Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iP2LmZutd_1JhcNlpr0dGyYb81E.roa
File:                     iP2LmZutd_1JhcNlpr0dGyYb81E.roa (raw, json)
Hash identifier:          mnLImU+rca9+p5d3dVJVYeB2553Gr3nZd1NXp0tLBjE=
Subject key identifier:   88:FD:8B:99:9B:AD:77:FD:49:85:C3:65:A6:BD:1D:1B:26:1B:F3:51
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190DBF7A90CC0729CE6F681C6E62F95C31F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iP2LmZutd_1JhcNlpr0dGyYb81E.roa
Signing time:             Mon 22 Jul 2024 19:42:39 +0000
ROA not before:           Mon 22 Jul 2024 19:42:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135402
IP address blocks:        89.213.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:f7:a9:0c:c0:72:9c:e6:f6:81:c6:e6:2f:95:c3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul 22 19:42:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88fd8b999bad77fd4985c365a6bd1d1b261bf351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1f:03:6e:f6:21:37:d7:73:2e:d8:d1:c7:b5:
                    f4:b7:62:6e:68:74:66:14:0e:7f:a0:26:d1:68:94:
                    18:bf:8e:4e:3f:1e:de:ff:cf:0b:80:98:09:ff:7b:
                    c7:e0:c4:0e:e0:26:24:d6:83:0b:03:d2:22:ab:65:
                    b4:a6:3c:ad:51:ce:d5:2e:3b:b5:01:43:bb:25:5d:
                    0a:68:42:52:d9:a1:e7:7d:ca:9e:91:54:93:01:79:
                    84:24:a4:33:70:05:cf:26:44:12:e0:d4:6d:20:c3:
                    1b:c2:ec:94:58:8e:c6:38:c1:6f:67:29:4b:1b:d7:
                    a1:4d:3c:5e:3f:0d:2e:19:8c:e7:e2:f7:90:20:49:
                    38:b8:4d:07:9d:5c:7c:1a:e9:02:27:84:53:55:09:
                    a6:c6:ae:cf:05:3f:37:c6:d3:74:15:cb:24:ed:6b:
                    24:43:aa:27:15:7a:dd:2a:a7:fd:7b:1b:33:ec:5d:
                    51:18:a7:88:3f:02:4a:5c:69:ad:06:60:43:ae:80:
                    6f:41:87:e4:d3:db:fd:6b:4f:ca:c6:09:90:69:8c:
                    b0:98:0f:88:4a:b1:18:6d:4f:d2:b0:f4:e5:2c:00:
                    c5:1a:63:97:62:cc:d7:88:0d:e4:5f:ed:8b:de:64:
                    0f:59:de:d6:8e:cd:ef:84:be:4f:8a:60:3d:7d:f9:
                    7c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:FD:8B:99:9B:AD:77:FD:49:85:C3:65:A6:BD:1D:1B:26:1B:F3:51
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iP2LmZutd_1JhcNlpr0dGyYb81E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:31:a9:ed:63:43:a3:a7:5a:f6:5b:75:b2:75:3f:79:be:df:
         ef:ba:c3:d0:31:53:9c:fb:7a:76:07:5b:e4:73:ab:58:fc:00:
         b9:a1:b4:c8:ee:7d:b8:f7:54:ac:11:80:f5:b4:5f:73:8b:32:
         27:b3:00:c5:b1:f5:fa:a5:d3:c9:48:5d:8b:03:50:84:2d:0f:
         40:ba:2c:0b:79:65:f8:63:e4:59:a2:1e:aa:97:5d:e1:d0:6a:
         86:c6:da:d8:63:69:95:a4:2b:1c:69:0b:1b:62:8d:a5:3f:11:
         f9:a3:12:fe:5a:7b:40:2e:34:5a:1c:c9:21:13:6a:c3:89:91:
         19:03:9f:d2:7a:d4:c1:e0:75:1e:9d:db:e1:b2:15:8d:95:22:
         63:c5:be:e1:a1:ab:a3:29:dc:0e:16:c0:71:3c:cc:51:0f:89:
         79:6e:a1:6a:e6:88:a5:31:1b:3f:27:53:b7:06:14:89:2f:ec:
         9e:08:5c:53:d8:64:00:44:6a:6a:32:78:08:27:77:09:a1:11:
         37:90:7c:da:b1:9b:d4:bf:35:cc:59:32:d4:97:e6:03:06:92:
         1f:25:2b:5d:9c:ef:14:81:e9:06:63:cb:1e:66:f1:57:9d:74:
         6f:b9:3d:62:33:21:db:ef:ca:3d:0d:9e:df:be:74:9b:6b:85:
         38:eb:b8:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDb96kMwHKc5vaBxuYvlcMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNzIyMTk0MjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGZkOGI5OTliYWQ3N2ZkNDk4NWMzNjVhNmJkMWQxYjI2MWJmMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR8DbvYhN9dzLtjRx7X0t2JuaHRm
FA5/oCbRaJQYv45OPx7e/88LgJgJ/3vH4MQO4CYk1oMLA9Iiq2W0pjytUc7VLju1
AUO7JV0KaEJS2aHnfcqekVSTAXmEJKQzcAXPJkQS4NRtIMMbwuyUWI7GOMFvZylL
G9ehTTxePw0uGYzn4veQIEk4uE0HnVx8GukCJ4RTVQmmxq7PBT83xtN0Fcsk7Wsk
Q6onFXrdKqf9exsz7F1RGKeIPwJKXGmtBmBDroBvQYfk09v9a0/KxgmQaYywmA+I
SrEYbU/SsPTlLADFGmOXYszXiA3kX+2L3mQPWd7Wjs3vhL5PimA9ffl87wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj9i5mbrXf9SYXDZaa9HRsmG/NRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaVAyTG1adXRkXzFKaGNObHByMGRHeVliODFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXFMA0G
CSqGSIb3DQEBCwUAA4IBAQBJMantY0Ojp1r2W3WydT95vt/vusPQMVOc+3p2B1vk
c6tY/AC5obTI7n2491SsEYD1tF9zizInswDFsfX6pdPJSF2LA1CELQ9AuiwLeWX4
Y+RZoh6ql13h0GqGxtrYY2mVpCscaQsbYo2lPxH5oxL+WntALjRaHMkhE2rDiZEZ
A5/SetTB4HUendvhshWNlSJjxb7hoaujKdwOFsBxPMxRD4l5bqFq5oilMRs/J1O3
BhSJL+yeCFxT2GQARGpqMngIJ3cJoRE3kHzasZvUvzXMWTLUl+YDBpIfJStdnO8U
gekGY8seZvFXnXRvuT1iMyHb78o9DZ7fvnSba4U467jx
-----END CERTIFICATE-----