Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Pn-rSHKp8MArAY-hxaH_fIdnMgA.roa
File:                     Pn-rSHKp8MArAY-hxaH_fIdnMgA.roa (raw, json)
Hash identifier:          6ULSdikcUI2ttW2kJbh9zbqpxb81W+CU8+loSfU2OQc=
Subject key identifier:   3E:7F:AB:48:72:A9:F0:C0:2B:01:8F:A1:C5:A1:FF:7C:87:67:32:00
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191BD7BA6A9B0680746190710C5E2BDE134
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Pn-rSHKp8MArAY-hxaH_fIdnMgA.roa
Signing time:             Wed 04 Sep 2024 14:41:23 +0000
ROA not before:           Wed 04 Sep 2024 14:41:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137235
IP address blocks:        213.210.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 14:58:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:7b:a6:a9:b0:68:07:46:19:07:10:c5:e2:bd:e1:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  4 14:41:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e7fab4872a9f0c02b018fa1c5a1ff7c87673200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ae:b2:f8:c0:af:27:ef:e9:56:8a:e2:ba:43:
                    65:82:9b:02:70:fc:bb:ff:c3:ae:89:c3:5e:f6:70:
                    fe:0c:fd:ed:c8:52:d0:56:09:88:be:7b:6d:49:5c:
                    e2:77:84:95:0c:2d:96:6c:2b:8f:fe:b8:a5:59:00:
                    86:16:5c:69:a5:f6:39:99:87:78:c2:85:cd:fe:84:
                    e4:ef:88:b2:f0:0c:86:25:07:64:a0:84:35:64:13:
                    17:aa:18:81:e6:e7:b6:50:f9:f4:7a:0c:26:88:ac:
                    11:d2:c6:7b:69:2a:10:e2:3f:4c:04:36:93:36:7f:
                    20:35:e4:aa:08:e4:e8:32:97:e7:f0:4f:3f:ff:56:
                    54:13:06:e0:cb:6e:d4:6c:49:57:c3:47:dd:11:8a:
                    ef:dc:d5:e3:69:0a:58:53:d3:10:9e:cb:c0:24:32:
                    a6:99:88:83:cf:5b:c1:73:88:4d:7a:ce:4c:7e:f3:
                    64:5f:bb:cc:2b:57:aa:ce:77:b8:e2:d9:63:ba:8e:
                    27:9a:01:bb:2b:4c:85:c3:ae:35:72:5d:56:e8:fc:
                    0f:72:19:1e:19:4a:d1:52:0d:b9:3c:f3:46:d2:f6:
                    75:29:84:81:5b:e6:85:6c:fd:93:0a:18:d4:90:e8:
                    1f:90:06:d0:57:8b:eb:56:1b:43:16:03:e4:b8:ff:
                    9d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:7F:AB:48:72:A9:F0:C0:2B:01:8F:A1:C5:A1:FF:7C:87:67:32:00
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Pn-rSHKp8MArAY-hxaH_fIdnMgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:b4:0d:92:13:a4:f5:fe:38:67:fc:ae:36:a3:04:74:03:e3:
         36:d5:0f:59:4d:81:b5:0b:5a:a3:c6:9a:46:7a:e9:c5:db:2a:
         1d:c0:41:db:e0:a4:85:5d:d0:da:12:31:8c:31:98:05:47:97:
         02:10:0b:38:4a:34:fd:ff:b1:4b:1d:dd:ff:81:19:36:db:f2:
         b9:6e:57:7b:e2:ae:ac:f4:6d:b2:fb:0a:68:d0:72:82:60:7a:
         5f:7b:24:ac:60:5d:93:00:59:7e:6e:f9:43:59:3a:38:c4:2f:
         23:e7:9a:80:a3:5d:cf:1e:32:83:b5:56:be:70:f0:61:f1:c8:
         d9:25:ea:40:bb:bc:64:d9:2b:12:22:44:ab:b7:50:08:66:69:
         14:1b:6f:c7:8a:b9:b4:d2:36:d7:6c:d9:01:b5:f4:de:3d:52:
         30:3a:fe:35:9f:fc:04:ec:16:a5:c8:43:7a:32:bb:ea:0a:c4:
         f9:4f:39:23:67:3e:9a:e5:4c:d8:3f:8c:51:ef:83:b1:cf:5f:
         28:0e:a4:f9:9e:71:ff:ab:54:82:63:00:dd:e6:1c:bc:06:cc:
         0c:20:f7:76:02:0b:d2:1a:ed:a2:5b:85:8e:5b:57:97:1f:81:
         38:58:a8:6b:a6:3c:60:de:21:b3:e5:b7:9c:59:80:32:2d:95:
         f1:06:3c:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG9e6apsGgHRhkHEMXiveE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTA0MTQ0MTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTdmYWI0ODcyYTlmMGMwMmIwMThmYTFjNWExZmY3Yzg3NjczMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuK6y+MCvJ+/pVoriukNlgpsCcPy7
/8OuicNe9nD+DP3tyFLQVgmIvnttSVzid4SVDC2WbCuP/rilWQCGFlxppfY5mYd4
woXN/oTk74iy8AyGJQdkoIQ1ZBMXqhiB5ue2UPn0egwmiKwR0sZ7aSoQ4j9MBDaT
Nn8gNeSqCOToMpfn8E8//1ZUEwbgy27UbElXw0fdEYrv3NXjaQpYU9MQnsvAJDKm
mYiDz1vBc4hNes5MfvNkX7vMK1eqzne44tljuo4nmgG7K0yFw641cl1W6PwPchke
GUrRUg25PPNG0vZ1KYSBW+aFbP2TChjUkOgfkAbQV4vrVhtDFgPkuP+dFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5/q0hyqfDAKwGPocWh/3yHZzIAMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUG4tclNIS3A4TUFyQVktaHhhSF9mSWRuTWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI6MA0G
CSqGSIb3DQEBCwUAA4IBAQCdtA2SE6T1/jhn/K42owR0A+M21Q9ZTYG1C1qjxppG
eunF2yodwEHb4KSFXdDaEjGMMZgFR5cCEAs4SjT9/7FLHd3/gRk22/K5bld74q6s
9G2y+wpo0HKCYHpfeySsYF2TAFl+bvlDWTo4xC8j55qAo13PHjKDtVa+cPBh8cjZ
JepAu7xk2SsSIkSrt1AIZmkUG2/Hirm00jbXbNkBtfTePVIwOv41n/wE7BalyEN6
MrvqCsT5TzkjZz6a5UzYP4xR74Oxz18oDqT5nnH/q1SCYwDd5hy8BswMIPd2AgvS
Gu2iW4WOW1eXH4E4WKhrpjxg3iGz5becWYAyLZXxBjxZ
-----END CERTIFICATE-----