Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4UShKFFXtSHGZwX2lWYqBgxce6A.roa
File:                     4UShKFFXtSHGZwX2lWYqBgxce6A.roa (raw, json)
Hash identifier:          NIiFcVqoRK6sXSqmu/YmyrpEjTJUH6RXWFc+WoZk9wo=
Subject key identifier:   E1:44:A1:28:51:57:B5:21:C6:67:05:F6:95:66:2A:06:0C:5C:7B:A0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01904E9AA097976315BD0752442D6C322A19
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4UShKFFXtSHGZwX2lWYqBgxce6A.roa
Signing time:             Tue 25 Jun 2024 08:54:34 +0000
ROA not before:           Tue 25 Jun 2024 08:54:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        213.218.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4e:9a:a0:97:97:63:15:bd:07:52:44:2d:6c:32:2a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 25 08:54:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e144a1285157b521c66705f695662a060c5c7ba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:91:e7:00:b1:ca:47:f6:a8:4c:75:a7:0e:e2:
                    b6:b7:33:ce:21:00:34:2e:6e:94:bb:e0:34:e8:23:
                    bb:01:4f:a8:08:34:c6:9a:84:42:f2:f0:17:5f:53:
                    77:db:a6:e9:69:23:8d:73:57:55:7a:de:d1:9e:fa:
                    ce:97:1c:11:d7:4c:1a:a3:25:45:ed:c5:2a:43:b8:
                    84:cb:f6:ce:d8:f2:2f:f5:2e:5d:5f:7b:76:08:a3:
                    19:1a:84:47:ad:3c:7d:53:5d:20:1e:41:d2:76:d2:
                    8f:7f:04:03:0e:2f:11:bf:05:c2:9c:10:d1:9d:70:
                    01:60:39:ce:cb:62:0f:af:d6:dd:35:4b:c0:74:5a:
                    18:8a:7c:d9:e9:a1:92:7f:94:df:f4:99:dc:2d:2f:
                    e2:65:28:2c:48:6a:86:84:67:20:74:85:89:10:d7:
                    a5:d4:f6:8d:c0:7c:9f:3d:8f:10:0c:91:3e:eb:17:
                    f5:4a:5a:61:8a:a1:58:90:e8:39:74:b0:5e:ee:56:
                    8d:b2:2c:c8:e1:b5:01:ab:95:89:f9:7b:fa:c0:86:
                    c7:dd:34:53:aa:23:bd:cb:f7:73:23:ac:7c:39:55:
                    aa:6e:f4:85:1a:0f:02:46:56:1d:e4:7e:d3:42:56:
                    d4:49:28:78:91:4f:86:5e:73:46:9a:46:a0:53:7a:
                    99:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:44:A1:28:51:57:B5:21:C6:67:05:F6:95:66:2A:06:0C:5C:7B:A0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4UShKFFXtSHGZwX2lWYqBgxce6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:4a:dc:d6:9e:1c:70:19:63:1f:6b:63:9b:17:62:ad:dc:cd:
         a1:55:d8:27:3c:43:b8:61:9d:57:f2:17:fb:4c:f4:47:c3:bd:
         e3:02:cf:e5:e8:6d:53:49:a4:8d:a4:cf:81:59:fc:38:27:ee:
         08:47:2e:9f:43:38:0e:4a:3d:d1:1e:06:ce:4b:e8:c4:92:59:
         5f:c3:d6:03:07:e6:26:cb:22:5d:6b:28:52:e0:be:af:86:ce:
         e1:2e:4e:11:6c:1e:e9:e5:5f:0c:60:bb:37:a0:ef:d3:f1:e8:
         c4:6c:4f:84:cc:be:6b:8e:17:c3:fc:d1:8f:11:92:75:d8:55:
         66:18:8e:a1:22:12:e8:fd:4c:5e:25:c1:77:a6:4b:d3:93:ba:
         ae:25:c7:dc:2c:df:62:b0:cf:a4:b6:fd:68:2b:63:a4:7a:8e:
         08:8f:23:eb:6a:dc:74:ec:44:79:95:7b:c3:df:7a:cd:ec:d1:
         d5:77:6d:de:8e:2a:33:46:7e:63:6d:67:05:e3:5b:df:8a:a7:
         54:7c:a7:91:04:d0:10:39:d7:ab:40:0f:4c:21:02:27:24:fd:
         0d:70:c5:36:77:be:59:4b:ec:2d:ed:41:8c:50:6f:e7:3f:fe:
         86:68:7f:72:54:3a:b7:3c:4b:aa:33:aa:69:71:45:9a:32:66:
         b0:db:a1:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBOmqCXl2MVvQdSRC1sMioZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjI1MDg1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQ0YTEyODUxNTdiNTIxYzY2NzA1ZjY5NTY2MmEwNjBjNWM3YmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJHnALHKR/aoTHWnDuK2tzPOIQA0
Lm6Uu+A06CO7AU+oCDTGmoRC8vAXX1N326bpaSONc1dVet7RnvrOlxwR10waoyVF
7cUqQ7iEy/bO2PIv9S5dX3t2CKMZGoRHrTx9U10gHkHSdtKPfwQDDi8RvwXCnBDR
nXABYDnOy2IPr9bdNUvAdFoYinzZ6aGSf5Tf9JncLS/iZSgsSGqGhGcgdIWJENel
1PaNwHyfPY8QDJE+6xf1SlphiqFYkOg5dLBe7laNsizI4bUBq5WJ+Xv6wIbH3TRT
qiO9y/dzI6x8OVWqbvSFGg8CRlYd5H7TQlbUSSh4kU+GXnNGmkagU3qZAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFEoShRV7UhxmcF9pVmKgYMXHugMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNFVTaEtGRlh0U0hHWndYMmxXWXFCZ3hjZTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dr5MA0G
CSqGSIb3DQEBCwUAA4IBAQBeStzWnhxwGWMfa2ObF2Kt3M2hVdgnPEO4YZ1X8hf7
TPRHw73jAs/l6G1TSaSNpM+BWfw4J+4IRy6fQzgOSj3RHgbOS+jEkllfw9YDB+Ym
yyJdayhS4L6vhs7hLk4RbB7p5V8MYLs3oO/T8ejEbE+EzL5rjhfD/NGPEZJ12FVm
GI6hIhLo/UxeJcF3pkvTk7quJcfcLN9isM+ktv1oK2Okeo4IjyPratx07ER5lXvD
33rN7NHVd23ejiozRn5jbWcF41vfiqdUfKeRBNAQOderQA9MIQInJP0NcMU2d75Z
S+wt7UGMUG/nP/6GaH9yVDq3PEuqM6ppcUWaMmaw26FA
-----END CERTIFICATE-----