Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/97j4-lEKT-GSqThlMuuYoGWnciE.roa
File:                     97j4-lEKT-GSqThlMuuYoGWnciE.roa (raw, json)
Hash identifier:          s0RAzS8cfYVvms/bZ9Gb9I4XTV3gzCk81o/fXJoKkfA=
Subject key identifier:   F7:B8:F8:FA:51:0A:4F:E1:92:A9:38:65:32:EB:98:A0:65:A7:72:21
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194D0F99C84DE954B5ABB8FA1C045197A5B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/97j4-lEKT-GSqThlMuuYoGWnciE.roa
Signing time:             Tue 04 Feb 2025 12:40:06 +0000
ROA not before:           Tue 04 Feb 2025 12:40:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9232
IP address blocks:        82.153.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d0:f9:9c:84:de:95:4b:5a:bb:8f:a1:c0:45:19:7a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  4 12:40:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7b8f8fa510a4fe192a9386532eb98a065a77221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2d:b1:ca:c7:de:21:b4:63:1a:36:1c:d5:b4:
                    73:a8:5e:ba:98:57:d1:14:4c:25:a0:81:e2:6f:a6:
                    e8:59:32:31:91:a4:f6:89:d8:de:b1:49:7a:c8:10:
                    b3:d2:62:20:33:0e:65:58:8e:0d:21:e2:f0:f8:46:
                    7a:24:81:6e:db:d2:a5:93:46:23:80:b7:e9:85:b4:
                    35:be:09:48:ee:95:64:03:8a:2a:22:ac:33:aa:b5:
                    ee:f5:59:f5:33:68:be:f7:f6:b6:25:5a:d7:2f:1f:
                    6a:c7:b2:0c:13:06:06:b1:9e:70:70:c6:4d:ab:a1:
                    60:f9:fb:65:11:07:52:66:c8:67:f1:67:da:b6:c4:
                    8e:bc:43:ae:db:6c:a7:c2:5b:6f:ef:b8:18:ad:56:
                    dd:11:3e:22:f0:18:6f:76:e8:47:46:ac:66:f7:19:
                    ad:e5:93:56:75:c0:9d:2e:c5:88:e4:25:0a:c1:f2:
                    fc:4f:57:84:5b:d5:4a:e5:ec:9b:4b:5b:19:b9:8a:
                    95:a1:a2:25:d2:3f:28:c1:be:a6:da:f9:db:68:aa:
                    2f:2a:88:9f:2a:c4:db:9c:82:41:94:1a:77:92:6a:
                    60:64:19:8d:53:68:da:af:b9:fe:a5:37:54:58:01:
                    2a:54:7d:0f:e8:51:12:19:73:1c:3a:bb:f0:4f:49:
                    3b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B8:F8:FA:51:0A:4F:E1:92:A9:38:65:32:EB:98:A0:65:A7:72:21
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/97j4-lEKT-GSqThlMuuYoGWnciE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:5b:f0:ea:90:3c:e6:3d:dc:e1:43:1c:3f:7e:5c:82:12:f3:
         b6:0c:28:39:72:30:d4:98:f6:76:92:c5:6c:34:00:a0:68:20:
         ef:3a:da:fb:6e:ce:9b:6f:a2:c0:8d:a4:5b:8b:7a:a7:27:b9:
         c6:2a:e6:fd:fe:e5:73:0b:c3:00:07:91:4d:6c:fe:d8:9d:4a:
         b1:00:8d:d8:67:c0:15:48:a8:ad:4c:3c:38:23:25:c5:46:9b:
         92:ad:41:be:08:7d:db:4c:0c:1b:95:6e:25:8d:a0:3f:10:7d:
         a7:4f:67:94:47:cb:69:56:91:b8:33:7c:d3:30:cf:41:92:4e:
         da:22:49:74:52:b2:6c:74:6f:9e:16:28:38:de:ee:e6:3f:c0:
         e4:ae:a1:60:98:c9:f2:02:1c:10:a1:4c:7d:58:e0:11:86:17:
         1c:c7:18:1e:09:b3:70:9b:2d:7a:0a:5d:ef:79:81:a0:c0:ee:
         f8:c6:c8:3a:3a:68:7a:99:80:8a:a8:8a:e3:9b:b9:d4:2e:da:
         39:8d:f9:3f:d6:b9:c4:5f:c6:0c:72:ba:c1:eb:59:df:0c:01:
         7b:9f:af:72:a0:4c:64:fc:24:db:ab:74:4b:96:c3:36:d6:0f:
         6e:13:a0:a0:98:71:0b:77:13:98:3c:f5:bb:30:e8:e2:db:7e:
         bc:90:95:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTQ+ZyE3pVLWruPocBFGXpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMjA0MTI0MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I4ZjhmYTUxMGE0ZmUxOTJhOTM4NjUzMmViOThhMDY1YTc3MjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS2xysfeIbRjGjYc1bRzqF66mFfR
FEwloIHib6boWTIxkaT2idjesUl6yBCz0mIgMw5lWI4NIeLw+EZ6JIFu29Klk0Yj
gLfphbQ1vglI7pVkA4oqIqwzqrXu9Vn1M2i+9/a2JVrXLx9qx7IMEwYGsZ5wcMZN
q6Fg+ftlEQdSZshn8WfatsSOvEOu22ynwltv77gYrVbdET4i8BhvduhHRqxm9xmt
5ZNWdcCdLsWI5CUKwfL8T1eEW9VK5eybS1sZuYqVoaIl0j8owb6m2vnbaKovKoif
KsTbnIJBlBp3kmpgZBmNU2jar7n+pTdUWAEqVH0P6FESGXMcOrvwT0k7jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPe4+PpRCk/hkqk4ZTLrmKBlp3IhMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOTdqNC1sRUtULUdTcVRobE11dVlvR1duY2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpneMA0G
CSqGSIb3DQEBCwUAA4IBAQAoW/DqkDzmPdzhQxw/flyCEvO2DCg5cjDUmPZ2ksVs
NACgaCDvOtr7bs6bb6LAjaRbi3qnJ7nGKub9/uVzC8MAB5FNbP7YnUqxAI3YZ8AV
SKitTDw4IyXFRpuSrUG+CH3bTAwblW4ljaA/EH2nT2eUR8tpVpG4M3zTMM9Bkk7a
Ikl0UrJsdG+eFig43u7mP8DkrqFgmMnyAhwQoUx9WOARhhccxxgeCbNwmy16Cl3v
eYGgwO74xsg6Omh6mYCKqIrjm7nULto5jfk/1rnEX8YMcrrB61nfDAF7n69yoExk
/CTbq3RLlsM21g9uE6CgmHELdxOYPPW7MOji2368kJXs
-----END CERTIFICATE-----