Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CFsT1Ge52g4j6tNrOE4yFGNfWOA.roa
File:                     CFsT1Ge52g4j6tNrOE4yFGNfWOA.roa (raw, json)
Hash identifier:          pJDcoo+j6DqYJCNTGeWamoz3/AxGR2K7l6oGKTgMw2Q=
Subject key identifier:   08:5B:13:D4:67:B9:DA:0E:23:EA:D3:6B:38:4E:32:14:63:5F:58:E0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FE931D436DBEB1153640C31FEC3304A88
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CFsT1Ge52g4j6tNrOE4yFGNfWOA.roa
Signing time:             Wed 05 Jun 2024 16:18:27 +0000
ROA not before:           Wed 05 Jun 2024 16:18:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49127
IP address blocks:        109.176.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e9:31:d4:36:db:eb:11:53:64:0c:31:fe:c3:30:4a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  5 16:18:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=085b13d467b9da0e23ead36b384e3214635f58e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ef:56:3f:ae:9b:88:63:f7:be:11:59:d6:ba:
                    ad:7f:bc:af:83:ff:5f:bb:13:c1:56:ee:66:38:23:
                    d3:98:eb:50:da:da:e2:48:26:05:7b:09:a0:52:2c:
                    62:da:ba:79:d7:a0:b9:eb:89:39:82:de:48:55:a3:
                    26:27:43:2f:c4:a8:05:07:ec:da:10:1d:db:1e:25:
                    37:9f:e7:53:c8:bf:69:b3:c5:64:50:3a:89:1d:9b:
                    32:b7:3f:67:96:a5:4b:c2:01:a6:cb:c4:ea:9a:42:
                    c9:89:3d:4e:f2:d3:b4:6b:e3:01:05:51:28:2f:af:
                    ba:fa:fe:fc:5b:2e:68:2f:7c:94:33:0a:43:53:b4:
                    58:f0:2c:02:a4:64:46:64:13:25:47:ed:21:42:ef:
                    6c:ef:42:32:1b:20:4d:20:4b:b4:fa:97:9e:b2:b9:
                    ed:8b:be:83:bd:36:f7:48:90:27:c1:c7:80:33:c8:
                    be:3a:62:c6:b5:10:e5:de:39:2f:80:35:ba:89:53:
                    49:7b:6d:0c:fa:d0:e0:08:1f:fe:98:26:a6:d4:6d:
                    56:76:76:f3:0a:4b:ad:a8:a3:96:3d:ba:a2:01:99:
                    cb:9b:80:2c:16:b0:c7:be:68:56:90:ed:eb:12:93:
                    81:13:c7:6a:20:b7:87:e1:5d:8b:9b:1e:fc:fc:a0:
                    bd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5B:13:D4:67:B9:DA:0E:23:EA:D3:6B:38:4E:32:14:63:5F:58:E0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CFsT1Ge52g4j6tNrOE4yFGNfWOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:5a:1f:84:a6:d0:87:a0:a6:d6:4c:6b:8f:71:97:3b:94:54:
         0f:2d:35:35:2e:c0:1d:05:cb:43:e9:89:48:d7:f7:a6:ad:d8:
         d0:52:21:1d:16:ab:86:4c:ee:09:02:c2:c6:be:8f:68:fd:e5:
         41:66:f9:f7:2a:24:16:21:c6:e4:bd:d1:f1:c7:f3:ee:8b:a5:
         28:99:5d:e8:6c:65:33:2f:0e:7b:03:8d:5d:2e:d3:d4:89:5f:
         35:42:57:7b:26:96:4b:1f:89:bf:d8:47:9b:60:03:82:09:69:
         41:f7:18:5b:b7:f1:e6:08:1a:d4:a1:56:74:bf:55:f0:eb:16:
         e1:6e:62:14:2d:fa:96:f3:1f:ff:68:f6:29:51:b2:22:6d:e7:
         fc:ee:25:09:13:4b:cf:8a:62:63:b1:be:92:dc:a2:7b:1e:04:
         44:19:81:75:f8:b2:45:75:6d:a8:db:f6:d0:58:9b:c2:3b:58:
         b1:9c:85:20:59:bf:95:79:6b:de:7a:18:30:77:94:70:04:a9:
         8e:9a:79:73:70:26:a4:b1:a9:09:6b:34:1e:ee:91:c4:2b:a3:
         b8:79:70:03:21:f5:e2:ff:fa:c5:0e:f2:dc:30:2b:32:ae:c3:
         02:e2:26:8b:90:d2:33:db:8c:97:d4:95:ac:70:11:88:29:b1:
         87:16:59:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/pMdQ22+sRU2QMMf7DMEqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjA1MTYxODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODViMTNkNDY3YjlkYTBlMjNlYWQzNmIzODRlMzIxNDYzNWY1OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje9WP66biGP3vhFZ1rqtf7yvg/9f
uxPBVu5mOCPTmOtQ2triSCYFewmgUixi2rp516C564k5gt5IVaMmJ0MvxKgFB+za
EB3bHiU3n+dTyL9ps8VkUDqJHZsytz9nlqVLwgGmy8TqmkLJiT1O8tO0a+MBBVEo
L6+6+v78Wy5oL3yUMwpDU7RY8CwCpGRGZBMlR+0hQu9s70IyGyBNIEu0+peesrnt
i76DvTb3SJAnwceAM8i+OmLGtRDl3jkvgDW6iVNJe20M+tDgCB/+mCam1G1Wdnbz
CkutqKOWPbqiAZnLm4AsFrDHvmhWkO3rEpOBE8dqILeH4V2Lmx78/KC9owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhbE9RnudoOI+rTazhOMhRjX1jgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ0ZzVDFHZTUyZzRqNnROck9FNHlGR05mV09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDPMA0G
CSqGSIb3DQEBCwUAA4IBAQCDWh+EptCHoKbWTGuPcZc7lFQPLTU1LsAdBctD6YlI
1/emrdjQUiEdFquGTO4JAsLGvo9o/eVBZvn3KiQWIcbkvdHxx/Pui6UomV3obGUz
Lw57A41dLtPUiV81Qld7JpZLH4m/2EebYAOCCWlB9xhbt/HmCBrUoVZ0v1Xw6xbh
bmIULfqW8x//aPYpUbIibef87iUJE0vPimJjsb6S3KJ7HgREGYF1+LJFdW2o2/bQ
WJvCO1ixnIUgWb+VeWveehgwd5RwBKmOmnlzcCaksakJazQe7pHEK6O4eXADIfXi
//rFDvLcMCsyrsMC4iaLkNIz24yX1JWscBGIKbGHFllU
-----END CERTIFICATE-----