Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XNrh7c0-tud1pYeekNtWzkuqvLA.roa
File:                     XNrh7c0-tud1pYeekNtWzkuqvLA.roa (raw, json)
Hash identifier:          jrSC53hu7bChi3l1JZ7YC3PUMlxiQKGI7VO4GI42IVs=
Subject key identifier:   5C:DA:E1:ED:CD:3E:B6:E7:75:A5:87:9E:90:DB:56:CE:4B:AA:BC:B0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019427AE9192DC358F7C7AEC89FD8EFF906A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XNrh7c0-tud1pYeekNtWzkuqvLA.roa
Signing time:             Thu 02 Jan 2025 15:42:19 +0000
ROA not before:           Thu 02 Jan 2025 15:42:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        77.93.143.0/24 maxlen: 24
                          89.213.173.0/24 maxlen: 24
                          109.176.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:ae:91:92:dc:35:8f:7c:7a:ec:89:fd:8e:ff:90:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 15:42:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cdae1edcd3eb6e775a5879e90db56ce4baabcb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:dc:85:df:71:86:e8:49:9e:e0:26:9d:94:87:
                    36:6c:8c:0e:66:e7:9f:32:49:93:7a:cb:a8:0f:e0:
                    c2:bc:9a:19:fd:88:56:f4:68:8a:1d:9c:58:35:55:
                    d5:47:52:fa:78:dc:d2:44:ca:89:29:28:1b:b9:c4:
                    f3:a3:28:16:65:bd:c9:b0:0f:af:9c:d8:09:5b:40:
                    8f:ba:9e:bb:a3:55:ff:e9:4e:a2:23:7f:02:04:8a:
                    69:92:2b:f1:b0:e9:8d:eb:14:7c:91:ee:e3:b5:a7:
                    df:05:04:94:82:dc:06:18:2e:93:75:b9:aa:5f:c1:
                    90:eb:69:b2:dc:f3:59:61:14:28:a7:1e:c4:4c:00:
                    3d:da:57:9a:9e:07:0b:7c:df:5a:6a:8b:66:96:25:
                    a8:3f:4b:cd:24:5d:c8:00:85:6c:45:f7:44:4a:9a:
                    d4:12:7c:8f:82:8f:a7:ea:0c:0a:f8:57:22:03:f6:
                    13:22:a1:fc:3f:73:e9:62:4c:ef:98:e0:de:7f:d2:
                    ad:4f:4e:f9:50:83:05:ad:ed:ab:c1:9e:4d:51:16:
                    a4:da:08:68:97:7c:a1:01:82:5b:73:f3:c3:36:fb:
                    7b:7f:de:62:34:12:f1:05:28:9a:87:71:98:53:e5:
                    8b:a0:67:51:d7:71:0b:d9:49:51:45:dc:99:ba:29:
                    da:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:DA:E1:ED:CD:3E:B6:E7:75:A5:87:9E:90:DB:56:CE:4B:AA:BC:B0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XNrh7c0-tud1pYeekNtWzkuqvLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.93.143.0/24
                  89.213.173.0/24
                  109.176.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:38:61:7f:36:d3:26:2c:ae:6c:45:03:40:f3:a7:45:52:09:
         47:dc:75:96:d1:84:2f:7c:ff:7b:e6:61:d7:c4:7c:11:ba:08:
         9f:28:ae:d6:1c:99:58:42:66:d2:15:91:d6:7b:c6:ae:e6:16:
         e3:8b:ec:f1:d6:81:05:24:3c:06:b5:bb:e6:95:8c:56:99:39:
         89:24:58:31:a4:64:0c:e6:e9:71:23:60:fb:70:81:0a:dc:94:
         4d:c8:58:dc:b6:16:cd:0f:a6:ba:87:bf:48:be:b8:93:42:db:
         b9:7a:71:c5:95:e1:dc:52:fd:b8:79:c4:8a:b8:cb:25:88:67:
         76:d9:c4:fd:61:b8:ad:27:02:be:f7:04:4b:b1:01:21:b5:a4:
         cf:85:fb:8d:a4:a7:00:04:a0:29:98:ee:c2:c1:53:05:fc:48:
         f4:9c:3a:6d:f1:d1:cb:4d:20:46:f8:a8:f3:db:19:e7:c6:a0:
         46:b6:09:b6:a9:dd:8d:67:56:8e:7c:0f:4c:75:19:c1:b9:ea:
         4f:05:09:cb:2b:ac:41:53:46:ff:a1:9b:96:34:db:46:1f:81:
         cb:1d:3a:68:31:23:33:23:a0:18:85:ba:49:f7:91:6a:49:03:
         d2:6c:62:44:5d:f3:0b:09:9a:be:e2:6c:36:42:dc:fa:ef:82:
         4e:a0:ef:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnrpGS3DWPfHrsif2O/5BqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAyMTU0MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2RhZTFlZGNkM2ViNmU3NzVhNTg3OWU5MGRiNTZjZTRiYWFiY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NyF33GG6Eme4CadlIc2bIwOZuef
MkmTesuoD+DCvJoZ/YhW9GiKHZxYNVXVR1L6eNzSRMqJKSgbucTzoygWZb3JsA+v
nNgJW0CPup67o1X/6U6iI38CBIppkivxsOmN6xR8ke7jtaffBQSUgtwGGC6Tdbmq
X8GQ62my3PNZYRQopx7ETAA92leangcLfN9aaotmliWoP0vNJF3IAIVsRfdESprU
EnyPgo+n6gwK+FciA/YTIqH8P3PpYkzvmODef9KtT075UIMFre2rwZ5NURak2gho
l3yhAYJbc/PDNvt7f95iNBLxBSiah3GYU+WLoGdR13EL2UlRRdyZuina+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFza4e3NPrbndaWHnpDbVs5LqrywMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWE5yaDdjMC10dWQxcFllZWtOdFd6a3VxdkxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATV2PAwQA
WdWtAwQAbbASMA0GCSqGSIb3DQEBCwUAA4IBAQCYOGF/NtMmLK5sRQNA86dFUglH
3HWW0YQvfP975mHXxHwRugifKK7WHJlYQmbSFZHWe8au5hbji+zx1oEFJDwGtbvm
lYxWmTmJJFgxpGQM5ulxI2D7cIEK3JRNyFjcthbND6a6h79IvriTQtu5enHFleHc
Uv24ecSKuMsliGd22cT9YbitJwK+9wRLsQEhtaTPhfuNpKcABKApmO7CwVMF/Ej0
nDpt8dHLTSBG+Kjz2xnnxqBGtgm2qd2NZ1aOfA9MdRnBuepPBQnLK6xBU0b/oZuW
NNtGH4HLHTpoMSMzI6AYhbpJ95FqSQPSbGJEXfMLCZq+4mw2Qtz674JOoO/c
-----END CERTIFICATE-----