Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gYICb0kk_RpyrHe7L5qwPxe91ac.roa
File:                     gYICb0kk_RpyrHe7L5qwPxe91ac.roa (raw, json)
Hash identifier:          r6KdTRNaK5k9seT4uqw+1ilWh4kjRqtm/oZz0S0ktoQ=
Subject key identifier:   81:82:02:6F:49:24:FD:1A:72:AC:77:BB:2F:9A:B0:3F:17:BD:D5:A7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0192BD7D9773BF9EF2DD555F96C8946AC34F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gYICb0kk_RpyrHe7L5qwPxe91ac.roa
Signing time:             Thu 24 Oct 2024 07:46:17 +0000
ROA not before:           Thu 24 Oct 2024 07:46:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203758
IP address blocks:        82.153.70.0/24 maxlen: 24
                          109.176.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bd:7d:97:73:bf:9e:f2:dd:55:5f:96:c8:94:6a:c3:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 24 07:46:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8182026f4924fd1a72ac77bb2f9ab03f17bdd5a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:02:dd:61:19:6d:86:89:23:b2:c9:b5:42:f5:
                    83:a4:b3:93:8f:80:2a:f4:d2:71:a0:e2:eb:f3:64:
                    be:fb:7b:32:92:27:aa:38:ca:ab:d4:50:3f:4c:40:
                    b4:3a:98:ce:67:ad:b9:f9:24:1d:c8:fd:99:bd:52:
                    6c:5c:f8:b3:5a:75:02:73:4a:fd:72:5e:29:88:a0:
                    36:7d:98:db:42:61:5b:3a:ac:0c:50:df:9d:a5:c3:
                    9d:b7:e7:d7:3c:5c:c1:cf:9f:37:4c:0f:63:18:9b:
                    6a:05:f4:89:7a:c7:21:2e:87:ee:b0:7e:2a:2b:c1:
                    f3:cf:6d:bc:08:ea:b8:b6:c7:58:da:1b:59:c5:6a:
                    81:8e:83:5a:7f:c9:72:35:db:e9:ab:50:45:45:59:
                    d4:d4:e4:30:f3:57:85:48:ef:87:53:c4:9d:34:db:
                    79:06:b7:6f:65:76:c6:28:1b:63:c8:1b:35:ee:e3:
                    a9:ad:27:d4:84:6c:c5:78:a3:91:a5:7a:b2:58:30:
                    03:fc:9a:15:23:4f:24:e7:f6:39:bc:f0:a4:f4:ed:
                    ff:a6:47:2e:bc:8e:38:ac:22:8f:f8:38:a4:24:60:
                    b3:9c:94:51:5a:5b:f7:00:e3:1c:7f:92:73:04:f5:
                    13:17:e8:3c:55:a0:8d:ff:00:02:a2:29:30:0f:86:
                    be:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:82:02:6F:49:24:FD:1A:72:AC:77:BB:2F:9A:B0:3F:17:BD:D5:A7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gYICb0kk_RpyrHe7L5qwPxe91ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.70.0/24
                  109.176.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:52:f4:ae:15:69:0d:79:66:01:2b:b8:ed:dd:53:2d:cb:55:
         5a:10:30:30:5e:ed:a7:2d:52:72:b2:07:e2:18:2e:15:80:aa:
         e6:1d:3a:f8:a6:45:5e:c9:27:25:40:b1:5b:80:90:b0:03:5e:
         08:0c:1c:85:ab:9e:e0:11:5f:a1:33:d6:6e:2e:c2:58:00:13:
         a9:44:9c:28:6d:c7:bf:be:6e:53:50:58:04:89:59:f9:0b:2d:
         b0:b5:e6:ae:d5:b9:e8:00:9d:75:b9:ce:34:ef:74:c9:5f:12:
         b1:20:94:da:8c:5a:fc:28:d7:84:f9:0d:b2:0b:05:74:8c:08:
         41:23:b9:96:ae:8f:9a:1a:ea:7c:26:be:0d:c2:aa:72:7c:3c:
         92:80:7b:b2:a5:b5:db:25:2b:78:3a:85:9c:8d:12:44:98:2f:
         8e:ce:36:fc:cd:dd:47:e3:20:64:89:c0:74:44:66:6d:07:93:
         a1:87:dd:d9:4f:9a:d7:11:c4:91:67:a5:57:a3:41:98:b2:f5:
         ce:fb:c3:fd:4f:ae:23:be:f8:2c:14:a2:4e:bb:4b:a2:c7:12:
         03:32:3b:0e:d4:47:e1:1e:e2:28:82:16:92:7b:8e:46:7c:c2:
         18:00:6c:0c:1f:36:b8:7b:5d:b4:fd:39:9a:b5:6c:af:e0:d6:
         16:86:fe:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK9fZdzv57y3VVflsiUasNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDI0MDc0NjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTgyMDI2ZjQ5MjRmZDFhNzJhYzc3YmIyZjlhYjAzZjE3YmRkNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQLdYRlthokjssm1QvWDpLOTj4Aq
9NJxoOLr82S++3sykieqOMqr1FA/TEC0OpjOZ625+SQdyP2ZvVJsXPizWnUCc0r9
cl4piKA2fZjbQmFbOqwMUN+dpcOdt+fXPFzBz583TA9jGJtqBfSJeschLofusH4q
K8Hzz228COq4tsdY2htZxWqBjoNaf8lyNdvpq1BFRVnU1OQw81eFSO+HU8SdNNt5
BrdvZXbGKBtjyBs17uOprSfUhGzFeKORpXqyWDAD/JoVI08k5/Y5vPCk9O3/pkcu
vI44rCKP+DikJGCznJRRWlv3AOMcf5JzBPUTF+g8VaCN/wACoikwD4a+vQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIGCAm9JJP0acqx3uy+asD8XvdWnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ1lJQ2Iwa2tfUnB5ckhlN0w1cXdQeGU5MWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUplGAwQA
bbD8MA0GCSqGSIb3DQEBCwUAA4IBAQCeUvSuFWkNeWYBK7jt3VMty1VaEDAwXu2n
LVJysgfiGC4VgKrmHTr4pkVeySclQLFbgJCwA14IDByFq57gEV+hM9ZuLsJYABOp
RJwobce/vm5TUFgEiVn5Cy2wteau1bnoAJ11uc4073TJXxKxIJTajFr8KNeE+Q2y
CwV0jAhBI7mWro+aGup8Jr4NwqpyfDySgHuypbXbJSt4OoWcjRJEmC+Ozjb8zd1H
4yBkicB0RGZtB5Ohh93ZT5rXEcSRZ6VXo0GYsvXO+8P9T64jvvgsFKJOu0uixxID
MjsO1EfhHuIoghaSe45GfMIYAGwMHza4e120/TmatWyv4NYWhv5D
-----END CERTIFICATE-----