Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IanikMVLF_G8hPem1sraeWbJ3z8.roa
File:                     IanikMVLF_G8hPem1sraeWbJ3z8.roa (raw, json)
Hash identifier:          6pnfQ8fgPcWBS+F4hNnogDYa7P1vUBqxu3/WJxKOZdE=
Subject key identifier:   21:A9:E2:90:C5:4B:17:F1:BC:84:F7:A6:D6:CA:DA:79:66:C9:DF:3F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F9A63FBA87D3E330F366A8104A6F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IanikMVLF_G8hPem1sraeWbJ3z8.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150698
IP address blocks:        82.153.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f9:a6:3f:ba:87:d3:e3:30:f3:66:a8:10:4a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21a9e290c54b17f1bc84f7a6d6cada7966c9df3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b3:05:2d:e7:4f:06:4e:6a:2e:06:9e:31:6b:
                    3c:c8:77:43:4a:46:f8:0b:41:fe:65:4b:ee:69:55:
                    ce:21:77:0d:77:21:2d:98:db:2f:7b:0e:23:20:d4:
                    1f:46:20:88:c0:f2:af:fa:51:56:4d:d8:5b:a7:23:
                    a9:54:0d:74:b4:58:87:c6:b0:d6:48:c1:ba:bf:92:
                    04:c1:b7:ed:d8:26:f5:cf:0a:7e:0e:29:56:c0:b7:
                    ad:e1:df:a9:bc:87:9a:6e:76:7b:c8:4b:4f:29:ef:
                    f6:3f:62:0d:24:27:70:9c:1c:7c:01:28:d4:0c:c3:
                    53:75:c9:e3:6a:4c:92:1d:f1:c3:f9:68:aa:0b:c3:
                    3c:54:c9:7e:71:88:39:65:4d:8a:a7:b7:5e:61:d9:
                    43:bf:7c:8f:88:e2:4f:66:91:ee:b1:ba:bc:88:e7:
                    26:2d:16:f6:79:e5:11:42:b9:cb:e6:f7:99:65:c1:
                    35:5b:0c:c5:d8:a2:cb:8c:3d:53:e8:44:2b:58:b3:
                    22:af:ff:d1:a8:dc:1b:83:09:9b:56:ee:19:28:65:
                    3e:27:3c:8e:a3:8b:de:d4:be:04:9e:be:70:a7:8f:
                    4d:20:fb:dc:c9:f8:42:d5:53:01:96:a8:b7:ee:ec:
                    49:19:48:42:be:d7:49:3c:70:8a:48:1c:e4:9b:67:
                    c3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A9:E2:90:C5:4B:17:F1:BC:84:F7:A6:D6:CA:DA:79:66:C9:DF:3F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/IanikMVLF_G8hPem1sraeWbJ3z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:3b:c2:41:08:28:7d:a8:36:55:7b:3e:3c:73:b9:4b:0f:4c:
         d0:09:bb:4e:ff:82:45:83:e1:b4:4d:7b:47:02:69:4a:53:2e:
         94:bb:b7:6b:a2:75:f2:c2:cb:e6:35:ba:16:8a:c9:0c:79:fc:
         d4:a6:84:d4:ca:30:ad:55:ad:a3:6d:05:ff:5a:84:b8:66:d4:
         63:bb:fa:be:66:89:44:22:32:f8:5c:59:ec:71:bf:a0:1f:b7:
         16:c1:0c:1f:85:dd:56:a0:c8:81:62:a7:8f:8b:3a:85:4f:e6:
         4a:f9:d0:6c:ae:72:4a:92:3e:3a:c9:7e:b5:70:87:a6:a8:44:
         1a:01:f5:fb:2a:fc:ab:06:7c:57:7e:ab:86:7f:f9:a8:b2:c2:
         ea:ce:8c:ba:76:75:7c:cb:79:f3:0a:ec:a2:14:09:36:55:c5:
         f4:4f:a8:7f:72:c4:4a:53:91:50:ec:f3:f4:fa:a0:ed:8b:1d:
         72:5d:38:d2:17:86:54:eb:fe:2c:2f:3e:c7:fc:08:8b:e2:20:
         0d:95:05:90:d4:4f:94:50:a8:02:bd:10:8d:49:3a:5f:bc:3e:
         db:17:a1:be:2c:44:e2:41:b7:b1:ec:8a:5c:14:fb:8f:72:65:
         94:bd:ad:2d:45:cf:f1:ef:2b:00:1c:71:6d:ac:64:97:3b:9c:
         72:2e:da:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/mmP7qH0+Mw82aoEEpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWE5ZTI5MGM1NGIxN2YxYmM4NGY3YTZkNmNhZGE3OTY2YzlkZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobMFLedPBk5qLgaeMWs8yHdDSkb4
C0H+ZUvuaVXOIXcNdyEtmNsvew4jINQfRiCIwPKv+lFWTdhbpyOpVA10tFiHxrDW
SMG6v5IEwbft2Cb1zwp+DilWwLet4d+pvIeabnZ7yEtPKe/2P2INJCdwnBx8ASjU
DMNTdcnjakySHfHD+WiqC8M8VMl+cYg5ZU2Kp7deYdlDv3yPiOJPZpHusbq8iOcm
LRb2eeURQrnL5veZZcE1WwzF2KLLjD1T6EQrWLMir//RqNwbgwmbVu4ZKGU+JzyO
o4ve1L4Enr5wp49NIPvcyfhC1VMBlqi37uxJGUhCvtdJPHCKSBzkm2fD3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGp4pDFSxfxvIT3ptbK2nlmyd8/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSWFuaWtNVkxGX0c4aFBlbTFzcmFlV2JKM3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnxMA0G
CSqGSIb3DQEBCwUAA4IBAQAsO8JBCCh9qDZVez48c7lLD0zQCbtO/4JFg+G0TXtH
AmlKUy6Uu7dronXywsvmNboWiskMefzUpoTUyjCtVa2jbQX/WoS4ZtRju/q+ZolE
IjL4XFnscb+gH7cWwQwfhd1WoMiBYqePizqFT+ZK+dBsrnJKkj46yX61cIemqEQa
AfX7KvyrBnxXfquGf/mossLqzoy6dnV8y3nzCuyiFAk2VcX0T6h/csRKU5FQ7PP0
+qDtix1yXTjSF4ZU6/4sLz7H/AiL4iANlQWQ1E+UUKgCvRCNSTpfvD7bF6G+LETi
Qbex7IpcFPuPcmWUva0tRc/x7ysAHHFtrGSXO5xyLtoH
-----END CERTIFICATE-----