Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7IOnW9icoh4u1oYob0dXgJFX4M0.roa
File:                     7IOnW9icoh4u1oYob0dXgJFX4M0.roa (raw, json)
Hash identifier:          E4HBR1HSUaqokzfMUH9NoFE3W3E5jMOjiE65tY6BKFg=
Subject key identifier:   EC:83:A7:5B:D8:9C:A2:1E:2E:D6:86:28:6F:47:57:80:91:57:E0:CD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01943AF54388FF7A4465CC8B11F26642F018
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7IOnW9icoh4u1oYob0dXgJFX4M0.roa
Signing time:             Mon 06 Jan 2025 09:32:19 +0000
ROA not before:           Mon 06 Jan 2025 09:32:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213633
IP address blocks:        213.152.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3a:f5:43:88:ff:7a:44:65:cc:8b:11:f2:66:42:f0:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  6 09:32:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec83a75bd89ca21e2ed686286f4757809157e0cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a8:39:0c:f1:fd:6b:67:da:73:41:cf:a2:eb:
                    f7:b9:d6:03:2b:84:2a:bb:aa:de:fc:27:e1:88:02:
                    a3:98:3d:62:3c:97:35:e9:0f:ab:67:65:c1:69:56:
                    df:60:f9:8c:4a:9d:b6:55:dc:12:e8:09:48:0f:b4:
                    f8:fb:bd:8e:13:e7:82:ab:a0:8e:2c:89:cc:5f:58:
                    87:ba:64:e4:c0:c6:59:43:fd:ec:83:3e:65:a3:a9:
                    70:03:90:7d:dc:f1:bf:3b:68:99:87:44:3a:b1:d7:
                    b6:62:89:49:b0:ab:32:01:02:a7:42:37:f0:19:01:
                    24:c1:4d:5a:e7:bd:18:1e:e9:b1:68:35:94:10:9d:
                    82:27:a4:c0:19:f9:0e:6c:93:00:a2:5a:08:a4:db:
                    c4:16:6a:97:39:ff:f1:7f:b3:15:15:0b:29:ad:7c:
                    44:34:dd:dc:8e:5b:01:35:f8:cd:3f:6e:50:00:4d:
                    48:ae:2a:31:3b:18:4d:74:f2:c8:8f:32:99:e8:8a:
                    38:48:f8:e1:2b:81:92:5b:8f:f5:2c:0c:ab:79:fc:
                    d1:9f:0e:6b:75:32:14:48:4b:41:47:60:75:91:3b:
                    42:5d:58:d7:a4:37:4b:a1:2d:df:63:58:0f:cd:23:
                    49:0a:6f:d3:1b:83:71:67:82:a8:66:15:8c:d1:be:
                    e3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:83:A7:5B:D8:9C:A2:1E:2E:D6:86:28:6F:47:57:80:91:57:E0:CD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7IOnW9icoh4u1oYob0dXgJFX4M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a1:ae:62:14:92:63:a4:c1:83:fc:f9:64:0b:be:f0:83:b3:
         5a:66:da:42:31:df:e1:6f:17:93:19:e4:b5:b7:e1:d3:96:01:
         3c:f0:66:70:76:9b:04:36:53:ff:b8:83:f2:dc:0b:88:77:23:
         36:b7:91:ea:c9:dd:d7:fa:fd:bf:1b:42:c9:92:13:9f:fb:b1:
         a0:6b:68:81:07:79:63:de:6a:b1:87:bf:0a:06:52:ea:98:eb:
         9a:fa:1d:14:5e:0a:18:af:cd:cd:06:18:23:d5:85:97:e4:1b:
         9f:53:44:27:4f:85:a8:8d:1b:5f:2f:4b:41:35:f7:62:28:5b:
         5a:78:97:f5:47:28:55:e5:53:08:cd:e2:a7:b4:63:87:8b:cc:
         fa:56:02:72:72:24:35:9b:74:da:a4:5a:7e:36:07:7e:c1:fd:
         d6:da:a1:3b:c7:e4:5e:0b:ef:ab:3c:8c:55:09:b0:36:27:62:
         04:74:28:a8:38:8a:19:b8:28:f0:e8:e1:98:27:2c:60:1b:c4:
         6c:b4:9c:f0:dc:fb:3b:81:17:d3:e9:df:e1:82:3c:67:eb:ca:
         a2:a5:b9:e4:42:ce:89:96:b8:49:40:5f:39:89:b1:b0:95:ac:
         66:f0:53:f8:31:b2:cb:0a:80:0e:00:9f:a9:1e:72:7d:9f:df:
         73:84:80:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ69UOI/3pEZcyLEfJmQvAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTA2MDkzMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzgzYTc1YmQ4OWNhMjFlMmVkNjg2Mjg2ZjQ3NTc4MDkxNTdlMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Kg5DPH9a2fac0HPouv3udYDK4Qq
u6re/CfhiAKjmD1iPJc16Q+rZ2XBaVbfYPmMSp22VdwS6AlID7T4+72OE+eCq6CO
LInMX1iHumTkwMZZQ/3sgz5lo6lwA5B93PG/O2iZh0Q6sde2YolJsKsyAQKnQjfw
GQEkwU1a570YHumxaDWUEJ2CJ6TAGfkObJMAoloIpNvEFmqXOf/xf7MVFQsprXxE
NN3cjlsBNfjNP25QAE1IrioxOxhNdPLIjzKZ6Io4SPjhK4GSW4/1LAyrefzRnw5r
dTIUSEtBR2B1kTtCXVjXpDdLoS3fY1gPzSNJCm/TG4NxZ4KoZhWM0b7j3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyDp1vYnKIeLtaGKG9HV4CRV+DNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN0lPblc5aWNvaDR1MW9Zb2IwZFhnSkZYNE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZgrMA0G
CSqGSIb3DQEBCwUAA4IBAQBsoa5iFJJjpMGD/PlkC77wg7NaZtpCMd/hbxeTGeS1
t+HTlgE88GZwdpsENlP/uIPy3AuIdyM2t5Hqyd3X+v2/G0LJkhOf+7Gga2iBB3lj
3mqxh78KBlLqmOua+h0UXgoYr83NBhgj1YWX5BufU0QnT4WojRtfL0tBNfdiKFta
eJf1RyhV5VMIzeKntGOHi8z6VgJyciQ1m3TapFp+Ngd+wf3W2qE7x+ReC++rPIxV
CbA2J2IEdCioOIoZuCjw6OGYJyxgG8RstJzw3Ps7gRfT6d/hgjxn68qipbnkQs6J
lrhJQF85ibGwlaxm8FP4MbLLCoAOAJ+pHnJ9n99zhICI
-----END CERTIFICATE-----