Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AmPk3tLVygBNlRgrO0wWzUddUlg.roa
File:                     AmPk3tLVygBNlRgrO0wWzUddUlg.roa (raw, json)
Hash identifier:          hW1Eap2xMqOaR2T8W44pzleROO6IFrLMKNUeYF4OKeY=
Subject key identifier:   02:63:E4:DE:D2:D5:CA:00:4D:95:18:2B:3B:4C:16:CD:47:5D:52:58
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E1468D6B923D9EE734AA55FC3604
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AmPk3tLVygBNlRgrO0wWzUddUlg.roa
Signing time:             Wed 01 Jan 2025 09:48:04 +0000
ROA not before:           Wed 01 Jan 2025 09:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43043
IP address blocks:        194.105.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e1:46:8d:6b:92:3d:9e:e7:34:aa:55:fc:36:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0263e4ded2d5ca004d95182b3b4c16cd475d5258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1a:74:e8:03:47:7f:46:13:a0:34:15:fe:b5:
                    e1:1e:12:44:e0:91:4d:d8:f5:bb:ef:a3:b9:91:56:
                    c3:fb:7b:c8:d2:a9:a3:d4:fc:4d:b6:e8:3c:87:dd:
                    b0:a3:52:4d:e7:a6:cb:0c:13:bf:ea:26:7e:37:f3:
                    f7:8f:73:c0:39:5b:4a:7c:f3:2a:e4:41:4d:e7:75:
                    9a:89:fe:59:98:5f:b1:c1:b3:dc:3e:b5:35:5e:2f:
                    1c:cd:0b:70:94:b5:f8:0c:b7:6f:b7:70:f7:62:f5:
                    bd:13:f4:77:f6:be:1e:45:5d:4e:7d:25:23:30:8e:
                    ad:d6:31:0e:f3:90:49:bf:35:be:56:34:07:c4:b8:
                    db:f1:36:a9:91:20:a9:dc:d1:32:1e:c6:06:b2:65:
                    0d:5a:9a:d8:f0:6f:76:41:df:eb:1c:88:58:49:d3:
                    c8:14:c3:43:f5:a9:06:ae:1d:5d:17:fe:0e:2a:b3:
                    e7:12:2a:c0:f9:38:a8:73:9d:9f:fb:51:58:b5:2f:
                    8f:59:e5:0d:c9:21:f5:c0:f1:41:6a:14:10:ea:1e:
                    77:5b:cc:f5:a0:23:90:75:b5:9d:39:fb:e8:43:d2:
                    f5:46:23:7b:ae:d4:5a:10:2b:8d:cb:aa:7d:48:68:
                    b8:61:d1:c6:0f:c3:d9:34:fe:71:ee:e1:51:fe:22:
                    0f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:63:E4:DE:D2:D5:CA:00:4D:95:18:2B:3B:4C:16:CD:47:5D:52:58
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/AmPk3tLVygBNlRgrO0wWzUddUlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c1:62:c9:1d:a4:b7:ba:95:d1:35:72:69:3c:ca:e8:eb:f6:
         db:83:0f:b0:28:55:85:db:a2:a9:b6:12:2d:5f:45:de:46:16:
         d8:22:48:63:94:24:6e:b1:f7:57:7a:45:e4:52:1c:6e:a7:4d:
         18:f9:9f:61:2b:2e:cc:74:5b:c6:4f:b9:8f:a4:1a:61:97:37:
         5f:63:c5:09:c5:4e:34:90:7f:18:53:f6:44:9f:15:6e:88:87:
         93:b2:b4:36:26:a6:66:3a:24:fa:e8:ea:9d:a1:be:ed:c6:3d:
         d2:cd:58:36:85:a5:ea:47:9d:84:b5:0a:ad:c7:e7:ff:73:15:
         d8:c1:84:20:a8:46:21:be:74:fc:e6:af:1a:9d:48:0b:cc:d9:
         f8:24:e0:b8:f0:76:25:84:0c:35:d4:77:69:08:75:0d:2b:44:
         f3:0c:d1:d8:3a:d5:0a:f3:bf:a8:e8:96:75:0a:dd:29:b9:17:
         d7:90:d7:a7:53:3c:b6:22:69:80:96:2c:51:36:b0:d5:75:62:
         11:1c:25:92:c5:84:ec:99:c8:73:2e:3b:6b:45:a6:72:80:8f:
         e1:31:d7:c6:d1:3e:63:e6:4e:08:0e:c5:ff:70:f6:e0:9a:bb:
         7f:ab:63:c7:47:d9:b8:02:1e:27:50:ad:bc:c7:a4:94:11:f8:
         20:1f:75:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+FGjWuSPZ7nNKpV/DYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjYzZTRkZWQyZDVjYTAwNGQ5NTE4MmIzYjRjMTZjZDQ3NWQ1MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRp06ANHf0YToDQV/rXhHhJE4JFN
2PW776O5kVbD+3vI0qmj1PxNtug8h92wo1JN56bLDBO/6iZ+N/P3j3PAOVtKfPMq
5EFN53Waif5ZmF+xwbPcPrU1Xi8czQtwlLX4DLdvt3D3YvW9E/R39r4eRV1OfSUj
MI6t1jEO85BJvzW+VjQHxLjb8TapkSCp3NEyHsYGsmUNWprY8G92Qd/rHIhYSdPI
FMND9akGrh1dF/4OKrPnEirA+Tioc52f+1FYtS+PWeUNySH1wPFBahQQ6h53W8z1
oCOQdbWdOfvoQ9L1RiN7rtRaECuNy6p9SGi4YdHGD8PZNP5x7uFR/iIPWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJj5N7S1coATZUYKztMFs1HXVJYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQW1QazN0TFZ5Z0JObFJnck8wd1d6VWRkVWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmlQMA0G
CSqGSIb3DQEBCwUAA4IBAQAywWLJHaS3upXRNXJpPMro6/bbgw+wKFWF26KpthIt
X0XeRhbYIkhjlCRusfdXekXkUhxup00Y+Z9hKy7MdFvGT7mPpBphlzdfY8UJxU40
kH8YU/ZEnxVuiIeTsrQ2JqZmOiT66Oqdob7txj3SzVg2haXqR52EtQqtx+f/cxXY
wYQgqEYhvnT85q8anUgLzNn4JOC48HYlhAw11HdpCHUNK0TzDNHYOtUK87+o6JZ1
Ct0puRfXkNenUzy2ImmAlixRNrDVdWIRHCWSxYTsmchzLjtrRaZygI/hMdfG0T5j
5k4IDsX/cPbgmrt/q2PHR9m4Ah4nUK28x6SUEfggH3X3
-----END CERTIFICATE-----