Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Myc9FCqScJNSo2Bp1cdSgysq5W0.roa
File:                     Myc9FCqScJNSo2Bp1cdSgysq5W0.roa (raw, json)
Hash identifier:          nA9U2kDfQKC+R6kbPepvVKsY/cjTh9/QhvdKJARIfgs=
Subject key identifier:   33:27:3D:14:2A:92:70:93:52:A3:60:69:D5:C7:52:83:2B:2A:E5:6D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214418A48C5A6E7D2865AA8DCD577ABC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Myc9FCqScJNSo2Bp1cdSgysq5W0.roa
Signing time:             Wed 01 Jan 2025 09:48:18 +0000
ROA not before:           Wed 01 Jan 2025 09:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212416
IP address blocks:        213.210.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:18:a4:8c:5a:6e:7d:28:65:aa:8d:cd:57:7a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33273d142a92709352a36069d5c752832b2ae56d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:41:75:47:12:f6:2d:11:de:41:38:30:cc:f5:
                    75:de:e2:bb:0e:32:3e:5d:91:0f:9b:c2:37:6d:48:
                    76:5f:66:61:20:36:d9:e9:f8:95:6e:45:88:27:ea:
                    70:7b:68:9c:3e:37:50:0c:a2:5a:d1:80:af:56:b6:
                    9e:5c:82:d3:87:d3:5d:25:ad:46:56:a5:1b:4b:90:
                    7b:69:10:1c:0b:77:93:57:d7:eb:df:86:11:2c:08:
                    95:c8:b8:e1:14:6b:ea:06:fe:06:71:da:2e:e2:20:
                    2d:01:dc:b9:dc:ca:fa:9e:58:83:dd:3d:92:1c:39:
                    d8:b7:db:9e:81:d9:56:88:d9:7f:d8:38:71:9f:e6:
                    e7:3b:91:ba:64:4f:0a:3a:66:bb:ae:d9:75:77:4b:
                    84:05:23:e8:43:89:44:5f:2b:10:8e:fd:26:9f:9f:
                    35:b9:f1:86:52:32:bd:46:09:34:c7:47:0d:de:5c:
                    85:ec:74:d9:04:d2:31:97:74:ce:86:18:fe:ff:b6:
                    6c:91:ee:7b:88:93:e3:40:71:6e:e9:97:1b:d3:af:
                    10:ee:d9:c8:5a:18:04:88:4a:6e:d3:fa:64:6c:2e:
                    40:25:a4:45:0e:b2:a2:63:0c:19:4f:60:f2:1e:b7:
                    f0:33:eb:87:2c:2b:41:28:47:17:20:61:90:8d:85:
                    a9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:27:3D:14:2A:92:70:93:52:A3:60:69:D5:C7:52:83:2B:2A:E5:6D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Myc9FCqScJNSo2Bp1cdSgysq5W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:6f:79:60:ad:03:7e:fd:57:7b:1e:78:d9:5c:cb:1b:43:69:
         a8:41:57:79:66:e4:1e:77:66:db:6b:25:0e:51:6d:c5:90:02:
         e0:91:d8:28:b4:87:a1:7c:e1:01:ed:0b:e5:66:29:f4:d1:1c:
         81:a7:4c:d1:51:d8:3c:6a:09:c8:7f:a6:5d:7e:ce:c1:25:b6:
         63:b7:ea:05:3f:b6:44:7c:00:1a:32:10:44:8e:18:10:2e:d5:
         7f:a8:4b:04:a2:a4:36:5e:57:87:7a:a9:c2:c8:dd:9a:33:9e:
         7d:9b:4f:aa:d6:67:73:a1:02:72:9d:b1:91:a0:da:ae:c2:69:
         61:08:81:c1:33:47:b7:ce:20:c6:cd:57:d7:cf:a5:6c:cf:88:
         03:b4:3f:e6:15:0e:a7:89:5a:f9:9b:04:ec:a2:ae:f0:91:75:
         56:84:1d:ad:21:da:a0:2f:7f:9e:f0:de:f9:84:2b:8c:06:ba:
         3b:ee:03:39:51:31:03:0a:3f:6f:96:ec:45:ae:40:99:03:03:
         3e:35:30:fa:98:7a:2c:19:c1:9d:2a:5a:a4:56:d0:bc:a7:89:
         18:48:d5:53:95:50:32:49:a5:d8:57:c9:c8:ef:ae:56:52:04:
         6a:39:88:76:47:c7:38:ed:75:cc:ca:31:30:6d:79:f9:b2:c5:
         c3:4a:52:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBikjFpufShlqo3NV3q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzI3M2QxNDJhOTI3MDkzNTJhMzYwNjlkNWM3NTI4MzJiMmFlNTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEF1RxL2LRHeQTgwzPV13uK7DjI+
XZEPm8I3bUh2X2ZhIDbZ6fiVbkWIJ+pwe2icPjdQDKJa0YCvVraeXILTh9NdJa1G
VqUbS5B7aRAcC3eTV9fr34YRLAiVyLjhFGvqBv4Gcdou4iAtAdy53Mr6nliD3T2S
HDnYt9uegdlWiNl/2Dhxn+bnO5G6ZE8KOma7rtl1d0uEBSPoQ4lEXysQjv0mn581
ufGGUjK9Rgk0x0cN3lyF7HTZBNIxl3TOhhj+/7Zske57iJPjQHFu6Zcb068Q7tnI
WhgEiEpu0/pkbC5AJaRFDrKiYwwZT2DyHrfwM+uHLCtBKEcXIGGQjYWpHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMnPRQqknCTUqNgadXHUoMrKuVtMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTXljOUZDcVNjSk5TbzJCcDFjZFNneXNxNVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI7MA0G
CSqGSIb3DQEBCwUAA4IBAQAJb3lgrQN+/Vd7HnjZXMsbQ2moQVd5ZuQed2bbayUO
UW3FkALgkdgotIehfOEB7QvlZin00RyBp0zRUdg8agnIf6Zdfs7BJbZjt+oFP7ZE
fAAaMhBEjhgQLtV/qEsEoqQ2XleHeqnCyN2aM559m0+q1mdzoQJynbGRoNquwmlh
CIHBM0e3ziDGzVfXz6Vsz4gDtD/mFQ6niVr5mwTsoq7wkXVWhB2tIdqgL3+e8N75
hCuMBro77gM5UTEDCj9vluxFrkCZAwM+NTD6mHosGcGdKlqkVtC8p4kYSNVTlVAy
SaXYV8nI765WUgRqOYh2R8c47XXMyjEwbXn5ssXDSlIs
-----END CERTIFICATE-----