Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a2_MllUnhChYJLORJbkR2KwLUs8.roa
File:                     a2_MllUnhChYJLORJbkR2KwLUs8.roa (raw, json)
Hash identifier:          35dWGVWz+x6q2dsnpQ2BxxP22bGOIwC3oQsj9lKWnqI=
Subject key identifier:   6B:6F:CC:96:55:27:84:28:58:24:B3:91:25:B9:11:D8:AC:0B:52:CF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421443512035ADEB3E121108CAB1E4620
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a2_MllUnhChYJLORJbkR2KwLUs8.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216047
IP address blocks:        213.218.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:35:12:03:5a:de:b3:e1:21:10:8c:ab:1e:46:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b6fcc96552784285824b39125b911d8ac0b52cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:81:30:ea:f2:14:ff:1d:9e:53:75:76:be:42:
                    35:c0:b8:1d:56:d2:c1:51:8a:72:7c:8e:59:f1:fe:
                    e5:a1:51:33:8a:0b:d1:f3:e3:9e:f7:81:fd:8a:19:
                    19:19:e5:5c:c7:a6:49:67:e6:de:11:77:fc:cf:b5:
                    8c:4d:f2:12:9a:9e:99:9e:0a:35:b7:84:64:76:19:
                    f4:92:94:d5:13:64:f1:f6:ad:dd:74:44:e0:59:06:
                    4f:f6:cb:2d:73:ee:0b:0e:ee:2f:57:9c:36:57:e5:
                    1a:bb:ed:ee:04:5b:64:0c:ab:c1:f9:08:a6:52:c3:
                    e7:bc:96:c1:75:e7:1b:02:24:0c:63:b1:f2:d5:fc:
                    14:c7:63:23:25:30:24:3f:1c:80:bf:22:d9:34:36:
                    52:9f:e4:21:b2:b8:2e:9f:8c:bd:84:15:e0:50:09:
                    13:4c:15:ae:c6:ca:7a:27:4a:34:7e:d4:fd:c1:a1:
                    12:9a:72:c8:b3:34:66:c2:21:98:fa:70:c3:ad:1c:
                    4b:9c:bb:f8:ac:57:65:4c:2a:ed:0d:df:03:6e:08:
                    f3:0a:c1:48:f3:6e:d5:35:b9:32:7a:4b:16:c0:a9:
                    7f:7f:45:e3:21:0d:39:59:96:96:81:76:7e:b2:64:
                    e0:8c:fe:6d:f3:e6:2f:89:7b:7e:c2:4c:b4:f4:55:
                    b5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:6F:CC:96:55:27:84:28:58:24:B3:91:25:B9:11:D8:AC:0B:52:CF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/a2_MllUnhChYJLORJbkR2KwLUs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:54:43:ac:63:c8:7f:11:68:a9:be:3f:4c:1f:d0:68:8b:3e:
         c9:47:4e:51:ea:27:87:59:8e:2e:4a:6f:86:f3:aa:ed:f5:6a:
         f1:ba:48:1f:c0:c8:a2:56:89:62:28:b1:3f:ce:00:b5:57:35:
         88:67:12:a4:bc:fb:91:4a:99:e5:25:57:2b:2d:73:7d:79:ec:
         17:d7:27:5c:26:19:41:71:0c:83:e4:36:53:d1:b7:64:8f:fd:
         b0:0f:2e:79:54:d6:9f:55:49:1c:7b:2a:02:1b:6e:34:88:fd:
         58:79:85:fb:e3:b4:81:b7:31:d0:b8:08:da:2c:1c:02:43:53:
         7b:c3:43:4d:ea:c4:7f:18:f3:0b:07:08:3c:11:48:49:6e:7e:
         2c:d7:52:09:97:d6:be:49:0e:04:dc:9e:06:4e:36:30:ef:83:
         0f:da:d8:59:7b:17:46:d9:2d:51:fa:8f:40:2b:e9:30:d1:29:
         68:20:03:75:ea:52:0f:76:c1:d7:78:73:63:ef:12:5d:27:e4:
         8c:5d:93:68:be:66:4d:61:b5:18:77:5c:4f:b4:86:0e:ff:7b:
         24:da:bb:00:62:46:2d:fa:65:69:aa:5a:d1:97:5a:5e:1a:f0:
         14:33:00:e7:78:2a:30:78:fd:77:34:66:7d:01:52:d2:c1:0a:
         41:e7:6c:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDUSA1res+EhEIyrHkYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjZmY2M5NjU1Mjc4NDI4NTgyNGIzOTEyNWI5MTFkOGFjMGI1MmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoEw6vIU/x2eU3V2vkI1wLgdVtLB
UYpyfI5Z8f7loVEzigvR8+Oe94H9ihkZGeVcx6ZJZ+beEXf8z7WMTfISmp6Zngo1
t4Rkdhn0kpTVE2Tx9q3ddETgWQZP9sstc+4LDu4vV5w2V+Uau+3uBFtkDKvB+Qim
UsPnvJbBdecbAiQMY7Hy1fwUx2MjJTAkPxyAvyLZNDZSn+Qhsrgun4y9hBXgUAkT
TBWuxsp6J0o0ftT9waESmnLIszRmwiGY+nDDrRxLnLv4rFdlTCrtDd8DbgjzCsFI
827VNbkyeksWwKl/f0XjIQ05WZaWgXZ+smTgjP5t8+YviXt+wky09FW1qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtvzJZVJ4QoWCSzkSW5EdisC1LPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYTJfTWxsVW5oQ2hZSkxPUkpia1IyS3dMVXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drYMA0G
CSqGSIb3DQEBCwUAA4IBAQAgVEOsY8h/EWipvj9MH9Boiz7JR05R6ieHWY4uSm+G
86rt9WrxukgfwMiiVoliKLE/zgC1VzWIZxKkvPuRSpnlJVcrLXN9eewX1ydcJhlB
cQyD5DZT0bdkj/2wDy55VNafVUkceyoCG240iP1YeYX747SBtzHQuAjaLBwCQ1N7
w0NN6sR/GPMLBwg8EUhJbn4s11IJl9a+SQ4E3J4GTjYw74MP2thZexdG2S1R+o9A
K+kw0SloIAN16lIPdsHXeHNj7xJdJ+SMXZNovmZNYbUYd1xPtIYO/3sk2rsAYkYt
+mVpqlrRl1peGvAUMwDneCoweP13NGZ9AVLSwQpB52zD
-----END CERTIFICATE-----