Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m2wMj99b2dnNlYkzb5PJGt8b6wQ.roa
File:                     m2wMj99b2dnNlYkzb5PJGt8b6wQ.roa (raw, json)
Hash identifier:          mmn13XEBSGMrcyxOg9taRNGb7GA3pC0ImdusAjK0j7g=
Subject key identifier:   9B:6C:0C:8F:DF:5B:D9:D9:CD:95:89:33:6F:93:C9:1A:DF:1B:EB:04
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01924FAC0F27E5E2F81B9A04677B9320E850
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m2wMj99b2dnNlYkzb5PJGt8b6wQ.roa
Signing time:             Wed 02 Oct 2024 23:58:49 +0000
ROA not before:           Wed 02 Oct 2024 23:58:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        82.153.159.0/24 maxlen: 24
                          213.130.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4f:ac:0f:27:e5:e2:f8:1b:9a:04:67:7b:93:20:e8:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct  2 23:58:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b6c0c8fdf5bd9d9cd9589336f93c91adf1beb04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:aa:40:5d:a0:b5:9e:2d:5f:f1:e8:f3:ae:
                    c4:93:37:85:44:46:3e:e1:e2:7d:0c:5d:23:06:fd:
                    78:f4:b0:4d:6f:4e:6a:8d:96:2c:64:37:fb:63:7e:
                    50:ef:8d:ff:ab:9b:91:70:69:77:eb:53:71:67:ce:
                    6e:79:ec:8e:8f:60:a2:f9:f4:d6:ef:18:fe:4e:0f:
                    24:94:88:16:2e:34:13:10:84:7a:84:d7:4f:1f:cf:
                    8f:ef:74:66:ed:29:2d:5f:6e:4f:a2:aa:ed:e6:f7:
                    0e:2a:12:69:cb:0c:81:19:58:ef:4e:eb:c9:d1:64:
                    4b:92:47:fd:14:e2:0c:18:e2:05:e0:1c:57:7b:0c:
                    e8:81:9b:a4:02:87:39:3d:0c:01:7f:38:40:85:80:
                    46:bb:ba:7e:62:b8:de:4b:40:22:62:0b:c9:d9:e3:
                    eb:16:5e:cd:69:f5:fb:6e:98:46:6d:6e:96:2b:fc:
                    2b:87:5a:23:9b:3f:53:d8:d7:5d:37:a0:41:eb:8d:
                    64:db:d6:3b:f9:24:7f:34:71:39:14:05:8e:59:cf:
                    39:dc:17:d6:f3:ca:7f:3e:0c:06:ed:48:a8:c5:06:
                    7d:75:e5:cf:0e:bb:cb:b7:40:64:2c:fe:8f:d1:fe:
                    4e:7d:71:65:f4:a7:01:26:d1:30:08:d7:75:41:b2:
                    7a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:6C:0C:8F:DF:5B:D9:D9:CD:95:89:33:6F:93:C9:1A:DF:1B:EB:04
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m2wMj99b2dnNlYkzb5PJGt8b6wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.159.0/24
                  213.130.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a9:e3:d3:c0:e0:4c:eb:5e:35:6b:d6:dc:86:73:fb:9b:40:
         2a:86:8d:d7:ea:1b:d6:83:89:d1:ba:ab:4a:50:63:00:2d:1c:
         45:97:fb:8c:4e:5d:8a:80:ed:03:55:cf:ce:48:d8:e2:e7:4f:
         24:d0:72:95:78:a6:91:f5:a8:61:83:8f:96:da:4b:fb:56:bc:
         50:e8:8a:df:54:14:af:24:da:f1:8f:68:46:a5:74:c8:d2:17:
         97:a9:f0:fa:b8:c2:41:27:dd:92:15:23:eb:3c:81:97:cb:4e:
         48:1d:d5:8f:f1:f4:f6:6e:21:91:00:f3:60:f9:e2:69:9c:c5:
         79:9f:29:7e:80:7d:31:a5:3f:bd:b4:99:ae:fc:83:60:b3:ad:
         65:58:20:c1:84:84:e3:15:96:af:b8:9a:9c:91:e4:2c:05:0e:
         01:b3:f7:9d:24:02:a6:a7:19:83:20:98:97:22:5b:a3:d0:5d:
         4a:3c:8a:f1:d2:d9:9e:88:6f:09:5a:ec:3a:08:97:80:b3:f6:
         73:da:0c:8a:92:a8:df:90:d0:7a:c9:a6:a4:a9:2c:f2:69:01:
         d1:ee:d0:06:a4:ef:67:68:b4:12:95:1b:3a:41:a7:c3:2e:21:
         9e:ff:19:95:5d:aa:7f:95:14:a4:52:6b:ab:65:9a:bb:ca:da:
         f5:54:2d:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJPrA8n5eL4G5oEZ3uTIOhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDAyMjM1ODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjZjMGM4ZmRmNWJkOWQ5Y2Q5NTg5MzM2ZjkzYzkxYWRmMWJlYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMSqQF2gtZ4tX/Ho867EkzeFREY+
4eJ9DF0jBv149LBNb05qjZYsZDf7Y35Q743/q5uRcGl361NxZ85ueeyOj2Ci+fTW
7xj+Tg8klIgWLjQTEIR6hNdPH8+P73Rm7SktX25Poqrt5vcOKhJpywyBGVjvTuvJ
0WRLkkf9FOIMGOIF4BxXewzogZukAoc5PQwBfzhAhYBGu7p+YrjeS0AiYgvJ2ePr
Fl7NafX7bphGbW6WK/wrh1ojmz9T2NddN6BB641k29Y7+SR/NHE5FAWOWc853BfW
88p/PgwG7UioxQZ9deXPDrvLt0BkLP6P0f5OfXFl9KcBJtEwCNd1QbJ6MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJtsDI/fW9nZzZWJM2+TyRrfG+sEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbTJ3TWo5OWIyZG5ObFlremI1UEpHdDhiNndRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpmfAwQA
1YKXMA0GCSqGSIb3DQEBCwUAA4IBAQCcqePTwOBM6141a9bchnP7m0Aqho3X6hvW
g4nRuqtKUGMALRxFl/uMTl2KgO0DVc/OSNji508k0HKVeKaR9ahhg4+W2kv7VrxQ
6IrfVBSvJNrxj2hGpXTI0heXqfD6uMJBJ92SFSPrPIGXy05IHdWP8fT2biGRAPNg
+eJpnMV5nyl+gH0xpT+9tJmu/INgs61lWCDBhITjFZavuJqckeQsBQ4Bs/edJAKm
pxmDIJiXIluj0F1KPIrx0tmeiG8JWuw6CJeAs/Zz2gyKkqjfkNB6yaakqSzyaQHR
7tAGpO9naLQSlRs6QafDLiGe/xmVXap/lRSkUmurZZq7ytr1VC20
-----END CERTIFICATE-----