Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6y5P1WLRrJn0HS745Xx2wK58dL0.roa
File:                     6y5P1WLRrJn0HS745Xx2wK58dL0.roa (raw, json)
Hash identifier:          wS2Z95wu8OBV+H02A5O9T7jBa79lLdfFXOX5HHafgjk=
Subject key identifier:   EB:2E:4F:D5:62:D1:AC:99:F4:1D:2E:F8:E5:7C:76:C0:AE:7C:74:BD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E2078984CEB185893115D6357516
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6y5P1WLRrJn0HS745Xx2wK58dL0.roa
Signing time:             Wed 01 Jan 2025 09:48:04 +0000
ROA not before:           Wed 01 Jan 2025 09:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47263
IP address blocks:        82.153.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e2:07:89:84:ce:b1:85:89:31:15:d6:35:75:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb2e4fd562d1ac99f41d2ef8e57c76c0ae7c74bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9b:e1:d7:19:cf:f0:e7:ac:a4:46:d4:5b:a9:
                    af:79:a3:e9:9e:e1:54:01:39:37:9f:9e:d3:7b:31:
                    fd:aa:fb:91:7c:8f:28:59:c8:1a:80:eb:3d:65:73:
                    27:d9:78:31:1f:60:42:c0:48:6b:8b:ae:f7:2c:4f:
                    78:ff:74:88:df:0e:7a:bc:5f:43:0f:c1:e4:23:8f:
                    ca:f0:c2:a6:c8:6d:b6:ba:34:a9:92:84:c4:6f:58:
                    31:6c:91:6c:5f:9b:3a:6a:51:5e:77:6c:1f:f2:ef:
                    a1:ff:82:42:ed:3a:c5:98:c6:1a:32:2d:b0:89:4a:
                    00:d0:b5:45:d1:89:93:7d:70:6a:ff:ae:71:f7:6f:
                    ea:65:72:fe:ac:0d:22:5b:86:ba:c2:c1:3f:7b:45:
                    1b:ee:e8:d6:8f:e5:52:12:50:56:97:d2:dc:14:d7:
                    f1:9d:01:6a:41:15:6c:77:51:ce:84:c5:03:ed:5e:
                    bf:22:d4:81:05:18:66:52:9a:dd:c9:11:50:4a:14:
                    e8:2f:54:81:78:a2:cf:4d:10:31:0e:0f:1a:d2:df:
                    b1:46:78:b3:d0:37:9f:ce:0b:e0:65:45:21:2f:99:
                    f3:5e:c4:2c:6f:6c:ce:15:46:91:2d:d3:42:c0:de:
                    4f:eb:e4:91:59:51:51:92:ae:63:2d:09:a1:c3:83:
                    7c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:2E:4F:D5:62:D1:AC:99:F4:1D:2E:F8:E5:7C:76:C0:AE:7C:74:BD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6y5P1WLRrJn0HS745Xx2wK58dL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:6f:9a:9f:d1:65:bd:be:65:2b:3b:39:34:e5:1e:61:d2:b6:
         c7:bf:6b:fc:61:df:d2:9f:39:5a:df:b1:62:3e:26:91:bb:1d:
         e3:99:eb:b5:a4:4a:8b:78:34:3f:30:9e:70:36:fe:1f:3f:db:
         4e:7f:8d:ea:aa:86:4c:4b:64:b3:07:70:5e:fa:0c:d8:37:c6:
         e2:f7:31:3f:73:30:c1:f0:22:4c:46:04:68:ea:1a:c5:ff:47:
         8a:02:e7:50:89:7a:36:4c:95:d1:8a:1e:e5:e6:01:14:ac:b5:
         6f:35:dd:d2:b7:c4:64:6c:44:6c:f6:e3:4b:72:f1:33:2d:65:
         d8:68:47:d4:31:66:25:f5:76:93:9e:b3:8e:1d:a6:28:84:8d:
         44:03:c5:92:f5:05:44:25:4e:35:2a:86:7a:7a:8d:87:ac:4e:
         b7:3b:b3:0e:91:07:91:76:4b:9d:62:32:fc:62:97:9e:7d:d1:
         89:04:bd:3a:b2:2a:b1:8d:f6:73:e4:aa:e8:98:64:43:4f:9e:
         18:e4:7b:17:c0:45:4b:d3:4e:79:21:69:80:2e:41:8e:f7:18:
         40:0e:b0:d9:8c:32:8b:7f:5b:be:19:37:70:2c:9a:50:89:d8:
         f8:51:91:53:63:21:10:9d:e0:94:58:ef:a1:c2:50:16:4f:d7:
         21:50:9a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+IHiYTOsYWJMRXWNXUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjJlNGZkNTYyZDFhYzk5ZjQxZDJlZjhlNTdjNzZjMGFlN2M3NGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupvh1xnP8OespEbUW6mveaPpnuFU
ATk3n57TezH9qvuRfI8oWcgagOs9ZXMn2XgxH2BCwEhri673LE94/3SI3w56vF9D
D8HkI4/K8MKmyG22ujSpkoTEb1gxbJFsX5s6alFed2wf8u+h/4JC7TrFmMYaMi2w
iUoA0LVF0YmTfXBq/65x92/qZXL+rA0iW4a6wsE/e0Ub7ujWj+VSElBWl9LcFNfx
nQFqQRVsd1HOhMUD7V6/ItSBBRhmUprdyRFQShToL1SBeKLPTRAxDg8a0t+xRniz
0DefzgvgZUUhL5nzXsQsb2zOFUaRLdNCwN5P6+SRWVFRkq5jLQmhw4N8mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsuT9Vi0ayZ9B0u+OV8dsCufHS9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNnk1UDFXTFJySm4wSFM3NDVYeDJ3SzU4ZEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnhMA0G
CSqGSIb3DQEBCwUAA4IBAQA+b5qf0WW9vmUrOzk05R5h0rbHv2v8Yd/Snzla37Fi
PiaRux3jmeu1pEqLeDQ/MJ5wNv4fP9tOf43qqoZMS2SzB3Be+gzYN8bi9zE/czDB
8CJMRgRo6hrF/0eKAudQiXo2TJXRih7l5gEUrLVvNd3St8RkbERs9uNLcvEzLWXY
aEfUMWYl9XaTnrOOHaYohI1EA8WS9QVEJU41KoZ6eo2HrE63O7MOkQeRdkudYjL8
YpeefdGJBL06siqxjfZz5KromGRDT54Y5HsXwEVL0055IWmALkGO9xhADrDZjDKL
f1u+GTdwLJpQidj4UZFTYyEQneCUWO+hwlAWT9chUJrm
-----END CERTIFICATE-----