Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hw3pdIaJBXosaV_JwlFkLm1o3gg.roa
File:                     Hw3pdIaJBXosaV_JwlFkLm1o3gg.roa (raw, json)
Hash identifier:          Rw/pZZoZbYiOvyWeSCV1cF3Dap/hfQ92d9oZhQo7vKI=
Subject key identifier:   1F:0D:E9:74:86:89:05:7A:2C:69:5F:C9:C2:51:64:2E:6D:68:DE:08
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0192245209CF58ADC22E2D4C7881C36F768A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hw3pdIaJBXosaV_JwlFkLm1o3gg.roa
Signing time:             Tue 24 Sep 2024 13:56:49 +0000
ROA not before:           Tue 24 Sep 2024 13:56:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214209
IP address blocks:        82.153.138.0/24 maxlen: 24
                          89.213.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:52:09:cf:58:ad:c2:2e:2d:4c:78:81:c3:6f:76:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 24 13:56:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f0de9748689057a2c695fc9c251642e6d68de08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:55:57:eb:0b:4e:a0:71:59:8d:40:3c:35:04:
                    ee:d7:bf:03:3c:02:54:f0:30:a8:2c:52:53:1e:d0:
                    b9:a4:63:f9:e3:b1:d7:85:57:65:5b:7f:16:a6:cd:
                    23:49:60:21:79:f9:d9:25:4d:27:88:75:d6:f4:2b:
                    13:ab:b2:8a:db:11:e1:dd:93:94:3f:42:a5:6d:cd:
                    7d:36:7a:9a:46:6d:47:c2:b5:67:80:e3:56:cf:4f:
                    4a:c4:fb:82:4a:58:57:2c:7c:8a:69:a3:8b:af:26:
                    96:d0:bf:67:60:bf:ab:3e:39:98:68:b4:22:55:83:
                    c0:20:29:27:ab:8a:fa:1c:a0:5b:80:21:50:c7:33:
                    77:e6:f0:16:d5:e1:df:d6:4c:da:b4:ef:42:ed:18:
                    ae:51:76:ce:99:a1:6c:1f:fa:32:aa:98:e0:11:d2:
                    3f:d9:3d:9c:11:c3:74:d4:af:99:2d:93:0d:ab:b1:
                    0f:0b:90:74:52:6f:93:0a:97:f4:f4:80:17:3e:74:
                    8e:d5:25:93:0b:32:78:a6:92:a0:c1:21:72:d3:db:
                    dd:16:c2:88:15:87:1f:b3:1d:11:7e:5f:52:02:c2:
                    bc:ae:a7:ba:ef:c0:09:91:2c:77:4c:3e:cc:a0:41:
                    d7:e2:63:e2:da:3e:8a:18:45:d4:39:b2:e6:b9:b0:
                    62:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:0D:E9:74:86:89:05:7A:2C:69:5F:C9:C2:51:64:2E:6D:68:DE:08
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hw3pdIaJBXosaV_JwlFkLm1o3gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.138.0/24
                  89.213.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:af:b6:3b:43:4e:f5:7f:ed:bb:e1:59:e5:89:9b:1d:45:e6:
         fc:d3:81:d3:a3:b0:1f:6e:17:24:7d:bc:7c:a4:dd:e1:9b:6e:
         14:0d:bf:c1:c6:6e:95:8f:5c:f3:3e:b3:31:d8:2c:cb:57:00:
         a1:02:88:90:19:d5:e6:ad:da:35:d7:38:0f:1f:33:24:a9:ee:
         c1:8e:17:4c:96:b1:df:42:95:6f:16:3b:46:9b:ed:00:7b:b6:
         97:3b:4d:c5:0a:a2:eb:f4:7e:3b:b3:f9:1f:b8:6d:cc:ba:4a:
         23:b5:a4:3d:b4:5f:72:5e:cc:12:41:01:38:87:a3:e4:dc:20:
         7c:7f:23:88:7d:bc:b4:ea:48:54:90:ff:1f:63:2c:22:34:dd:
         a6:bd:c1:b6:9d:a5:21:59:b1:13:87:9a:58:90:a1:c3:7e:1f:
         f7:d7:04:74:d9:bc:f7:c7:18:84:8b:62:5e:b1:50:7e:68:79:
         91:a3:de:0a:f0:57:b3:a2:b2:b1:5b:5f:8c:4a:62:93:a1:86:
         72:08:a1:ca:09:00:46:ce:17:f6:72:2d:e1:25:d0:e0:71:c1:
         a3:5c:7e:46:66:81:59:4e:2e:25:b1:64:7a:c2:32:2d:5e:67:
         9b:19:32:39:d0:8e:22:96:73:c8:49:1c:96:0e:73:64:fd:bb:
         3b:07:65:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIkUgnPWK3CLi1MeIHDb3aKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTI0MTM1NjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjBkZTk3NDg2ODkwNTdhMmM2OTVmYzljMjUxNjQyZTZkNjhkZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1VX6wtOoHFZjUA8NQTu178DPAJU
8DCoLFJTHtC5pGP547HXhVdlW38Wps0jSWAhefnZJU0niHXW9CsTq7KK2xHh3ZOU
P0Klbc19NnqaRm1HwrVngONWz09KxPuCSlhXLHyKaaOLryaW0L9nYL+rPjmYaLQi
VYPAICknq4r6HKBbgCFQxzN35vAW1eHf1kzatO9C7RiuUXbOmaFsH/oyqpjgEdI/
2T2cEcN01K+ZLZMNq7EPC5B0Um+TCpf09IAXPnSO1SWTCzJ4ppKgwSFy09vdFsKI
FYcfsx0Rfl9SAsK8rqe678AJkSx3TD7MoEHX4mPi2j6KGEXUObLmubBiMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB8N6XSGiQV6LGlfycJRZC5taN4IMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSHczcGRJYUpCWG9zYVZfSndsRmtMbTFvM2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpmKAwQA
WdWuMA0GCSqGSIb3DQEBCwUAA4IBAQCer7Y7Q071f+274VnliZsdReb804HTo7Af
bhckfbx8pN3hm24UDb/Bxm6Vj1zzPrMx2CzLVwChAoiQGdXmrdo11zgPHzMkqe7B
jhdMlrHfQpVvFjtGm+0Ae7aXO03FCqLr9H47s/kfuG3MukojtaQ9tF9yXswSQQE4
h6Pk3CB8fyOIfby06khUkP8fYywiNN2mvcG2naUhWbETh5pYkKHDfh/31wR02bz3
xxiEi2JesVB+aHmRo94K8FezorKxW1+MSmKToYZyCKHKCQBGzhf2ci3hJdDgccGj
XH5GZoFZTi4lsWR6wjItXmebGTI50I4ilnPISRyWDnNk/bs7B2XB
-----END CERTIFICATE-----