Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D1haOdLM_bVzzTGYlpfCZyivCvw.roa
File:                     D1haOdLM_bVzzTGYlpfCZyivCvw.roa (raw, json)
Hash identifier:          AfDnEWCw81rEsyWeFfasgz85aBbbjJY1sL/Hp11a8q0=
Subject key identifier:   0F:58:5A:39:D2:CC:FD:B5:73:CD:31:98:96:97:C2:67:28:AF:0A:FC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214408B875F13CC23B6652C8765F2586
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D1haOdLM_bVzzTGYlpfCZyivCvw.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207645
IP address blocks:        82.153.74.0/23 maxlen: 23
                          82.153.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:08:b8:75:f1:3c:c2:3b:66:52:c8:76:5f:25:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f585a39d2ccfdb573cd31989697c26728af0afc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c7:76:c7:15:9c:7f:80:af:72:41:34:a2:ae:
                    61:19:1f:7c:40:d7:c9:48:91:72:6b:b7:aa:b8:df:
                    86:38:32:f4:fc:58:4f:ea:5d:4c:54:a7:3a:7f:9e:
                    71:5d:87:64:48:5e:45:25:00:f2:82:46:aa:c0:6f:
                    ee:71:74:24:3f:b5:90:93:5d:00:3b:14:b5:59:25:
                    20:19:aa:9d:6b:9d:1e:0f:f7:53:1b:da:f1:91:e1:
                    cf:2d:e7:de:dc:0c:82:c6:6d:ec:e8:95:bd:e4:14:
                    dd:9d:b4:a0:2f:dd:0f:c3:6a:49:39:dd:4a:06:5a:
                    14:50:82:75:67:0b:9e:9d:f9:04:ff:56:ff:75:52:
                    e2:a5:4d:ab:5b:88:f9:db:3a:65:3a:32:31:55:d1:
                    33:dc:a8:74:df:c9:f9:a9:6b:cd:94:de:fc:b5:4f:
                    90:9b:82:95:e6:ba:67:df:83:a2:c7:c6:a9:6e:4a:
                    b5:93:dd:b1:59:12:99:de:3b:4a:fc:1f:a5:a1:dc:
                    c8:15:cd:13:87:e5:48:d7:e4:3c:bb:06:7b:db:60:
                    3a:d5:0f:97:8a:6e:77:11:97:59:4d:c6:96:89:dd:
                    da:ed:03:b3:5a:12:15:7e:3e:cf:76:5f:35:a4:85:
                    06:71:6f:a0:e1:12:ce:ae:9e:05:be:36:c5:a2:c0:
                    32:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:58:5A:39:D2:CC:FD:B5:73:CD:31:98:96:97:C2:67:28:AF:0A:FC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D1haOdLM_bVzzTGYlpfCZyivCvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.74.0-82.153.77.255

    Signature Algorithm: sha256WithRSAEncryption
         0d:15:52:41:a4:91:be:dc:77:90:1d:fb:f0:11:51:6b:c5:f3:
         15:4a:ab:7a:61:9c:7b:69:2b:76:bd:8c:c6:26:98:ff:ee:9c:
         7e:f7:a6:cf:23:27:95:6c:9d:98:97:ee:97:a9:40:35:40:1d:
         ad:2c:05:86:ee:fb:5a:ac:86:20:72:9f:32:89:e8:01:63:42:
         5b:41:a6:48:06:94:2a:f9:0f:fb:61:5b:94:55:5c:7f:22:13:
         c2:e6:97:71:84:2a:c7:87:1f:0b:a3:68:61:f8:18:67:21:c2:
         9a:85:4d:9a:99:12:2c:b8:9b:39:d2:83:31:de:ba:3e:18:4d:
         58:c1:ef:da:3b:39:87:ec:60:d9:33:dc:e4:6f:0b:31:c4:a4:
         b5:a2:97:b0:0b:e3:87:70:bd:84:34:90:a3:3e:29:b8:ec:d5:
         39:90:32:ce:bd:67:e9:1d:fd:da:92:77:58:62:20:5e:c9:56:
         d1:66:41:a0:d8:7a:b9:ca:d8:e6:ad:8d:d7:b6:b8:46:7a:aa:
         80:16:0e:57:cb:83:88:fb:6f:cb:77:fb:f0:2d:30:f4:3f:83:
         eb:d0:df:dc:c2:69:c1:5f:a5:33:d2:d9:2f:1c:82:d0:ed:f9:
         6b:e3:bd:48:41:50:9d:04:8b:cd:3f:c4:14:72:99:ae:99:76:
         6c:c7:9d:42
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhRAi4dfE8wjtmUsh2XyWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjU4NWEzOWQyY2NmZGI1NzNjZDMxOTg5Njk3YzI2NzI4YWYwYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsd2xxWcf4CvckE0oq5hGR98QNfJ
SJFya7equN+GODL0/FhP6l1MVKc6f55xXYdkSF5FJQDygkaqwG/ucXQkP7WQk10A
OxS1WSUgGaqda50eD/dTG9rxkeHPLefe3AyCxm3s6JW95BTdnbSgL90Pw2pJOd1K
BloUUIJ1ZwuenfkE/1b/dVLipU2rW4j52zplOjIxVdEz3Kh038n5qWvNlN78tU+Q
m4KV5rpn34Oix8apbkq1k92xWRKZ3jtK/B+lodzIFc0Th+VI1+Q8uwZ722A61Q+X
im53EZdZTcaWid3a7QOzWhIVfj7Pdl81pIUGcW+g4RLOrp4FvjbFosAycwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA9YWjnSzP21c80xmJaXwmcorwr8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRDFoYU9kTE1fYlZ6elRHWWxwZkNaeWl2Q3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFSmUoD
BAFSmUwwDQYJKoZIhvcNAQELBQADggEBAA0VUkGkkb7cd5Ad+/ARUWvF8xVKq3ph
nHtpK3a9jMYmmP/unH73ps8jJ5VsnZiX7pepQDVAHa0sBYbu+1qshiBynzKJ6AFj
QltBpkgGlCr5D/thW5RVXH8iE8Lml3GEKseHHwujaGH4GGchwpqFTZqZEiy4mznS
gzHeuj4YTVjB79o7OYfsYNkz3ORvCzHEpLWil7AL44dwvYQ0kKM+Kbjs1TmQMs69
Z+kd/dqSd1hiIF7JVtFmQaDYernK2Oatjde2uEZ6qoAWDlfLg4j7b8t3+/AtMPQ/
g+vQ39zCacFfpTPS2S8cgtDt+WvjvUhBUJ0Ei80/xBRyma6ZdmzHnUI=
-----END CERTIFICATE-----