Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eclmQC3NnzeSod0zv-0uN1kIi8Y.roa
File:                     eclmQC3NnzeSod0zv-0uN1kIi8Y.roa (raw, json)
Hash identifier:          DmZngfhcKLiCwItaYDBX8KsKIq8kUC2vR2k9jbLxlm8=
Subject key identifier:   79:C9:66:40:2D:CD:9F:37:92:A1:DD:33:BF:ED:2E:37:59:08:8B:C6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3495ED41D85631BEF0028F7DABBFA41
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eclmQC3NnzeSod0zv-0uN1kIi8Y.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207645
IP address blocks:        82.153.74.0/23 maxlen: 23
                          82.153.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5e:d4:1d:85:63:1b:ef:00:28:f7:da:bb:fa:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79c966402dcd9f3792a1dd33bfed2e3759088bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f7:f2:4c:1a:c3:38:97:30:48:38:0e:8b:2d:
                    49:12:cf:71:98:26:be:bc:36:51:ca:5f:ed:b4:2f:
                    e8:06:89:50:1f:4b:45:3e:6b:d6:f3:1c:77:99:36:
                    68:6b:ce:1b:b1:a2:a2:b0:63:1e:55:9d:de:52:4d:
                    37:4e:5c:1f:13:68:6c:1b:59:4c:ed:58:73:d6:60:
                    a1:80:8a:7d:f9:75:73:88:99:dd:58:1c:b3:2c:98:
                    ff:9d:48:d3:66:05:c9:04:a4:42:95:e0:7a:9e:2b:
                    7b:ec:b7:7e:70:90:86:9e:f8:63:3e:f7:b0:59:f3:
                    f9:5b:7d:91:93:bc:ba:4c:3d:cc:33:73:89:2b:ba:
                    70:9c:d5:84:93:16:cd:4f:75:56:e2:b0:da:3d:0a:
                    19:35:2f:50:00:ea:80:4f:c3:7e:af:44:c9:87:13:
                    53:87:3a:88:d3:f2:46:5f:6d:b8:2a:db:50:2e:e9:
                    37:ee:cb:c0:99:3c:e9:28:fc:4e:a4:b3:c6:88:38:
                    d0:98:4f:5a:72:92:5b:86:98:ab:86:de:a3:5a:73:
                    61:2c:13:c9:d9:38:64:03:a4:6a:ad:01:c6:9e:2b:
                    3d:1e:1e:cd:5d:8f:dc:e4:ee:cd:3c:89:4c:3c:2f:
                    d7:f3:d1:df:f4:4b:b4:93:42:49:cb:c9:cf:3e:40:
                    c0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C9:66:40:2D:CD:9F:37:92:A1:DD:33:BF:ED:2E:37:59:08:8B:C6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/eclmQC3NnzeSod0zv-0uN1kIi8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.74.0-82.153.77.255

    Signature Algorithm: sha256WithRSAEncryption
         17:b8:00:a1:af:1a:0b:77:0a:59:21:7e:57:71:f9:2a:36:6b:
         17:ae:44:3c:e3:0b:64:e2:aa:dd:30:71:b4:a4:09:bd:08:80:
         fb:83:63:05:4e:94:2b:0f:c8:3c:b3:b2:05:48:42:76:43:2c:
         a2:62:53:c7:a1:aa:72:d7:33:c5:51:f0:de:2c:5e:49:e1:de:
         27:9d:71:ad:e2:6d:e8:7b:c9:e4:e2:f7:da:28:24:63:90:d3:
         55:28:3e:e1:ee:22:e7:c9:50:85:e6:af:44:98:7b:e5:5c:d1:
         8b:c0:5c:c4:e6:46:18:88:10:57:0d:55:a0:af:a9:9f:2f:ca:
         5f:56:f9:f6:10:1c:6c:f1:b6:d1:f5:1e:28:9f:b9:87:b9:19:
         99:d0:c9:e9:47:2e:d8:a6:0c:a6:3f:87:4e:fe:6d:bd:75:4f:
         4c:fe:a7:57:a6:c5:0f:da:e7:76:ca:08:13:7b:1f:59:6c:44:
         fb:99:2a:4c:87:5d:69:05:e4:28:94:e4:84:0e:7a:5e:b3:ce:
         3c:de:06:de:4d:ab:f8:5d:ce:56:a9:f2:3b:41:96:71:b1:f5:
         98:01:48:e8:1b:ad:50:32:40:9d:0f:ca:27:72:5e:86:fc:16:
         26:e4:67:69:bd:55:17:14:44:1f:3d:10:dd:d0:e3:2c:29:c6:
         b1:b3:65:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSV7UHYVjG+8AKPfau/pBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWM5NjY0MDJkY2Q5ZjM3OTJhMWRkMzNiZmVkMmUzNzU5MDg4YmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhffyTBrDOJcwSDgOiy1JEs9xmCa+
vDZRyl/ttC/oBolQH0tFPmvW8xx3mTZoa84bsaKisGMeVZ3eUk03TlwfE2hsG1lM
7Vhz1mChgIp9+XVziJndWByzLJj/nUjTZgXJBKRCleB6nit77Ld+cJCGnvhjPvew
WfP5W32Rk7y6TD3MM3OJK7pwnNWEkxbNT3VW4rDaPQoZNS9QAOqAT8N+r0TJhxNT
hzqI0/JGX224KttQLuk37svAmTzpKPxOpLPGiDjQmE9acpJbhpirht6jWnNhLBPJ
2ThkA6RqrQHGnis9Hh7NXY/c5O7NPIlMPC/X89Hf9Eu0k0JJy8nPPkDAKQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHnJZkAtzZ83kqHdM7/tLjdZCIvGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZWNsbVFDM05uemVTb2QwenYtMHVOMWtJaThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFSmUoD
BAFSmUwwDQYJKoZIhvcNAQELBQADggEBABe4AKGvGgt3Clkhfldx+So2axeuRDzj
C2Tiqt0wcbSkCb0IgPuDYwVOlCsPyDyzsgVIQnZDLKJiU8ehqnLXM8VR8N4sXknh
3iedca3ibeh7yeTi99ooJGOQ01UoPuHuIufJUIXmr0SYe+Vc0YvAXMTmRhiIEFcN
VaCvqZ8vyl9W+fYQHGzxttH1HiifuYe5GZnQyelHLtimDKY/h07+bb11T0z+p1em
xQ/a53bKCBN7H1lsRPuZKkyHXWkF5CiU5IQOel6zzjzeBt5Nq/hdzlap8jtBlnGx
9ZgBSOgbrVAyQJ0PyidyXob8FibkZ2m9VRcURB89EN3Q4ywpxrGzZX0=
-----END CERTIFICATE-----