Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Butgw2PeaHMZtjA8WSDfodkkC1w.roa
File:                     Butgw2PeaHMZtjA8WSDfodkkC1w.roa (raw, json)
Hash identifier:          TXf4+fAmZtjQtNx3rorvWey4NAnR1KZlVYsU/esS+hw=
Subject key identifier:   06:EB:60:C3:63:DE:68:73:19:B6:30:3C:59:20:DF:A1:D9:24:0B:5C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144201280727850103D8D827FD385D3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Butgw2PeaHMZtjA8WSDfodkkC1w.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214285
IP address blocks:        213.210.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:20:12:80:72:78:50:10:3d:8d:82:7f:d3:85:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06eb60c363de687319b6303c5920dfa1d9240b5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ff:c7:7d:27:a7:ab:ae:37:e3:49:9d:76:01:
                    2e:97:d9:0c:89:38:50:e6:c6:85:21:7c:ba:77:09:
                    c0:41:32:2b:87:5d:c5:49:de:40:30:f8:0c:81:c0:
                    e2:53:e9:e7:13:8f:13:27:cb:41:92:ad:b7:da:bf:
                    ef:99:ac:fe:56:52:2f:8d:fa:2e:fc:24:45:ac:ca:
                    9a:10:3a:44:22:52:c6:b3:65:e2:1d:60:07:48:83:
                    aa:01:3e:68:a2:d7:93:c9:40:97:ba:80:74:84:62:
                    60:d6:2d:5d:88:9b:89:13:9f:61:e8:f2:de:ca:ee:
                    51:a1:e1:46:96:a6:5a:b0:c2:5a:55:42:a1:34:0c:
                    d0:b2:34:3b:9d:c7:53:42:8b:8a:db:c0:37:5d:34:
                    2f:cb:78:fb:01:f3:1c:04:1f:14:26:a8:44:1f:d5:
                    17:7b:ce:b1:bf:34:5a:6b:98:a6:de:20:45:1c:25:
                    64:66:19:43:aa:3a:cc:a3:41:16:0d:d6:9f:09:f2:
                    f7:22:c1:95:68:8d:f0:1d:0e:97:50:0a:4b:79:83:
                    1e:18:67:14:9c:25:42:79:22:a9:be:07:d2:55:93:
                    cd:df:e0:a5:82:a1:80:cb:ba:87:98:16:87:15:60:
                    15:dd:eb:80:de:f6:c6:ab:02:f9:68:0d:73:bc:e2:
                    19:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:EB:60:C3:63:DE:68:73:19:B6:30:3C:59:20:DF:A1:D9:24:0B:5C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Butgw2PeaHMZtjA8WSDfodkkC1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ff:ea:ec:e2:37:81:a7:41:73:6e:48:e2:25:54:7c:62:c9:
         26:b3:aa:78:c6:dc:95:2b:63:fc:54:91:39:0c:ce:41:e8:ab:
         ad:f6:ce:e3:2f:55:74:95:77:21:85:b6:3f:e1:a8:2d:b5:e5:
         56:7c:40:44:6d:76:08:33:69:2c:19:47:c7:4e:0d:9c:0d:6a:
         9e:52:ce:bd:8a:c6:68:09:9b:ac:da:3c:65:a8:10:08:e9:46:
         13:79:65:be:ca:8a:d3:d0:63:d6:b3:37:52:3f:33:79:a6:73:
         6e:4a:50:10:c5:44:8b:06:e6:00:88:b9:31:3a:1a:1c:55:d3:
         a1:b0:3e:f1:c4:d1:6f:92:ab:0d:01:a3:83:09:ef:06:1b:cb:
         d6:7b:74:a0:83:35:f0:86:5b:9a:fe:10:88:eb:e6:67:8e:2e:
         99:61:68:96:12:f1:fe:16:24:1b:e8:16:58:ca:94:b8:d2:6d:
         71:4b:bb:2c:68:fc:87:22:35:30:45:00:3a:e6:eb:b6:d0:47:
         59:60:36:9f:88:66:71:f5:48:b9:e4:7b:0e:78:c2:6b:79:d3:
         d0:20:57:74:48:25:5e:0b:e0:58:e6:f8:6f:41:93:61:85:74:
         cc:97:7a:db:94:f8:b8:d1:ef:5d:5c:47:d1:30:3d:8e:45:e7:
         b3:f6:d7:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCASgHJ4UBA9jYJ/04XTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmViNjBjMzYzZGU2ODczMTliNjMwM2M1OTIwZGZhMWQ5MjQwYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf/HfSenq64340mddgEul9kMiThQ
5saFIXy6dwnAQTIrh13FSd5AMPgMgcDiU+nnE48TJ8tBkq232r/vmaz+VlIvjfou
/CRFrMqaEDpEIlLGs2XiHWAHSIOqAT5ooteTyUCXuoB0hGJg1i1diJuJE59h6PLe
yu5RoeFGlqZasMJaVUKhNAzQsjQ7ncdTQouK28A3XTQvy3j7AfMcBB8UJqhEH9UX
e86xvzRaa5im3iBFHCVkZhlDqjrMo0EWDdafCfL3IsGVaI3wHQ6XUApLeYMeGGcU
nCVCeSKpvgfSVZPN3+ClgqGAy7qHmBaHFWAV3euA3vbGqwL5aA1zvOIZuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbrYMNj3mhzGbYwPFkg36HZJAtcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQnV0Z3cyUGVhSE1adGpBOFdTRGZvZGtrQzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dInMA0G
CSqGSIb3DQEBCwUAA4IBAQAV/+rs4jeBp0FzbkjiJVR8Yskms6p4xtyVK2P8VJE5
DM5B6Kut9s7jL1V0lXchhbY/4agtteVWfEBEbXYIM2ksGUfHTg2cDWqeUs69isZo
CZus2jxlqBAI6UYTeWW+yorT0GPWszdSPzN5pnNuSlAQxUSLBuYAiLkxOhocVdOh
sD7xxNFvkqsNAaODCe8GG8vWe3SggzXwhlua/hCI6+Znji6ZYWiWEvH+FiQb6BZY
ypS40m1xS7ssaPyHIjUwRQA65uu20EdZYDafiGZx9Ui55HsOeMJredPQIFd0SCVe
C+BY5vhvQZNhhXTMl3rblPi40e9dXEfRMD2OReez9tdZ
-----END CERTIFICATE-----