Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DdBq7kcNOi9FdwpnwmHLh9HC2rc.roa
File:                     DdBq7kcNOi9FdwpnwmHLh9HC2rc.roa (raw, json)
Hash identifier:          3WSF3r4eANb+h26+pVdP+76y56lQOdaaghMmqMsXlfo=
Subject key identifier:   0D:D0:6A:EE:47:0D:3A:2F:45:77:0A:67:C2:61:CB:87:D1:C2:DA:B7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01914AC219128DF42BBBC7CADAC80E388879
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DdBq7kcNOi9FdwpnwmHLh9HC2rc.roa
Signing time:             Tue 13 Aug 2024 08:01:59 +0000
ROA not before:           Tue 13 Aug 2024 08:01:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202662
IP address blocks:        82.152.160.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4a:c2:19:12:8d:f4:2b:bb:c7:ca:da:c8:0e:38:88:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Aug 13 08:01:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dd06aee470d3a2f45770a67c261cb87d1c2dab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7b:4f:af:0b:5a:6d:31:62:fe:97:ab:31:68:
                    05:2b:4f:78:67:1a:60:9e:7b:2f:d6:80:63:b7:c7:
                    8e:6d:3e:ea:45:fc:cd:e3:dc:f7:bb:ec:13:53:68:
                    2f:8b:0c:26:00:93:93:7d:bd:ed:bc:51:e5:54:05:
                    b7:26:0c:f0:fd:f2:2e:45:5c:10:f5:cb:1b:3b:39:
                    e2:a5:e9:7b:03:ce:5f:16:d4:61:38:b4:06:6b:f3:
                    4b:1b:eb:30:1e:03:08:de:ec:be:56:cf:38:8a:14:
                    fe:9c:10:08:34:11:22:eb:22:c0:83:7a:96:5a:df:
                    be:a0:b9:79:7b:cd:06:7b:6b:c3:09:83:f0:9b:85:
                    a3:45:00:cb:30:f7:68:f3:de:21:a6:6d:3e:70:c2:
                    5e:93:b4:00:08:f6:a8:84:f3:e7:c6:f1:e5:5e:5a:
                    5b:67:b8:d3:3c:b2:ac:e1:b3:59:f4:04:8e:56:33:
                    e0:52:75:59:11:60:3a:d9:89:15:44:de:2b:46:62:
                    68:5c:b4:c7:07:2f:c0:dc:03:fb:52:bd:e1:35:11:
                    e8:b6:cd:1c:f3:95:6b:aa:a5:e1:bd:f7:39:57:19:
                    83:6b:02:65:b3:41:c1:0c:27:a5:5c:4b:a6:52:85:
                    d8:54:4f:0b:21:d9:28:48:55:b1:44:88:63:59:b6:
                    83:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D0:6A:EE:47:0D:3A:2F:45:77:0A:67:C2:61:CB:87:D1:C2:DA:B7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/DdBq7kcNOi9FdwpnwmHLh9HC2rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         53:99:de:4e:a3:ba:a2:01:00:6a:c6:f0:17:20:86:a7:c1:cc:
         e6:19:89:66:94:d2:04:5c:65:0b:dc:21:39:a8:48:1b:7c:62:
         3b:3b:9a:15:2f:a7:16:23:12:14:cf:c8:25:ab:6e:69:9c:5e:
         bd:e2:fb:fb:63:2e:0c:83:5f:2f:00:09:7c:34:23:55:ee:79:
         3c:6b:13:b8:3a:29:ec:02:d9:3e:9b:ef:2c:29:f7:01:22:58:
         61:d5:e2:85:ca:a7:14:56:a9:fb:d5:ba:21:8b:05:dd:b2:95:
         dd:ac:86:50:97:59:48:ea:9c:75:fa:8b:bb:aa:be:81:17:07:
         dc:1e:88:51:1e:48:61:b8:84:89:ed:52:05:0c:8e:ca:b6:df:
         21:ab:ec:dd:e8:dd:43:80:e5:a9:e3:7c:7f:68:94:23:4e:63:
         59:e4:58:cd:99:d8:ee:94:b2:6b:c6:07:77:e2:08:68:0f:76:
         97:a3:80:bb:ab:c1:64:24:18:82:92:a0:e4:43:27:77:9a:3f:
         a0:d6:10:cc:fd:9a:60:5b:31:a1:8a:9e:62:c3:d8:4f:ef:1d:
         54:16:ef:94:20:3e:d7:10:25:1d:7f:4b:72:8c:a2:a3:1f:0f:
         dc:92:6b:49:04:31:09:98:26:2f:af:d8:54:b4:25:89:74:ef:
         8f:89:92:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFKwhkSjfQru8fK2sgOOIh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwODEzMDgwMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGQwNmFlZTQ3MGQzYTJmNDU3NzBhNjdjMjYxY2I4N2QxYzJkYWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3tPrwtabTFi/perMWgFK094Zxpg
nnsv1oBjt8eObT7qRfzN49z3u+wTU2gviwwmAJOTfb3tvFHlVAW3Jgzw/fIuRVwQ
9csbOznipel7A85fFtRhOLQGa/NLG+swHgMI3uy+Vs84ihT+nBAINBEi6yLAg3qW
Wt++oLl5e80Ge2vDCYPwm4WjRQDLMPdo894hpm0+cMJek7QACPaohPPnxvHlXlpb
Z7jTPLKs4bNZ9ASOVjPgUnVZEWA62YkVRN4rRmJoXLTHBy/A3AP7Ur3hNRHots0c
85VrqqXhvfc5VxmDawJls0HBDCelXEumUoXYVE8LIdkoSFWxRIhjWbaDQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3Qau5HDTovRXcKZ8Jhy4fRwtq3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRGRCcTdrY05PaTlGZHdwbndtSExoOUhDMnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUpigMA0G
CSqGSIb3DQEBCwUAA4IBAQBTmd5Oo7qiAQBqxvAXIIanwczmGYlmlNIEXGUL3CE5
qEgbfGI7O5oVL6cWIxIUz8glq25pnF694vv7Yy4Mg18vAAl8NCNV7nk8axO4Oins
Atk+m+8sKfcBIlhh1eKFyqcUVqn71bohiwXdspXdrIZQl1lI6px1+ou7qr6BFwfc
HohRHkhhuISJ7VIFDI7Ktt8hq+zd6N1DgOWp43x/aJQjTmNZ5FjNmdjulLJrxgd3
4ghoD3aXo4C7q8FkJBiCkqDkQyd3mj+g1hDM/ZpgWzGhip5iw9hP7x1UFu+UID7X
ECUdf0tyjKKjHw/ckmtJBDEJmCYvr9hUtCWJdO+PiZJT
-----END CERTIFICATE-----