Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hta8yQPEmxufew-LPUhXF72fkJw.roa
File:                     Hta8yQPEmxufew-LPUhXF72fkJw.roa (raw, json)
Hash identifier:          UXjyjXuvFqSzRS6bKqx7ArkUv5xDZdaIE2GVBuVBhO8=
Subject key identifier:   1E:D6:BC:C9:03:C4:9B:1B:9F:7B:0F:8B:3D:48:57:17:BD:9F:90:9C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143EA1C617E08697A5FE35F60E3FCEC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hta8yQPEmxufew-LPUhXF72fkJw.roa
Signing time:             Wed 01 Jan 2025 09:48:06 +0000
ROA not before:           Wed 01 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55720
IP address blocks:        82.163.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ea:1c:61:7e:08:69:7a:5f:e3:5f:60:e3:fc:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ed6bcc903c49b1b9f7b0f8b3d485717bd9f909c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ac:19:c3:44:03:e9:2c:d3:b8:1b:a6:6b:95:
                    ad:c4:91:e5:85:f8:00:85:27:ee:3c:0a:5a:ae:c1:
                    27:cf:de:e9:44:2f:f8:2c:f8:14:4b:48:8b:ab:4a:
                    55:3b:ba:1e:99:5b:ba:67:ec:ec:a8:37:85:54:1a:
                    16:ba:f5:a3:40:ff:d8:c6:2d:16:f8:ba:56:30:04:
                    c2:5b:c4:57:76:95:70:fa:b4:7e:01:fe:8f:ff:22:
                    8e:db:58:a9:54:c5:fc:d0:5b:c3:35:99:26:88:42:
                    47:40:14:73:f6:60:4c:66:a3:79:f6:e9:9a:78:60:
                    58:1b:6a:36:21:14:e5:fa:ab:cb:b9:c0:af:bb:18:
                    13:0e:0f:b6:b3:72:af:79:e9:a9:d6:0a:13:fb:6c:
                    44:3c:2d:44:bb:4b:eb:db:9d:82:3d:63:2a:5b:bb:
                    31:60:c4:e3:ff:ea:df:d4:46:48:6e:91:9c:20:d8:
                    5d:d8:5c:a9:d4:62:f9:94:b7:b2:82:d0:9c:07:2d:
                    82:8d:c4:e7:54:25:9b:1d:d3:5f:bb:95:33:15:8e:
                    02:b9:bd:a1:9a:b8:df:72:1a:91:7a:e5:8e:b6:de:
                    0e:30:69:af:b6:d0:3a:7b:90:c3:d5:24:f1:2b:08:
                    65:69:c4:29:5c:3b:38:6c:8f:be:ef:87:91:ff:40:
                    61:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D6:BC:C9:03:C4:9B:1B:9F:7B:0F:8B:3D:48:57:17:BD:9F:90:9C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hta8yQPEmxufew-LPUhXF72fkJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:5f:c7:f2:4b:51:69:14:2e:44:f1:0a:3d:a9:83:6c:b3:56:
         11:bf:4c:f2:27:b4:4a:f4:6c:24:bd:c9:29:f9:71:b9:6a:95:
         fd:8a:54:12:de:45:01:de:c2:36:c3:36:16:98:c4:9c:d8:c8:
         a5:18:ef:53:0c:c5:36:6d:94:01:b8:4b:17:16:16:44:4d:4d:
         be:a7:2d:7e:f6:ba:4f:ee:df:23:aa:54:9f:4d:3a:40:30:f8:
         1b:a5:db:12:1a:93:cf:ca:95:ed:43:9e:e7:f1:f3:17:9d:94:
         2d:0c:a0:37:f3:35:b1:fe:09:e0:81:1f:c2:03:15:f2:0b:74:
         d4:2d:8b:46:92:95:47:66:0d:f4:43:d8:24:a8:55:0f:74:e1:
         9a:1e:51:26:a6:ec:a6:95:48:11:97:ea:6c:db:df:3a:6c:ff:
         17:57:f3:77:5d:da:01:62:f6:22:2b:27:1f:e5:0d:f5:71:f0:
         e1:a4:7f:35:81:f9:14:e6:a7:47:a6:c0:55:fd:18:96:e0:ee:
         ac:0e:ea:a3:37:9b:ba:40:1b:a7:66:9a:fe:73:25:da:f2:84:
         01:7a:af:94:1c:65:c3:46:2f:c3:1b:71:e5:68:81:06:b9:1f:
         4a:29:ee:c6:18:48:e9:48:f2:18:ac:97:9c:f5:ca:5d:ca:2b:
         5d:04:45:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+ocYX4IaXpf419g4/zsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ2YmNjOTAzYzQ5YjFiOWY3YjBmOGIzZDQ4NTcxN2JkOWY5MDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKwZw0QD6SzTuBuma5WtxJHlhfgA
hSfuPAparsEnz97pRC/4LPgUS0iLq0pVO7oemVu6Z+zsqDeFVBoWuvWjQP/Yxi0W
+LpWMATCW8RXdpVw+rR+Af6P/yKO21ipVMX80FvDNZkmiEJHQBRz9mBMZqN59uma
eGBYG2o2IRTl+qvLucCvuxgTDg+2s3Kveemp1goT+2xEPC1Eu0vr252CPWMqW7sx
YMTj/+rf1EZIbpGcINhd2Fyp1GL5lLeygtCcBy2CjcTnVCWbHdNfu5UzFY4Cub2h
mrjfchqReuWOtt4OMGmvttA6e5DD1STxKwhlacQpXDs4bI++74eR/0BhGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7WvMkDxJsbn3sPiz1IVxe9n5CcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSHRhOHlRUEVteHVmZXctTFBVaFhGNzJma0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUqMWMA0G
CSqGSIb3DQEBCwUAA4IBAQA+X8fyS1FpFC5E8Qo9qYNss1YRv0zyJ7RK9Gwkvckp
+XG5apX9ilQS3kUB3sI2wzYWmMSc2MilGO9TDMU2bZQBuEsXFhZETU2+py1+9rpP
7t8jqlSfTTpAMPgbpdsSGpPPypXtQ57n8fMXnZQtDKA38zWx/gnggR/CAxXyC3TU
LYtGkpVHZg30Q9gkqFUPdOGaHlEmpuymlUgRl+ps2986bP8XV/N3XdoBYvYiKycf
5Q31cfDhpH81gfkU5qdHpsBV/RiW4O6sDuqjN5u6QBunZpr+cyXa8oQBeq+UHGXD
Ri/DG3HlaIEGuR9KKe7GGEjpSPIYrJec9cpdyitdBEWs
-----END CERTIFICATE-----