Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KIzMqFO1q-TCyfT3Roa3nMXJ8nM.roa
File:                     KIzMqFO1q-TCyfT3Roa3nMXJ8nM.roa (raw, json)
Hash identifier:          +hJClbaRaDqR00DArokYlTzJbGUTJgBPH/KWjNVoNDY=
Subject key identifier:   28:8C:CC:A8:53:B5:AB:E4:C2:C9:F4:F7:46:86:B7:9C:C5:C9:F2:73
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01929EC7F469F0A0F99EFF1BB1B6007DDDA4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KIzMqFO1q-TCyfT3Roa3nMXJ8nM.roa
Signing time:             Fri 18 Oct 2024 08:39:17 +0000
ROA not before:           Fri 18 Oct 2024 08:39:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214466
IP address blocks:        109.176.253.0/24 maxlen: 24
                          213.218.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:c7:f4:69:f0:a0:f9:9e:ff:1b:b1:b6:00:7d:dd:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 18 08:39:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=288ccca853b5abe4c2c9f4f74686b79cc5c9f273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6e:a3:e5:18:2b:df:6b:13:e8:18:4b:f1:a6:
                    fe:79:72:ff:b4:9d:45:71:91:96:14:a0:cb:a7:00:
                    e9:b2:b9:f1:cf:50:df:cb:98:eb:45:d6:f3:50:c8:
                    98:b1:de:fc:93:54:fa:da:40:94:43:10:4b:b9:86:
                    8e:7a:7a:98:c6:24:23:e4:e0:a7:4a:ed:3a:be:eb:
                    40:14:fe:d6:c4:51:0f:fe:00:ee:31:ab:9d:7e:17:
                    7c:8e:10:41:ef:bd:c2:d2:ff:82:c3:0c:fc:3a:4c:
                    45:36:ef:92:94:ae:b3:50:a0:61:83:26:f8:fc:47:
                    f7:b4:46:15:27:de:23:d6:71:3d:58:8b:aa:8b:3f:
                    2d:20:55:50:6f:5c:16:f4:b3:fe:ce:da:18:30:db:
                    11:2c:1d:c9:68:ab:f5:e0:93:46:2a:af:a6:fe:cb:
                    f1:ac:5d:22:7e:32:75:a6:ae:3a:9c:55:79:ae:0c:
                    cb:55:d0:2b:fc:b4:c4:ee:72:6d:58:cd:5c:c2:ad:
                    fe:32:7b:5b:16:e0:49:5d:8c:ef:57:cd:f7:28:dd:
                    f7:97:eb:a2:89:61:44:e4:dc:16:e7:d2:a3:14:a9:
                    27:7f:94:66:3c:6a:a4:a8:27:19:55:57:46:fb:12:
                    5b:bf:d9:3d:25:35:a4:f7:b7:05:7a:fd:57:7a:41:
                    c7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:8C:CC:A8:53:B5:AB:E4:C2:C9:F4:F7:46:86:B7:9C:C5:C9:F2:73
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/KIzMqFO1q-TCyfT3Roa3nMXJ8nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.253.0/24
                  213.218.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:9b:48:37:94:cb:8f:8e:a9:cd:22:a2:1a:e7:44:dc:c6:b3:
         b1:5f:6a:40:af:ce:94:9d:e4:42:44:96:29:4e:21:cd:01:0a:
         b9:4f:a8:4e:f0:eb:1e:f7:c9:43:df:4f:6c:af:2f:d6:8b:e3:
         f5:fb:c2:1d:3d:24:80:cb:91:23:66:eb:ad:32:9c:7d:e0:c3:
         3c:65:52:a4:10:7a:0b:03:8a:1c:d0:42:93:bf:5d:be:5f:5a:
         53:93:f4:4c:b1:60:f9:7e:fc:92:fe:6b:ab:a4:f7:3f:24:c1:
         ba:e4:f3:d4:4c:c5:8d:3d:8b:12:52:12:53:6b:dc:3a:02:e1:
         95:23:62:2b:04:2a:51:45:78:e4:d4:9a:fd:4f:d6:45:ea:79:
         84:01:92:f7:e6:cb:82:8e:80:10:fd:4f:a9:8a:90:38:f9:d6:
         e3:81:93:77:39:92:3f:15:07:bd:d4:67:c6:77:a8:13:ee:4d:
         df:8e:3d:55:66:17:2f:52:7c:66:6e:95:c3:43:2b:8b:3b:87:
         87:08:fc:53:9b:76:0d:91:a7:20:81:15:42:22:b9:1f:72:9f:
         9e:70:41:66:32:2e:57:d9:d0:dc:7b:3a:70:3b:6b:df:a5:57:
         11:58:b2:29:59:11:69:58:ae:b5:9f:84:9f:53:05:dd:87:ec:
         69:8c:47:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKex/Rp8KD5nv8bsbYAfd2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDE4MDgzOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODhjY2NhODUzYjVhYmU0YzJjOWY0Zjc0Njg2Yjc5Y2M1YzlmMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhm6j5Rgr32sT6BhL8ab+eXL/tJ1F
cZGWFKDLpwDpsrnxz1Dfy5jrRdbzUMiYsd78k1T62kCUQxBLuYaOenqYxiQj5OCn
Su06vutAFP7WxFEP/gDuMaudfhd8jhBB773C0v+Cwwz8OkxFNu+SlK6zUKBhgyb4
/Ef3tEYVJ94j1nE9WIuqiz8tIFVQb1wW9LP+ztoYMNsRLB3JaKv14JNGKq+m/svx
rF0ifjJ1pq46nFV5rgzLVdAr/LTE7nJtWM1cwq3+MntbFuBJXYzvV833KN33l+ui
iWFE5NwW59KjFKknf5RmPGqkqCcZVVdG+xJbv9k9JTWk97cFev1XekHHHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCiMzKhTtavkwsn090aGt5zFyfJzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvS0l6TXFGTzFxLVRDeWZUM1JvYTNuTVhKOG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbD9AwQA
1dr7MA0GCSqGSIb3DQEBCwUAA4IBAQBRm0g3lMuPjqnNIqIa50TcxrOxX2pAr86U
neRCRJYpTiHNAQq5T6hO8Ose98lD309sry/Wi+P1+8IdPSSAy5EjZuutMpx94MM8
ZVKkEHoLA4oc0EKTv12+X1pTk/RMsWD5fvyS/murpPc/JMG65PPUTMWNPYsSUhJT
a9w6AuGVI2IrBCpRRXjk1Jr9T9ZF6nmEAZL35suCjoAQ/U+pipA4+dbjgZN3OZI/
FQe91GfGd6gT7k3fjj1VZhcvUnxmbpXDQyuLO4eHCPxTm3YNkacggRVCIrkfcp+e
cEFmMi5X2dDcezpwO2vfpVcRWLIpWRFpWK61n4SfUwXdh+xpjEch
-----END CERTIFICATE-----