Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xw-dDbLpZL2Yr4urU350KJHh5JA.roa
File:                     Xw-dDbLpZL2Yr4urU350KJHh5JA.roa (raw, json)
Hash identifier:          ySAsKQoemBbGK+CoTTNTKB7Y7a5MlivD3V4mWZmIozI=
Subject key identifier:   5F:0F:9D:0D:B2:E9:64:BD:98:AF:8B:AB:53:7E:74:28:91:E1:E4:90
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01904549ADA40C3BD89CAC3F06DBBBB57B96
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xw-dDbLpZL2Yr4urU350KJHh5JA.roa
Signing time:             Sun 23 Jun 2024 13:29:34 +0000
ROA not before:           Sun 23 Jun 2024 13:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198584
IP address blocks:        82.153.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:45:49:ad:a4:0c:3b:d8:9c:ac:3f:06:db:bb:b5:7b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 23 13:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f0f9d0db2e964bd98af8bab537e742891e1e490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:24:f7:34:54:05:f3:08:f0:f3:d8:b4:8b:4a:
                    ca:8d:8b:95:9a:45:44:80:b6:e3:b0:f8:8f:88:c3:
                    64:8c:f7:5d:1d:61:8d:12:2f:06:6c:b3:f8:56:64:
                    0c:6b:cd:3a:a4:d9:f6:ac:20:78:6e:7e:21:c0:e0:
                    84:c0:11:7f:6e:98:fe:3b:f6:cd:72:34:47:42:77:
                    a9:b5:72:52:98:2b:fb:c4:3d:3a:89:18:29:07:70:
                    9e:ac:6f:0f:af:39:6e:39:67:ef:d5:d7:53:9e:87:
                    d3:6f:b6:c0:51:f9:18:83:58:5d:12:e1:bf:08:b7:
                    f7:5b:a7:ad:5b:c1:ef:53:48:b6:82:18:5f:66:19:
                    ab:22:e2:82:bc:32:a4:b5:21:a4:b0:a0:a8:6b:98:
                    4b:de:50:df:f8:8e:e5:aa:8a:e8:ea:00:2b:15:22:
                    35:18:52:b9:36:09:0f:15:e3:e3:04:a1:d2:39:48:
                    73:21:e8:97:37:e9:b6:3e:19:17:46:8d:3a:da:fd:
                    7c:90:58:51:7e:cf:28:6b:3a:7e:d2:93:94:1d:aa:
                    84:7a:a7:37:33:e9:9e:c2:cc:69:3d:2a:06:bd:ca:
                    0e:8d:41:62:ce:48:e4:a1:74:c3:ae:72:3c:d9:f0:
                    06:3e:d1:7c:a9:b3:a9:ca:e7:de:f2:04:a5:22:64:
                    26:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0F:9D:0D:B2:E9:64:BD:98:AF:8B:AB:53:7E:74:28:91:E1:E4:90
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Xw-dDbLpZL2Yr4urU350KJHh5JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:57:89:1d:3c:33:4c:b0:da:06:c5:2c:d1:56:d8:9e:05:78:
         c7:be:9f:1b:ca:ec:6f:7f:88:f8:83:2d:3e:d2:b2:9c:49:5e:
         69:5e:dd:eb:e0:02:cf:51:e5:08:3c:25:2a:43:db:55:a8:85:
         77:c0:35:c8:41:b4:9f:0e:f6:5a:d5:f4:a8:75:ed:27:28:b6:
         99:52:0c:1b:97:de:aa:44:3f:a0:27:0f:03:24:19:a3:58:2a:
         33:36:ee:36:0a:be:d9:c3:bc:ad:2b:b9:7c:a8:23:48:52:48:
         ff:01:41:fb:0d:bc:f2:b8:1d:b1:c4:a0:0b:b3:b8:7e:22:93:
         68:84:6b:96:db:19:7b:ba:60:7b:c3:8d:c7:7d:61:cc:11:88:
         38:58:43:7e:08:57:45:f7:8b:42:14:57:3a:e9:53:4f:01:34:
         05:c6:70:4d:b1:7f:93:c3:66:3b:71:cc:51:78:2b:f7:54:f7:
         98:db:6a:3f:7d:e9:cd:2f:f3:00:65:9c:3b:81:08:c1:9e:b3:
         07:05:4a:d7:30:09:f8:9c:a3:f9:08:ab:51:74:8c:e4:2d:8b:
         d5:a6:b2:43:dc:9b:b0:4e:26:4b:ca:b6:7e:e4:a9:55:8a:bc:
         d7:90:4e:51:f1:fe:95:8c:88:5c:17:e2:b0:77:9a:ff:ed:91:
         b2:55:89:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBFSa2kDDvYnKw/Btu7tXuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjIzMTMyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBmOWQwZGIyZTk2NGJkOThhZjhiYWI1MzdlNzQyODkxZTFlNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCT3NFQF8wjw89i0i0rKjYuVmkVE
gLbjsPiPiMNkjPddHWGNEi8GbLP4VmQMa806pNn2rCB4bn4hwOCEwBF/bpj+O/bN
cjRHQneptXJSmCv7xD06iRgpB3CerG8PrzluOWfv1ddTnofTb7bAUfkYg1hdEuG/
CLf3W6etW8HvU0i2ghhfZhmrIuKCvDKktSGksKCoa5hL3lDf+I7lqoro6gArFSI1
GFK5NgkPFePjBKHSOUhzIeiXN+m2PhkXRo062v18kFhRfs8oazp+0pOUHaqEeqc3
M+mewsxpPSoGvcoOjUFizkjkoXTDrnI82fAGPtF8qbOpyufe8gSlImQmsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8PnQ2y6WS9mK+Lq1N+dCiR4eSQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWHctZERiTHBaTDJZcjR1clUzNTBLSkhoNUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpkjMA0G
CSqGSIb3DQEBCwUAA4IBAQBIV4kdPDNMsNoGxSzRVtieBXjHvp8byuxvf4j4gy0+
0rKcSV5pXt3r4ALPUeUIPCUqQ9tVqIV3wDXIQbSfDvZa1fSode0nKLaZUgwbl96q
RD+gJw8DJBmjWCozNu42Cr7Zw7ytK7l8qCNIUkj/AUH7DbzyuB2xxKALs7h+IpNo
hGuW2xl7umB7w43HfWHMEYg4WEN+CFdF94tCFFc66VNPATQFxnBNsX+Tw2Y7ccxR
eCv3VPeY22o/fenNL/MAZZw7gQjBnrMHBUrXMAn4nKP5CKtRdIzkLYvVprJD3Juw
TiZLyrZ+5KlVirzXkE5R8f6VjIhcF+Kwd5r/7ZGyVYmH
-----END CERTIFICATE-----