Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MI9UO865hQu3PI3gqo_-n06c_j8.roa
File:                     MI9UO865hQu3PI3gqo_-n06c_j8.roa (raw, json)
Hash identifier:          WpQIajOYuhhWnzPVxr6DI8GamKwZmUOV56KgAIc7eeM=
Subject key identifier:   30:8F:54:3B:CE:B9:85:0B:B7:3C:8D:E0:AA:8F:FE:9F:4E:9C:FE:3F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FA9775CA3D02385B7FF264A50799D6D50
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MI9UO865hQu3PI3gqo_-n06c_j8.roa
Signing time:             Fri 24 May 2024 07:18:42 +0000
ROA not before:           Fri 24 May 2024 07:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        82.153.222.0/24 maxlen: 24
                          89.213.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:77:5c:a3:d0:23:85:b7:ff:26:4a:50:79:9d:6d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 24 07:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=308f543bceb9850bb73c8de0aa8ffe9f4e9cfe3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f3:84:de:4d:02:fe:7c:c8:b4:b3:9e:ac:73:
                    e7:4a:0e:b0:93:d7:c6:3c:fb:be:51:99:ed:c0:f6:
                    c8:f3:7b:34:ce:6b:19:cd:b5:0c:6e:50:44:af:6e:
                    8a:df:60:27:26:5e:50:36:88:6a:b8:65:0b:f7:2b:
                    02:45:82:e5:21:6b:bc:9e:87:d9:01:8d:08:86:d3:
                    20:79:e0:ff:bf:ff:e2:48:3c:e8:0b:8f:61:18:b1:
                    cf:5b:a9:10:7e:e3:b0:5d:4d:b2:a8:ed:56:c4:5d:
                    3d:bc:59:67:87:1b:cf:55:75:43:17:ee:62:66:74:
                    b3:48:46:72:aa:ef:86:a0:0b:a4:e1:6b:33:5e:ed:
                    69:14:4a:d3:96:b1:b6:44:86:46:5d:52:46:fa:05:
                    f5:4c:95:59:59:84:9f:85:f5:c1:8f:5c:a2:0f:fa:
                    5a:fc:6d:3b:26:cf:26:ca:5f:cf:2a:c4:e5:50:54:
                    28:c4:bc:5e:c4:8e:13:6f:b5:37:58:ba:35:53:d5:
                    ec:f4:09:37:4f:b7:37:36:ed:79:30:4a:1e:9a:19:
                    cf:b8:6d:e1:8a:01:aa:f7:15:61:64:4e:a3:88:a4:
                    32:99:68:c2:d0:5a:90:52:49:7f:f7:c6:b4:1a:78:
                    e1:22:43:bc:91:96:6d:8c:51:59:30:ae:00:e7:3b:
                    e6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8F:54:3B:CE:B9:85:0B:B7:3C:8D:E0:AA:8F:FE:9F:4E:9C:FE:3F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MI9UO865hQu3PI3gqo_-n06c_j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.222.0/24
                  89.213.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e9:dd:d6:80:38:68:ce:23:e1:4c:2b:c8:c1:2f:64:ea:1b:
         0e:8e:05:7d:a3:5e:10:70:72:b2:d9:2e:9e:cb:76:b7:6a:2b:
         89:7b:7f:10:b4:fc:b6:ec:cc:be:c3:74:57:94:42:29:f7:51:
         40:18:28:a2:7e:05:87:4c:87:c0:c8:a0:ed:27:75:d0:f6:90:
         f6:64:7d:bd:5b:2a:f3:09:35:c3:b2:54:e4:0b:da:1c:3e:a9:
         e8:85:d1:2d:d0:c9:18:8c:cf:41:ca:40:1f:90:d6:d4:9a:3b:
         44:5c:f3:da:b0:52:ce:3f:35:8a:d0:fe:ad:73:5d:ae:dc:00:
         d9:41:86:40:53:ca:82:f7:1f:20:86:dd:02:6d:2e:2f:ee:71:
         35:e6:ea:c8:bd:c7:c9:f5:18:2b:03:7a:72:da:91:57:d3:2b:
         50:6f:73:60:e1:91:c1:7a:76:28:dd:f8:41:c4:38:3a:67:8d:
         1d:6b:8b:25:83:e1:48:6c:1c:48:87:6e:01:3f:8b:3f:7d:2e:
         e2:11:0f:a6:35:f5:1c:c0:f9:9c:07:05:28:d9:d0:cb:12:8b:
         32:36:b8:fa:6c:ec:82:48:5e:ce:8a:8c:2a:8e:45:4e:6e:27:
         a9:cb:92:66:e4:d7:56:8b:d8:fc:d8:7f:77:01:3c:47:d1:d5:
         45:a5:bc:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+pd1yj0COFt/8mSlB5nW1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI0MDcxODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDhmNTQzYmNlYjk4NTBiYjczYzhkZTBhYThmZmU5ZjRlOWNmZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvOE3k0C/nzItLOerHPnSg6wk9fG
PPu+UZntwPbI83s0zmsZzbUMblBEr26K32AnJl5QNohquGUL9ysCRYLlIWu8nofZ
AY0IhtMgeeD/v//iSDzoC49hGLHPW6kQfuOwXU2yqO1WxF09vFlnhxvPVXVDF+5i
ZnSzSEZyqu+GoAuk4WszXu1pFErTlrG2RIZGXVJG+gX1TJVZWYSfhfXBj1yiD/pa
/G07Js8myl/PKsTlUFQoxLxexI4Tb7U3WLo1U9Xs9Ak3T7c3Nu15MEoemhnPuG3h
igGq9xVhZE6jiKQymWjC0FqQUkl/98a0GnjhIkO8kZZtjFFZMK4A5zvmCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDCPVDvOuYULtzyN4KqP/p9OnP4/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTUk5VU84NjVoUXUzUEkzZ3FvXy1uMDZjX2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpneAwQA
WdXVMA0GCSqGSIb3DQEBCwUAA4IBAQBL6d3WgDhoziPhTCvIwS9k6hsOjgV9o14Q
cHKy2S6ey3a3aiuJe38QtPy27My+w3RXlEIp91FAGCiifgWHTIfAyKDtJ3XQ9pD2
ZH29WyrzCTXDslTkC9ocPqnohdEt0MkYjM9BykAfkNbUmjtEXPPasFLOPzWK0P6t
c12u3ADZQYZAU8qC9x8ght0CbS4v7nE15urIvcfJ9RgrA3py2pFX0ytQb3Ng4ZHB
enYo3fhBxDg6Z40da4slg+FIbBxIh24BP4s/fS7iEQ+mNfUcwPmcBwUo2dDLEosy
Nrj6bOyCSF7OiowqjkVObiepy5Jm5NdWi9j82H93ATxH0dVFpbzx
-----END CERTIFICATE-----