Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/T-uq8urwNtVsi5bq5L6uGk-rME8.roa
File:                     T-uq8urwNtVsi5bq5L6uGk-rME8.roa (raw, json)
Hash identifier:          azHqxtlLCXcljKN5bHAvpXHCdfLLlI0UNaImnhkgtVE=
Subject key identifier:   4F:EB:AA:F2:EA:F0:36:D5:6C:8B:96:EA:E4:BE:AE:1A:4F:AB:30:4F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144265D3FD6EFE2938D86E2BF5197FF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/T-uq8urwNtVsi5bq5L6uGk-rME8.roa
Signing time:             Wed 01 Jan 2025 09:48:21 +0000
ROA not before:           Wed 01 Jan 2025 09:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214855
IP address blocks:        82.152.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:26:5d:3f:d6:ef:e2:93:8d:86:e2:bf:51:97:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4febaaf2eaf036d56c8b96eae4beae1a4fab304f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ea:1f:37:8d:48:01:fc:a7:e8:33:63:2d:53:
                    be:be:1c:d2:2b:71:2b:7c:9e:6c:18:1b:05:40:f1:
                    83:1c:54:97:9c:77:03:a9:37:32:59:03:ae:c9:60:
                    70:b6:59:da:f8:11:04:01:7d:9a:a8:e4:52:a2:19:
                    2c:f3:9f:4e:98:58:ea:b9:e3:77:59:68:f8:82:fa:
                    62:20:07:7f:bb:5a:4a:b2:93:b0:bf:cd:9d:48:3e:
                    ae:65:1c:cc:a1:06:78:30:c4:fd:00:2d:64:8e:26:
                    06:7e:78:89:80:38:bc:12:e0:0c:9e:0c:34:ac:ab:
                    d1:38:58:a9:dd:07:cd:9e:c3:b4:84:bf:f7:f2:23:
                    e2:5b:55:fc:a8:5a:2c:5f:1b:70:47:eb:04:cd:b8:
                    0d:f1:5c:a3:40:67:43:b0:e4:62:80:d1:d6:62:8b:
                    ed:72:21:3a:f7:c5:13:9e:38:a8:7e:09:c7:e0:82:
                    96:24:a4:42:06:b3:24:8b:42:09:26:eb:83:bd:94:
                    cf:94:f3:ac:f9:ce:e8:1e:fb:fe:fd:cb:50:7d:c1:
                    23:95:ac:c8:c9:0a:84:25:28:e1:a7:27:0b:a5:50:
                    56:1d:7b:3e:0b:89:1a:c7:20:70:af:9f:b3:a7:14:
                    52:27:b7:9b:c5:b0:09:03:e0:cb:e0:21:1b:27:05:
                    40:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:EB:AA:F2:EA:F0:36:D5:6C:8B:96:EA:E4:BE:AE:1A:4F:AB:30:4F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/T-uq8urwNtVsi5bq5L6uGk-rME8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:76:c6:e1:4e:dd:90:56:aa:b6:f4:96:7f:76:7f:3c:9e:e7:
         8b:17:90:76:4c:e6:da:00:d0:ac:c9:ef:95:42:6e:ac:92:ac:
         2b:98:06:b0:92:9d:47:71:e5:27:e6:1c:39:7f:e9:0c:fc:7a:
         28:dd:2d:ba:2a:07:8a:df:a5:0e:71:20:1f:2e:ee:a8:67:13:
         ca:8e:fd:99:a0:86:c1:1a:fa:c5:b5:38:03:bc:fd:fa:fc:b4:
         76:c2:af:fb:7a:b0:4b:21:93:62:c3:e9:91:4e:ef:8b:39:29:
         1f:34:7a:e0:10:59:2d:60:57:13:a9:5f:8f:bd:38:07:0e:5b:
         0e:a9:51:e9:d5:d3:e0:82:e1:35:9a:af:2e:6c:bd:03:a0:72:
         2c:bf:29:cd:43:a7:e2:39:7c:9c:e2:a3:2d:14:76:e4:68:27:
         07:1f:f7:f4:7e:39:1d:99:3c:24:0f:c4:1b:41:19:83:fd:4c:
         37:5f:bc:ee:92:0c:af:f9:fa:1c:dc:92:0d:e7:71:21:2f:d8:
         3d:fa:da:74:3e:5b:6b:64:da:5d:e0:71:36:88:7c:ed:8b:07:
         79:eb:61:95:b5:96:90:a8:35:26:b1:d2:72:ca:9b:f8:57:f7:
         62:a8:5d:2f:93:7f:11:5f:55:ce:08:2d:5b:c4:ef:cb:1f:f0:
         64:76:ad:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCZdP9bv4pONhuK/UZf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmViYWFmMmVhZjAzNmQ1NmM4Yjk2ZWFlNGJlYWUxYTRmYWIzMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+ofN41IAfyn6DNjLVO+vhzSK3Er
fJ5sGBsFQPGDHFSXnHcDqTcyWQOuyWBwtlna+BEEAX2aqORSohks859OmFjqueN3
WWj4gvpiIAd/u1pKspOwv82dSD6uZRzMoQZ4MMT9AC1kjiYGfniJgDi8EuAMngw0
rKvROFip3QfNnsO0hL/38iPiW1X8qFosXxtwR+sEzbgN8VyjQGdDsORigNHWYovt
ciE698UTnjiofgnH4IKWJKRCBrMki0IJJuuDvZTPlPOs+c7oHvv+/ctQfcEjlazI
yQqEJSjhpycLpVBWHXs+C4kaxyBwr5+zpxRSJ7ebxbAJA+DL4CEbJwVAAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/rqvLq8DbVbIuW6uS+rhpPqzBPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVC11cTh1cndOdFZzaTVicTVMNnVHay1yTUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpgCMA0G
CSqGSIb3DQEBCwUAA4IBAQCGdsbhTt2QVqq29JZ/dn88nueLF5B2TObaANCsye+V
Qm6skqwrmAawkp1HceUn5hw5f+kM/Hoo3S26KgeK36UOcSAfLu6oZxPKjv2ZoIbB
GvrFtTgDvP36/LR2wq/7erBLIZNiw+mRTu+LOSkfNHrgEFktYFcTqV+PvTgHDlsO
qVHp1dPgguE1mq8ubL0DoHIsvynNQ6fiOXyc4qMtFHbkaCcHH/f0fjkdmTwkD8Qb
QRmD/Uw3X7zukgyv+foc3JIN53EhL9g9+tp0PltrZNpd4HE2iHztiwd562GVtZaQ
qDUmsdJyypv4V/diqF0vk38RX1XOCC1bxO/LH/Bkdq20
-----END CERTIFICATE-----