Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EQEIVOgDf0pl8Ar9RsD22oEXTbA.roa
File:                     EQEIVOgDf0pl8Ar9RsD22oEXTbA.roa (raw, json)
Hash identifier:          ojDP8MOhsuY8T6120n0ZVyAXZh1MSiOnWLIeHlmOKf4=
Subject key identifier:   11:01:08:54:E8:03:7F:4A:65:F0:0A:FD:46:C0:F6:DA:81:17:4D:B0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019344828B50BB86915D1C8B745B8AAE393E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EQEIVOgDf0pl8Ar9RsD22oEXTbA.roa
Signing time:             Tue 19 Nov 2024 13:00:26 +0000
ROA not before:           Tue 19 Nov 2024 13:00:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137517
IP address blocks:        82.152.12.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:82:8b:50:bb:86:91:5d:1c:8b:74:5b:8a:ae:39:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov 19 13:00:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11010854e8037f4a65f00afd46c0f6da81174db0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:21:83:a1:7f:0d:a6:b0:cd:3c:13:79:05:45:
                    92:87:65:ae:3d:d1:c6:ef:0e:5a:f3:b8:e4:bf:55:
                    7f:b8:9c:26:9d:2e:d9:af:fa:01:0a:a7:bf:38:16:
                    77:18:94:cf:0d:b6:3b:60:38:7d:5b:32:0a:73:d1:
                    42:27:74:77:4a:e3:bd:db:7a:07:50:68:e3:97:b9:
                    75:1d:a6:27:17:b4:33:d3:49:87:c7:ff:fb:88:98:
                    f2:64:c6:61:ef:61:48:50:64:79:f7:b5:8f:0f:df:
                    59:45:6a:95:ab:40:03:26:af:17:6e:54:3c:72:21:
                    de:b8:21:cf:63:17:fe:88:35:60:6b:0c:b9:1c:19:
                    b5:41:b0:bb:ba:88:d3:0a:6f:86:f3:6c:d7:10:c7:
                    30:8f:60:30:ad:74:1b:75:96:ed:9d:28:2d:49:1d:
                    37:99:2f:9b:27:97:96:be:74:f7:9c:94:94:af:20:
                    f7:e8:bb:6d:b8:00:e4:23:b9:b2:08:f6:0f:24:a7:
                    08:99:8a:75:ea:f8:58:b5:77:68:72:df:85:c4:98:
                    ec:28:de:23:55:4f:66:7b:17:8b:f8:cb:2b:70:e6:
                    d4:08:3b:4d:0b:de:a9:33:0f:33:76:2e:a4:e7:54:
                    0a:95:a7:8c:70:57:ff:49:05:08:85:fa:bb:bc:63:
                    b7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:01:08:54:E8:03:7F:4A:65:F0:0A:FD:46:C0:F6:DA:81:17:4D:B0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EQEIVOgDf0pl8Ar9RsD22oEXTbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.12.0/24
                  213.218.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c4:31:1f:d6:94:dd:87:09:4b:1f:9a:5b:c8:d2:96:73:33:
         f5:0b:e6:61:67:86:2f:e5:34:f2:c6:65:e6:58:76:9c:c5:99:
         37:ad:47:32:ab:20:1c:5e:bc:b9:a8:6e:1b:a6:14:8e:d4:eb:
         e4:22:b5:0c:67:45:7b:f6:35:50:83:d9:3b:a8:d1:ca:2a:e4:
         8d:05:45:8c:66:bd:02:95:a1:88:e6:f2:db:f7:0a:48:79:ed:
         f8:4a:a4:e5:c1:ab:5d:56:b6:32:51:95:14:0f:dc:90:61:eb:
         18:5d:ca:2f:1d:7b:9e:6a:6e:78:53:b9:43:09:dc:87:fa:dd:
         e1:a6:6d:8b:e2:9a:b3:a9:31:ec:3b:10:bc:5a:c3:b2:d6:01:
         28:2d:47:86:45:c2:b5:0a:72:9f:73:76:72:17:79:f1:a6:a4:
         4d:67:55:e5:51:e6:6c:00:3c:05:33:1a:60:3e:1c:f8:ab:67:
         d2:8a:59:8e:a7:24:61:ba:f5:c1:a0:ab:0e:95:63:05:63:1d:
         7b:db:3f:bb:91:dd:d5:5b:eb:21:71:4e:41:f3:c1:83:27:45:
         fb:9e:7b:d5:73:a5:81:37:ee:12:ad:fd:94:90:08:9e:16:48:
         81:bf:48:f1:81:2f:91:48:e4:69:f5:0d:5c:f8:a7:34:30:6a:
         e7:83:67:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNEgotQu4aRXRyLdFuKrjk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMTE5MTMwMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTAxMDg1NGU4MDM3ZjRhNjVmMDBhZmQ0NmMwZjZkYTgxMTc0ZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSGDoX8NprDNPBN5BUWSh2WuPdHG
7w5a87jkv1V/uJwmnS7Zr/oBCqe/OBZ3GJTPDbY7YDh9WzIKc9FCJ3R3SuO923oH
UGjjl7l1HaYnF7Qz00mHx//7iJjyZMZh72FIUGR597WPD99ZRWqVq0ADJq8XblQ8
ciHeuCHPYxf+iDVgawy5HBm1QbC7uojTCm+G82zXEMcwj2AwrXQbdZbtnSgtSR03
mS+bJ5eWvnT3nJSUryD36LttuADkI7myCPYPJKcImYp16vhYtXdoct+FxJjsKN4j
VU9mexeL+MsrcObUCDtNC96pMw8zdi6k51QKlaeMcFf/SQUIhfq7vGO3AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBEBCFToA39KZfAK/UbA9tqBF02wMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRVFFSVZPZ0RmMHBsOEFyOVJzRDIyb0VYVGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpgMAwQA
1drgMA0GCSqGSIb3DQEBCwUAA4IBAQAhxDEf1pTdhwlLH5pbyNKWczP1C+ZhZ4Yv
5TTyxmXmWHacxZk3rUcyqyAcXry5qG4bphSO1OvkIrUMZ0V79jVQg9k7qNHKKuSN
BUWMZr0ClaGI5vLb9wpIee34SqTlwatdVrYyUZUUD9yQYesYXcovHXueam54U7lD
CdyH+t3hpm2L4pqzqTHsOxC8WsOy1gEoLUeGRcK1CnKfc3ZyF3nxpqRNZ1XlUeZs
ADwFMxpgPhz4q2fSilmOpyRhuvXBoKsOlWMFYx172z+7kd3VW+shcU5B88GDJ0X7
nnvVc6WBN+4Srf2UkAieFkiBv0jxgS+RSORp9Q1c+Kc0MGrng2fB
-----END CERTIFICATE-----