Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F7TzpQOzJqN3lswMnwdXe02iYKY.roa
File:                     F7TzpQOzJqN3lswMnwdXe02iYKY.roa (raw, json)
Hash identifier:          mCLRcMpk3SapHDXPKN5pkWtoybxiXx7w5Vr3YYzQEck=
Subject key identifier:   17:B4:F3:A5:03:B3:26:A3:77:96:CC:0C:9F:07:57:7B:4D:A2:60:A6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214408E1B64C69A4BA7497493E482BB6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F7TzpQOzJqN3lswMnwdXe02iYKY.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207992
IP address blocks:        82.153.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:08:e1:b6:4c:69:a4:ba:74:97:49:3e:48:2b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17b4f3a503b326a37796cc0c9f07577b4da260a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:54:9b:23:92:f9:fb:a0:5c:d8:98:44:c1:2f:
                    70:1d:40:5c:52:d9:5a:35:d7:d7:43:58:ad:4c:65:
                    87:64:6e:99:60:93:05:66:eb:a6:8e:36:01:1f:a0:
                    4a:32:d7:58:72:96:2e:d7:9f:3f:99:e7:32:d9:4c:
                    bc:4e:07:df:03:64:60:aa:1f:a4:7d:45:a9:1b:09:
                    a5:33:29:5f:5b:02:73:ca:49:3f:a9:a5:41:b1:03:
                    f5:de:ad:cc:32:26:78:30:10:84:15:0c:4d:7e:d1:
                    d2:6f:83:d5:03:7f:62:8b:3f:62:3c:96:cd:4a:b4:
                    53:8c:3a:1a:cc:8f:0b:f7:fd:8e:4f:1b:03:e4:c0:
                    bf:56:76:2d:43:7b:3d:42:c4:7c:4c:b5:c7:98:46:
                    02:7e:6b:50:50:72:ae:b1:58:12:8a:c6:86:e8:47:
                    4d:ae:d4:a2:be:e3:00:5a:d0:26:f1:f5:8c:9c:3d:
                    d5:e9:96:4e:77:07:32:71:24:17:ab:2a:b8:7d:67:
                    0a:ff:38:de:ed:a4:c9:20:13:22:44:06:51:9e:22:
                    ed:68:27:94:20:92:90:6f:b5:f7:f3:04:07:e3:23:
                    c9:9a:88:b7:f3:82:25:db:e0:57:13:79:a5:e2:59:
                    79:65:eb:2d:60:e7:ef:8b:da:79:30:e3:d5:7f:bb:
                    87:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B4:F3:A5:03:B3:26:A3:77:96:CC:0C:9F:07:57:7B:4D:A2:60:A6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/F7TzpQOzJqN3lswMnwdXe02iYKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:7b:46:98:a1:3f:cf:fc:85:f3:cc:e1:bb:97:79:55:76:56:
         89:8c:de:46:ca:51:5a:f8:e0:87:7f:c1:3f:e0:70:1b:bd:43:
         e9:62:0f:17:95:98:76:3a:74:09:58:ae:a1:b0:ca:e3:4e:b0:
         cb:05:32:cc:7b:1a:0c:3a:d2:9d:4d:ff:3c:b6:59:ec:bb:1e:
         f3:1e:e6:ed:52:6a:c7:93:27:ef:2d:cc:9d:ea:03:cb:ff:1d:
         ca:af:aa:a3:54:22:1c:04:77:a1:9d:ce:f0:d5:9e:e1:76:80:
         d8:85:78:2b:9d:fa:97:27:ae:75:76:49:11:dc:17:93:1e:bb:
         28:b1:00:7a:25:c5:73:09:12:3d:1f:8f:ad:b2:4b:d8:cc:3a:
         1c:34:6d:c9:c5:2d:d5:c5:2d:9a:b4:9e:60:70:c0:2d:29:93:
         47:9e:0a:8b:f1:cb:51:bf:cc:e3:ed:06:f4:bb:cc:9c:48:41:
         9b:8c:75:71:17:13:60:b5:f3:85:21:d1:80:75:8e:4f:a0:19:
         e9:c3:fa:cb:1d:ee:38:b1:57:b9:3f:be:40:41:7f:bf:d9:9f:
         0e:c0:a5:84:1f:76:a8:1b:82:a0:b8:0a:b0:0f:59:38:c3:39:
         ac:2f:c1:47:fe:3d:45:a7:0e:cb:be:ac:e0:97:21:89:5c:e0:
         ca:c0:80:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAjhtkxppLp0l0k+SCu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2I0ZjNhNTAzYjMyNmEzNzc5NmNjMGM5ZjA3NTc3YjRkYTI2MGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1SbI5L5+6Bc2JhEwS9wHUBcUtla
NdfXQ1itTGWHZG6ZYJMFZuumjjYBH6BKMtdYcpYu158/mecy2Uy8TgffA2Rgqh+k
fUWpGwmlMylfWwJzykk/qaVBsQP13q3MMiZ4MBCEFQxNftHSb4PVA39iiz9iPJbN
SrRTjDoazI8L9/2OTxsD5MC/VnYtQ3s9QsR8TLXHmEYCfmtQUHKusVgSisaG6EdN
rtSivuMAWtAm8fWMnD3V6ZZOdwcycSQXqyq4fWcK/zje7aTJIBMiRAZRniLtaCeU
IJKQb7X38wQH4yPJmoi384Il2+BXE3ml4ll5ZestYOfvi9p5MOPVf7uHuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBe086UDsyajd5bMDJ8HV3tNomCmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRjdUenBRT3pKcU4zbHN3TW53ZFhlMDJpWUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnKMA0G
CSqGSIb3DQEBCwUAA4IBAQA4e0aYoT/P/IXzzOG7l3lVdlaJjN5GylFa+OCHf8E/
4HAbvUPpYg8XlZh2OnQJWK6hsMrjTrDLBTLMexoMOtKdTf88tlnsux7zHubtUmrH
kyfvLcyd6gPL/x3Kr6qjVCIcBHehnc7w1Z7hdoDYhXgrnfqXJ651dkkR3BeTHrso
sQB6JcVzCRI9H4+tskvYzDocNG3JxS3VxS2atJ5gcMAtKZNHngqL8ctRv8zj7Qb0
u8ycSEGbjHVxFxNgtfOFIdGAdY5PoBnpw/rLHe44sVe5P75AQX+/2Z8OwKWEH3ao
G4KguAqwD1k4wzmsL8FH/j1Fpw7LvqzglyGJXODKwIAQ
-----END CERTIFICATE-----