Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VeuPHX2h2ZS-8aB6Kb6p2xc6qts.roa
File:                     VeuPHX2h2ZS-8aB6Kb6p2xc6qts.roa (raw, json)
Hash identifier:          QTBdOsb/b2Kqu1RWFCiKA4Z/tOQRQTTbqhkmdORMMY8=
Subject key identifier:   55:EB:8F:1D:7D:A1:D9:94:BE:F1:A0:7A:29:BE:A9:DB:17:3A:AA:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942691D840723FFF433FCB70DC01BB6275
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VeuPHX2h2ZS-8aB6Kb6p2xc6qts.roa
Signing time:             Thu 02 Jan 2025 10:31:19 +0000
ROA not before:           Thu 02 Jan 2025 10:31:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138195
IP address blocks:        213.218.208.0/24 maxlen: 24
                          213.218.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:91:d8:40:72:3f:ff:43:3f:cb:70:dc:01:bb:62:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 10:31:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55eb8f1d7da1d994bef1a07a29bea9db173aaadb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2e:58:01:7f:f5:99:2e:bd:cc:17:50:98:de:
                    ec:c4:99:76:13:ef:fb:b6:6b:78:59:3d:bb:66:6c:
                    1c:b9:f4:5e:d5:82:df:5a:a7:43:9d:af:b5:77:ac:
                    c3:7b:07:51:44:5f:8d:a9:44:9c:db:bb:86:be:4d:
                    b6:92:aa:16:60:b9:f3:7c:f4:0a:d6:74:c8:b1:63:
                    7a:e0:1d:51:15:7c:f2:93:8d:44:c8:d7:55:71:73:
                    3d:0f:58:37:bc:55:5c:34:7c:16:36:22:e6:08:46:
                    80:da:77:2a:a1:4b:04:d9:31:02:83:ce:65:c7:81:
                    6e:f9:6c:84:96:5e:75:05:6e:e5:58:27:81:a2:ee:
                    89:82:b8:28:5b:47:3c:02:ac:42:ad:23:b8:3a:3e:
                    8c:96:51:91:43:66:72:6c:14:85:ad:c8:67:a8:37:
                    9e:13:8d:20:3d:45:7a:cf:41:23:93:92:b0:e9:63:
                    48:7a:4c:8c:48:49:c0:de:90:8e:21:49:c8:39:ae:
                    2a:a7:fd:69:54:d0:56:c1:9c:88:c7:20:91:6d:a6:
                    0f:2f:85:8a:16:4a:3e:d3:26:4a:b6:8d:77:85:3c:
                    b3:3a:24:f0:ff:63:18:1d:24:fc:f9:f6:91:0e:c8:
                    8f:e1:5a:b4:6e:c5:b2:2e:4f:79:02:b1:c3:f2:8d:
                    68:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:EB:8F:1D:7D:A1:D9:94:BE:F1:A0:7A:29:BE:A9:DB:17:3A:AA:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/VeuPHX2h2ZS-8aB6Kb6p2xc6qts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.208.0/24
                  213.218.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:80:cc:d0:d5:a4:64:45:58:4e:aa:5a:ac:07:4a:ed:7f:d9:
         94:9f:0c:db:fc:e6:e3:5c:18:59:33:5c:4d:aa:10:1e:2d:22:
         5b:e2:3e:8b:38:6a:5b:89:a6:bf:65:62:9d:3e:65:fa:d2:c0:
         3b:a5:b6:a6:a7:26:0f:85:fb:86:c3:0e:dd:c8:af:f9:21:ef:
         cf:29:4a:8c:74:f8:16:d5:d2:ab:c1:0c:70:fe:29:3a:bb:10:
         1b:bc:d8:83:4a:a9:b5:9c:05:b4:64:5c:72:c6:c3:64:a7:85:
         ac:33:78:4a:9d:5c:b4:ea:cb:5a:d9:ac:f9:e6:bd:6f:76:70:
         50:f1:2a:37:c3:f1:58:a5:1e:bf:f9:e7:d4:d5:2a:f9:66:11:
         e3:0f:26:5b:d1:68:d1:40:e1:6d:42:2d:6d:42:f8:8a:a4:96:
         68:94:d8:8f:04:88:6c:0d:2c:5c:fc:1c:ff:9f:f3:0b:15:19:
         e5:fd:0f:88:ac:86:35:82:0d:d9:d9:be:d0:87:7c:06:60:e7:
         aa:58:a1:6c:1d:11:ed:68:56:41:64:8b:84:1f:78:3f:19:57:
         21:ab:96:48:2b:fb:d8:31:76:a3:02:51:47:84:a6:82:cc:e6:
         0a:69:86:1a:87:d0:c1:62:37:e9:0c:b0:91:c2:8a:75:fd:b4:
         85:9f:ef:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmkdhAcj//Qz/LcNwBu2J1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAyMTAzMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWViOGYxZDdkYTFkOTk0YmVmMWEwN2EyOWJlYTlkYjE3M2FhYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi5YAX/1mS69zBdQmN7sxJl2E+/7
tmt4WT27ZmwcufRe1YLfWqdDna+1d6zDewdRRF+NqUSc27uGvk22kqoWYLnzfPQK
1nTIsWN64B1RFXzyk41EyNdVcXM9D1g3vFVcNHwWNiLmCEaA2ncqoUsE2TECg85l
x4Fu+WyEll51BW7lWCeBou6JgrgoW0c8AqxCrSO4Oj6MllGRQ2ZybBSFrchnqDee
E40gPUV6z0Ejk5Kw6WNIekyMSEnA3pCOIUnIOa4qp/1pVNBWwZyIxyCRbaYPL4WK
Fko+0yZKto13hTyzOiTw/2MYHST8+faRDsiP4Vq0bsWyLk95ArHD8o1oLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXrjx19odmUvvGgeim+qdsXOqrbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVmV1UEhYMmgyWlMtOGFCNktiNnAyeGM2cXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1drQAwQA
1drrMA0GCSqGSIb3DQEBCwUAA4IBAQCrgMzQ1aRkRVhOqlqsB0rtf9mUnwzb/Obj
XBhZM1xNqhAeLSJb4j6LOGpbiaa/ZWKdPmX60sA7pbampyYPhfuGww7dyK/5Ie/P
KUqMdPgW1dKrwQxw/ik6uxAbvNiDSqm1nAW0ZFxyxsNkp4WsM3hKnVy06sta2az5
5r1vdnBQ8So3w/FYpR6/+efU1Sr5ZhHjDyZb0WjRQOFtQi1tQviKpJZolNiPBIhs
DSxc/Bz/n/MLFRnl/Q+IrIY1gg3Z2b7Qh3wGYOeqWKFsHRHtaFZBZIuEH3g/GVch
q5ZIK/vYMXajAlFHhKaCzOYKaYYah9DBYjfpDLCRwop1/bSFn+8p
-----END CERTIFICATE-----