Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TdFjczry2tCxr1cqXhPkh4_IkBk.roa
File:                     TdFjczry2tCxr1cqXhPkh4_IkBk.roa (raw, json)
Hash identifier:          QQVSKFs3NDbMperu6sD7lb6DmLsC1u3EXjVFFQJY/d8=
Subject key identifier:   4D:D1:63:73:3A:F2:DA:D0:B1:AF:57:2A:5E:13:E4:87:8F:C8:90:19
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E5B0A9A65EC98FBB5015D91E8CC6BF393
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TdFjczry2tCxr1cqXhPkh4_IkBk.roa
Signing time:             Wed 20 Mar 2024 08:46:45 +0000
ROA not before:           Wed 20 Mar 2024 08:46:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        109.176.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:0a:9a:65:ec:98:fb:b5:01:5d:91:e8:cc:6b:f3:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 20 08:46:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dd163733af2dad0b1af572a5e13e4878fc89019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1d:23:97:63:69:35:b5:1a:1c:4e:b0:8c:f9:
                    96:85:19:82:80:8a:27:03:2d:90:ed:75:1a:84:40:
                    d4:ae:d0:63:5e:76:ff:0c:ec:23:55:cb:8b:c9:e9:
                    ca:41:3f:2c:0c:47:ba:1b:23:08:d2:e1:da:1d:fb:
                    5b:0b:13:26:12:65:29:a7:77:42:af:02:7b:b8:93:
                    8c:a4:88:db:d7:da:21:ec:cd:94:12:26:40:b9:39:
                    e2:bb:e5:55:f8:6b:18:a9:9d:fe:dd:0e:79:52:09:
                    ad:f2:f6:d7:69:f6:d3:06:0b:61:35:2d:8e:3b:83:
                    cc:30:3b:13:3b:cc:b7:84:f5:f5:d8:eb:44:d9:b5:
                    b0:89:8f:6d:7c:ad:08:b8:fa:77:ad:c2:40:f7:93:
                    c7:46:b2:42:00:18:0c:b0:1f:70:ca:d0:3c:54:52:
                    4c:7f:10:64:b0:51:b7:bf:10:15:26:f1:6c:27:09:
                    50:4d:c9:ed:dc:52:76:90:f5:f9:b1:12:24:79:91:
                    4d:8d:9e:7a:65:b8:a2:e4:3b:ea:32:c8:28:21:71:
                    98:c4:b3:21:e0:4f:05:86:84:c8:27:1c:2f:dc:b5:
                    33:ed:05:26:0a:81:2e:d8:4d:0a:d3:30:91:29:b3:
                    2e:4a:b6:26:cd:37:12:8c:f9:36:89:b4:a7:55:c8:
                    ba:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D1:63:73:3A:F2:DA:D0:B1:AF:57:2A:5E:13:E4:87:8F:C8:90:19
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TdFjczry2tCxr1cqXhPkh4_IkBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:73:c5:aa:19:ec:7d:f5:20:8c:b1:90:ed:94:24:f0:7c:b9:
         53:a9:6a:af:df:08:29:48:60:29:f8:32:c3:b7:d8:29:7c:62:
         8d:b5:81:f9:f1:8d:34:71:9c:9e:f9:9f:21:d0:81:7f:6d:e3:
         2b:86:2b:e3:40:71:6c:b3:cb:dc:4c:57:0b:b6:7e:33:af:d6:
         3f:c4:a7:4e:22:3b:d6:e7:bb:21:c1:1d:f4:c7:19:e0:17:d8:
         94:48:8e:1f:8c:4a:84:fb:f2:4d:62:f5:48:22:0c:ad:af:d6:
         f6:c5:3d:c3:cc:8b:b7:bf:b8:4f:ba:59:d3:1a:05:ae:bb:e7:
         b9:75:12:a5:d1:3f:ce:ac:30:d7:3a:34:d9:a0:cc:1b:65:ac:
         52:09:c7:12:8d:fc:b6:23:ff:30:0e:83:69:5c:d2:dd:77:3d:
         c9:95:41:55:17:76:a3:ce:a7:20:72:d8:ce:17:08:00:dc:b8:
         fd:c5:f0:d9:d9:69:90:3b:d4:74:91:82:0b:c6:62:e6:6a:3a:
         0a:fc:36:e6:b8:35:eb:90:81:ee:33:77:cb:5b:ab:eb:5f:81:
         b2:df:60:c9:b7:78:23:15:99:a5:32:49:3d:7c:62:06:b6:c0:
         45:2a:02:5a:10:62:fd:79:f0:86:d2:f0:6d:c5:4b:f1:be:78:
         72:1c:2e:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5bCppl7Jj7tQFdkejMa/OTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIwMDg0NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQxNjM3MzNhZjJkYWQwYjFhZjU3MmE1ZTEzZTQ4NzhmYzg5MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnR0jl2NpNbUaHE6wjPmWhRmCgIon
Ay2Q7XUahEDUrtBjXnb/DOwjVcuLyenKQT8sDEe6GyMI0uHaHftbCxMmEmUpp3dC
rwJ7uJOMpIjb19oh7M2UEiZAuTniu+VV+GsYqZ3+3Q55Ugmt8vbXafbTBgthNS2O
O4PMMDsTO8y3hPX12OtE2bWwiY9tfK0IuPp3rcJA95PHRrJCABgMsB9wytA8VFJM
fxBksFG3vxAVJvFsJwlQTcnt3FJ2kPX5sRIkeZFNjZ56Zbii5DvqMsgoIXGYxLMh
4E8FhoTIJxwv3LUz7QUmCoEu2E0K0zCRKbMuSrYmzTcSjPk2ibSnVci6EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3RY3M68trQsa9XKl4T5IePyJAZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVGRGamN6cnkydEN4cjFjcVhoUGtoNF9Ja0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDQMA0G
CSqGSIb3DQEBCwUAA4IBAQBgc8WqGex99SCMsZDtlCTwfLlTqWqv3wgpSGAp+DLD
t9gpfGKNtYH58Y00cZye+Z8h0IF/beMrhivjQHFss8vcTFcLtn4zr9Y/xKdOIjvW
57shwR30xxngF9iUSI4fjEqE+/JNYvVIIgytr9b2xT3DzIu3v7hPulnTGgWuu+e5
dRKl0T/OrDDXOjTZoMwbZaxSCccSjfy2I/8wDoNpXNLddz3JlUFVF3ajzqcgctjO
FwgA3Lj9xfDZ2WmQO9R0kYILxmLmajoK/DbmuDXrkIHuM3fLW6vrX4Gy32DJt3gj
FZmlMkk9fGIGtsBFKgJaEGL9efCG0vBtxUvxvnhyHC44
-----END CERTIFICATE-----