Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aDfrzCvKw9aohgxTM1xqcdmUVK0.roa
File:                     aDfrzCvKw9aohgxTM1xqcdmUVK0.roa (raw, json)
Hash identifier:          AFNIfPB2vhcjHliW6f4IXCsL4QJy7MfOMAyh80X1p/Q=
Subject key identifier:   68:37:EB:CC:2B:CA:C3:D6:A8:86:0C:53:33:5C:6A:71:D9:94:54:AD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E4155CA442D0289DAC4CB3F7B167F5348
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aDfrzCvKw9aohgxTM1xqcdmUVK0.roa
Signing time:             Fri 15 Mar 2024 08:58:45 +0000
ROA not before:           Fri 15 Mar 2024 08:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        82.153.228.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:41:55:ca:44:2d:02:89:da:c4:cb:3f:7b:16:7f:53:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 15 08:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6837ebcc2bcac3d6a8860c53335c6a71d99454ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:f3:f2:c9:5a:40:77:db:ad:70:78:fd:f3:7c:
                    28:7f:dc:4c:17:34:e2:ac:3e:36:6f:de:ed:49:a7:
                    e0:a1:9c:ad:07:a3:dc:f7:a9:08:94:5f:0a:cf:41:
                    28:27:f9:e0:91:1b:a6:19:57:06:3d:c3:7c:c8:e2:
                    68:89:ac:78:d2:97:21:63:48:c4:79:da:ab:8b:34:
                    72:13:b0:c1:e8:76:36:f2:21:b9:f1:cc:35:29:20:
                    66:bd:2a:81:37:4e:c5:f3:30:ee:ae:04:e3:67:4d:
                    e7:7c:09:21:90:aa:c4:d4:2f:55:90:92:e4:1a:d5:
                    23:84:e1:59:ec:97:2a:ee:69:37:5c:62:52:59:b4:
                    de:4d:b6:d5:0b:09:8e:ef:1f:22:80:71:f5:03:e8:
                    3f:87:86:2b:5d:e0:a9:de:43:7d:b5:1a:81:ea:07:
                    30:02:04:3d:b3:91:6e:b2:4d:8d:a9:f2:50:48:34:
                    11:79:47:c7:2d:2d:a1:37:ac:80:c9:e8:42:c6:c6:
                    fc:16:a5:40:f2:58:8f:e3:eb:89:31:e1:3d:fe:8d:
                    86:d4:6d:7d:ce:2f:24:83:10:41:10:6d:3e:80:f4:
                    2a:43:d1:c2:37:a5:f2:cb:ea:ed:7d:80:5c:84:fd:
                    79:5d:b2:13:e8:3d:f3:f7:68:0d:12:fe:46:68:5a:
                    7d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:37:EB:CC:2B:CA:C3:D6:A8:86:0C:53:33:5C:6A:71:D9:94:54:AD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aDfrzCvKw9aohgxTM1xqcdmUVK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:1f:ec:74:c3:51:1d:c9:43:0d:74:6d:e9:74:25:20:ce:88:
         7e:a0:0a:dc:15:a7:2c:c6:8a:af:f9:96:99:47:fa:86:b3:32:
         8f:c7:a3:7f:b9:8c:33:27:4d:52:ea:1d:67:d0:fc:6a:6f:2d:
         ec:6f:15:d5:59:d5:69:a6:3e:9e:8c:33:bc:67:a1:4a:c5:af:
         a5:d0:69:49:7e:33:15:43:97:42:42:e8:9d:f8:bc:8b:24:49:
         f8:e8:34:3a:9f:c6:2c:3b:0b:c5:ca:b8:d0:0b:da:7d:f0:5b:
         ee:ab:e3:19:86:04:fb:2d:ae:fe:82:35:69:2e:74:3f:c5:e8:
         08:ed:07:92:47:05:e0:39:dc:99:05:bb:19:d1:1e:88:75:13:
         ba:df:28:d9:37:d8:be:af:ae:60:f8:ad:5d:f8:b3:8d:eb:a2:
         9b:65:fc:8f:9b:57:b0:97:07:96:70:c4:e7:da:ea:3a:7f:07:
         85:bc:12:0d:92:62:b0:2e:ac:bb:9a:1e:7c:d9:1b:bb:91:de:
         c0:42:cc:c8:7d:73:5d:3d:25:e9:1d:c0:b2:df:60:3f:71:ba:
         74:39:1e:0e:21:b6:8b:60:f9:2f:40:f3:46:0b:fd:ce:5f:7e:
         f1:7f:49:af:96:b6:28:85:ac:5f:44:93:d5:2c:65:9c:be:1a:
         75:c4:ca:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5BVcpELQKJ2sTLP3sWf1NIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzE1MDg1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODM3ZWJjYzJiY2FjM2Q2YTg4NjBjNTMzMzVjNmE3MWQ5OTQ1NGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8fPyyVpAd9utcHj983wof9xMFzTi
rD42b97tSafgoZytB6Pc96kIlF8Kz0EoJ/ngkRumGVcGPcN8yOJoiax40pchY0jE
edqrizRyE7DB6HY28iG58cw1KSBmvSqBN07F8zDurgTjZ03nfAkhkKrE1C9VkJLk
GtUjhOFZ7Jcq7mk3XGJSWbTeTbbVCwmO7x8igHH1A+g/h4YrXeCp3kN9tRqB6gcw
AgQ9s5Fusk2NqfJQSDQReUfHLS2hN6yAyehCxsb8FqVA8liP4+uJMeE9/o2G1G19
zi8kgxBBEG0+gPQqQ9HCN6Xyy+rtfYBchP15XbIT6D3z92gNEv5GaFp9vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGg368wrysPWqIYMUzNcanHZlFStMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYURmcnpDdkt3OWFvaGd4VE0xeHFjZG1VVkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUpnkMA0G
CSqGSIb3DQEBCwUAA4IBAQAVH+x0w1EdyUMNdG3pdCUgzoh+oArcFacsxoqv+ZaZ
R/qGszKPx6N/uYwzJ01S6h1n0Pxqby3sbxXVWdVppj6ejDO8Z6FKxa+l0GlJfjMV
Q5dCQuid+LyLJEn46DQ6n8YsOwvFyrjQC9p98Fvuq+MZhgT7La7+gjVpLnQ/xegI
7QeSRwXgOdyZBbsZ0R6IdRO63yjZN9i+r65g+K1d+LON66KbZfyPm1ewlweWcMTn
2uo6fweFvBINkmKwLqy7mh582Ru7kd7AQszIfXNdPSXpHcCy32A/cbp0OR4OIbaL
YPkvQPNGC/3OX37xf0mvlrYohaxfRJPVLGWcvhp1xMoS
-----END CERTIFICATE-----