Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tjj1uHzuiCVQJJEZGJAu3IACiVk.roa
File:                     Tjj1uHzuiCVQJJEZGJAu3IACiVk.roa (raw, json)
Hash identifier:          WmKkhNbexkSItYkXbiEEWOq3RcvFu+V/uyOEdTBXyq0=
Subject key identifier:   4E:38:F5:B8:7C:EE:88:25:50:24:91:19:18:90:2E:DC:80:02:89:59
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143D63E9C5857AA65B148BB104E893E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tjj1uHzuiCVQJJEZGJAu3IACiVk.roa
Signing time:             Wed 01 Jan 2025 09:48:01 +0000
ROA not before:           Wed 01 Jan 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18186
IP address blocks:        213.218.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d6:3e:9c:58:57:aa:65:b1:48:bb:10:4e:89:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e38f5b87cee88255024911918902edc80028959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c3:70:20:6b:a7:0e:a7:e0:55:5b:b1:bf:25:
                    b1:13:a0:42:c3:83:a1:4b:74:4a:90:e0:f4:8b:89:
                    55:a1:f3:08:96:c3:f0:83:67:43:85:43:d3:b0:96:
                    8a:bc:ce:46:5e:c6:2f:44:12:18:25:9b:45:e5:7f:
                    3a:17:3a:3a:a5:7e:7e:c7:41:90:b5:8a:be:3e:9e:
                    79:e3:80:26:7f:a8:40:0d:d9:af:15:50:0e:ad:d6:
                    e4:64:bb:4e:fa:28:40:e1:39:42:86:e0:40:51:72:
                    a0:98:99:68:7d:8b:c9:ec:56:d3:c1:7c:c1:d1:21:
                    ff:ba:25:15:22:a6:00:3a:2b:71:07:75:b2:5a:13:
                    7e:14:8f:2c:ff:ca:0e:9f:a6:0f:da:73:84:c1:4a:
                    dd:0a:4e:aa:22:1e:5c:27:1a:84:3e:94:16:d4:91:
                    15:07:37:7c:8e:f1:b8:06:34:81:0b:2b:97:de:db:
                    c1:09:09:ce:e7:fa:a1:56:55:d9:05:83:94:ae:ed:
                    19:1b:64:f1:f5:59:8b:0a:24:51:3c:54:1b:4c:c3:
                    72:78:63:d5:f3:7c:8d:b7:19:46:c2:3b:f0:c6:c6:
                    28:36:8f:83:52:36:11:2e:29:b4:5d:bd:9d:1a:6a:
                    dd:d2:2e:3d:27:5f:c2:54:96:24:24:18:22:c4:91:
                    94:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:38:F5:B8:7C:EE:88:25:50:24:91:19:18:90:2E:DC:80:02:89:59
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Tjj1uHzuiCVQJJEZGJAu3IACiVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:90:46:b1:7b:d8:c4:0a:ad:27:b6:96:ff:61:13:d0:f0:be:
         6b:aa:68:2b:02:e5:ce:5c:50:67:23:06:4f:4d:77:96:3e:e4:
         62:71:55:25:14:53:24:2b:aa:0b:20:4a:f4:39:af:4e:ad:20:
         ff:35:6a:64:3b:2f:da:6c:3f:63:50:38:1e:16:d2:8c:43:11:
         ec:a3:f4:aa:b3:fb:dc:c4:0d:be:58:d9:1a:f8:3a:3f:b2:b2:
         8e:9e:77:97:e4:77:8d:21:fa:08:1d:f6:6c:4d:78:fb:09:89:
         17:3e:14:4c:69:e1:8e:33:cb:5f:f4:a8:24:6a:c2:9d:85:42:
         4b:8f:d4:f6:45:e7:39:01:df:0c:3e:12:9f:82:36:1c:ae:7c:
         c1:dd:3c:35:7e:f6:7a:c5:0b:00:41:60:ff:6f:1c:bb:82:2b:
         07:b5:97:fb:6f:75:e3:2f:cb:e5:8c:53:23:88:47:56:29:64:
         3c:c2:1c:cc:5a:0c:de:a9:63:f1:55:2d:80:aa:e2:73:32:16:
         be:0c:a2:66:1a:15:9c:37:b1:d6:fc:f7:63:f3:25:44:ca:19:
         38:13:12:fd:55:56:f3:15:23:08:c7:22:ef:86:3e:cf:1b:38:
         44:99:e5:e7:ab:3e:aa:b3:47:d9:cb:74:4a:17:11:79:78:7e:
         c1:8d:f0:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9Y+nFhXqmWxSLsQTok+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTM4ZjViODdjZWU4ODI1NTAyNDkxMTkxODkwMmVkYzgwMDI4OTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsNwIGunDqfgVVuxvyWxE6BCw4Oh
S3RKkOD0i4lVofMIlsPwg2dDhUPTsJaKvM5GXsYvRBIYJZtF5X86Fzo6pX5+x0GQ
tYq+Pp5544Amf6hADdmvFVAOrdbkZLtO+ihA4TlChuBAUXKgmJlofYvJ7FbTwXzB
0SH/uiUVIqYAOitxB3WyWhN+FI8s/8oOn6YP2nOEwUrdCk6qIh5cJxqEPpQW1JEV
Bzd8jvG4BjSBCyuX3tvBCQnO5/qhVlXZBYOUru0ZG2Tx9VmLCiRRPFQbTMNyeGPV
83yNtxlGwjvwxsYoNo+DUjYRLim0Xb2dGmrd0i49J1/CVJYkJBgixJGUAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE449bh87oglUCSRGRiQLtyAAolZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVGpqMXVIenVpQ1ZRSkpFWkdKQXUzSUFDaVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drYMA0G
CSqGSIb3DQEBCwUAA4IBAQBjkEaxe9jECq0ntpb/YRPQ8L5rqmgrAuXOXFBnIwZP
TXeWPuRicVUlFFMkK6oLIEr0Oa9OrSD/NWpkOy/abD9jUDgeFtKMQxHso/Sqs/vc
xA2+WNka+Do/srKOnneX5HeNIfoIHfZsTXj7CYkXPhRMaeGOM8tf9KgkasKdhUJL
j9T2Rec5Ad8MPhKfgjYcrnzB3Tw1fvZ6xQsAQWD/bxy7gisHtZf7b3XjL8vljFMj
iEdWKWQ8whzMWgzeqWPxVS2AquJzMha+DKJmGhWcN7HW/Pdj8yVEyhk4ExL9VVbz
FSMIxyLvhj7PGzhEmeXnqz6qs0fZy3RKFxF5eH7BjfDM
-----END CERTIFICATE-----