Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PwNcekDPM2AZEO6lj6uQwZ_iETs.roa
File:                     PwNcekDPM2AZEO6lj6uQwZ_iETs.roa (raw, json)
Hash identifier:          Oa7lT+VFJXjn6KGYD8JW3JCWqCyo2T6X97bzk4qAZm4=
Subject key identifier:   3F:03:5C:7A:40:CF:33:60:19:10:EE:A5:8F:AB:90:C1:9F:E2:11:3B
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019258B76EC982A6BEDE4A90A328C873C54A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PwNcekDPM2AZEO6lj6uQwZ_iETs.roa
Signing time:             Fri 04 Oct 2024 18:07:49 +0000
ROA not before:           Fri 04 Oct 2024 18:07:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        89.213.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:58:b7:6e:c9:82:a6:be:de:4a:90:a3:28:c8:73:c5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  4 18:07:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f035c7a40cf33601910eea58fab90c19fe2113b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5c:3b:97:7f:a4:36:3a:6b:0f:62:c6:75:a4:
                    e6:e9:ca:5d:a9:ab:69:c1:38:ba:fa:38:3e:40:79:
                    6f:3e:4a:83:d2:4e:73:ec:75:5b:a8:9f:fe:1b:ca:
                    6b:74:01:7d:81:03:27:ca:10:c0:f7:3c:1a:81:b3:
                    73:6d:89:88:9c:23:68:11:e5:e9:c6:cf:41:97:76:
                    9a:37:43:e3:9f:21:9b:71:cd:55:e8:f6:69:4c:4a:
                    b7:77:27:41:77:55:ae:b1:89:f3:17:ba:42:69:65:
                    0a:e2:95:45:8b:ef:90:cd:cf:59:d6:e8:c6:eb:8c:
                    2c:e8:52:04:fb:c3:8c:c0:d8:2e:23:92:28:0a:04:
                    2a:ab:a1:23:41:69:88:63:c7:74:6a:59:92:40:21:
                    8a:3b:1b:10:75:9b:20:25:8f:17:c3:7d:03:77:6b:
                    cc:d0:b9:ce:52:e5:48:77:66:13:f6:59:c3:69:8b:
                    29:ad:54:0b:d1:5d:9e:fc:56:4a:c8:96:bf:c3:e9:
                    42:13:12:d8:7d:0b:b1:ae:40:d3:da:9e:e3:b9:fd:
                    8b:ee:66:a5:45:7b:41:d4:52:b6:dc:4d:cc:d9:98:
                    c8:3f:cf:73:6b:21:39:d6:57:b1:fb:0d:5e:09:07:
                    f9:f6:af:41:68:6d:ad:f2:e6:14:9d:54:70:9b:d7:
                    44:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:03:5C:7A:40:CF:33:60:19:10:EE:A5:8F:AB:90:C1:9F:E2:11:3B
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PwNcekDPM2AZEO6lj6uQwZ_iETs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:50:f1:72:16:3a:4d:32:a8:d3:c6:5b:45:a9:0e:73:99:94:
         79:ae:ac:cb:13:3b:82:29:34:bb:04:3b:46:96:c8:f8:10:28:
         4d:b4:56:fd:06:a8:55:96:fb:3c:ae:9f:3c:14:85:75:36:b3:
         d5:29:de:24:63:06:85:b9:81:24:c3:ed:ae:9a:85:44:9c:22:
         05:6e:f1:d7:15:7a:da:d8:3f:4e:4b:e5:1b:4f:dd:d3:39:8c:
         d7:fd:78:a7:99:5c:3f:ed:71:42:6f:2b:a6:38:cc:f6:2f:64:
         e8:8a:25:d5:7a:59:4b:7f:57:49:d7:6a:5b:ac:ff:f6:4f:fb:
         e3:d5:52:da:19:b0:3f:b1:d3:e4:62:2c:61:b7:6d:0f:ef:d6:
         72:8a:0b:b8:df:06:aa:11:44:6b:db:23:5c:b8:55:76:16:8e:
         4e:44:db:ab:33:b7:49:e3:16:6c:55:14:0a:52:70:51:04:2e:
         1f:0f:3d:c3:32:c3:42:ba:9a:71:6b:35:99:30:2e:42:77:54:
         a5:f0:d7:c2:c9:63:7f:cc:40:a1:1d:bd:7e:2d:63:1e:0b:40:
         a2:bd:ff:05:4a:d4:97:25:3d:81:1e:ae:73:5f:28:02:a1:ca:
         42:9f:9d:15:1e:32:ec:c6:35:af:d8:4a:70:a6:f9:19:c0:19:
         c6:f5:c2:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJYt27Jgqa+3kqQoyjIc8VKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDA0MTgwNzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjAzNWM3YTQwY2YzMzYwMTkxMGVlYTU4ZmFiOTBjMTlmZTIxMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1w7l3+kNjprD2LGdaTm6cpdqatp
wTi6+jg+QHlvPkqD0k5z7HVbqJ/+G8prdAF9gQMnyhDA9zwagbNzbYmInCNoEeXp
xs9Bl3aaN0PjnyGbcc1V6PZpTEq3dydBd1WusYnzF7pCaWUK4pVFi++Qzc9Z1ujG
64ws6FIE+8OMwNguI5IoCgQqq6EjQWmIY8d0almSQCGKOxsQdZsgJY8Xw30Dd2vM
0LnOUuVId2YT9lnDaYsprVQL0V2e/FZKyJa/w+lCExLYfQuxrkDT2p7juf2L7mal
RXtB1FK23E3M2ZjIP89zayE51lex+w1eCQf59q9BaG2t8uYUnVRwm9dESQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8DXHpAzzNgGRDupY+rkMGf4hE7MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUHdOY2VrRFBNMkFaRU82bGo2dVF3Wl9pRVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXQMA0G
CSqGSIb3DQEBCwUAA4IBAQCcUPFyFjpNMqjTxltFqQ5zmZR5rqzLEzuCKTS7BDtG
lsj4EChNtFb9BqhVlvs8rp88FIV1NrPVKd4kYwaFuYEkw+2umoVEnCIFbvHXFXra
2D9OS+UbT93TOYzX/XinmVw/7XFCbyumOMz2L2ToiiXVellLf1dJ12pbrP/2T/vj
1VLaGbA/sdPkYixht20P79Zyigu43waqEURr2yNcuFV2Fo5ORNurM7dJ4xZsVRQK
UnBRBC4fDz3DMsNCuppxazWZMC5Cd1Sl8NfCyWN/zEChHb1+LWMeC0Civf8FStSX
JT2BHq5zXygCocpCn50VHjLsxjWv2EpwpvkZwBnG9cLv
-----END CERTIFICATE-----