Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nLxKHNqN9fKE6nj46eBlef9JGKs.roa
File:                     nLxKHNqN9fKE6nj46eBlef9JGKs.roa (raw, json)
Hash identifier:          eEm8YTOx/SzRV/r6iT4EfGpQnSk3gxkOjdLQDzwgCcs=
Subject key identifier:   9C:BC:4A:1C:DA:8D:F5:F2:84:EA:78:F8:E9:E0:65:79:FF:49:18:AB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E7F6231AE3F137034D52D259648A2F39F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nLxKHNqN9fKE6nj46eBlef9JGKs.roa
Signing time:             Wed 27 Mar 2024 10:08:45 +0000
ROA not before:           Wed 27 Mar 2024 10:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        82.153.246.0/24 maxlen: 24
                          213.218.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:62:31:ae:3f:13:70:34:d5:2d:25:96:48:a2:f3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 27 10:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cbc4a1cda8df5f284ea78f8e9e06579ff4918ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d3:4d:82:27:27:a6:3c:6a:0c:ee:61:47:f0:
                    23:39:87:d5:ed:2b:4a:4a:a8:ed:c4:5b:03:4c:dd:
                    dc:15:ab:2f:07:05:42:e4:f6:e6:af:6c:5b:b1:d0:
                    50:8d:e4:02:52:8d:9f:ca:dd:a1:db:91:9b:66:dd:
                    7d:e0:b4:20:97:71:26:4d:68:0f:42:75:ea:c2:e0:
                    d9:6f:ec:e9:0d:4a:4e:6c:fe:91:c2:d2:2d:b6:de:
                    d8:e3:af:20:1e:07:e4:39:98:cc:e5:e9:a3:f7:f6:
                    a4:02:2b:00:a2:bc:c1:de:2a:2a:b0:46:44:ab:b0:
                    0b:a0:22:02:ad:5c:bc:c4:1f:57:f1:9f:a0:d1:1b:
                    af:a1:84:84:54:27:da:76:8f:f2:b8:8c:f7:1d:44:
                    24:91:ba:95:cf:f2:e3:d8:92:b4:f3:83:7a:59:3c:
                    6e:b1:46:ab:50:ae:b4:9d:4a:83:c7:b8:9f:26:12:
                    49:0f:c6:d3:28:e1:c5:9c:b0:2b:33:a5:e5:10:9d:
                    b3:e5:2b:45:33:dc:bf:b6:84:9e:b4:ca:4d:fe:b1:
                    d0:5d:db:5c:ce:db:9d:e3:45:08:ba:17:94:6d:b5:
                    c9:c7:aa:09:90:f0:70:1a:4c:5b:df:82:a6:31:ce:
                    bd:07:bf:0d:bb:f6:41:0e:84:68:74:1b:34:6b:cb:
                    d5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:BC:4A:1C:DA:8D:F5:F2:84:EA:78:F8:E9:E0:65:79:FF:49:18:AB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/nLxKHNqN9fKE6nj46eBlef9JGKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.246.0/24
                  213.218.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:9d:7a:1f:43:db:b6:74:76:d5:a3:59:24:47:d6:81:43:85:
         0d:12:d9:e1:71:3f:ac:65:8b:1b:23:b8:b2:4f:7a:5f:2a:b7:
         4c:f4:41:c0:31:f2:b2:ae:c6:e0:cf:69:e6:3a:4a:2e:7e:a5:
         b3:75:7e:1b:47:73:27:b9:96:d4:aa:96:7a:72:86:3e:2a:1b:
         91:15:f7:73:71:e3:67:bf:e5:85:6a:7b:4f:a8:87:4c:c5:f0:
         7e:71:f8:29:11:92:3e:d2:02:23:9b:0f:0f:f5:9d:e3:49:6a:
         75:91:f1:75:8c:01:75:b4:f7:ce:58:82:87:cc:db:3d:69:66:
         57:9c:a2:4f:c4:b3:27:d7:05:ff:80:56:e7:d7:87:06:04:14:
         7c:5c:7f:69:eb:7c:a3:ab:26:b1:6b:55:fc:3b:88:9d:a6:96:
         61:d1:2e:78:f9:40:d6:af:72:2c:95:d7:0c:a8:05:b9:f4:13:
         83:bc:6f:b9:e6:2b:e9:dd:66:f5:06:6c:e6:83:17:ba:98:ae:
         dd:c4:88:e0:13:68:de:86:9f:a2:47:a6:65:00:0f:15:6a:89:
         4b:0a:76:fc:15:26:25:6d:9d:ab:ba:1a:c0:7f:94:6c:c1:6f:
         92:65:18:60:0b:16:f4:1c:bc:c3:6c:70:50:8e:6c:16:2c:bb:
         2c:35:0a:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5/YjGuPxNwNNUtJZZIovOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI3MTAwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2JjNGExY2RhOGRmNWYyODRlYTc4ZjhlOWUwNjU3OWZmNDkxOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNNNgicnpjxqDO5hR/AjOYfV7StK
SqjtxFsDTN3cFasvBwVC5Pbmr2xbsdBQjeQCUo2fyt2h25GbZt194LQgl3EmTWgP
QnXqwuDZb+zpDUpObP6RwtIttt7Y468gHgfkOZjM5emj9/akAisAorzB3ioqsEZE
q7ALoCICrVy8xB9X8Z+g0RuvoYSEVCfado/yuIz3HUQkkbqVz/Lj2JK084N6WTxu
sUarUK60nUqDx7ifJhJJD8bTKOHFnLArM6XlEJ2z5StFM9y/toSetMpN/rHQXdtc
ztud40UIuheUbbXJx6oJkPBwGkxb34KmMc69B78Nu/ZBDoRodBs0a8vVPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJy8ShzajfXyhOp4+OngZXn/SRirMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbkx4S0hOcU45ZktFNm5qNDZlQmxlZjlKR0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpn2AwQA
1drzMA0GCSqGSIb3DQEBCwUAA4IBAQBdnXofQ9u2dHbVo1kkR9aBQ4UNEtnhcT+s
ZYsbI7iyT3pfKrdM9EHAMfKyrsbgz2nmOkoufqWzdX4bR3MnuZbUqpZ6coY+KhuR
FfdzceNnv+WFantPqIdMxfB+cfgpEZI+0gIjmw8P9Z3jSWp1kfF1jAF1tPfOWIKH
zNs9aWZXnKJPxLMn1wX/gFbn14cGBBR8XH9p63yjqyaxa1X8O4idppZh0S54+UDW
r3IsldcMqAW59BODvG+55ivp3Wb1Bmzmgxe6mK7dxIjgE2jehp+iR6ZlAA8VaolL
Cnb8FSYlbZ2ruhrAf5RswW+SZRhgCxb0HLzDbHBQjmwWLLssNQoh
-----END CERTIFICATE-----