Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3T6eNLm78x4BTxMTH6879JGoh80.roa
File:                     3T6eNLm78x4BTxMTH6879JGoh80.roa (raw, json)
Hash identifier:          F/9Z+/JFbkTgNeknOwZ2JrmI3OsHrui8FTIy4oj6Wbw=
Subject key identifier:   DD:3E:9E:34:B9:BB:F3:1E:01:4F:13:13:1F:AF:3B:F4:91:A8:87:CD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942691D752EEDA7E9562E6A4F0F8CDE374
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3T6eNLm78x4BTxMTH6879JGoh80.roa
Signing time:             Thu 02 Jan 2025 10:31:19 +0000
ROA not before:           Thu 02 Jan 2025 10:31:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49608
IP address blocks:        213.218.208.0/24 maxlen: 24
                          213.218.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:91:d7:52:ee:da:7e:95:62:e6:a4:f0:f8:cd:e3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 10:31:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd3e9e34b9bbf31e014f13131faf3bf491a887cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:91:ac:20:43:1c:11:ef:1a:2a:aa:73:4a:30:
                    a4:79:17:dc:f0:c7:39:ae:ee:5d:db:34:41:1f:38:
                    5c:be:7a:8e:38:d8:5a:08:49:d0:42:bc:56:59:3b:
                    5b:f5:59:98:fe:8a:e6:23:8e:74:61:1f:f9:f4:65:
                    42:35:35:ca:74:1c:11:98:2e:25:e0:9c:ff:cf:51:
                    7e:42:ee:2c:90:c5:dc:63:0f:d4:de:b6:2f:80:c3:
                    1e:b6:f4:c5:4e:9b:e6:2a:4d:bd:e4:84:fc:9d:29:
                    fa:bf:01:32:da:69:32:4c:c5:62:e8:c9:63:13:73:
                    69:2c:49:17:95:b9:e4:de:23:ab:92:34:10:0d:53:
                    12:f4:b4:65:c9:3a:84:27:3a:e1:56:8b:89:21:8a:
                    7c:ed:9e:ef:8b:7f:0c:28:11:19:8a:99:af:88:fa:
                    26:01:33:e6:25:a4:a2:6f:06:8e:82:34:77:ed:18:
                    b2:22:06:1f:c9:50:a5:37:3c:d0:53:dd:98:a6:e4:
                    7a:86:16:65:e1:66:78:bf:f6:6e:a9:b1:e8:dc:cf:
                    8b:55:4e:9d:35:a0:b0:8a:ee:2e:0c:f6:f1:38:00:
                    57:c6:2b:76:33:fa:f2:c6:3b:b1:5e:b9:25:bf:c3:
                    da:a3:34:ba:eb:d9:f1:a8:58:9b:38:9e:fb:cd:53:
                    d6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3E:9E:34:B9:BB:F3:1E:01:4F:13:13:1F:AF:3B:F4:91:A8:87:CD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3T6eNLm78x4BTxMTH6879JGoh80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.208.0/24
                  213.218.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:06:8f:0f:0e:d6:a9:c7:13:e0:f1:d5:a9:1e:fc:67:4e:b9:
         8b:2b:9a:e3:14:a3:b1:25:a2:20:eb:7c:bf:52:f7:b9:ab:26:
         cb:4e:ae:59:2e:f9:f0:03:31:12:f2:ed:1b:fe:07:91:49:a6:
         d3:83:06:6d:b3:87:c4:0b:a4:8c:b8:b3:8b:14:51:af:18:f5:
         9b:24:1a:b1:37:db:d0:0c:9a:53:61:0b:a2:26:34:39:cc:fe:
         47:f1:c2:28:02:7a:c1:54:c6:40:ca:b3:6d:b5:fe:1c:0e:85:
         be:5b:ac:6f:f9:b7:56:46:50:8a:3c:3b:4c:c7:34:5b:34:4d:
         54:74:a8:28:cf:1f:d2:2a:2b:bf:89:b7:ed:13:6a:3a:66:f6:
         e1:04:c1:f9:d0:50:b0:4f:c0:07:90:7d:b0:b6:95:62:7b:3f:
         40:c1:ae:9f:4d:4f:05:39:81:4d:44:ff:ad:67:05:30:7e:1e:
         f7:d3:cf:5d:18:50:ac:99:14:74:55:79:da:ad:09:f3:78:03:
         56:1f:44:b4:fe:85:a3:ea:65:eb:26:ed:3b:c1:4b:4d:5a:73:
         0e:86:71:46:db:45:fa:f1:9a:aa:c9:69:38:84:57:49:d1:e9:
         31:a1:5e:ed:a3:b8:f6:9e:b4:b5:72:d7:4b:4e:b1:20:95:e6:
         65:6c:4d:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmkddS7tp+lWLmpPD4zeN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAyMTAzMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDNlOWUzNGI5YmJmMzFlMDE0ZjEzMTMxZmFmM2JmNDkxYTg4N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05GsIEMcEe8aKqpzSjCkeRfc8Mc5
ru5d2zRBHzhcvnqOONhaCEnQQrxWWTtb9VmY/ormI450YR/59GVCNTXKdBwRmC4l
4Jz/z1F+Qu4skMXcYw/U3rYvgMMetvTFTpvmKk295IT8nSn6vwEy2mkyTMVi6Mlj
E3NpLEkXlbnk3iOrkjQQDVMS9LRlyTqEJzrhVouJIYp87Z7vi38MKBEZipmviPom
ATPmJaSibwaOgjR37RiyIgYfyVClNzzQU92YpuR6hhZl4WZ4v/ZuqbHo3M+LVU6d
NaCwiu4uDPbxOABXxit2M/ryxjuxXrklv8PaozS669nxqFibOJ77zVPWfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN0+njS5u/MeAU8TEx+vO/SRqIfNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM1Q2ZU5MbTc4eDRCVHhNVEg2ODc5SkdvaDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1drQAwQA
1drrMA0GCSqGSIb3DQEBCwUAA4IBAQBBBo8PDtapxxPg8dWpHvxnTrmLK5rjFKOx
JaIg63y/Uve5qybLTq5ZLvnwAzES8u0b/geRSabTgwZts4fEC6SMuLOLFFGvGPWb
JBqxN9vQDJpTYQuiJjQ5zP5H8cIoAnrBVMZAyrNttf4cDoW+W6xv+bdWRlCKPDtM
xzRbNE1UdKgozx/SKiu/ibftE2o6ZvbhBMH50FCwT8AHkH2wtpViez9Awa6fTU8F
OYFNRP+tZwUwfh73089dGFCsmRR0VXnarQnzeANWH0S0/oWj6mXrJu07wUtNWnMO
hnFG20X68ZqqyWk4hFdJ0ekxoV7to7j2nrS1ctdLTrEgleZlbE1C
-----END CERTIFICATE-----