Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cJgwdueMbjziMuO8h-C8nzCji30.roa
File:                     cJgwdueMbjziMuO8h-C8nzCji30.roa (raw, json)
Hash identifier:          /nRNosczTM5T9KDWKn/RLEU8D3NI6AEQ6oTTOZrEtqI=
Subject key identifier:   70:98:30:76:E7:8C:6E:3C:E2:32:E3:BC:87:E0:BC:9F:30:A3:8B:7D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143D7BC7487CDEF0FB29B884D7F6A0B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cJgwdueMbjziMuO8h-C8nzCji30.roa
Signing time:             Wed 01 Jan 2025 09:48:01 +0000
ROA not before:           Wed 01 Jan 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        81.168.83.0/24 maxlen: 24
                          217.145.73.0/24 maxlen: 24
                          217.145.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d7:bc:74:87:cd:ef:0f:b2:9b:88:4d:7f:6a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70983076e78c6e3ce232e3bc87e0bc9f30a38b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:50:16:99:14:6b:ea:ec:48:59:fc:f3:92:7f:
                    7a:bb:b9:02:59:24:7f:a3:ae:8a:60:35:75:25:6e:
                    21:aa:8f:7e:eb:3c:be:99:ce:0a:a5:21:09:bc:21:
                    4c:d9:86:45:05:f4:f0:8c:3e:a4:3a:93:27:0b:99:
                    53:06:0b:c2:f5:1a:79:12:a2:22:3d:c5:4b:62:42:
                    d5:e5:2e:09:94:91:22:db:84:97:95:32:db:2b:25:
                    5a:37:89:78:2f:84:81:40:ae:15:58:20:f6:92:8e:
                    35:d9:ec:0b:45:98:6f:e0:21:b5:aa:17:50:da:6a:
                    df:b6:fb:07:d5:ce:c6:78:56:f9:15:59:ab:2f:ed:
                    4d:71:75:8e:6b:99:77:d2:f7:59:3e:44:47:09:33:
                    d4:f0:2e:84:95:d3:d6:57:cd:06:7f:43:f3:27:00:
                    c2:60:bb:2d:46:be:d8:0d:b0:ea:ab:b6:47:5c:3e:
                    6a:56:eb:b0:2f:69:e5:ca:21:d4:31:05:38:c0:5b:
                    eb:0d:0c:e5:47:18:b9:99:fe:45:94:d9:f5:26:4a:
                    c2:59:23:8f:c6:db:c9:7e:e6:88:20:3a:80:55:ec:
                    bb:db:ba:9d:1a:71:15:8a:e1:02:78:5b:93:ef:e5:
                    e0:de:23:60:a7:c6:13:11:75:5e:85:c5:4b:76:55:
                    d1:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:98:30:76:E7:8C:6E:3C:E2:32:E3:BC:87:E0:BC:9F:30:A3:8B:7D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cJgwdueMbjziMuO8h-C8nzCji30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24
                  217.145.73.0-217.145.74.255

    Signature Algorithm: sha256WithRSAEncryption
         61:ad:e2:d2:2e:14:ae:78:73:15:0a:34:4b:c5:a9:8a:1b:05:
         06:12:e9:08:11:b4:a6:a8:21:98:11:7e:cb:1a:d0:95:0f:bb:
         90:8a:a4:66:59:57:53:cf:3d:02:9f:80:2d:0e:4b:23:70:0a:
         5c:30:bd:65:a2:f6:7b:31:19:6e:ea:6e:6c:49:e1:58:b6:bb:
         ef:37:fb:2a:2e:da:c6:c8:14:34:f6:79:f4:de:6d:71:de:e3:
         d7:05:db:79:da:9a:d9:db:45:86:13:a6:37:00:1b:0b:2c:29:
         11:91:00:85:0b:f2:19:6d:66:6c:45:cb:a9:86:f5:71:61:2b:
         49:38:23:18:2d:00:e3:8f:73:3d:26:f0:b2:a5:8d:a8:f5:4f:
         9d:5a:bb:4d:3f:0b:e6:9d:b5:7c:1b:49:ab:42:17:1c:8f:fd:
         6b:7c:68:f8:05:5f:a8:62:69:fc:fd:cd:63:55:ca:99:36:ee:
         98:52:05:0f:bc:c4:07:08:65:c0:5d:e2:e0:ea:b3:22:2e:b8:
         73:d8:30:7a:af:ba:cc:f2:0c:56:ea:b1:6c:48:64:29:8d:3e:
         27:65:01:9f:26:bf:29:d5:9c:db:30:f6:f0:db:91:d6:bb:d1:
         69:fa:ad:0e:dd:6c:84:32:80:41:72:93:4d:f9:58:41:95:ac:
         3f:95:01:4b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhQ9e8dIfN7w+ym4hNf2oLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDk4MzA3NmU3OGM2ZTNjZTIzMmUzYmM4N2UwYmM5ZjMwYTM4YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFAWmRRr6uxIWfzzkn96u7kCWSR/
o66KYDV1JW4hqo9+6zy+mc4KpSEJvCFM2YZFBfTwjD6kOpMnC5lTBgvC9Rp5EqIi
PcVLYkLV5S4JlJEi24SXlTLbKyVaN4l4L4SBQK4VWCD2ko412ewLRZhv4CG1qhdQ
2mrftvsH1c7GeFb5FVmrL+1NcXWOa5l30vdZPkRHCTPU8C6EldPWV80Gf0PzJwDC
YLstRr7YDbDqq7ZHXD5qVuuwL2nlyiHUMQU4wFvrDQzlRxi5mf5FlNn1JkrCWSOP
xtvJfuaIIDqAVey727qdGnEViuECeFuT7+Xg3iNgp8YTEXVehcVLdlXRjwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHCYMHbnjG484jLjvIfgvJ8wo4t9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY0pnd2R1ZU1ianppTXVPOGgtQzhuekNqaTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAUahTMAwD
BADZkUkDBADZkUowDQYJKoZIhvcNAQELBQADggEBAGGt4tIuFK54cxUKNEvFqYob
BQYS6QgRtKaoIZgRfssa0JUPu5CKpGZZV1PPPQKfgC0OSyNwClwwvWWi9nsxGW7q
bmxJ4Vi2u+83+you2sbIFDT2efTebXHe49cF23namtnbRYYTpjcAGwssKRGRAIUL
8hltZmxFy6mG9XFhK0k4IxgtAOOPcz0m8LKljaj1T51au00/C+adtXwbSatCFxyP
/Wt8aPgFX6hiafz9zWNVypk27phSBQ+8xAcIZcBd4uDqsyIuuHPYMHqvuszyDFbq
sWxIZCmNPidlAZ8mvynVnNsw9vDbkda70Wn6rQ7dbIQygEFyk035WEGVrD+VAUs=
-----END CERTIFICATE-----