Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ClyQ-0dYYc5MgWPY4LIeDa7WSrA.roa
File:                     ClyQ-0dYYc5MgWPY4LIeDa7WSrA.roa (raw, json)
Hash identifier:          Dtp+ku47SkcrnwKUGyBFl3VjnFBkBb61rU+XJUta56U=
Subject key identifier:   0A:5C:90:FB:47:58:61:CE:4C:81:63:D8:E0:B2:1E:0D:AE:D6:4A:B0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019493DFD38F16A3210A76D52E6CA557D46F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ClyQ-0dYYc5MgWPY4LIeDa7WSrA.roa
Signing time:             Thu 23 Jan 2025 15:55:06 +0000
ROA not before:           Thu 23 Jan 2025 15:55:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210542
IP address blocks:        82.152.49.0/24 maxlen: 24
                          213.218.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:93:df:d3:8f:16:a3:21:0a:76:d5:2e:6c:a5:57:d4:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 23 15:55:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a5c90fb475861ce4c8163d8e0b21e0daed64ab0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b1:ed:6f:bf:c7:06:f6:e7:94:3b:39:f1:13:
                    d9:63:e6:d6:d7:8f:5f:46:18:5d:eb:c8:54:5d:a6:
                    9d:0f:e5:41:a1:3e:65:11:16:b4:d5:82:b4:15:3c:
                    a0:17:70:d7:61:e3:d2:3e:04:69:25:81:88:17:f3:
                    f8:7a:c9:41:ce:9b:7b:3b:82:49:ef:ae:5d:1f:2b:
                    cf:da:e3:fe:bf:c7:0f:f9:09:08:9b:08:fb:e2:ac:
                    ab:f8:22:19:75:80:be:c2:56:59:4f:eb:6e:9a:d4:
                    ef:33:9f:69:2a:8b:2b:11:ad:9d:ca:ec:1b:46:fc:
                    82:65:07:6d:c0:17:05:48:9c:38:ce:32:81:5a:f9:
                    d5:cb:19:81:d3:6a:59:54:98:22:2f:71:8c:f6:7a:
                    4f:3d:87:a3:b9:e1:f2:f8:c4:c4:18:cd:a9:7b:ac:
                    06:a5:94:cd:ea:a7:72:42:80:8f:35:e0:72:71:69:
                    ae:3f:34:71:2e:1b:03:4c:e8:e4:2c:d2:ec:e9:03:
                    2e:e2:45:55:53:4b:11:45:8e:ab:80:55:38:5d:25:
                    d4:41:c2:c1:56:cd:98:f4:9d:ad:0d:c3:13:9a:a7:
                    5d:a7:79:9f:05:71:5f:6e:78:6d:50:72:66:43:3b:
                    bc:7f:76:4c:7d:fb:8a:d6:7d:b9:2b:0c:c3:18:51:
                    9b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5C:90:FB:47:58:61:CE:4C:81:63:D8:E0:B2:1E:0D:AE:D6:4A:B0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ClyQ-0dYYc5MgWPY4LIeDa7WSrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.49.0/24
                  213.218.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:68:ca:2f:61:21:dd:aa:25:8c:c7:47:c5:a0:2b:3e:e3:55:
         e9:6e:6a:1d:e4:ff:46:bb:ed:1c:51:ff:7f:a4:f3:bd:fe:24:
         59:bf:4c:f2:34:b6:ba:a0:c1:92:5a:85:a3:c4:dd:1d:b9:38:
         22:b6:b9:fd:e4:12:d2:53:a2:7e:ea:46:82:62:d4:79:58:9a:
         37:96:73:af:53:3a:85:96:60:df:f9:7b:6c:0c:87:09:f2:f7:
         09:1a:ea:2b:3b:44:49:49:91:54:8d:fa:61:e7:63:a7:cd:a2:
         18:c9:81:33:da:2a:c5:55:cb:ec:e5:a1:0c:73:ee:fd:00:0f:
         c8:b2:68:e6:b4:a1:45:ed:7b:01:82:a9:d8:2c:1b:8e:2a:3d:
         2e:a6:3d:69:68:43:63:92:9b:29:b4:b8:37:bb:03:e7:8b:3d:
         7e:28:53:4c:c8:5b:88:7e:80:ae:a9:19:c2:61:d3:e9:4a:cf:
         cc:e2:1e:88:1d:af:e5:27:43:5d:61:8f:bd:cf:da:72:aa:de:
         76:3c:b1:d3:97:67:d8:63:78:d1:85:f7:b9:95:79:ef:7f:53:
         82:37:79:e4:5b:f8:40:62:fd:1a:09:6a:40:e3:64:27:98:ab:
         29:00:a2:14:b2:c8:99:f1:2b:55:eb:84:4e:4a:f3:6f:95:80:
         c3:43:4e:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZST39OPFqMhCnbVLmylV9RvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTIzMTU1NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTVjOTBmYjQ3NTg2MWNlNGM4MTYzZDhlMGIyMWUwZGFlZDY0YWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLHtb7/HBvbnlDs58RPZY+bW149f
Rhhd68hUXaadD+VBoT5lERa01YK0FTygF3DXYePSPgRpJYGIF/P4eslBzpt7O4JJ
765dHyvP2uP+v8cP+QkImwj74qyr+CIZdYC+wlZZT+tumtTvM59pKosrEa2dyuwb
RvyCZQdtwBcFSJw4zjKBWvnVyxmB02pZVJgiL3GM9npPPYejueHy+MTEGM2pe6wG
pZTN6qdyQoCPNeBycWmuPzRxLhsDTOjkLNLs6QMu4kVVU0sRRY6rgFU4XSXUQcLB
Vs2Y9J2tDcMTmqddp3mfBXFfbnhtUHJmQzu8f3ZMffuK1n25KwzDGFGbCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFApckPtHWGHOTIFj2OCyHg2u1kqwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ2x5US0wZFlZYzVNZ1dQWTRMSWVEYTdXU3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpgxAwQA
1drtMA0GCSqGSIb3DQEBCwUAA4IBAQAVaMovYSHdqiWMx0fFoCs+41Xpbmod5P9G
u+0cUf9/pPO9/iRZv0zyNLa6oMGSWoWjxN0duTgitrn95BLSU6J+6kaCYtR5WJo3
lnOvUzqFlmDf+XtsDIcJ8vcJGuorO0RJSZFUjfph52OnzaIYyYEz2irFVcvs5aEM
c+79AA/IsmjmtKFF7XsBgqnYLBuOKj0upj1paENjkpsptLg3uwPniz1+KFNMyFuI
foCuqRnCYdPpSs/M4h6IHa/lJ0NdYY+9z9pyqt52PLHTl2fYY3jRhfe5lXnvf1OC
N3nkW/hAYv0aCWpA42QnmKspAKIUssiZ8StV64ROSvNvlYDDQ05w
-----END CERTIFICATE-----