Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AYIbTpDMtPCq8ebHYPc78Qjtl4Q.roa
File:                     AYIbTpDMtPCq8ebHYPc78Qjtl4Q.roa (raw, json)
Hash identifier:          ax91p6BJFu1deHbiGVGdv0CYrj4UUzbJpFHYl1mQNts=
Subject key identifier:   01:82:1B:4E:90:CC:B4:F0:AA:F1:E6:C7:60:F7:3B:F1:08:ED:97:84
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190DBF97F5BCE81EE78A7059BE3B1B75ED3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AYIbTpDMtPCq8ebHYPc78Qjtl4Q.roa
Signing time:             Mon 22 Jul 2024 19:44:39 +0000
ROA not before:           Mon 22 Jul 2024 19:44:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214618
IP address blocks:        109.176.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:f9:7f:5b:ce:81:ee:78:a7:05:9b:e3:b1:b7:5e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 22 19:44:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01821b4e90ccb4f0aaf1e6c760f73bf108ed9784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6a:50:19:fe:8d:eb:f2:0b:a0:fe:a5:74:99:
                    12:27:ae:47:d2:bc:b0:02:74:9c:e3:01:f6:10:1e:
                    51:90:3c:43:35:7d:52:16:c1:cd:bd:14:88:49:51:
                    7c:09:68:ca:6e:c0:ec:1c:e9:af:79:db:4b:72:8b:
                    bb:34:10:54:38:e9:bc:51:b3:fb:19:8a:96:9b:39:
                    63:a5:4b:94:d2:73:ef:02:e8:53:00:10:7d:fa:b1:
                    e2:ff:e9:e8:e0:ee:1b:dc:d6:ae:e5:1e:05:38:07:
                    fc:5b:b2:d0:87:a9:44:37:ba:2e:b5:cb:60:61:02:
                    ec:91:2a:63:9b:3a:63:21:3d:71:25:57:d6:6e:35:
                    a8:1a:88:4a:4a:5b:a7:3e:0d:df:4a:5d:0c:21:30:
                    06:49:25:18:7b:cb:11:4d:50:5a:c1:ab:7a:3e:de:
                    c5:bf:8b:e9:b9:cc:60:7f:79:58:c4:1c:f1:e0:5c:
                    7e:10:be:c6:65:53:c0:f6:0e:22:69:56:30:81:43:
                    c2:60:a6:c7:4d:af:94:93:29:db:8a:6a:ef:b1:67:
                    5b:a0:ac:b1:4c:69:aa:ae:dd:c8:79:65:6a:dc:58:
                    2b:da:35:87:58:7d:d0:3c:fb:03:e6:c4:4e:71:91:
                    20:12:80:5c:ad:11:aa:4e:8f:45:d3:77:55:09:76:
                    85:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:82:1B:4E:90:CC:B4:F0:AA:F1:E6:C7:60:F7:3B:F1:08:ED:97:84
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AYIbTpDMtPCq8ebHYPc78Qjtl4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a8:06:59:ef:d3:28:36:77:07:41:28:05:3f:29:63:1e:89:
         7c:a5:da:c5:5a:8e:d0:0a:10:31:9f:0d:31:f9:d4:b4:a0:2f:
         db:78:f8:d6:fd:51:51:d8:48:16:0d:35:08:de:c1:f9:6d:27:
         55:36:a5:55:7d:7d:be:2d:13:f2:af:ff:d8:3f:87:6a:b7:cf:
         e7:08:7f:44:73:cd:52:30:ad:b9:03:e0:7a:4f:79:00:fe:fd:
         ce:f0:2d:ac:3f:de:81:0f:bd:74:e7:95:62:27:c2:fc:8a:b4:
         22:57:48:5b:60:e8:01:4a:10:8d:b1:8d:7a:bc:00:e1:aa:61:
         b8:cf:04:7e:f9:42:82:e2:fc:ac:30:31:41:b5:fe:37:36:2b:
         56:0c:75:ba:fd:4d:7c:95:31:88:7c:c7:16:a4:be:eb:2d:5d:
         bb:50:bf:95:78:fe:42:42:9e:23:2c:4b:8c:53:ff:ae:51:1f:
         02:30:c0:41:bc:f0:17:99:53:7f:5e:7c:76:0a:37:2b:7c:bc:
         91:eb:86:8d:b1:6b:15:5d:b4:63:17:6e:bb:a1:97:e6:d7:62:
         5c:23:97:68:a1:37:a3:5b:ec:5c:e1:df:65:e7:85:a0:53:2a:
         94:69:96:eb:a4:22:52:34:d8:eb:eb:f4:7a:85:7c:a9:f0:9f:
         db:11:80:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDb+X9bzoHueKcFm+Oxt17TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzIyMTk0NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTgyMWI0ZTkwY2NiNGYwYWFmMWU2Yzc2MGY3M2JmMTA4ZWQ5Nzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmpQGf6N6/ILoP6ldJkSJ65H0ryw
AnSc4wH2EB5RkDxDNX1SFsHNvRSISVF8CWjKbsDsHOmvedtLcou7NBBUOOm8UbP7
GYqWmzljpUuU0nPvAuhTABB9+rHi/+no4O4b3Nau5R4FOAf8W7LQh6lEN7outctg
YQLskSpjmzpjIT1xJVfWbjWoGohKSlunPg3fSl0MITAGSSUYe8sRTVBawat6Pt7F
v4vpucxgf3lYxBzx4Fx+EL7GZVPA9g4iaVYwgUPCYKbHTa+UkynbimrvsWdboKyx
TGmqrt3IeWVq3Fgr2jWHWH3QPPsD5sROcZEgEoBcrRGqTo9F03dVCXaFTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGCG06QzLTwqvHmx2D3O/EI7ZeEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQVlJYlRwRE10UENxOGViSFlQYzc4UWp0bDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDvMA0G
CSqGSIb3DQEBCwUAA4IBAQCLqAZZ79MoNncHQSgFPyljHol8pdrFWo7QChAxnw0x
+dS0oC/bePjW/VFR2EgWDTUI3sH5bSdVNqVVfX2+LRPyr//YP4dqt8/nCH9Ec81S
MK25A+B6T3kA/v3O8C2sP96BD71055ViJ8L8irQiV0hbYOgBShCNsY16vADhqmG4
zwR++UKC4vysMDFBtf43NitWDHW6/U18lTGIfMcWpL7rLV27UL+VeP5CQp4jLEuM
U/+uUR8CMMBBvPAXmVN/Xnx2CjcrfLyR64aNsWsVXbRjF267oZfm12JcI5dooTej
W+xc4d9l54WgUyqUaZbrpCJSNNjr6/R6hXyp8J/bEYAB
-----END CERTIFICATE-----