Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D_4iAGK4YJ4jnGV8xU1aGwFB9tA.roa
File:                     D_4iAGK4YJ4jnGV8xU1aGwFB9tA.roa (raw, json)
Hash identifier:          UMDj3jOL0S9HZpNTfRJRnN8kJs+AgKi2omZlNevdvkI=
Subject key identifier:   0F:FE:22:00:62:B8:60:9E:23:9C:65:7C:C5:4D:5A:1B:01:41:F6:D0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421440FDEBD4955885E03471BCC1524FB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D_4iAGK4YJ4jnGV8xU1aGwFB9tA.roa
Signing time:             Wed 01 Jan 2025 09:48:16 +0000
ROA not before:           Wed 01 Jan 2025 09:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210732
IP address blocks:        82.152.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0f:de:bd:49:55:88:5e:03:47:1b:cc:15:24:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ffe220062b8609e239c657cc54d5a1b0141f6d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:23:5c:4c:4e:0b:b7:90:8a:5a:86:7a:ae:ca:
                    45:21:cb:68:90:9a:0a:1f:20:3a:6b:75:b9:d1:db:
                    ae:ea:c5:58:45:48:c8:60:2e:02:f1:bd:cf:67:70:
                    be:8b:23:4f:f3:f3:9d:b8:20:6c:58:4e:44:48:e3:
                    c8:c1:52:07:36:67:0c:1e:78:e1:2a:69:b3:dd:74:
                    3b:04:5b:b1:59:e9:7d:ae:62:39:7a:12:8b:8c:d6:
                    bb:e4:65:a7:a4:1b:88:b0:50:a4:70:a9:3a:54:64:
                    e2:15:78:35:d9:04:13:94:07:a9:f3:01:e0:79:0f:
                    42:5e:ff:d7:5d:cd:bc:12:99:00:75:39:96:90:7e:
                    ff:a4:b5:c8:89:28:b5:6c:d3:2c:e4:47:09:5d:75:
                    0a:3e:cf:47:0f:35:5b:ac:af:96:f6:f6:bb:b3:ec:
                    40:06:51:71:17:5d:9c:ea:48:07:75:90:67:fa:e7:
                    7a:74:9d:f5:3a:17:b5:4b:30:87:ea:fb:c2:f0:49:
                    2c:cf:0d:1d:9a:43:60:12:3c:68:db:e6:96:df:56:
                    10:6a:8a:76:10:e5:4c:15:ef:57:98:5a:e0:b4:f2:
                    21:33:77:fd:dc:94:36:8f:c3:76:42:2a:c7:1a:13:
                    ea:36:49:0a:89:c2:47:ac:b9:1f:2a:c3:68:5d:8d:
                    0f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FE:22:00:62:B8:60:9E:23:9C:65:7C:C5:4D:5A:1B:01:41:F6:D0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/D_4iAGK4YJ4jnGV8xU1aGwFB9tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:04:d5:b1:07:79:18:50:05:22:53:2b:07:2e:d7:7c:5d:41:
         46:b8:45:7c:1c:8e:33:65:7c:14:2b:d3:ec:55:b8:22:be:88:
         7e:eb:7c:85:45:be:ff:e0:78:52:e4:b4:7a:74:d9:43:aa:16:
         f1:96:37:93:c4:ee:46:f3:89:18:4a:91:3e:2f:0d:02:fe:0d:
         42:6e:a6:97:6b:a9:75:b4:60:b4:77:d3:41:56:0b:e4:96:b2:
         b0:51:7c:eb:44:e8:b6:a1:c5:65:be:1c:30:9a:d5:66:e8:2b:
         be:a7:a2:c7:af:ff:a8:76:53:4e:db:8f:bc:1b:e4:0c:77:e7:
         ca:5d:19:72:60:7d:63:c8:54:ad:a2:09:3e:f6:5d:7c:0a:4d:
         72:62:7c:d5:a2:96:19:3f:4a:6f:a1:3c:ed:b5:93:0a:b2:44:
         8c:f4:1b:2b:51:d9:23:75:87:17:4e:89:10:bc:91:6f:d3:11:
         ef:df:05:77:5b:db:66:35:3b:3b:f2:ca:04:82:7a:84:a5:98:
         51:5b:5c:d4:29:c7:9c:77:ee:e8:d0:20:f9:9a:ea:47:90:7b:
         d9:fc:57:77:91:70:a4:1e:f0:b4:31:be:ce:00:0d:ab:d7:14:
         05:1f:4a:23:4c:04:80:26:08:6c:ce:57:d8:1f:20:3d:1b:06:
         84:3a:68:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRA/evUlViF4DRxvMFST7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmZlMjIwMDYyYjg2MDllMjM5YzY1N2NjNTRkNWExYjAxNDFmNmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyNcTE4Lt5CKWoZ6rspFIctokJoK
HyA6a3W50duu6sVYRUjIYC4C8b3PZ3C+iyNP8/OduCBsWE5ESOPIwVIHNmcMHnjh
Kmmz3XQ7BFuxWel9rmI5ehKLjNa75GWnpBuIsFCkcKk6VGTiFXg12QQTlAep8wHg
eQ9CXv/XXc28EpkAdTmWkH7/pLXIiSi1bNMs5EcJXXUKPs9HDzVbrK+W9va7s+xA
BlFxF12c6kgHdZBn+ud6dJ31Ohe1SzCH6vvC8Ekszw0dmkNgEjxo2+aW31YQaop2
EOVMFe9XmFrgtPIhM3f93JQ2j8N2QirHGhPqNkkKicJHrLkfKsNoXY0PPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/+IgBiuGCeI5xlfMVNWhsBQfbQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRF80aUFHSzRZSjRqbkdWOHhVMWFHd0ZCOXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg2MA0G
CSqGSIb3DQEBCwUAA4IBAQBHBNWxB3kYUAUiUysHLtd8XUFGuEV8HI4zZXwUK9Ps
Vbgivoh+63yFRb7/4HhS5LR6dNlDqhbxljeTxO5G84kYSpE+Lw0C/g1CbqaXa6l1
tGC0d9NBVgvklrKwUXzrROi2ocVlvhwwmtVm6Cu+p6LHr/+odlNO24+8G+QMd+fK
XRlyYH1jyFStogk+9l18Ck1yYnzVopYZP0pvoTzttZMKskSM9BsrUdkjdYcXTokQ
vJFv0xHv3wV3W9tmNTs78soEgnqEpZhRW1zUKcecd+7o0CD5mupHkHvZ/Fd3kXCk
HvC0Mb7OAA2r1xQFH0ojTASAJghszlfYHyA9GwaEOmjF
-----END CERTIFICATE-----