Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NPP7551qb3GIp8MRHJlM5d4GKVw.roa
File:                     NPP7551qb3GIp8MRHJlM5d4GKVw.roa (raw, json)
Hash identifier:          RzbA77N2XWct1h0UVzcYmudtpGr1mejso9bvf7XWHI4=
Subject key identifier:   34:F3:FB:E7:9D:6A:6F:71:88:A7:C3:11:1C:99:4C:E5:DE:06:29:5C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143EF8991AC4C1C2DF197D8D7792CAE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NPP7551qb3GIp8MRHJlM5d4GKVw.roa
Signing time:             Wed 01 Jan 2025 09:48:07 +0000
ROA not before:           Wed 01 Jan 2025 09:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60982
IP address blocks:        82.152.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ef:89:91:ac:4c:1c:2d:f1:97:d8:d7:79:2c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34f3fbe79d6a6f7188a7c3111c994ce5de06295c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:de:3e:ad:1a:c6:64:ff:d1:c2:7a:64:3e:e0:
                    a5:d8:0d:df:72:3b:36:06:e5:49:7a:e7:26:a7:84:
                    10:f0:e0:a7:f1:3d:25:50:d7:91:2e:fb:18:4d:d7:
                    21:c4:e4:5f:85:94:73:3a:b3:a0:94:b8:2e:0f:43:
                    a2:2e:29:75:f6:89:4e:e4:64:05:9d:35:50:75:af:
                    de:3c:96:53:ca:bd:b7:0e:af:e4:d4:30:e0:8a:4b:
                    49:9c:37:9f:3f:51:55:ff:d1:1d:e1:39:5d:51:c2:
                    6e:95:1d:0b:cc:1b:01:22:57:9e:9e:33:8b:4b:e9:
                    6d:22:ea:78:7c:ab:7c:9a:93:c1:50:5d:5a:7f:c2:
                    61:cf:17:be:d7:4a:04:7f:07:36:70:00:63:b8:b5:
                    15:ab:9b:93:be:9b:2e:e6:99:f1:00:8a:9f:9e:bd:
                    5f:95:cc:b2:f5:ef:19:0c:93:b7:29:7a:3c:f1:66:
                    a0:3c:93:ab:fc:77:5b:1c:79:53:e8:12:37:ee:8b:
                    ad:18:b3:b9:92:2c:56:91:62:85:16:4e:89:0b:25:
                    3d:9f:c9:a3:95:91:a6:b3:e6:3c:b9:c5:09:24:0a:
                    cc:aa:5b:72:16:6b:d0:f9:84:10:a0:65:27:01:92:
                    ee:39:b2:19:f8:9b:8b:d8:08:c5:09:c4:c1:77:44:
                    21:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F3:FB:E7:9D:6A:6F:71:88:A7:C3:11:1C:99:4C:E5:DE:06:29:5C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NPP7551qb3GIp8MRHJlM5d4GKVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:bb:30:f8:01:21:5d:2a:d6:89:75:b1:72:2c:95:bf:c0:be:
         c3:ab:b5:e8:14:85:39:22:89:52:c8:7a:91:7d:87:54:e2:94:
         17:fe:86:03:dd:c9:6a:f3:b9:94:7f:20:3c:07:9a:ef:2a:bd:
         44:c7:5d:6e:e2:7c:b6:ea:08:60:cf:41:ff:8b:94:43:3a:fa:
         d2:6f:72:9d:9b:a4:db:a3:12:4d:cd:0e:11:e2:05:f7:2b:c2:
         0a:5a:0c:49:c8:6b:bf:d4:0f:95:2e:09:6f:2f:87:fe:2a:99:
         e4:c6:e9:49:05:30:6a:05:a8:b9:5c:8f:13:c5:c0:c7:1a:e7:
         24:8d:c9:80:1a:d3:b8:69:87:4c:df:f5:c2:04:87:2a:fd:57:
         88:1f:d7:34:90:7b:af:34:00:35:7a:b7:36:1c:52:93:44:15:
         19:c7:75:11:a8:40:b6:b0:57:9b:17:28:65:67:7b:1b:ad:a5:
         9b:fb:fb:e9:e9:e0:1b:0d:ef:5d:d5:3f:74:3a:3a:e4:4f:c1:
         e7:09:d1:2a:d8:f2:71:5e:df:c6:dd:85:48:4f:05:e8:4b:45:
         2d:78:52:29:6a:20:8c:90:79:85:12:09:ef:f6:9c:4e:2f:bc:
         1c:80:67:f2:90:69:78:31:42:31:2b:7b:03:c4:05:54:92:f2:
         c6:8a:6e:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ++JkaxMHC3xl9jXeSyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYzZmJlNzlkNmE2ZjcxODhhN2MzMTExYzk5NGNlNWRlMDYyOTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA594+rRrGZP/RwnpkPuCl2A3fcjs2
BuVJeucmp4QQ8OCn8T0lUNeRLvsYTdchxORfhZRzOrOglLguD0OiLil19olO5GQF
nTVQda/ePJZTyr23Dq/k1DDgiktJnDefP1FV/9Ed4TldUcJulR0LzBsBIleenjOL
S+ltIup4fKt8mpPBUF1af8Jhzxe+10oEfwc2cABjuLUVq5uTvpsu5pnxAIqfnr1f
lcyy9e8ZDJO3KXo88WagPJOr/HdbHHlT6BI37outGLO5kixWkWKFFk6JCyU9n8mj
lZGms+Y8ucUJJArMqltyFmvQ+YQQoGUnAZLuObIZ+JuL2AjFCcTBd0QhEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTz++edam9xiKfDERyZTOXeBilcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTlBQNzU1MXFiM0dJcDhNUkhKbE01ZDRHS1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpiEMA0G
CSqGSIb3DQEBCwUAA4IBAQA+uzD4ASFdKtaJdbFyLJW/wL7Dq7XoFIU5IolSyHqR
fYdU4pQX/oYD3clq87mUfyA8B5rvKr1Ex11u4ny26ghgz0H/i5RDOvrSb3Kdm6Tb
oxJNzQ4R4gX3K8IKWgxJyGu/1A+VLglvL4f+KpnkxulJBTBqBai5XI8TxcDHGuck
jcmAGtO4aYdM3/XCBIcq/VeIH9c0kHuvNAA1erc2HFKTRBUZx3URqEC2sFebFyhl
Z3sbraWb+/vp6eAbDe9d1T90OjrkT8HnCdEq2PJxXt/G3YVITwXoS0UteFIpaiCM
kHmFEgnv9pxOL7wcgGfykGl4MUIxK3sDxAVUkvLGim69
-----END CERTIFICATE-----