Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X4KKVcMK9dxYLWqDHmJX3SlVJmc.roa
File:                     X4KKVcMK9dxYLWqDHmJX3SlVJmc.roa (raw, json)
Hash identifier:          FCbpIhmyGO4r2mwSCD7Mgxvk2YQTo3+Jjf1yQPUHRrU=
Subject key identifier:   5F:82:8A:55:C3:0A:F5:DC:58:2D:6A:83:1E:62:57:DD:29:55:26:67
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019497C5C1B7268C2E42488A6CDC494A6B6A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X4KKVcMK9dxYLWqDHmJX3SlVJmc.roa
Signing time:             Fri 24 Jan 2025 10:05:07 +0000
ROA not before:           Fri 24 Jan 2025 10:05:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214453
IP address blocks:        82.153.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:97:c5:c1:b7:26:8c:2e:42:48:8a:6c:dc:49:4a:6b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 24 10:05:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f828a55c30af5dc582d6a831e6257dd29552667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:72:fc:fd:d4:30:9b:7a:84:d3:ec:70:c8:73:
                    8e:40:e2:bb:8a:e7:d1:d5:36:7a:dd:d5:fc:56:e8:
                    47:4e:f7:52:27:0e:ef:13:d4:9f:3d:11:bd:7c:ac:
                    41:de:a6:01:41:bc:95:31:1f:fa:c1:db:53:7e:11:
                    02:0e:c5:6e:f0:06:f8:97:dc:e4:8b:77:8c:a9:32:
                    e1:7b:63:b2:f3:e2:30:c8:10:e6:64:79:0a:49:02:
                    cb:ae:fc:bb:ff:88:1c:24:70:68:3c:99:3e:0d:18:
                    a2:7e:d5:47:98:a8:bc:46:aa:eb:95:20:3d:c2:ae:
                    fc:04:3a:1d:d8:1c:9b:cc:32:ca:93:32:c4:77:2b:
                    2b:de:c0:58:c3:f7:7d:1c:d8:c8:2a:b1:05:d0:93:
                    d8:da:7a:28:d7:0b:ef:53:c3:ab:ff:7b:ec:8e:2c:
                    e4:44:0b:0a:87:40:1b:29:b7:e2:c4:f0:4c:2b:1a:
                    c0:e6:12:52:78:1d:f4:0e:b7:1e:9a:6e:c9:3d:56:
                    61:72:d8:f7:34:b2:77:4a:0c:42:25:9e:01:d7:bd:
                    69:4e:2b:4c:5c:0c:11:e6:4b:f4:6a:50:37:31:31:
                    f9:c5:e0:0e:79:96:37:8d:c1:3d:01:c9:0b:4a:e2:
                    e8:50:94:34:e0:b0:ef:40:49:30:1b:eb:7b:f7:e9:
                    b9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:82:8A:55:C3:0A:F5:DC:58:2D:6A:83:1E:62:57:DD:29:55:26:67
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/X4KKVcMK9dxYLWqDHmJX3SlVJmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a3:ea:ae:5d:ae:35:f9:30:76:76:fd:71:4e:ee:ec:33:11:
         03:cd:0c:43:c6:32:5b:1e:57:2b:6c:2f:60:27:db:a0:18:a2:
         4a:13:5d:91:da:71:6f:bc:0a:a7:40:26:52:7a:a1:e6:5e:13:
         56:10:3e:ba:af:56:79:ad:ec:68:3d:ac:88:bd:00:9f:49:fe:
         cd:04:a9:9a:38:12:36:c6:80:bb:7c:10:f9:d1:d3:44:ab:6c:
         9e:b2:ea:cc:3b:60:c1:e6:a3:15:67:0c:d7:d8:3d:0e:8f:d0:
         31:0d:00:f7:47:1a:1a:b4:19:1a:be:71:3a:9a:5f:5f:51:13:
         05:92:96:ba:d1:e8:c2:65:07:f8:65:60:e6:8e:25:9e:8a:0a:
         f4:54:9e:6f:fd:f9:a0:2a:75:7e:e2:34:05:f9:37:78:f9:a1:
         d4:d7:3f:a8:8f:88:36:14:28:e4:87:a1:c2:6e:73:d3:e6:cd:
         13:86:7f:8c:7c:d7:9d:ad:df:b1:40:12:af:9f:01:e0:9c:3c:
         12:f4:8d:c8:62:d1:96:59:f1:1d:ca:13:3e:84:11:43:f5:26:
         0a:b3:bc:e1:6e:be:b8:94:33:8c:e9:43:c4:1b:31:04:cc:58:
         63:25:09:56:dd:74:9e:2d:94:f9:b2:2d:69:de:9e:3e:e1:45:
         56:da:08:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSXxcG3JowuQkiKbNxJSmtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTI0MTAwNTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjgyOGE1NWMzMGFmNWRjNTgyZDZhODMxZTYyNTdkZDI5NTUyNjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HL8/dQwm3qE0+xwyHOOQOK7iufR
1TZ63dX8VuhHTvdSJw7vE9SfPRG9fKxB3qYBQbyVMR/6wdtTfhECDsVu8Ab4l9zk
i3eMqTLhe2Oy8+IwyBDmZHkKSQLLrvy7/4gcJHBoPJk+DRiiftVHmKi8RqrrlSA9
wq78BDod2BybzDLKkzLEdysr3sBYw/d9HNjIKrEF0JPY2noo1wvvU8Or/3vsjizk
RAsKh0AbKbfixPBMKxrA5hJSeB30Drcemm7JPVZhctj3NLJ3SgxCJZ4B171pTitM
XAwR5kv0alA3MTH5xeAOeZY3jcE9AckLSuLoUJQ04LDvQEkwG+t79+m50QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+CilXDCvXcWC1qgx5iV90pVSZnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWDRLS1ZjTUs5ZHhZTFdxREhtSlgzU2xWSm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkAMA0G
CSqGSIb3DQEBCwUAA4IBAQBBo+quXa41+TB2dv1xTu7sMxEDzQxDxjJbHlcrbC9g
J9ugGKJKE12R2nFvvAqnQCZSeqHmXhNWED66r1Z5rexoPayIvQCfSf7NBKmaOBI2
xoC7fBD50dNEq2yesurMO2DB5qMVZwzX2D0Oj9AxDQD3RxoatBkavnE6ml9fURMF
kpa60ejCZQf4ZWDmjiWeigr0VJ5v/fmgKnV+4jQF+Td4+aHU1z+oj4g2FCjkh6HC
bnPT5s0Thn+MfNedrd+xQBKvnwHgnDwS9I3IYtGWWfEdyhM+hBFD9SYKs7zhbr64
lDOM6UPEGzEEzFhjJQlW3XSeLZT5si1p3p4+4UVW2gjC
-----END CERTIFICATE-----