Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Aa1GoCDbRaZh7vXJGZS-n8MzDIo.roa
File:                     Aa1GoCDbRaZh7vXJGZS-n8MzDIo.roa (raw, json)
Hash identifier:          cL92Equ7bmryA/U2csrko3F+JTTxrSR7md4KJN1pyF0=
Subject key identifier:   01:AD:46:A0:20:DB:45:A6:61:EE:F5:C9:19:94:BE:9F:C3:33:0C:8A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018EA54E72322B597357C37025344993C415
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Aa1GoCDbRaZh7vXJGZS-n8MzDIo.roa
Signing time:             Wed 03 Apr 2024 18:52:45 +0000
ROA not before:           Wed 03 Apr 2024 18:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400810
IP address blocks:        80.240.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:4e:72:32:2b:59:73:57:c3:70:25:34:49:93:c4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  3 18:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01ad46a020db45a661eef5c91994be9fc3330c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3e:2f:f5:c9:f5:40:5e:d8:41:4a:44:60:a0:
                    2f:3f:ba:a7:24:24:ae:35:62:d0:5e:f1:bd:1c:5a:
                    02:aa:11:d6:87:d1:f0:7a:5a:82:f7:c8:e1:ac:40:
                    d9:53:c3:8c:36:43:de:23:35:d6:0b:51:7d:fe:84:
                    e2:e8:01:10:60:34:ac:16:7a:84:65:67:c4:37:0c:
                    ca:84:aa:d7:32:1e:66:55:a5:25:ca:7f:b1:2e:81:
                    86:d1:b6:c1:51:62:79:72:b6:60:20:23:25:66:22:
                    14:c8:6f:61:24:88:e4:3b:f3:29:fd:52:8d:48:e5:
                    e3:e0:eb:40:6d:12:36:5c:c4:26:7f:5d:30:54:3b:
                    d5:76:6c:9b:01:43:91:d9:bd:80:f4:c4:e7:d5:45:
                    b6:56:4c:f0:9a:ce:a4:5f:14:b7:8a:7f:04:6b:93:
                    26:a3:b3:b2:4d:40:4b:fb:f5:6a:cd:3c:e1:44:df:
                    c8:3c:fb:1a:64:be:64:46:4b:45:85:89:ea:0f:dc:
                    b0:cd:72:72:8f:b6:31:48:a5:27:62:3b:5a:18:fa:
                    7f:56:16:18:ca:cd:71:19:53:1f:66:d1:35:6f:49:
                    1b:77:42:9f:80:e7:a8:4b:6e:aa:49:77:11:2a:9b:
                    df:4b:38:b9:58:49:f9:08:bc:66:b2:04:88:fa:24:
                    6d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:AD:46:A0:20:DB:45:A6:61:EE:F5:C9:19:94:BE:9F:C3:33:0C:8A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Aa1GoCDbRaZh7vXJGZS-n8MzDIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:5f:91:49:a5:d3:ff:33:cf:86:1d:7f:da:5c:c2:e7:09:d1:
         94:85:f4:3f:ea:bf:73:00:3b:2d:c5:3e:f5:2f:0e:7b:d4:6a:
         19:59:b4:63:6f:e8:30:0f:30:72:12:61:6e:20:9f:c3:8e:92:
         79:93:66:21:e3:e5:55:1f:45:71:b3:a7:50:ed:98:81:87:13:
         db:4d:5c:49:41:7c:0f:ab:69:d9:5e:39:8b:21:9d:ed:94:cd:
         a8:55:40:e8:a8:07:f2:61:6d:4c:2e:c0:94:d1:53:b2:19:02:
         97:b1:1e:3b:0e:c3:3e:8a:ad:84:6d:07:10:f4:b6:65:32:c9:
         c7:cf:f6:1b:3e:a6:8d:46:ec:e6:5d:43:12:48:40:68:c9:78:
         1c:58:fc:11:06:1f:b6:c5:19:9b:22:ae:c2:3b:08:d7:1e:54:
         59:e0:9d:28:3f:90:38:19:6f:a5:61:91:97:b5:29:21:4f:16:
         01:70:c5:ba:39:ef:e9:d3:0b:ba:be:43:3b:05:23:ee:59:dc:
         b7:a6:50:41:33:99:4a:4e:b7:b2:fb:a7:64:c0:d4:72:ec:91:
         17:37:79:ef:da:66:7e:8c:65:e5:d7:73:4f:33:15:e8:58:b6:
         64:cc:45:44:93:9d:d3:84:fd:c2:d4:f1:c9:32:a5:44:f1:28:
         c9:c6:eb:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6lTnIyK1lzV8NwJTRJk8QVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDAzMTg1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWFkNDZhMDIwZGI0NWE2NjFlZWY1YzkxOTk0YmU5ZmMzMzMwYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhT4v9cn1QF7YQUpEYKAvP7qnJCSu
NWLQXvG9HFoCqhHWh9HwelqC98jhrEDZU8OMNkPeIzXWC1F9/oTi6AEQYDSsFnqE
ZWfENwzKhKrXMh5mVaUlyn+xLoGG0bbBUWJ5crZgICMlZiIUyG9hJIjkO/Mp/VKN
SOXj4OtAbRI2XMQmf10wVDvVdmybAUOR2b2A9MTn1UW2Vkzwms6kXxS3in8Ea5Mm
o7OyTUBL+/VqzTzhRN/IPPsaZL5kRktFhYnqD9ywzXJyj7YxSKUnYjtaGPp/VhYY
ys1xGVMfZtE1b0kbd0KfgOeoS26qSXcRKpvfSzi5WEn5CLxmsgSI+iRt0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGtRqAg20WmYe71yRmUvp/DMwyKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQWExR29DRGJSYVpoN3ZYSkdaUy1uOE16RElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPBUMA0G
CSqGSIb3DQEBCwUAA4IBAQAOX5FJpdP/M8+GHX/aXMLnCdGUhfQ/6r9zADstxT71
Lw571GoZWbRjb+gwDzByEmFuIJ/DjpJ5k2Yh4+VVH0Vxs6dQ7ZiBhxPbTVxJQXwP
q2nZXjmLIZ3tlM2oVUDoqAfyYW1MLsCU0VOyGQKXsR47DsM+iq2EbQcQ9LZlMsnH
z/YbPqaNRuzmXUMSSEBoyXgcWPwRBh+2xRmbIq7COwjXHlRZ4J0oP5A4GW+lYZGX
tSkhTxYBcMW6Oe/p0wu6vkM7BSPuWdy3plBBM5lKTrey+6dkwNRy7JEXN3nv2mZ+
jGXl13NPMxXoWLZkzEVEk53ThP3C1PHJMqVE8SjJxuuC
-----END CERTIFICATE-----