Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9tlfSlcoQfPnS2x2GG4JFtKyekI.roa
File:                     9tlfSlcoQfPnS2x2GG4JFtKyekI.roa (raw, json)
Hash identifier:          qieCaXbgZfEj09b502/FnLOzXVoaT68ODBTqGwhE71E=
Subject key identifier:   F6:D9:5F:4A:57:28:41:F3:E7:4B:6C:76:18:6E:09:16:D2:B2:7A:42
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC349650623AA169039C0B6C1D3A4BB23
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9tlfSlcoQfPnS2x2GG4JFtKyekI.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216155
IP address blocks:        89.213.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:06:23:aa:16:90:39:c0:b6:c1:d3:a4:bb:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6d95f4a572841f3e74b6c76186e0916d2b27a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:85:df:a1:2a:8f:c5:5f:db:5a:18:bb:7f:a0:
                    94:cb:df:90:55:12:d2:33:08:9b:42:23:90:d5:8f:
                    6d:90:96:75:ab:59:c8:c2:52:a2:33:80:f9:b9:71:
                    57:81:2b:0f:42:b6:c7:fe:16:d2:f0:46:9e:32:ea:
                    d0:83:ea:b4:d4:ee:f1:4a:17:10:26:8d:f4:de:04:
                    5f:e0:cd:8c:55:6e:8d:0d:5a:85:2d:0f:49:0b:93:
                    df:e9:c4:bc:bf:3f:cb:0b:7b:67:11:b5:70:51:e3:
                    de:25:f4:37:77:87:8c:d5:ba:62:5d:78:26:19:47:
                    45:1c:18:92:61:c9:d8:10:cf:00:13:59:37:e5:fb:
                    5b:db:a7:af:3f:e9:10:22:f0:06:32:58:29:12:59:
                    c0:2a:df:af:66:85:6a:88:70:67:24:db:6b:89:36:
                    b2:62:5a:ee:05:5b:69:79:63:68:cc:11:eb:c1:9e:
                    3c:f6:f9:df:68:1f:27:ae:21:c8:1b:ed:a3:25:64:
                    e3:38:1b:e5:cd:3f:84:c6:ea:e6:42:36:4f:9e:53:
                    4a:95:5d:62:ed:d3:b8:0b:bd:e7:2b:4e:ca:7a:77:
                    25:4b:38:57:a9:2d:3f:03:2e:d6:35:37:ea:e1:8c:
                    af:0d:a0:0b:9d:12:4f:11:0b:20:6e:77:ee:69:a1:
                    65:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D9:5F:4A:57:28:41:F3:E7:4B:6C:76:18:6E:09:16:D2:B2:7A:42
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9tlfSlcoQfPnS2x2GG4JFtKyekI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:b9:71:21:17:3e:11:cb:0a:e8:2f:55:d9:a4:15:28:1d:32:
         ee:b0:9e:b0:b4:7a:88:1b:8c:d8:c6:f7:ed:15:bd:67:3e:9e:
         df:c1:0a:60:aa:48:d8:3f:c7:8f:38:0e:f7:11:11:76:bc:4c:
         25:7e:e4:94:3e:b4:52:b2:b7:39:16:55:e5:52:b2:1b:44:8f:
         a8:7f:03:80:38:b0:c5:80:a5:ec:12:dc:fe:24:ce:d1:f2:c1:
         7a:c8:82:4f:c9:5e:e0:33:b9:ce:4f:c9:30:d0:bb:93:d7:00:
         d8:2e:1d:a7:15:d1:79:e3:34:a3:c9:b6:1a:1b:cb:12:28:c7:
         09:20:94:bb:70:bf:03:b3:82:62:86:a3:ee:57:6f:c1:4c:6f:
         68:08:a7:7f:c6:36:9a:5e:93:ed:c1:2e:b1:c4:ec:74:4c:e8:
         c7:05:44:0b:7d:06:79:27:6b:06:e1:86:13:a8:51:63:97:c3:
         e4:65:ec:18:db:65:60:9a:ce:e8:a9:d9:42:f4:ae:ca:36:87:
         de:a8:df:82:8c:c9:1b:36:18:c0:73:4b:31:e2:32:5b:8e:aa:
         f2:c2:8b:35:e6:ca:f9:32:15:af:27:dc:d3:1d:19:e7:e2:36:
         81:8e:96:b9:86:b3:1d:db:a9:12:69:a8:de:7f:53:af:c2:86:
         8a:68:b3:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWUGI6oWkDnAtsHTpLsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQ5NWY0YTU3Mjg0MWYzZTc0YjZjNzYxODZlMDkxNmQyYjI3YTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoXfoSqPxV/bWhi7f6CUy9+QVRLS
MwibQiOQ1Y9tkJZ1q1nIwlKiM4D5uXFXgSsPQrbH/hbS8EaeMurQg+q01O7xShcQ
Jo303gRf4M2MVW6NDVqFLQ9JC5Pf6cS8vz/LC3tnEbVwUePeJfQ3d4eM1bpiXXgm
GUdFHBiSYcnYEM8AE1k35ftb26evP+kQIvAGMlgpElnAKt+vZoVqiHBnJNtriTay
YlruBVtpeWNozBHrwZ489vnfaB8nriHIG+2jJWTjOBvlzT+ExurmQjZPnlNKlV1i
7dO4C73nK07KenclSzhXqS0/Ay7WNTfq4YyvDaALnRJPEQsgbnfuaaFlNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbZX0pXKEHz50tsdhhuCRbSsnpCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOXRsZlNsY29RZlBuUzJ4MkdHNEpGdEt5ZWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdWVMA0G
CSqGSIb3DQEBCwUAA4IBAQAtuXEhFz4RywroL1XZpBUoHTLusJ6wtHqIG4zYxvft
Fb1nPp7fwQpgqkjYP8ePOA73ERF2vEwlfuSUPrRSsrc5FlXlUrIbRI+ofwOAOLDF
gKXsEtz+JM7R8sF6yIJPyV7gM7nOT8kw0LuT1wDYLh2nFdF54zSjybYaG8sSKMcJ
IJS7cL8Ds4JihqPuV2/BTG9oCKd/xjaaXpPtwS6xxOx0TOjHBUQLfQZ5J2sG4YYT
qFFjl8PkZewY22Vgms7oqdlC9K7KNofeqN+CjMkbNhjAc0sx4jJbjqrywos15sr5
MhWvJ9zTHRnn4jaBjpa5hrMd26kSaajef1OvwoaKaLMW
-----END CERTIFICATE-----