Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f34NEAUjEaES9k6WDX0ww_CSFeM.roa
File:                     f34NEAUjEaES9k6WDX0ww_CSFeM.roa (raw, json)
Hash identifier:          IGspkUEtH0hQSb/jc/LmEZ5blfajbkomhVyO3FxQe3I=
Subject key identifier:   7F:7E:0D:10:05:23:11:A1:12:F6:4E:96:0D:7D:30:C3:F0:92:15:E3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E45AA05A6430947B6EBEC152AE69
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f34NEAUjEaES9k6WDX0ww_CSFeM.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49127
IP address blocks:        109.176.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e4:5a:a0:5a:64:30:94:7b:6e:be:c1:52:ae:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f7e0d10052311a112f64e960d7d30c3f09215e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a6:92:22:8b:41:2b:3e:15:48:a3:29:34:52:
                    76:5a:c2:83:29:43:e9:26:3b:74:81:54:7c:8a:0a:
                    7a:bc:2c:e3:28:50:96:0f:91:97:fa:8f:d3:56:08:
                    2c:98:19:e1:09:d8:39:ac:85:60:9d:9c:88:4f:40:
                    59:c0:11:38:88:77:24:a6:99:7a:1e:a5:41:4b:40:
                    36:b6:8c:47:19:5a:0c:90:08:0a:5f:d0:ff:5f:27:
                    62:41:2d:0a:af:dc:98:b7:9e:e9:dc:58:fe:2d:5a:
                    d2:ed:30:77:20:30:e4:62:1e:92:e1:07:a2:93:cc:
                    67:08:30:e0:dd:98:33:b5:9d:1a:bc:11:43:2a:b2:
                    c5:1e:b6:a8:55:7c:41:8f:82:88:c1:60:09:02:d8:
                    bb:85:1a:2f:1d:5b:af:19:e6:26:61:3f:58:4a:f0:
                    43:06:c8:a9:8a:c5:c5:64:51:3d:99:49:2f:18:d0:
                    4c:3c:41:c1:1f:d0:46:22:46:7d:80:3c:b4:d3:9a:
                    da:b9:10:c1:ff:32:61:fe:36:e1:5c:3d:e5:ff:65:
                    01:6b:60:c7:04:c4:7e:75:b3:37:98:bf:31:c9:93:
                    76:72:2f:40:0c:10:a0:11:4e:68:b4:74:22:73:8b:
                    4f:fd:22:3e:62:22:53:8a:2b:d0:b9:7e:ff:22:a0:
                    11:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7E:0D:10:05:23:11:A1:12:F6:4E:96:0D:7D:30:C3:F0:92:15:E3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/f34NEAUjEaES9k6WDX0ww_CSFeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:d6:86:f1:3d:47:38:73:44:99:3f:b8:3d:28:bf:9e:64:84:
         37:f8:ae:04:70:a5:c7:88:24:9c:ee:b2:ee:4c:6e:7a:43:c7:
         3a:0c:60:ea:e4:5e:b0:59:c6:94:a0:5c:f4:ac:c9:c5:18:1d:
         41:0e:bc:f9:37:40:c1:d9:b8:73:76:c8:81:23:f8:67:d0:02:
         f3:61:79:61:e0:9a:9d:16:da:46:e6:6f:af:e8:64:81:49:06:
         00:f4:ce:59:8c:87:56:5e:9a:ed:4d:51:29:8b:d0:82:b6:1a:
         eb:b3:66:53:db:6d:22:1f:ca:ae:36:06:fa:a6:bf:d6:fc:04:
         1f:fb:31:d4:ee:68:3c:12:1e:60:15:f6:90:cd:38:b8:9f:79:
         51:a0:76:b9:ab:f7:42:cd:46:8c:57:2e:74:91:d9:76:54:27:
         a9:84:97:bf:ba:c7:46:e0:a8:c1:82:c8:a2:29:b2:85:f0:d7:
         24:20:2d:6f:13:e3:c5:96:2e:3c:2c:ae:54:2e:e1:c8:20:db:
         73:da:6a:2e:83:94:e0:c3:e7:3b:b0:81:65:6f:5f:1b:c3:67:
         b1:d6:d0:e6:f7:94:9e:a3:d2:a4:c2:b5:8b:5d:e2:f0:65:ea:
         88:29:03:61:cd:ed:cc:ad:11:34:15:77:de:d3:e2:b4:23:37:
         29:18:a0:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+RaoFpkMJR7br7BUq5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjdlMGQxMDA1MjMxMWExMTJmNjRlOTYwZDdkMzBjM2YwOTIxNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6aSIotBKz4VSKMpNFJ2WsKDKUPp
Jjt0gVR8igp6vCzjKFCWD5GX+o/TVggsmBnhCdg5rIVgnZyIT0BZwBE4iHckppl6
HqVBS0A2toxHGVoMkAgKX9D/XydiQS0Kr9yYt57p3Fj+LVrS7TB3IDDkYh6S4Qei
k8xnCDDg3ZgztZ0avBFDKrLFHraoVXxBj4KIwWAJAti7hRovHVuvGeYmYT9YSvBD
BsipisXFZFE9mUkvGNBMPEHBH9BGIkZ9gDy005rauRDB/zJh/jbhXD3l/2UBa2DH
BMR+dbM3mL8xyZN2ci9ADBCgEU5otHQic4tP/SI+YiJTiivQuX7/IqARxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9+DRAFIxGhEvZOlg19MMPwkhXjMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZjM0TkVBVWpFYUVTOWs2V0RYMHd3X0NTRmVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDPMA0G
CSqGSIb3DQEBCwUAA4IBAQAh1obxPUc4c0SZP7g9KL+eZIQ3+K4EcKXHiCSc7rLu
TG56Q8c6DGDq5F6wWcaUoFz0rMnFGB1BDrz5N0DB2bhzdsiBI/hn0ALzYXlh4Jqd
FtpG5m+v6GSBSQYA9M5ZjIdWXprtTVEpi9CCthrrs2ZT220iH8quNgb6pr/W/AQf
+zHU7mg8Eh5gFfaQzTi4n3lRoHa5q/dCzUaMVy50kdl2VCephJe/usdG4KjBgsii
KbKF8NckIC1vE+PFli48LK5ULuHIINtz2moug5Tgw+c7sIFlb18bw2ex1tDm95Se
o9KkwrWLXeLwZeqIKQNhze3MrRE0FXfe0+K0IzcpGKDu
-----END CERTIFICATE-----