Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fuI3uKL4w0QKDOAJRONyVLxEpwo.roa
File:                     fuI3uKL4w0QKDOAJRONyVLxEpwo.roa (raw, json)
Hash identifier:          j0uWsRwcgDbybXSMLy0ytk0t22dm2ZGUmGvJFC/Mvag=
Subject key identifier:   7E:E2:37:B8:A2:F8:C3:44:0A:0C:E0:09:44:E3:72:54:BC:44:A7:0A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F73A9E8CB8DF307CE8FB8B85D76B2F7AE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fuI3uKL4w0QKDOAJRONyVLxEpwo.roa
Signing time:             Mon 13 May 2024 20:34:25 +0000
ROA not before:           Mon 13 May 2024 20:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210732
IP address blocks:        82.152.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:73:a9:e8:cb:8d:f3:07:ce:8f:b8:b8:5d:76:b2:f7:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 13 20:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ee237b8a2f8c3440a0ce00944e37254bc44a70a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:eb:08:9e:36:3c:18:58:e9:06:bd:c5:da:3e:
                    63:d3:f0:a3:81:43:69:9b:50:e0:6a:d2:4c:d9:eb:
                    cc:0e:11:9b:8c:c2:38:cc:77:88:db:e9:28:2e:71:
                    a2:57:1c:e4:4d:7d:57:ee:1c:05:f0:6b:27:1a:e7:
                    a1:38:f7:96:86:6c:e2:4c:6b:6d:5c:79:1b:73:b7:
                    a3:85:ba:4c:2e:5d:31:17:d0:8e:10:ef:f2:eb:a0:
                    56:3f:39:de:7a:38:49:a6:2a:b3:93:9d:0e:ac:49:
                    41:5e:47:df:4f:f8:7c:48:0e:b8:1f:20:26:c5:9d:
                    b9:1c:20:87:87:68:5b:b3:88:60:eb:13:63:6f:86:
                    7a:54:28:f0:db:17:84:37:5a:13:22:62:ab:16:1f:
                    09:fb:65:15:22:d9:28:55:af:66:65:b7:70:96:04:
                    30:01:a8:05:59:1d:90:32:1b:a5:1a:d2:51:1d:c3:
                    66:dc:29:1b:08:63:9c:79:89:e0:96:d7:59:67:6f:
                    cb:f7:f9:0a:2f:12:5a:c2:69:18:69:91:86:cd:f5:
                    09:e2:8b:39:c6:d3:d2:ad:6e:98:90:f8:b1:ce:ad:
                    f3:fb:d7:3c:72:7d:ee:7d:07:f8:ea:77:3d:fd:d7:
                    de:48:2c:7b:09:7e:60:ca:ff:ad:8c:45:bc:dc:45:
                    b2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:E2:37:B8:A2:F8:C3:44:0A:0C:E0:09:44:E3:72:54:BC:44:A7:0A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fuI3uKL4w0QKDOAJRONyVLxEpwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:0c:c1:16:07:ac:96:aa:e2:15:94:c3:29:7c:1e:04:bc:c5:
         88:a6:28:53:6d:da:bb:58:6a:1f:78:ed:30:c8:ff:ef:17:47:
         55:11:a8:d6:ed:f9:a8:13:63:64:ae:06:b6:11:54:90:c1:7a:
         27:a2:69:e5:94:c5:af:21:ed:02:1f:06:a2:d1:13:4d:8f:09:
         53:79:fc:b3:17:67:14:22:d2:62:0d:8c:5c:cf:19:23:12:00:
         6d:88:c2:d7:cc:2f:a0:7f:3b:da:39:b9:73:60:cb:65:55:a3:
         81:ee:ac:3a:be:29:91:5e:a8:46:95:8d:38:7c:56:c3:3a:ab:
         1d:26:41:fb:42:1f:91:bd:e8:3b:d5:aa:c3:f1:85:35:2f:22:
         2a:51:5f:8f:4e:cd:30:a7:ce:93:a4:b3:28:9f:bf:26:29:b6:
         b1:cb:ec:9c:26:ee:22:c0:ad:60:8b:1a:7a:5b:82:f3:fd:01:
         64:84:47:57:fc:61:40:bf:70:65:36:4e:19:a1:e1:f0:dd:3a:
         ac:a3:eb:f2:92:54:37:81:8d:5d:bd:c0:8f:52:2b:b6:90:1b:
         31:0b:c8:7c:26:09:65:cd:20:cf:fe:73:0c:cd:c1:36:f2:17:
         5c:6d:03:50:d2:62:6d:00:31:e6:ec:4f:14:e6:22:7f:71:01:
         6a:02:41:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9zqejLjfMHzo+4uF12sveuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTEzMjAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWUyMzdiOGEyZjhjMzQ0MGEwY2UwMDk0NGUzNzI1NGJjNDRhNzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2esInjY8GFjpBr3F2j5j0/CjgUNp
m1DgatJM2evMDhGbjMI4zHeI2+koLnGiVxzkTX1X7hwF8GsnGuehOPeWhmziTGtt
XHkbc7ejhbpMLl0xF9COEO/y66BWPzneejhJpiqzk50OrElBXkffT/h8SA64HyAm
xZ25HCCHh2hbs4hg6xNjb4Z6VCjw2xeEN1oTImKrFh8J+2UVItkoVa9mZbdwlgQw
AagFWR2QMhulGtJRHcNm3CkbCGOceYngltdZZ2/L9/kKLxJawmkYaZGGzfUJ4os5
xtPSrW6YkPixzq3z+9c8cn3ufQf46nc9/dfeSCx7CX5gyv+tjEW83EWy6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7iN7ii+MNECgzgCUTjclS8RKcKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZnVJM3VLTDR3MFFLRE9BSlJPTnlWTHhFcHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpg2MA0G
CSqGSIb3DQEBCwUAA4IBAQBMDMEWB6yWquIVlMMpfB4EvMWIpihTbdq7WGofeO0w
yP/vF0dVEajW7fmoE2Nkrga2EVSQwXonomnllMWvIe0CHwai0RNNjwlTefyzF2cU
ItJiDYxczxkjEgBtiMLXzC+gfzvaOblzYMtlVaOB7qw6vimRXqhGlY04fFbDOqsd
JkH7Qh+Rveg71arD8YU1LyIqUV+PTs0wp86TpLMon78mKbaxy+ycJu4iwK1gixp6
W4Lz/QFkhEdX/GFAv3BlNk4ZoeHw3Tqso+vyklQ3gY1dvcCPUiu2kBsxC8h8Jgll
zSDP/nMMzcE28hdcbQNQ0mJtADHm7E8U5iJ/cQFqAkEH
-----END CERTIFICATE-----