Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xgnn2xzVsW9_XubFxSp1JlABz4E.roa
File:                     Xgnn2xzVsW9_XubFxSp1JlABz4E.roa (raw, json)
Hash identifier:          IfjKiTQ575wuLW1ko1qmLyOeAKZudWu2WAs3NrJNhvQ=
Subject key identifier:   5E:09:E7:DB:1C:D5:B1:6F:7F:5E:E6:C5:C5:2A:75:26:50:01:CF:81
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495CE1D22DA2B7DEE0F1FD8ADD46A8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xgnn2xzVsW9_XubFxSp1JlABz4E.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202704
IP address blocks:        82.153.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5c:e1:d2:2d:a2:b7:de:e0:f1:fd:8a:dd:46:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e09e7db1cd5b16f7f5ee6c5c52a75265001cf81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:75:fd:0f:25:5c:dc:4c:20:74:56:2d:bf:e0:
                    03:05:c0:d4:cb:59:7b:49:12:7e:c9:9d:ff:53:90:
                    8c:ff:66:93:0d:81:e8:0a:8e:7d:5d:f4:ed:c6:c6:
                    17:df:3f:ca:47:ce:77:48:fd:11:2f:72:7e:86:87:
                    2b:8b:da:1b:93:a4:c7:eb:66:1e:f3:da:15:50:d1:
                    de:69:a1:e7:44:4a:31:3b:b6:c3:db:44:ad:9c:68:
                    3d:f6:3b:63:d5:c1:6b:e6:b4:54:08:2c:ee:fd:c8:
                    a9:5c:52:35:b2:68:0a:d9:19:49:ea:4f:8b:7e:0c:
                    8f:f8:23:5a:c9:6f:a9:9a:e7:b3:e8:14:90:f4:86:
                    95:89:3c:d3:f6:61:d2:0d:1d:41:19:c4:09:2f:32:
                    5f:6c:49:3e:d5:2f:3f:a2:70:86:ef:69:23:a7:8b:
                    97:9c:bf:e4:ae:aa:66:83:8b:a3:18:17:32:c8:60:
                    c6:e7:11:35:fd:0d:cf:f6:ab:bc:5c:ba:59:8d:dd:
                    54:4c:7d:a5:86:a2:b0:c6:6e:32:00:94:fe:80:2c:
                    a5:f9:ae:ab:43:a7:fc:43:db:a6:ac:4c:a7:a4:d8:
                    15:ed:80:13:65:bb:35:7c:39:08:81:81:c0:ce:e7:
                    12:0d:33:d0:10:dc:53:39:3a:f5:41:e9:61:3f:0f:
                    10:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:09:E7:DB:1C:D5:B1:6F:7F:5E:E6:C5:C5:2A:75:26:50:01:CF:81
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xgnn2xzVsW9_XubFxSp1JlABz4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:b0:09:51:d8:0c:db:61:1c:9f:34:1e:42:69:fb:c5:3b:b8:
         31:83:a9:ff:7a:64:2c:89:0b:54:cd:a9:46:fd:6f:3b:9a:c0:
         2a:71:ba:fb:cb:9d:1c:b1:f0:06:33:2e:1e:95:2e:0e:96:bc:
         43:1f:36:95:5a:c5:16:80:59:61:0f:c4:65:3a:f0:bf:90:4d:
         52:c2:42:4d:c5:8d:d4:40:3c:64:7c:6a:4d:39:6c:43:3c:43:
         35:c2:04:9f:4e:04:8e:f1:2a:28:38:58:42:dd:f7:ba:e6:0e:
         f7:15:23:d5:15:ba:43:e3:aa:1a:f2:19:86:01:c4:10:59:b0:
         d1:f4:b4:99:c6:7f:7c:a4:06:85:10:f4:3c:0d:56:c5:fa:f2:
         b9:83:79:54:09:65:a1:61:39:c9:25:76:1c:fd:b5:ad:a5:69:
         70:21:41:1d:e1:d7:7e:15:88:da:8f:fe:59:d4:70:d6:32:45:
         b1:7f:be:ec:80:08:c8:79:49:c7:79:30:9b:88:8d:5a:f9:a4:
         bb:9e:e2:6f:23:ed:ca:1f:74:81:9f:47:20:f2:8d:58:de:b5:
         0d:f6:7f:6f:f8:cb:8f:58:45:b6:43:20:08:21:87:fe:99:35:
         10:02:8f:f5:2f:6c:c7:29:86:1f:9b:9b:94:0f:68:88:bf:51:
         5e:8c:c8:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVzh0i2it97g8f2K3UaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTA5ZTdkYjFjZDViMTZmN2Y1ZWU2YzVjNTJhNzUyNjUwMDFjZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXX9DyVc3EwgdFYtv+ADBcDUy1l7
SRJ+yZ3/U5CM/2aTDYHoCo59XfTtxsYX3z/KR853SP0RL3J+hocri9obk6TH62Ye
89oVUNHeaaHnREoxO7bD20StnGg99jtj1cFr5rRUCCzu/cipXFI1smgK2RlJ6k+L
fgyP+CNayW+pmuez6BSQ9IaViTzT9mHSDR1BGcQJLzJfbEk+1S8/onCG72kjp4uX
nL/krqpmg4ujGBcyyGDG5xE1/Q3P9qu8XLpZjd1UTH2lhqKwxm4yAJT+gCyl+a6r
Q6f8Q9umrEynpNgV7YATZbs1fDkIgYHAzucSDTPQENxTOTr1QelhPw8QnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4J59sc1bFvf17mxcUqdSZQAc+BMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWGdubjJ4elZzVzlfWHViRnhTcDFKbEFCejRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5sAlR2AzbYRyfNB5CafvFO7gxg6n/emQsiQtUzalG
/W87msAqcbr7y50csfAGMy4elS4OlrxDHzaVWsUWgFlhD8RlOvC/kE1SwkJNxY3U
QDxkfGpNOWxDPEM1wgSfTgSO8SooOFhC3fe65g73FSPVFbpD46oa8hmGAcQQWbDR
9LSZxn98pAaFEPQ8DVbF+vK5g3lUCWWhYTnJJXYc/bWtpWlwIUEd4dd+FYjaj/5Z
1HDWMkWxf77sgAjIeUnHeTCbiI1a+aS7nuJvI+3KH3SBn0cg8o1Y3rUN9n9v+MuP
WEW2QyAIIYf+mTUQAo/1L2zHKYYfm5uUD2iIv1FejMhQ
-----END CERTIFICATE-----