Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h5qaCg4u4wYMB6D3g95tCB8Oz4M.roa
File:                     h5qaCg4u4wYMB6D3g95tCB8Oz4M.roa (raw, json)
Hash identifier:          hS9LnTuwOPEzvy23kvQeKJUu4/5E1Mc6G/S/l9sSQtg=
Subject key identifier:   87:9A:9A:0A:0E:2E:E3:06:0C:07:A0:F7:83:DE:6D:08:1F:0E:CF:83
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191E1D7799FAD72135EFD949BE0629A81E2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h5qaCg4u4wYMB6D3g95tCB8Oz4M.roa
Signing time:             Wed 11 Sep 2024 16:08:00 +0000
ROA not before:           Wed 11 Sep 2024 16:08:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     153320
IP address blocks:        109.176.22.0/24 maxlen: 24
                          194.105.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:d7:79:9f:ad:72:13:5e:fd:94:9b:e0:62:9a:81:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep 11 16:08:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=879a9a0a0e2ee3060c07a0f783de6d081f0ecf83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:63:fa:e6:34:11:7b:8a:31:c8:e0:fd:42:
                    60:bb:20:00:c9:8d:b0:fb:14:77:26:7f:86:ce:c0:
                    dc:ff:d7:68:29:32:69:48:75:c6:77:5d:96:b1:d9:
                    4a:5c:6a:96:fa:a4:4a:41:e3:85:78:a7:e3:a3:fc:
                    54:03:2b:05:02:30:cc:15:47:eb:09:eb:8f:ed:77:
                    3e:39:09:dc:fe:e8:95:6b:a3:40:0a:f2:84:6c:3b:
                    41:56:d9:8f:00:a1:0a:5a:6a:c0:9d:68:73:9f:84:
                    7b:d5:98:7e:e1:d5:0e:28:99:77:0d:d2:8e:aa:7a:
                    8a:8e:a5:27:6e:62:c9:79:d1:5b:e5:42:46:ef:9c:
                    9e:94:39:1e:65:e8:a1:fd:d4:09:d0:0d:3a:3e:ba:
                    d3:98:a8:e0:8d:0d:2e:ce:4e:85:71:56:78:36:a7:
                    74:ac:59:8e:5c:40:91:65:c7:e2:d3:cb:42:5e:6a:
                    15:e8:4d:5a:2b:1f:85:10:2a:3e:3e:ca:53:0f:72:
                    92:bd:c4:3c:2b:e6:56:55:05:75:41:3e:4e:1e:33:
                    3c:b0:b9:de:96:68:24:4c:b8:2d:e1:16:27:a3:50:
                    9d:9b:0c:b1:c4:5a:4c:ea:cc:6d:ca:a7:ac:87:ff:
                    3d:d1:ae:75:e0:98:ca:3b:76:99:3e:47:9d:22:16:
                    51:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:9A:9A:0A:0E:2E:E3:06:0C:07:A0:F7:83:DE:6D:08:1F:0E:CF:83
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/h5qaCg4u4wYMB6D3g95tCB8Oz4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.22.0/24
                  194.105.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:8e:f3:15:95:b5:d0:e4:68:e9:31:10:b9:89:a9:24:13:f0:
         32:c2:ad:93:af:63:d5:8e:4f:31:e3:53:92:56:f9:75:92:01:
         b4:6a:59:22:ee:c4:77:a8:71:47:17:9f:06:9c:eb:41:59:b3:
         16:9b:e4:9d:0a:6e:a8:9e:a6:f0:77:5d:1b:03:3c:68:ed:8b:
         a0:46:a4:c5:7e:0f:2d:dc:d8:c2:e4:a3:7d:1d:d1:ea:14:3d:
         8a:0f:a3:26:cb:cc:6c:2b:74:e4:08:32:80:89:54:07:d8:10:
         98:6e:0e:c6:9c:09:33:ee:8d:48:f9:a5:d9:a3:96:69:62:b2:
         c9:61:a8:97:53:11:95:89:05:cd:02:39:15:4e:8a:d6:dd:c7:
         74:72:9d:ec:e6:52:a7:14:85:2d:a5:cb:a2:40:cc:bc:c5:ab:
         86:4c:62:2a:c8:44:b4:0a:a6:a4:c1:1c:e7:fc:e5:e2:1b:95:
         3e:3e:94:70:79:49:7e:d8:b7:03:ab:04:63:48:61:bd:0a:28:
         17:40:b3:85:53:c6:55:59:b6:24:f6:fa:c0:8b:00:92:3a:ff:
         b0:2d:2c:d9:fc:29:0b:9d:db:87:5d:16:5f:db:61:3e:2e:e3:
         80:1e:9f:e0:2a:37:f9:c6:7d:a6:00:c5:a5:6f:d4:29:45:a1:
         d4:b5:3e:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHh13mfrXITXv2Um+BimoHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTExMTYwODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzlhOWEwYTBlMmVlMzA2MGMwN2EwZjc4M2RlNmQwODFmMGVjZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuURj+uY0EXuKMcjg/UJguyAAyY2w
+xR3Jn+GzsDc/9doKTJpSHXGd12WsdlKXGqW+qRKQeOFeKfjo/xUAysFAjDMFUfr
CeuP7Xc+OQnc/uiVa6NACvKEbDtBVtmPAKEKWmrAnWhzn4R71Zh+4dUOKJl3DdKO
qnqKjqUnbmLJedFb5UJG75yelDkeZeih/dQJ0A06PrrTmKjgjQ0uzk6FcVZ4Nqd0
rFmOXECRZcfi08tCXmoV6E1aKx+FECo+PspTD3KSvcQ8K+ZWVQV1QT5OHjM8sLne
lmgkTLgt4RYno1CdmwyxxFpM6sxtyqesh/890a514JjKO3aZPkedIhZRjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIeamgoOLuMGDAeg94PebQgfDs+DMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaDVxYUNnNHU0d1lNQjZEM2c5NXRDQjhPejRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbAWAwQA
wmlYMA0GCSqGSIb3DQEBCwUAA4IBAQAhjvMVlbXQ5GjpMRC5iakkE/Aywq2Tr2PV
jk8x41OSVvl1kgG0alki7sR3qHFHF58GnOtBWbMWm+SdCm6onqbwd10bAzxo7Yug
RqTFfg8t3NjC5KN9HdHqFD2KD6Mmy8xsK3TkCDKAiVQH2BCYbg7GnAkz7o1I+aXZ
o5ZpYrLJYaiXUxGViQXNAjkVTorW3cd0cp3s5lKnFIUtpcuiQMy8xauGTGIqyES0
CqakwRzn/OXiG5U+PpRweUl+2LcDqwRjSGG9CigXQLOFU8ZVWbYk9vrAiwCSOv+w
LSzZ/CkLnduHXRZf22E+LuOAHp/gKjf5xn2mAMWlb9QpRaHUtT4Q
-----END CERTIFICATE-----