Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eMyWcTQLYii5gFKItNDYQI6w4hA.roa
File:                     eMyWcTQLYii5gFKItNDYQI6w4hA.roa (raw, json)
Hash identifier:          ucg+/JxNBacjX6Okb01DKPOnLhHDjhA7fdcC9nhyYgA=
Subject key identifier:   78:CC:96:71:34:0B:62:28:B9:80:52:88:B4:D0:D8:40:8E:B0:E2:10
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F697A0BB4146CA24E4ADD7EFB988ADDEF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eMyWcTQLYii5gFKItNDYQI6w4hA.roa
Signing time:             Sat 11 May 2024 21:05:57 +0000
ROA not before:           Sat 11 May 2024 21:05:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215324
IP address blocks:        213.130.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:27:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:69:7a:0b:b4:14:6c:a2:4e:4a:dd:7e:fb:98:8a:dd:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 11 21:05:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78cc9671340b6228b9805288b4d0d8408eb0e210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2f:54:3b:d2:21:74:b0:be:21:ba:a8:a8:e6:
                    b0:a4:df:2a:be:01:34:61:cb:43:4a:3e:60:58:2c:
                    10:f9:5d:e8:98:b3:13:58:2e:13:ad:c8:37:9b:ce:
                    58:60:1b:d7:1e:fc:62:61:40:04:53:f4:c9:32:62:
                    a4:5b:78:8a:2a:1c:06:5e:22:ec:f6:f8:64:3d:59:
                    27:b9:c1:09:66:ec:a0:a9:4e:30:0f:2c:3e:00:69:
                    bd:1e:6d:65:b8:38:98:1d:c2:f4:9d:69:84:cc:3b:
                    0a:11:5e:41:d7:68:cc:ee:d3:96:de:c9:12:45:15:
                    73:96:36:94:d0:cb:50:e5:38:c2:cc:22:a2:c6:f6:
                    6c:1a:52:7d:4d:6c:ff:86:7f:eb:a8:a1:62:82:35:
                    52:b4:c9:37:15:72:c3:d8:28:9f:84:ab:3d:13:d3:
                    48:f7:5b:20:05:ab:08:7c:33:4b:d6:95:1a:3a:ee:
                    7e:78:b7:85:0d:e4:54:5e:b8:04:cd:fa:c4:91:9e:
                    c9:2b:17:03:e8:9c:2e:c7:3a:94:8f:9a:a8:48:bf:
                    c0:f4:fa:7f:2c:df:91:85:23:0d:e4:fd:ba:b7:41:
                    62:aa:b9:57:d9:ca:76:da:51:69:03:fa:51:fa:31:
                    e0:ff:8c:dd:f9:f1:6b:1a:64:bd:2c:6d:5a:1c:3e:
                    0a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:CC:96:71:34:0B:62:28:B9:80:52:88:B4:D0:D8:40:8E:B0:E2:10
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eMyWcTQLYii5gFKItNDYQI6w4hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:10:b2:92:fa:8d:8e:3a:7c:86:36:ea:11:d8:52:12:32:13:
         e4:a5:07:31:43:41:20:a6:61:a2:d9:e0:32:10:e6:75:b5:1d:
         ef:e2:b2:0e:82:b4:73:34:bb:c4:43:d2:0f:f3:65:29:e5:26:
         38:32:98:58:85:5e:1f:b1:75:63:9e:8d:7a:8b:7d:e1:df:7f:
         3a:a6:85:2e:63:2b:3e:90:a5:38:d9:31:06:b8:be:80:23:ca:
         dd:56:15:14:f5:6f:0b:b8:13:20:ee:2d:6d:f7:67:71:50:72:
         ba:ce:54:69:b1:e8:ed:33:16:8c:5f:82:75:27:43:1a:8f:fa:
         92:a3:ee:6f:63:7b:48:31:1a:04:a7:a3:9a:cc:b3:bf:df:31:
         43:5a:4e:56:ab:01:37:c2:22:a2:4b:20:75:dc:04:a9:41:42:
         f6:23:a5:38:b6:04:20:20:66:0b:7d:92:2f:0f:ad:9c:2c:d1:
         f7:52:a5:94:7a:7f:21:ab:69:1c:3a:3e:0f:30:68:97:d9:63:
         da:34:81:9d:04:ba:1d:d5:15:cc:fb:3f:1a:f4:f1:fa:08:35:
         45:7f:e7:c0:ba:d9:ca:d2:4a:18:e3:c5:68:01:bd:53:86:16:
         16:8a:45:a2:71:47:7f:77:91:95:de:ef:63:ec:7e:2e:a9:a3:
         3e:ae:0f:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9pegu0FGyiTkrdfvuYit3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTExMjEwNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGNjOTY3MTM0MGI2MjI4Yjk4MDUyODhiNGQwZDg0MDhlYjBlMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC9UO9IhdLC+IbqoqOawpN8qvgE0
YctDSj5gWCwQ+V3omLMTWC4Trcg3m85YYBvXHvxiYUAEU/TJMmKkW3iKKhwGXiLs
9vhkPVknucEJZuygqU4wDyw+AGm9Hm1luDiYHcL0nWmEzDsKEV5B12jM7tOW3skS
RRVzljaU0MtQ5TjCzCKixvZsGlJ9TWz/hn/rqKFigjVStMk3FXLD2CifhKs9E9NI
91sgBasIfDNL1pUaOu5+eLeFDeRUXrgEzfrEkZ7JKxcD6JwuxzqUj5qoSL/A9Pp/
LN+RhSMN5P26t0FiqrlX2cp22lFpA/pR+jHg/4zd+fFrGmS9LG1aHD4KmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjMlnE0C2IouYBSiLTQ2ECOsOIQMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZU15V2NUUUxZaWk1Z0ZLSXRORFlRSTZ3NGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKcMA0G
CSqGSIb3DQEBCwUAA4IBAQClELKS+o2OOnyGNuoR2FISMhPkpQcxQ0EgpmGi2eAy
EOZ1tR3v4rIOgrRzNLvEQ9IP82Up5SY4MphYhV4fsXVjno16i33h3386poUuYys+
kKU42TEGuL6AI8rdVhUU9W8LuBMg7i1t92dxUHK6zlRpsejtMxaMX4J1J0Maj/qS
o+5vY3tIMRoEp6OazLO/3zFDWk5WqwE3wiKiSyB13ASpQUL2I6U4tgQgIGYLfZIv
D62cLNH3UqWUen8hq2kcOj4PMGiX2WPaNIGdBLod1RXM+z8a9PH6CDVFf+fAutnK
0koY48VoAb1ThhYWikWicUd/d5GV3u9j7H4uqaM+rg9d
-----END CERTIFICATE-----