Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/E39cyTq1BaHPEFdS01sxudGF-jk.roa
File:                     E39cyTq1BaHPEFdS01sxudGF-jk.roa (raw, json)
Hash identifier:          jJ0u9EETWRW+49ZQV+V67eeqt8mdyz8C2dNpuWE/CSI=
Subject key identifier:   13:7F:5C:C9:3A:B5:05:A1:CF:10:57:52:D3:5B:31:B9:D1:85:FA:39
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214412DA616A649530EB2400DC356151
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/E39cyTq1BaHPEFdS01sxudGF-jk.roa
Signing time:             Wed 01 Jan 2025 09:48:16 +0000
ROA not before:           Wed 01 Jan 2025 09:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211415
IP address blocks:        109.176.29.0/24 maxlen: 24
                          109.176.31.0/24 maxlen: 24
                          213.218.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:12:da:61:6a:64:95:30:eb:24:00:dc:35:61:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=137f5cc93ab505a1cf105752d35b31b9d185fa39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8b:55:4b:32:e8:49:52:27:b8:b2:e6:8f:e0:
                    e1:ac:f5:1b:90:76:92:b2:4c:1c:69:65:cd:5d:89:
                    f4:50:80:e1:c3:3a:c9:ac:76:c7:38:39:89:b0:7d:
                    fc:cf:78:c6:2e:77:58:25:a6:7b:78:b6:13:a2:ec:
                    2f:90:42:dc:5c:66:c2:37:7d:0d:7e:94:ce:90:c5:
                    ef:44:3c:0f:dc:99:a2:06:7e:2d:82:13:e0:f7:22:
                    75:5d:7c:28:1b:32:21:71:88:51:a1:59:93:c1:e6:
                    5c:5a:cf:34:26:48:a4:64:25:37:47:87:8d:77:54:
                    d1:2c:3e:02:f4:d8:16:d0:b7:1c:2c:b5:d4:0a:82:
                    a7:f9:64:ef:e1:a3:4f:ce:b8:6e:fd:0b:b1:89:f4:
                    26:08:37:d3:bd:17:93:48:d3:b2:d2:68:2c:a6:00:
                    12:cc:60:0e:29:ca:5a:2c:ea:0e:2f:03:7f:58:bd:
                    a5:f0:56:e2:62:6d:98:da:9b:6e:97:e0:bb:af:1f:
                    b1:40:20:29:57:3c:23:8d:a9:55:d4:af:9e:f7:70:
                    0e:e0:88:64:b6:62:3d:41:2b:b0:d2:fb:68:98:bb:
                    99:78:d2:48:e5:0e:8c:c6:65:aa:ee:76:95:18:11:
                    28:af:6c:fe:d1:ec:84:a0:33:73:cd:08:14:20:ad:
                    94:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:7F:5C:C9:3A:B5:05:A1:CF:10:57:52:D3:5B:31:B9:D1:85:FA:39
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/E39cyTq1BaHPEFdS01sxudGF-jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.29.0/24
                  109.176.31.0/24
                  213.218.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:24:38:2c:c0:e7:c3:eb:f5:20:a4:d3:e7:56:f2:b3:53:c1:
         5c:5d:ee:69:05:85:2d:46:0c:34:7c:57:bc:16:d9:eb:b0:0d:
         20:97:bf:32:7d:a6:e7:fc:cf:48:39:9a:c2:50:c1:21:a6:e4:
         1e:5e:1d:74:fb:87:f2:fb:33:9c:ed:1d:f6:39:97:53:9b:36:
         1e:94:77:31:30:4a:4f:a2:45:9a:f6:12:f7:f3:c5:3f:a6:ab:
         95:8a:cb:d1:f5:b6:fe:25:1f:11:67:af:6d:77:af:55:6b:3b:
         3a:43:de:97:a9:5a:e9:47:2d:e1:1f:aa:d8:f8:d0:56:a4:44:
         46:4b:03:15:8a:43:7e:f6:b8:50:f7:34:30:dc:be:62:0e:e5:
         3c:d7:91:11:db:7d:ef:96:17:c7:07:4b:05:57:81:ab:d1:3c:
         01:e5:de:76:eb:c2:d4:a8:6b:ac:a6:7d:92:44:f6:e7:13:c3:
         19:f7:83:72:4d:ca:9d:d9:6e:d0:61:0b:8c:e7:71:94:d7:24:
         79:d0:65:8e:64:70:b2:5e:fd:d9:8f:4c:d6:7a:e2:8a:ec:0f:
         31:12:4d:5e:9d:88:13:b3:b2:b3:b4:fa:95:55:c4:e0:31:cd:
         38:f1:04:cb:d1:5a:12:2d:41:b1:0a:11:d1:37:29:02:e4:40:
         1a:38:9d:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRBLaYWpklTDrJADcNWFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzdmNWNjOTNhYjUwNWExY2YxMDU3NTJkMzViMzFiOWQxODVmYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqItVSzLoSVInuLLmj+DhrPUbkHaS
skwcaWXNXYn0UIDhwzrJrHbHODmJsH38z3jGLndYJaZ7eLYTouwvkELcXGbCN30N
fpTOkMXvRDwP3JmiBn4tghPg9yJ1XXwoGzIhcYhRoVmTweZcWs80JkikZCU3R4eN
d1TRLD4C9NgW0LccLLXUCoKn+WTv4aNPzrhu/QuxifQmCDfTvReTSNOy0mgspgAS
zGAOKcpaLOoOLwN/WL2l8FbiYm2Y2ptul+C7rx+xQCApVzwjjalV1K+e93AO4Ihk
tmI9QSuw0vtomLuZeNJI5Q6MxmWq7naVGBEor2z+0eyEoDNzzQgUIK2UrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBN/XMk6tQWhzxBXUtNbMbnRhfo5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRTM5Y3lUcTFCYUhQRUZkUzAxc3h1ZEdGLWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbbAdAwQA
bbAfAwQA1dryMA0GCSqGSIb3DQEBCwUAA4IBAQACJDgswOfD6/UgpNPnVvKzU8Fc
Xe5pBYUtRgw0fFe8FtnrsA0gl78yfabn/M9IOZrCUMEhpuQeXh10+4fy+zOc7R32
OZdTmzYelHcxMEpPokWa9hL388U/pquVisvR9bb+JR8RZ69td69Vazs6Q96XqVrp
Ry3hH6rY+NBWpERGSwMVikN+9rhQ9zQw3L5iDuU815ER233vlhfHB0sFV4Gr0TwB
5d5268LUqGuspn2SRPbnE8MZ94NyTcqd2W7QYQuM53GU1yR50GWOZHCyXv3Zj0zW
euKK7A8xEk1enYgTs7KztPqVVcTgMc048QTL0VoSLUGxChHRNykC5EAaOJ20
-----END CERTIFICATE-----