Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MV2BoJlDXghBcQRovEzqQUNPqfY.roa
File:                     MV2BoJlDXghBcQRovEzqQUNPqfY.roa (raw, json)
Hash identifier:          7j9hD7h3M7Rg15q2DzpPy4PBoo5gXDkjX5vuo2BO9PM=
Subject key identifier:   31:5D:81:A0:99:43:5E:08:41:71:04:68:BC:4C:EA:41:43:4F:A9:F6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F4B9AF4FDAC4ECA1DE7F78577A9B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MV2BoJlDXghBcQRovEzqQUNPqfY.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        81.168.126.0/24 maxlen: 24
                          109.176.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f4:b9:af:4f:da:c4:ec:a1:de:7f:78:57:7a:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=315d81a099435e0841710468bc4cea41434fa9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6f:07:39:4c:43:e9:92:2a:2b:1b:ae:15:f1:
                    13:8d:20:1b:4e:96:9f:c3:39:05:a1:f4:c1:35:99:
                    a7:62:8b:34:fe:d5:46:6e:d9:ab:ed:e7:98:78:25:
                    7f:e6:40:4d:61:02:a6:03:69:48:e3:13:da:27:78:
                    ff:74:e4:1f:d1:d1:2c:be:0e:f4:a2:02:90:b4:b6:
                    a7:41:60:96:04:90:7d:db:d6:f0:ae:18:51:7a:a0:
                    33:87:46:9f:c0:c9:06:93:b2:00:58:1a:d4:db:b6:
                    74:c5:14:aa:e9:56:5f:84:6d:24:c4:32:d7:7e:86:
                    26:59:6e:09:03:bd:27:52:e3:29:4d:1a:fa:bf:7c:
                    a9:cd:05:54:57:50:8d:52:3c:09:ae:34:21:8c:f7:
                    8d:82:ce:19:b4:5f:2e:1c:c6:f3:33:2c:62:30:7f:
                    da:fe:0c:88:0f:f6:0d:9d:07:33:f0:e9:51:9e:c3:
                    1e:4f:4d:d9:e9:5b:55:1c:b0:85:8f:2f:4b:00:25:
                    c9:58:71:39:78:f1:05:75:07:03:db:75:87:be:e7:
                    b8:19:62:b0:f0:ac:09:9b:d3:1e:f6:80:dd:7d:63:
                    ce:c5:43:97:66:e3:45:5f:6c:f5:c9:45:cd:23:6d:
                    6b:20:12:60:9a:12:e4:72:b2:36:d5:dd:a5:88:be:
                    f0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:5D:81:A0:99:43:5E:08:41:71:04:68:BC:4C:EA:41:43:4F:A9:F6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MV2BoJlDXghBcQRovEzqQUNPqfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.126.0/24
                  109.176.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:5d:77:a3:4e:bc:24:ba:9e:ea:cb:3e:36:e9:d7:a0:e3:3c:
         6f:26:01:38:12:c7:6b:28:bd:b9:a4:91:7e:11:14:a6:29:92:
         a7:5b:74:39:d2:0a:20:42:61:0b:00:91:3f:67:fe:05:53:e6:
         b0:89:91:83:ab:ea:ae:34:a6:b9:4b:b3:b1:01:38:97:86:be:
         cf:cb:fa:34:99:65:d1:78:9a:23:43:80:a7:ea:fb:9f:5a:9d:
         52:4e:9c:02:d2:95:55:81:8d:b5:a9:7a:ea:65:53:f4:2b:48:
         ec:85:36:13:26:70:3b:a5:1f:2b:87:ba:4e:bd:5e:18:69:fe:
         c6:69:49:6f:5c:ae:16:73:ef:1e:45:31:53:ca:d2:e5:a1:5a:
         a6:f4:38:1d:70:fd:7b:40:53:db:e9:79:ba:91:e8:25:e2:49:
         25:7b:91:c4:1c:66:e5:85:0a:c9:e3:f1:ce:2f:db:4b:5f:1f:
         49:31:88:d0:5d:75:7c:7e:26:76:c6:76:54:91:c7:7e:77:db:
         18:9f:21:1b:03:e3:3c:cb:18:f8:a4:eb:6f:1e:e8:75:21:40:
         81:16:a7:bd:49:2e:07:fb:97:13:98:87:c6:0c:7e:cb:68:98:
         67:4f:35:b6:45:02:1e:fb:dd:e7:5b:96:e2:7d:25:f0:4a:2d:
         b3:94:f6:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ/S5r0/axOyh3n94V3qbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTVkODFhMDk5NDM1ZTA4NDE3MTA0NjhiYzRjZWE0MTQzNGZhOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr28HOUxD6ZIqKxuuFfETjSAbTpaf
wzkFofTBNZmnYos0/tVGbtmr7eeYeCV/5kBNYQKmA2lI4xPaJ3j/dOQf0dEsvg70
ogKQtLanQWCWBJB929bwrhhReqAzh0afwMkGk7IAWBrU27Z0xRSq6VZfhG0kxDLX
foYmWW4JA70nUuMpTRr6v3ypzQVUV1CNUjwJrjQhjPeNgs4ZtF8uHMbzMyxiMH/a
/gyID/YNnQcz8OlRnsMeT03Z6VtVHLCFjy9LACXJWHE5ePEFdQcD23WHvue4GWKw
8KwJm9Me9oDdfWPOxUOXZuNFX2z1yUXNI21rIBJgmhLkcrI21d2liL7wkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDFdgaCZQ14IQXEEaLxM6kFDT6n2MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTVYyQm9KbERYZ2hCY1FSb3ZFenFRVU5QcWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUah+AwQA
bbD4MA0GCSqGSIb3DQEBCwUAA4IBAQChXXejTrwkup7qyz426deg4zxvJgE4Esdr
KL25pJF+ERSmKZKnW3Q50gogQmELAJE/Z/4FU+awiZGDq+quNKa5S7OxATiXhr7P
y/o0mWXReJojQ4Cn6vufWp1STpwC0pVVgY21qXrqZVP0K0jshTYTJnA7pR8rh7pO
vV4Yaf7GaUlvXK4Wc+8eRTFTytLloVqm9DgdcP17QFPb6Xm6kegl4kkle5HEHGbl
hQrJ4/HOL9tLXx9JMYjQXXV8fiZ2xnZUkcd+d9sYnyEbA+M8yxj4pOtvHuh1IUCB
Fqe9SS4H+5cTmIfGDH7LaJhnTzW2RQIe+93nW5bifSXwSi2zlPY/
-----END CERTIFICATE-----