Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iTNMe8Zfr4ehq8OqN6OSyYQxHQA.roa
File:                     iTNMe8Zfr4ehq8OqN6OSyYQxHQA.roa (raw, json)
Hash identifier:          30KbuT9TV4l1uzfdINFkVQUVYkt+QtBNopNxx2kKQ9E=
Subject key identifier:   89:33:4C:7B:C6:5F:AF:87:A1:AB:C3:AA:37:A3:92:C9:84:31:1D:00
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019464A65CC7542656183A0368054C6CC8C1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iTNMe8Zfr4ehq8OqN6OSyYQxHQA.roa
Signing time:             Tue 14 Jan 2025 11:50:11 +0000
ROA not before:           Tue 14 Jan 2025 11:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199058
IP address blocks:        213.218.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:64:a6:5c:c7:54:26:56:18:3a:03:68:05:4c:6c:c8:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan 14 11:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89334c7bc65faf87a1abc3aa37a392c984311d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c1:6d:de:dc:1b:75:47:c0:db:0b:3d:c5:0d:
                    13:49:8b:13:9d:ec:b4:85:c4:54:f5:1a:18:29:93:
                    14:41:e7:6c:fe:b7:9b:1f:ea:77:f3:8e:ec:3f:00:
                    5b:c4:ca:1c:0a:8c:c3:55:3f:a1:28:0d:5e:95:3d:
                    f1:e3:91:25:01:4b:53:cf:77:55:30:c8:26:5e:ea:
                    5f:41:d9:cd:3a:04:12:3a:05:53:67:c0:32:ae:23:
                    ce:a3:a3:77:1c:9e:6c:ee:c6:95:76:c9:b9:74:0a:
                    29:43:67:49:4a:52:28:c9:cb:36:ad:b6:eb:d8:7f:
                    ff:92:20:bf:77:36:ca:89:31:60:02:7e:33:27:86:
                    49:23:b0:aa:7e:25:d1:8f:20:38:c9:c7:25:39:8a:
                    dd:50:8f:b1:2b:29:af:02:ed:29:c1:d7:ed:70:44:
                    d0:c1:8b:a6:47:da:06:d9:26:ec:e0:8a:56:a2:c1:
                    22:af:8f:8a:76:0e:f0:ab:8a:74:f2:17:c6:8f:12:
                    5a:5b:1a:1f:72:6d:41:c1:51:7d:b6:6e:51:cb:20:
                    4f:6c:a9:d0:22:0c:0e:3d:2b:02:c2:70:75:a0:4b:
                    b3:ef:28:a3:fa:97:f7:cc:f5:fd:af:73:7f:b9:56:
                    62:08:a4:6d:6d:99:12:a7:f7:7b:18:c8:76:6f:83:
                    81:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:33:4C:7B:C6:5F:AF:87:A1:AB:C3:AA:37:A3:92:C9:84:31:1D:00
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iTNMe8Zfr4ehq8OqN6OSyYQxHQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:31:b6:05:bd:c8:59:01:f9:a0:76:3a:99:fb:47:e4:13:d6:
         c6:c4:f2:38:c3:6f:26:b3:a6:b4:7a:44:5c:5e:5e:20:3c:df:
         f6:64:78:78:2d:10:e1:ac:e5:7b:2d:80:46:b3:4a:44:0a:e8:
         39:92:e3:13:6e:b1:26:02:59:db:2f:14:14:a9:87:b6:9a:f4:
         e2:61:bb:5e:d5:be:44:44:53:f2:02:58:35:23:8e:36:50:6e:
         be:1a:00:93:c4:b7:7b:9e:d8:0e:91:a8:58:4e:22:e6:12:56:
         a7:b5:ff:4b:42:01:14:40:99:4d:38:8e:0b:79:ec:43:db:88:
         7b:61:b6:d8:72:94:a7:55:37:9a:2e:3f:bd:93:1a:1d:6a:05:
         67:5d:2c:6f:5a:a2:cc:a0:5d:8c:2b:ab:c5:55:2b:d6:7b:46:
         b1:cb:bf:5b:89:8b:ed:3f:7d:05:bb:ec:80:1d:a3:49:94:8a:
         3d:0a:f4:71:3d:3f:ab:78:c7:1c:ea:22:a6:83:fe:e0:1c:56:
         94:62:c4:34:8f:5b:c8:9a:fa:1a:6d:6f:71:20:bf:9f:56:99:
         da:44:c3:3c:6f:c7:5d:ed:45:0b:8b:4f:50:40:4a:63:d5:0f:
         a8:28:bd:23:12:cf:be:0f:8e:e1:7e:bb:7e:42:b2:62:5d:2c:
         5f:ff:73:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRkplzHVCZWGDoDaAVMbMjBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTE0MTE1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMzNGM3YmM2NWZhZjg3YTFhYmMzYWEzN2EzOTJjOTg0MzExZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMFt3twbdUfA2ws9xQ0TSYsTney0
hcRU9RoYKZMUQeds/rebH+p3847sPwBbxMocCozDVT+hKA1elT3x45ElAUtTz3dV
MMgmXupfQdnNOgQSOgVTZ8AyriPOo6N3HJ5s7saVdsm5dAopQ2dJSlIoycs2rbbr
2H//kiC/dzbKiTFgAn4zJ4ZJI7CqfiXRjyA4ycclOYrdUI+xKymvAu0pwdftcETQ
wYumR9oG2Sbs4IpWosEir4+Kdg7wq4p08hfGjxJaWxofcm1BwVF9tm5RyyBPbKnQ
IgwOPSsCwnB1oEuz7yij+pf3zPX9r3N/uVZiCKRtbZkSp/d7GMh2b4OBOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkzTHvGX6+HoavDqjejksmEMR0AMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaVROTWU4WmZyNGVocThPcU42T1N5WVF4SFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drUMA0G
CSqGSIb3DQEBCwUAA4IBAQBkMbYFvchZAfmgdjqZ+0fkE9bGxPI4w28ms6a0ekRc
Xl4gPN/2ZHh4LRDhrOV7LYBGs0pECug5kuMTbrEmAlnbLxQUqYe2mvTiYbte1b5E
RFPyAlg1I442UG6+GgCTxLd7ntgOkahYTiLmElantf9LQgEUQJlNOI4LeexD24h7
YbbYcpSnVTeaLj+9kxodagVnXSxvWqLMoF2MK6vFVSvWe0axy79biYvtP30Fu+yA
HaNJlIo9CvRxPT+reMcc6iKmg/7gHFaUYsQ0j1vImvoabW9xIL+fVpnaRMM8b8dd
7UULi09QQEpj1Q+oKL0jEs++D47hfrt+QrJiXSxf/3Nw
-----END CERTIFICATE-----