Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d6v1oIG4ohZZIPvPZZXj9-fv1_c.roa
File:                     d6v1oIG4ohZZIPvPZZXj9-fv1_c.roa (raw, json)
Hash identifier:          b+wyOzuXyB6xCWK+LZme5wBGY+9PpJIeRgx7Qwm0gKQ=
Subject key identifier:   77:AB:F5:A0:81:B8:A2:16:59:20:FB:CF:65:95:E3:F7:E7:EF:D7:F7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E74D38D9CE253242324E57D524ECF7991
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d6v1oIG4ohZZIPvPZZXj9-fv1_c.roa
Signing time:             Mon 25 Mar 2024 08:56:45 +0000
ROA not before:           Mon 25 Mar 2024 08:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        213.218.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:74:d3:8d:9c:e2:53:24:23:24:e5:7d:52:4e:cf:79:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 25 08:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77abf5a081b8a2165920fbcf6595e3f7e7efd7f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:54:bb:ae:3b:6c:34:1d:05:f2:3e:7f:43:24:
                    4c:b6:b3:5e:04:4c:b5:cb:ac:16:cb:4b:38:bc:f5:
                    3c:18:c7:43:34:12:7e:b9:51:6d:0b:c4:f3:42:22:
                    5b:e5:ab:43:9d:be:94:cb:1d:0e:a8:b9:a5:39:10:
                    11:e5:35:87:cc:f5:14:af:46:2d:ef:74:13:35:97:
                    51:c4:36:ee:b3:db:f9:4d:71:36:5a:1c:91:7e:9e:
                    5e:03:97:fb:fc:cd:d4:b5:50:f3:c4:bb:9c:dd:3d:
                    a4:79:db:94:fe:1c:96:25:5d:20:cd:b2:d2:d9:bd:
                    74:fe:14:51:7a:b8:69:a4:68:d1:78:a2:4a:c6:89:
                    d6:f2:a0:40:ad:a8:45:fe:ac:52:ed:f7:3e:52:cb:
                    0f:3f:70:15:87:02:fd:15:a6:a2:6a:7a:34:ad:61:
                    71:5c:33:ca:66:48:86:22:72:9d:61:a2:b2:54:a8:
                    c3:bd:85:b5:1e:12:53:17:bc:90:88:cc:09:90:4a:
                    4b:ce:5c:b2:a5:9f:51:a6:af:8d:91:6e:84:0f:1c:
                    28:c3:a3:47:ea:d7:59:4f:95:6a:03:b1:79:73:b5:
                    58:b1:53:f0:d3:7f:02:67:8c:0c:45:23:43:21:1b:
                    b3:3a:46:cf:7e:3f:8c:54:82:6a:aa:fb:6e:f6:b8:
                    c2:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:AB:F5:A0:81:B8:A2:16:59:20:FB:CF:65:95:E3:F7:E7:EF:D7:F7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/d6v1oIG4ohZZIPvPZZXj9-fv1_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:f4:00:f4:bd:18:23:36:8c:17:dd:43:00:4a:72:a5:c3:6e:
         a3:c5:b2:3f:ed:12:7d:4b:e3:b8:4c:6c:5e:ce:e1:6c:e5:b7:
         cb:2a:6b:05:d8:1e:83:ae:58:c6:3c:69:91:56:08:08:51:3b:
         82:00:77:6e:f6:4d:70:39:f9:fb:bd:6f:26:5e:77:c8:bd:62:
         1b:11:1b:ba:3b:3b:12:fd:4f:39:fa:e8:75:2a:d7:98:13:79:
         03:2f:82:c3:60:d9:da:eb:27:68:88:f2:70:fc:ab:63:b6:54:
         a5:4d:07:e8:2a:e3:97:7f:a5:4c:48:8b:03:78:af:16:ef:42:
         c9:3c:57:09:e3:d9:5a:46:a1:13:cb:f9:41:1c:ab:e4:b6:f2:
         a0:6e:cb:f9:fa:d8:5d:32:0e:65:c6:ab:5c:28:00:de:d9:e0:
         70:12:b0:1a:32:f5:c1:75:eb:c7:b7:5f:b4:0a:bb:41:48:0b:
         59:5e:b4:f8:a9:e0:2e:32:b2:24:99:8c:67:bb:84:c8:f6:eb:
         8c:d8:6f:81:d7:d5:19:01:f7:63:a0:1b:a9:90:13:6d:c4:c3:
         25:4b:ed:b8:b8:ab:e7:69:1d:f1:6a:9f:ce:10:7d:2c:3f:26:
         86:97:0e:49:a2:9a:1f:e3:51:dd:88:05:09:c4:49:f4:af:aa:
         78:e5:fa:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY50042c4lMkIyTlfVJOz3mRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MDg1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2FiZjVhMDgxYjhhMjE2NTkyMGZiY2Y2NTk1ZTNmN2U3ZWZkN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVS7rjtsNB0F8j5/QyRMtrNeBEy1
y6wWy0s4vPU8GMdDNBJ+uVFtC8TzQiJb5atDnb6Uyx0OqLmlORAR5TWHzPUUr0Yt
73QTNZdRxDbus9v5TXE2WhyRfp5eA5f7/M3UtVDzxLuc3T2keduU/hyWJV0gzbLS
2b10/hRRerhppGjReKJKxonW8qBArahF/qxS7fc+UssPP3AVhwL9Faaiano0rWFx
XDPKZkiGInKdYaKyVKjDvYW1HhJTF7yQiMwJkEpLzlyypZ9Rpq+NkW6EDxwow6NH
6tdZT5VqA7F5c7VYsVPw038CZ4wMRSNDIRuzOkbPfj+MVIJqqvtu9rjCzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHer9aCBuKIWWSD7z2WV4/fn79f3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZDZ2MW9JRzRvaFpaSVB2UFpaWGo5LWZ2MV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dr7MA0G
CSqGSIb3DQEBCwUAA4IBAQCB9AD0vRgjNowX3UMASnKlw26jxbI/7RJ9S+O4TGxe
zuFs5bfLKmsF2B6DrljGPGmRVggIUTuCAHdu9k1wOfn7vW8mXnfIvWIbERu6OzsS
/U85+uh1KteYE3kDL4LDYNna6ydoiPJw/KtjtlSlTQfoKuOXf6VMSIsDeK8W70LJ
PFcJ49laRqETy/lBHKvktvKgbsv5+thdMg5lxqtcKADe2eBwErAaMvXBdevHt1+0
CrtBSAtZXrT4qeAuMrIkmYxnu4TI9uuM2G+B19UZAfdjoBupkBNtxMMlS+24uKvn
aR3xap/OEH0sPyaGlw5Jopof41HdiAUJxEn0r6p45frR
-----END CERTIFICATE-----