Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9Re2ERIUCc-ncL_mX4jU65xYQ8s.roa
File:                     9Re2ERIUCc-ncL_mX4jU65xYQ8s.roa (raw, json)
Hash identifier:          rfnrouaYcgPPXBrtkPESgqk98P7AdPU4o7oLLNHiiH4=
Subject key identifier:   F5:17:B6:11:12:14:09:CF:A7:70:BF:E6:5F:88:D4:EB:9C:58:43:CB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018D78A1F5C566EE91F480DE7E0DFCD36265
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9Re2ERIUCc-ncL_mX4jU65xYQ8s.roa
Signing time:             Mon 05 Feb 2024 09:38:16 +0000
ROA not before:           Mon 05 Feb 2024 09:38:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199654
IP address blocks:        185.49.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:a1:f5:c5:66:ee:91:f4:80:de:7e:0d:fc:d3:62:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  5 09:38:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f517b611121409cfa770bfe65f88d4eb9c5843cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:14:56:c8:5a:9d:98:a0:0a:32:cb:a5:f1:
                    a8:2e:e2:70:81:19:e0:b7:9d:de:a9:0e:c1:15:78:
                    99:6b:29:ce:00:c2:0a:43:a4:b2:69:ca:dd:20:cc:
                    2c:ca:0c:67:ef:1a:8d:c8:6e:16:22:4d:4c:08:6a:
                    c3:c4:d2:44:a3:42:69:db:ec:91:54:68:4a:12:fa:
                    94:21:63:d3:02:62:9c:3f:96:40:f6:d5:b8:9b:46:
                    5f:f5:15:45:cf:12:ef:39:fb:79:34:cf:71:df:d7:
                    6c:9d:8e:c8:4c:27:ec:e7:9e:dd:cc:4f:12:02:3f:
                    1c:b3:e8:10:58:fc:6f:2f:85:fd:59:54:39:71:66:
                    03:d4:fe:c0:ee:cb:e8:a8:00:ce:8e:de:58:c8:07:
                    fc:dd:81:b1:9e:73:70:58:51:16:b5:5a:2d:fc:1a:
                    5f:83:67:ac:be:a7:3e:2c:b0:e2:26:b2:7b:b3:3c:
                    10:39:54:c0:6a:f3:38:6a:bf:59:21:a0:3b:27:94:
                    de:22:75:2e:57:72:32:78:d1:0a:4e:2c:8c:97:db:
                    41:1e:4b:10:44:62:08:17:ac:09:4d:28:17:d8:0c:
                    ec:c3:64:50:5e:02:d9:a0:bf:82:6a:7b:d5:0b:70:
                    d6:ca:02:e7:49:d7:04:3e:ed:d6:02:08:93:22:61:
                    9e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:17:B6:11:12:14:09:CF:A7:70:BF:E6:5F:88:D4:EB:9C:58:43:CB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9Re2ERIUCc-ncL_mX4jU65xYQ8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:67:c1:e1:e6:2d:7b:be:98:a5:7e:8b:4b:e5:ea:fa:cb:0f:
         20:e9:e6:1c:26:2d:03:ec:f9:b9:82:64:f0:6b:10:41:3d:0f:
         4f:dc:ef:3d:a4:c2:c0:52:88:d9:67:50:d9:f7:64:05:85:c5:
         97:ce:07:7d:a3:24:8f:e2:32:27:96:e0:f1:08:cb:df:1c:0e:
         ee:7b:85:1c:ca:2e:92:ea:0f:44:a7:fd:2e:9f:c8:3c:40:bd:
         81:68:a9:b7:b3:ae:e7:61:c7:a7:93:95:22:7b:b2:72:7d:ff:
         8c:31:cb:82:a7:71:88:e6:6b:e4:1c:46:b7:f3:a8:16:3a:fc:
         49:c8:c5:8c:d5:aa:77:7d:87:d5:a8:2d:2c:51:c2:96:64:48:
         ec:c4:09:13:0d:21:3a:f0:c8:b9:0d:4b:91:c0:c3:39:6a:32:
         f5:dc:47:e6:35:71:b8:9f:7d:5d:91:31:de:87:6e:6f:c6:1b:
         6d:77:c8:82:92:5e:e7:fc:b6:da:c6:46:44:8c:c7:c0:ee:40:
         91:91:4e:e5:af:fe:b6:ef:42:f5:bb:a3:22:f3:04:95:ec:fb:
         e5:57:b3:0a:24:68:09:27:56:8f:cb:03:ba:29:f9:34:e1:5c:
         6b:f2:ef:21:f8:b9:93:f4:5d:a8:05:4a:5b:ea:fd:98:96:d9:
         e4:52:58:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14ofXFZu6R9IDefg3802JlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMjA1MDkzODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTE3YjYxMTEyMTQwOWNmYTc3MGJmZTY1Zjg4ZDRlYjljNTg0M2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1wUVshanZigCjLLpfGoLuJwgRng
t53eqQ7BFXiZaynOAMIKQ6SyacrdIMwsygxn7xqNyG4WIk1MCGrDxNJEo0Jp2+yR
VGhKEvqUIWPTAmKcP5ZA9tW4m0Zf9RVFzxLvOft5NM9x39dsnY7ITCfs557dzE8S
Aj8cs+gQWPxvL4X9WVQ5cWYD1P7A7svoqADOjt5YyAf83YGxnnNwWFEWtVot/Bpf
g2esvqc+LLDiJrJ7szwQOVTAavM4ar9ZIaA7J5TeInUuV3IyeNEKTiyMl9tBHksQ
RGIIF6wJTSgX2Azsw2RQXgLZoL+CanvVC3DWygLnSdcEPu3WAgiTImGe9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUXthESFAnPp3C/5l+I1OucWEPLMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOVJlMkVSSVVDYy1uY0xfbVg0alU2NXhZUThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTF+MA0G
CSqGSIb3DQEBCwUAA4IBAQAZZ8Hh5i17vpilfotL5er6yw8g6eYcJi0D7Pm5gmTw
axBBPQ9P3O89pMLAUojZZ1DZ92QFhcWXzgd9oySP4jInluDxCMvfHA7ue4Ucyi6S
6g9Ep/0un8g8QL2BaKm3s67nYcenk5Uie7Jyff+MMcuCp3GI5mvkHEa386gWOvxJ
yMWM1ap3fYfVqC0sUcKWZEjsxAkTDSE68Mi5DUuRwMM5ajL13EfmNXG4n31dkTHe
h25vxhttd8iCkl7n/LbaxkZEjMfA7kCRkU7lr/6270L1u6Mi8wSV7PvlV7MKJGgJ
J1aPywO6Kfk04Vxr8u8h+LmT9F2oBUpb6v2YltnkUlju
-----END CERTIFICATE-----