Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hE1y1mToN2n8Dqx3BW_2Qpdaae8.roa
File:                     hE1y1mToN2n8Dqx3BW_2Qpdaae8.roa (raw, json)
Hash identifier:          sZufgupuZW1eq+yH/8tGrlHKvDOVMDFKZ2mFOXs8Msc=
Subject key identifier:   84:4D:72:D6:64:E8:37:69:FC:0E:AC:77:05:6F:F6:42:97:5A:69:EF
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F94E769EABEFD1B3920BEDF12F09F8EF7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hE1y1mToN2n8Dqx3BW_2Qpdaae8.roa
Signing time:             Mon 20 May 2024 07:29:04 +0000
ROA not before:           Mon 20 May 2024 07:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212416
IP address blocks:        213.210.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:94:e7:69:ea:be:fd:1b:39:20:be:df:12:f0:9f:8e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 20 07:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=844d72d664e83769fc0eac77056ff642975a69ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:ed:b7:2d:66:cc:34:a6:0d:01:99:6d:a5:
                    ce:e3:51:63:63:0a:26:02:be:e5:3f:d6:89:56:d1:
                    95:14:94:5e:05:73:e2:cb:06:c5:c6:a8:b1:de:79:
                    25:e8:c0:4c:91:44:0d:80:9c:a4:e8:3d:35:6e:e6:
                    ce:48:18:e9:ce:6f:26:05:47:f1:cc:59:56:49:0e:
                    3c:50:65:7e:ef:b1:d2:92:6d:60:2a:56:98:69:32:
                    f5:49:11:3a:76:6e:21:36:a3:83:1f:2b:d0:f1:33:
                    fe:1d:81:d9:25:1b:ca:11:ff:49:5e:b3:81:ea:14:
                    9e:60:39:94:2c:e4:33:73:5f:f7:9a:2e:8e:c7:62:
                    ba:f4:56:87:0a:2b:fb:de:d2:7c:7b:87:33:8b:ab:
                    45:3c:27:7e:66:a0:69:f2:53:75:87:be:70:79:78:
                    92:ac:0d:e4:66:8b:2e:41:05:e6:e8:6b:19:c9:1d:
                    42:aa:af:c0:0c:1f:b4:74:28:5c:ef:bc:19:35:e2:
                    88:d7:fd:15:8d:17:c4:6f:37:7a:8f:9a:92:16:f3:
                    18:c9:75:da:a6:4c:37:7b:82:8d:e9:01:87:33:48:
                    00:47:ab:b1:19:c7:9c:f0:a6:a0:09:86:77:21:27:
                    03:65:d3:2f:b2:a5:5a:de:6a:82:c1:1e:c5:54:c2:
                    1c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:4D:72:D6:64:E8:37:69:FC:0E:AC:77:05:6F:F6:42:97:5A:69:EF
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/hE1y1mToN2n8Dqx3BW_2Qpdaae8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:47:6f:d3:3b:a7:a2:18:83:54:49:e8:bd:e2:d2:8e:7b:6c:
         d2:40:4c:7c:4a:0a:29:6e:56:b7:79:60:74:a2:66:b1:8e:72:
         e0:90:3e:32:0c:6f:05:1f:15:27:5e:c2:73:a2:51:29:9e:7a:
         58:31:de:f0:d8:42:8b:fb:88:46:32:2c:17:99:ea:bb:b3:7e:
         e3:c4:1d:36:be:24:7c:b3:43:ff:df:53:0f:53:56:37:91:fd:
         82:c6:ef:27:b9:01:85:fb:43:27:5b:d2:96:ce:31:92:7e:40:
         80:f2:87:a3:50:9e:75:7c:3e:aa:bf:21:26:51:35:72:d4:f1:
         60:31:99:c2:de:c2:3a:14:d7:83:ec:d3:2f:50:5a:d5:fb:d1:
         3e:a4:4f:56:a8:36:91:f4:b0:24:b1:fc:16:65:41:c7:ae:f4:
         a0:e1:ae:e0:32:1b:33:3f:4c:df:19:9f:96:3b:26:e0:22:6f:
         64:ac:60:a4:4a:5b:83:1f:8c:1f:78:da:56:5e:4f:cf:52:38:
         dd:e9:f8:85:92:42:f6:3f:a2:c1:ed:2b:68:b9:ad:c1:71:d6:
         38:ed:04:7f:da:49:7b:ab:ff:24:4a:87:60:d7:35:6f:e6:69:
         5f:db:73:1c:fb:eb:03:3b:58:e7:6e:f0:22:2d:da:e1:1a:52:
         38:bd:88:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+U52nqvv0bOSC+3xLwn473MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIwMDcyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDRkNzJkNjY0ZTgzNzY5ZmMwZWFjNzcwNTZmZjY0Mjk3NWE2OWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOrtty1mzDSmDQGZbaXO41FjYwom
Ar7lP9aJVtGVFJReBXPiywbFxqix3nkl6MBMkUQNgJyk6D01bubOSBjpzm8mBUfx
zFlWSQ48UGV+77HSkm1gKlaYaTL1SRE6dm4hNqODHyvQ8TP+HYHZJRvKEf9JXrOB
6hSeYDmULOQzc1/3mi6Ox2K69FaHCiv73tJ8e4czi6tFPCd+ZqBp8lN1h75weXiS
rA3kZosuQQXm6GsZyR1Cqq/ADB+0dChc77wZNeKI1/0VjRfEbzd6j5qSFvMYyXXa
pkw3e4KN6QGHM0gAR6uxGcec8KagCYZ3IScDZdMvsqVa3mqCwR7FVMIcxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRNctZk6Ddp/A6sdwVv9kKXWmnvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaEUxeTFtVG9OMm44RHF4M0JXXzJRcGRhYWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dI7MA0G
CSqGSIb3DQEBCwUAA4IBAQCQR2/TO6eiGINUSei94tKOe2zSQEx8Sgopbla3eWB0
omaxjnLgkD4yDG8FHxUnXsJzolEpnnpYMd7w2EKL+4hGMiwXmeq7s37jxB02viR8
s0P/31MPU1Y3kf2Cxu8nuQGF+0MnW9KWzjGSfkCA8oejUJ51fD6qvyEmUTVy1PFg
MZnC3sI6FNeD7NMvUFrV+9E+pE9WqDaR9LAksfwWZUHHrvSg4a7gMhszP0zfGZ+W
OybgIm9krGCkSluDH4wfeNpWXk/PUjjd6fiFkkL2P6LB7Stoua3BcdY47QR/2kl7
q/8kSodg1zVv5mlf23Mc++sDO1jnbvAiLdrhGlI4vYiN
-----END CERTIFICATE-----