Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ARO4JF6yuFnQyiVqg7HgpIVhEE4.roa
File:                     ARO4JF6yuFnQyiVqg7HgpIVhEE4.roa (raw, json)
Hash identifier:          7lemRK+C+W3f98Xlx39xQTEXVyasBqktEy65TdXrJU4=
Subject key identifier:   01:13:B8:24:5E:B2:B8:59:D0:CA:25:6A:83:B1:E0:A4:85:61:10:4E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01919E163C2BCD882BE3BB2531E1395D31D5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ARO4JF6yuFnQyiVqg7HgpIVhEE4.roa
Signing time:             Thu 29 Aug 2024 12:22:22 +0000
ROA not before:           Thu 29 Aug 2024 12:22:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216425
IP address blocks:        89.213.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9e:16:3c:2b:cd:88:2b:e3:bb:25:31:e1:39:5d:31:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 29 12:22:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0113b8245eb2b859d0ca256a83b1e0a48561104e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:57:cf:3f:bd:af:db:ca:ce:3c:4a:8f:ad:3e:
                    88:92:a1:6a:70:f6:fe:e6:68:29:07:2d:da:74:70:
                    3e:80:22:86:16:c0:92:5d:9f:48:49:25:1e:13:63:
                    0a:84:ea:49:68:e7:f1:ab:bd:a5:ab:a8:8c:27:b8:
                    05:a3:c5:04:88:38:17:d6:4d:da:62:f9:18:f2:a6:
                    17:33:e7:8b:1e:57:9c:35:22:f7:d5:fc:0a:4f:55:
                    96:01:71:78:76:21:56:28:20:87:04:16:43:7b:d3:
                    ee:0f:fa:6f:ae:f0:41:d3:89:e7:2e:28:64:f6:59:
                    27:97:35:36:23:0c:d4:cc:60:d4:45:6a:a1:1f:69:
                    5d:b5:1e:bc:c0:38:69:c5:a3:3c:f8:37:b7:7a:6b:
                    ac:a7:61:bd:1b:fc:fc:40:09:89:1a:4f:58:fd:08:
                    2e:c5:53:c3:9f:05:4d:e9:27:c3:87:a6:7e:75:1d:
                    bc:7d:83:c4:92:a1:41:1f:01:9f:7b:a9:ca:47:1f:
                    9b:fd:04:81:66:e1:2f:86:7f:e8:cd:58:11:fd:48:
                    ce:4f:e3:c2:67:3d:e6:d4:33:bf:a3:33:ee:9f:6e:
                    94:3a:ac:ec:dd:f4:94:a0:c3:97:12:7e:9a:d0:ea:
                    03:83:6e:59:68:91:c1:da:89:83:9a:08:ed:ba:97:
                    63:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:13:B8:24:5E:B2:B8:59:D0:CA:25:6A:83:B1:E0:A4:85:61:10:4E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ARO4JF6yuFnQyiVqg7HgpIVhEE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:36:36:f7:82:ed:87:81:18:9c:58:9c:f5:f7:c3:7b:9b:72:
         2e:3c:86:3a:fc:0b:d1:91:9e:23:08:67:04:80:5b:6e:6e:5d:
         7d:cc:b1:56:b7:c8:d0:74:ba:60:e2:1d:18:ff:37:8f:f9:83:
         5d:f6:12:63:f8:eb:10:ce:6b:ec:62:23:0f:b1:20:49:33:11:
         2a:72:21:00:1e:4f:b5:ae:f3:07:7a:4b:e9:24:51:98:ea:56:
         2e:60:32:ff:40:30:d6:a2:6d:18:4a:94:5e:d0:da:b2:48:84:
         2c:4a:95:3b:0d:0c:f6:d0:e3:32:32:51:e6:ad:52:06:c7:b7:
         44:60:2f:ad:87:3f:bc:de:d9:45:3e:08:22:1e:ca:29:c4:1d:
         53:fb:b2:a4:07:c3:8e:b0:c2:7c:76:ce:33:6b:16:10:db:e8:
         23:42:85:37:9f:ea:ff:b8:5e:f2:4a:64:ac:fb:c1:56:26:8d:
         e6:df:f0:3a:8f:41:45:db:8e:14:d7:34:e6:63:82:60:19:c4:
         53:42:0f:72:5a:29:6d:0b:ae:f3:fc:98:16:31:f5:32:48:52:
         e8:8f:d2:22:ed:ee:a4:b7:f7:b3:bf:ba:92:f0:de:05:ed:ed:
         93:35:70:14:fa:06:cf:7e:b2:fa:44:3d:be:66:c3:74:c6:4d:
         81:62:f0:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGeFjwrzYgr47slMeE5XTHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODI5MTIyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTEzYjgyNDVlYjJiODU5ZDBjYTI1NmE4M2IxZTBhNDg1NjExMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFfPP72v28rOPEqPrT6IkqFqcPb+
5mgpBy3adHA+gCKGFsCSXZ9ISSUeE2MKhOpJaOfxq72lq6iMJ7gFo8UEiDgX1k3a
YvkY8qYXM+eLHlecNSL31fwKT1WWAXF4diFWKCCHBBZDe9PuD/pvrvBB04nnLihk
9lknlzU2IwzUzGDURWqhH2ldtR68wDhpxaM8+De3emusp2G9G/z8QAmJGk9Y/Qgu
xVPDnwVN6SfDh6Z+dR28fYPEkqFBHwGfe6nKRx+b/QSBZuEvhn/ozVgR/UjOT+PC
Zz3m1DO/ozPun26UOqzs3fSUoMOXEn6a0OoDg25ZaJHB2omDmgjtupdjPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAETuCResrhZ0MolaoOx4KSFYRBOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQVJPNEpGNnl1Rm5ReWlWcWc3SGdwSVZoRUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdX4MA0G
CSqGSIb3DQEBCwUAA4IBAQB6Njb3gu2HgRicWJz198N7m3IuPIY6/AvRkZ4jCGcE
gFtubl19zLFWt8jQdLpg4h0Y/zeP+YNd9hJj+OsQzmvsYiMPsSBJMxEqciEAHk+1
rvMHekvpJFGY6lYuYDL/QDDWom0YSpRe0NqySIQsSpU7DQz20OMyMlHmrVIGx7dE
YC+thz+83tlFPggiHsopxB1T+7KkB8OOsMJ8ds4zaxYQ2+gjQoU3n+r/uF7ySmSs
+8FWJo3m3/A6j0FF244U1zTmY4JgGcRTQg9yWiltC67z/JgWMfUySFLoj9Ii7e6k
t/ezv7qS8N4F7e2TNXAU+gbPfrL6RD2+ZsN0xk2BYvDR
-----END CERTIFICATE-----