Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R2zj1trPcQMSZfIHAg_EMUtZDho.roa
File:                     R2zj1trPcQMSZfIHAg_EMUtZDho.roa (raw, json)
Hash identifier:          nGl+3AcMFdKuX+5VdQPOMK69qgNnHl4FQ4LHv6FEWXU=
Subject key identifier:   47:6C:E3:D6:DA:CF:71:03:12:65:F2:07:02:0F:C4:31:4B:59:0E:1A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0192532E337A293960006E40077D02423D15
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R2zj1trPcQMSZfIHAg_EMUtZDho.roa
Signing time:             Thu 03 Oct 2024 16:19:49 +0000
ROA not before:           Thu 03 Oct 2024 16:19:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262725
IP address blocks:        89.213.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:53:2e:33:7a:29:39:60:00:6e:40:07:7d:02:42:3d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  3 16:19:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=476ce3d6dacf71031265f207020fc4314b590e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:05:26:53:0b:3c:34:f5:48:a9:72:b1:46:9d:
                    b7:13:dd:2e:49:68:9d:79:54:c0:2f:34:a4:e6:10:
                    c6:c5:b3:46:79:a4:ce:c0:96:b0:4a:b0:79:37:dc:
                    a2:3f:d6:6a:c9:e0:d0:5f:ff:cd:a6:67:72:89:77:
                    7f:84:a0:ca:6e:16:a8:15:a0:73:d4:06:9b:a3:4c:
                    77:4d:89:ea:35:22:b7:1b:c7:d8:f8:e5:5a:6a:f0:
                    03:8a:f6:59:0a:10:87:52:c9:3a:a8:44:dd:03:99:
                    62:ac:aa:95:5b:c2:1a:c7:51:f7:ec:1b:1d:be:c3:
                    5e:4b:af:07:6e:78:b1:4b:a9:c2:5e:9b:b9:39:27:
                    6a:7e:cc:26:5c:6a:e9:17:37:4a:b2:45:a2:3c:22:
                    49:a4:c0:00:6b:50:cf:f3:0a:ba:cb:81:0c:0f:ab:
                    cc:7f:93:ac:06:e0:ce:5d:eb:a5:9e:8f:88:25:57:
                    94:34:51:86:ea:eb:91:27:79:ce:1c:f2:85:87:75:
                    f8:76:8f:19:a3:db:40:bc:35:c8:b9:77:3b:cf:e1:
                    92:12:25:a7:e4:ca:3d:ca:a6:68:b0:e1:18:55:69:
                    22:28:52:7b:ff:39:60:ce:50:21:ca:23:5b:2a:33:
                    f9:0c:a8:7e:34:b1:8a:76:32:b3:04:74:ba:83:32:
                    c8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6C:E3:D6:DA:CF:71:03:12:65:F2:07:02:0F:C4:31:4B:59:0E:1A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/R2zj1trPcQMSZfIHAg_EMUtZDho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:17:dc:6a:11:84:94:25:28:30:85:60:0b:7f:4d:01:d1:
         2d:99:0a:20:5f:83:68:9f:58:00:a6:5c:20:4b:c4:ac:02:45:
         24:44:93:42:51:c7:b7:61:f9:4e:c3:a5:ce:ec:08:c4:fc:8f:
         03:bc:e3:d2:c5:f9:06:2c:ee:33:ad:5a:d1:3b:c6:eb:47:17:
         bb:7f:32:bf:32:d9:7c:b5:77:5f:a8:a6:42:58:73:17:fc:fe:
         cb:72:ba:ac:59:92:bd:a4:cd:15:4f:aa:55:b3:22:de:49:3c:
         01:57:ee:9a:ac:a3:e7:04:57:2f:8c:19:8b:1b:8e:b6:a7:d3:
         78:d4:40:b0:90:4e:7f:06:39:00:06:61:ca:af:e8:a1:bb:82:
         d6:52:16:20:66:9c:a4:1c:e4:d1:d3:70:20:16:9d:ae:ed:c2:
         89:69:5c:49:06:45:80:95:47:97:ff:c9:b0:f9:c9:43:d2:88:
         5d:90:72:32:9a:02:c3:15:89:e4:4c:01:6b:77:df:16:c5:d3:
         c0:ae:6f:3c:f1:8f:ff:7f:5f:59:ea:d7:4c:d5:e5:64:8f:99:
         83:ea:c9:ba:eb:08:1e:34:09:c5:23:6b:56:03:d0:9b:39:99:
         0c:ac:ea:5d:46:80:af:50:7a:ae:46:23:7d:d6:8c:c2:51:24:
         ce:29:f6:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJTLjN6KTlgAG5AB30CQj0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDAzMTYxOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZjZTNkNmRhY2Y3MTAzMTI2NWYyMDcwMjBmYzQzMTRiNTkwZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQUmUws8NPVIqXKxRp23E90uSWid
eVTALzSk5hDGxbNGeaTOwJawSrB5N9yiP9ZqyeDQX//NpmdyiXd/hKDKbhaoFaBz
1Aabo0x3TYnqNSK3G8fY+OVaavADivZZChCHUsk6qETdA5lirKqVW8Iax1H37Bsd
vsNeS68HbnixS6nCXpu5OSdqfswmXGrpFzdKskWiPCJJpMAAa1DP8wq6y4EMD6vM
f5OsBuDOXeulno+IJVeUNFGG6uuRJ3nOHPKFh3X4do8Zo9tAvDXIuXc7z+GSEiWn
5Mo9yqZosOEYVWkiKFJ7/zlgzlAhyiNbKjP5DKh+NLGKdjKzBHS6gzLIQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEds49baz3EDEmXyBwIPxDFLWQ4aMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUjJ6ajF0clBjUU1TWmZJSEFnX0VNVXRaRGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUpMA0G
CSqGSIb3DQEBCwUAA4IBAQBugxfcahGElCUoMIVgC39NAdEtmQogX4Non1gAplwg
S8SsAkUkRJNCUce3YflOw6XO7AjE/I8DvOPSxfkGLO4zrVrRO8brRxe7fzK/Mtl8
tXdfqKZCWHMX/P7LcrqsWZK9pM0VT6pVsyLeSTwBV+6arKPnBFcvjBmLG462p9N4
1ECwkE5/BjkABmHKr+ihu4LWUhYgZpykHOTR03AgFp2u7cKJaVxJBkWAlUeX/8mw
+clD0ohdkHIymgLDFYnkTAFrd98WxdPArm888Y//f19Z6tdM1eVkj5mD6sm66wge
NAnFI2tWA9CbOZkMrOpdRoCvUHquRiN91ozCUSTOKfb6
-----END CERTIFICATE-----