:21:60:0b:29:f6:c9:45:ba:62:54:3f:
                    6b:ed:e2:d8:17:c2:36:50:51:ed:ec:bd:15:90:10:
                    43:c2:72:9e:8f:2a:da:17:88:40:92:84:f9:7b:41:
                    d1:7b:62:aa:bf:8b:62:5f:12:20:cd:b6:f5:bf:49:
                    ed:7f:60:78:c2:db:ae:0f:61:7a:32:24:5e:d4:5f:
                    28:86:d6:4a:7a:a7:83:b8:ae:e4:0d:b0:45:30:9c:
                    ad:0e:ab:29:52:97:bd:53:3b:f1:b0:cb:f4:ea:f1:
                    a6:71:5d:91:ee:69:ff:7f:bc:3f:b7:07:cc:ae:56:
                    e5:f7:6e:e6:57:2f:e1:17:b7:3d:86:44:48:45:7a:
                    28:b4:cb:c3:19:5f:1f:39:aa:4e:93:ca:0d:9b:83:
                    a9:3d:d8:46:0d:01:01:7a:88:72:71:fd:98:1c:ae:
                    fe:ef:99:07:63:65:a0:15:83:f6:ec:4d:0e:27:09:
                    79:03:f1:e4:7e:40:2a:6f:b5:14:a2:95:45:7f:ef:
                    11:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:77:89:0A:3A:26:2E:E0:55:EC:DB:B6:B2:64:E6:6D:8C:49:4D:23
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3HeJCjomLuBV7Nu2smTmbYxJTSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.120.0/24
                  213.210.39.0/24
                  213.218.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:3f:60:39:78:e7:21:5e:b8:44:e1:37:62:0c:bd:db:82:2f:
         7b:ce:84:e4:1f:8f:7d:8c:d3:42:53:4a:a7:b7:3e:4e:74:37:
         a1:45:1b:9d:9d:0e:b5:ca:c2:a9:36:e3:c8:49:73:c5:4f:60:
         ee:18:8e:94:cd:0d:20:c5:cf:b3:d5:8c:2c:79:0e:0f:2d:99:
         48:26:e1:d8:9e:b3:b9:13:41:04:5a:8e:f1:5f:3a:57:db:e2:
         48:a4:c9:65:3b:02:fb:3c:ac:79:19:cd:4b:42:76:20:3a:47:
         b6:be:10:c5:25:69:6b:21:e6:f8:ec:38:41:a2:b7:74:d0:7f:
         c9:2a:28:68:cc:f2:ed:5e:ea:6c:15:dd:a6:bc:89:56:e9:2a:
         39:51:47:d7:8f:57:1e:9b:cd:1c:91:14:e7:0d:db:55:29:2e:
         87:a3:d3:09:51:6f:62:7e:c2:f2:6a:20:6b:be:de:5a:14:a1:
         ab:40:05:a5:0f:a4:a4:03:0a:c6:d4:57:b8:8b:68:b9:aa:b3:
         65:68:06:15:cb:b1:50:38:b9:77:66:97:b7:44:32:f3:30:5e:
         d5:95:ad:64:af:ec:08:37:2b:5f:1a:f5:9d:75:d5:88:23:50:
         da:05:47:0e:bc:0d:37:a4:79:38:31:a0:90:c6:90:0f:5a:7f:
         02:6b:ed:e0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9FIYmjxQOlUHDfBWvPS87MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA0MTk0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc3ODkwYTNhMjYyZWUwNTVlY2RiYjZiMjY0ZTY2ZDhjNDk0ZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SWtbqoLqIBCoeTYZKCfU58T7XXg
qVk25nIqnyyoD1VRb7AA49Ylm82/zcbZCv6GAUHADDYaRLHTqmEHiB7bIWALKfbJ
RbpiVD9r7eLYF8I2UFHt7L0VkBBDwnKejyraF4hAkoT5e0HRe2Kqv4tiXxIgzbb1
v0ntf2B4wtuuD2F6MiRe1F8ohtZKeqeDuK7kDbBFMJytDqspUpe9UzvxsMv06vGm
cV2R7mn/f7w/twfMrlbl927mVy/hF7c9hkRIRXootMvDGV8fOapOk8oNm4OpPdhG
DQEBeohycf2YHK7+75kHY2WgFYP27E0OJwl5A/HkfkAqb7UUopVFf+8RnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNx3iQo6Ji7gVezbtrJk5m2MSU0jMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM0hlSkNqb21MdUJWN051MnNtVG1iWXhKVFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWdV4AwQA
1dInAwQA1drqMA0GCSqGSIb3DQEBCwUAA4IBAQCrP2A5eOchXrhE4TdiDL3bgi97
zoTkH499jNNCU0qntz5OdDehRRudnQ61ysKpNuPISXPFT2DuGI6UzQ0gxc+z1Yws
eQ4PLZlIJuHYnrO5E0EEWo7xXzpX2+JIpMllOwL7PKx5Gc1LQnYgOke2vhDFJWlr
Ieb47DhBord00H/JKihozPLtXupsFd2mvIlW6So5UUfXj1cem80ckRTnDdtVKS6H
o9MJUW9ifsLyaiBrvt5aFKGrQAWlD6SkAwrG1Fe4i2i5qrNlaAYVy7FQOLl3Zpe3
RDLzMF7Vla1kr+wINytfGvWdddWII1DaBUcOvA03pHk4MaCQxpAPWn8Ca+3g
-----END CERTIFICATE-----