Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PH3vnQMKPkeRJHM7Zfo2WTBBSB0.roa
File:                     PH3vnQMKPkeRJHM7Zfo2WTBBSB0.roa (raw, json)
Hash identifier:          ulalU4PTNMYtjQ0Jx6THkF9NUjzLPi5zdhWce0KqsW4=
Subject key identifier:   3C:7D:EF:9D:03:0A:3E:47:91:24:73:3B:65:FA:36:59:30:41:48:1D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191E1D7797163FCD38B17DDB04BDC8D3F18
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PH3vnQMKPkeRJHM7Zfo2WTBBSB0.roa
Signing time:             Wed 11 Sep 2024 16:08:00 +0000
ROA not before:           Wed 11 Sep 2024 16:08:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151872
IP address blocks:        109.176.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:d7:79:71:63:fc:d3:8b:17:dd:b0:4b:dc:8d:3f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 11 16:08:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c7def9d030a3e479124733b65fa36593041481d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:cc:a1:26:90:37:17:d5:86:2a:f1:63:71:b6:
                    3f:9a:1a:f3:a5:03:f1:bb:b9:85:f9:a7:e5:09:bc:
                    bf:3b:40:b4:aa:bd:91:cf:cf:4c:9c:71:63:51:85:
                    40:2d:82:de:3d:ea:a3:ec:ec:31:e3:2f:20:61:bb:
                    93:41:fc:a2:1a:d7:8f:b2:d8:f4:cd:d4:61:9d:53:
                    bb:4a:cc:05:d7:ab:a2:66:0f:b9:2f:ae:db:80:0c:
                    61:88:39:c5:83:a0:93:8a:18:21:33:27:d4:f9:66:
                    cf:6b:b2:72:88:d2:0c:28:ed:1a:0c:d9:b6:2b:a2:
                    6e:db:c9:71:81:dd:80:1b:65:27:f0:d5:6f:7f:63:
                    80:fa:72:ee:c4:46:b2:22:2a:1f:34:7a:e7:dc:24:
                    88:8d:6e:40:d2:74:7b:33:2c:6a:2f:19:bb:00:6f:
                    41:85:9c:24:36:e9:e9:33:51:6f:fa:04:28:a8:e6:
                    e0:3a:d0:a2:99:e9:1e:3f:e6:15:ab:08:6b:ca:49:
                    73:f6:bf:c0:a2:04:f7:de:39:e8:3c:ab:d9:79:a8:
                    be:a6:ab:5c:7e:2b:e7:da:59:e6:95:85:5d:d6:53:
                    ed:11:09:d5:b8:52:97:3b:0b:44:a7:38:6f:e8:88:
                    61:58:aa:69:a0:c6:6a:59:f1:02:41:0d:1c:2e:55:
                    31:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:7D:EF:9D:03:0A:3E:47:91:24:73:3B:65:FA:36:59:30:41:48:1D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PH3vnQMKPkeRJHM7Zfo2WTBBSB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:59:e1:9e:ac:62:fc:71:0d:be:56:22:22:b2:6f:1b:5d:01:
         35:cc:ad:87:2f:7c:45:01:40:92:3f:df:e4:a4:d1:d3:e8:41:
         ba:ec:a1:3b:f1:22:13:1a:98:50:42:3d:70:ab:de:a5:78:58:
         45:6a:81:b5:3b:ba:d5:45:d0:3c:fc:4c:dc:4d:f9:d7:c9:5f:
         db:3a:bd:b4:b7:f9:8b:44:5c:9c:b1:06:82:75:c6:e3:d3:d8:
         20:c4:44:2e:67:ed:ad:d5:8b:67:83:6e:48:40:e2:ab:04:3b:
         44:8a:c8:71:58:a3:a4:33:1c:b6:89:85:ad:26:48:19:19:16:
         51:09:8b:aa:9e:44:10:e4:7a:6e:1f:ae:d7:e5:a3:ed:58:f8:
         23:7a:fb:92:62:4a:2c:02:fe:a8:e8:16:66:8b:09:84:8c:fa:
         b3:a6:97:a6:b8:07:69:99:c5:b3:fe:74:34:aa:2e:81:b0:42:
         98:41:6e:f3:76:be:cd:98:14:5b:a8:b6:02:50:61:9e:af:23:
         df:59:0e:39:1a:0a:01:54:a7:45:4b:19:c7:0e:ba:f1:2e:c8:
         bb:58:e6:2a:dd:5a:a3:8f:03:87:f4:9f:d6:10:21:4b:09:bb:
         de:a1:2c:2b:e6:57:50:71:89:73:35:ec:b7:98:12:e7:e4:3b:
         ed:32:7e:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHh13lxY/zTixfdsEvcjT8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTExMTYwODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzdkZWY5ZDAzMGEzZTQ3OTEyNDczM2I2NWZhMzY1OTMwNDE0ODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8yhJpA3F9WGKvFjcbY/mhrzpQPx
u7mF+aflCby/O0C0qr2Rz89MnHFjUYVALYLePeqj7Owx4y8gYbuTQfyiGtePstj0
zdRhnVO7SswF16uiZg+5L67bgAxhiDnFg6CTihghMyfU+WbPa7JyiNIMKO0aDNm2
K6Ju28lxgd2AG2Un8NVvf2OA+nLuxEayIiofNHrn3CSIjW5A0nR7MyxqLxm7AG9B
hZwkNunpM1Fv+gQoqObgOtCimekeP+YVqwhryklz9r/AogT33jnoPKvZeai+pqtc
fivn2lnmlYVd1lPtEQnVuFKXOwtEpzhv6IhhWKppoMZqWfECQQ0cLlUxUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx9750DCj5HkSRzO2X6NlkwQUgdMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUEgzdm5RTUtQa2VSSkhNN1pmbzJXVEJCU0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbAWMA0G
CSqGSIb3DQEBCwUAA4IBAQBXWeGerGL8cQ2+ViIism8bXQE1zK2HL3xFAUCSP9/k
pNHT6EG67KE78SITGphQQj1wq96leFhFaoG1O7rVRdA8/EzcTfnXyV/bOr20t/mL
RFycsQaCdcbj09ggxEQuZ+2t1Ytng25IQOKrBDtEishxWKOkMxy2iYWtJkgZGRZR
CYuqnkQQ5HpuH67X5aPtWPgjevuSYkosAv6o6BZmiwmEjPqzppemuAdpmcWz/nQ0
qi6BsEKYQW7zdr7NmBRbqLYCUGGeryPfWQ45GgoBVKdFSxnHDrrxLsi7WOYq3Vqj
jwOH9J/WECFLCbveoSwr5ldQcYlzNey3mBLn5DvtMn7V
-----END CERTIFICATE-----