Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oo4v2AJbpfn-XVl9asTfHcj7ykY.roa
File:                     oo4v2AJbpfn-XVl9asTfHcj7ykY.roa (raw, json)
Hash identifier:          OI1MN4N9cQNWpmhI5GPL2zL0/MzDHmFzBk1v5XIXhww=
Subject key identifier:   A2:8E:2F:D8:02:5B:A5:F9:FE:5D:59:7D:6A:C4:DF:1D:C8:FB:CA:46
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143EA5654A37CD336A1D375223DD5A7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oo4v2AJbpfn-XVl9asTfHcj7ykY.roa
Signing time:             Wed 01 Jan 2025 09:48:06 +0000
ROA not before:           Wed 01 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56594
IP address blocks:        217.145.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ea:56:54:a3:7c:d3:36:a1:d3:75:22:3d:d5:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a28e2fd8025ba5f9fe5d597d6ac4df1dc8fbca46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:84:80:42:39:02:ec:c6:43:a6:c1:01:de:32:
                    60:68:15:c8:aa:0b:27:de:ec:2c:70:c5:c0:e0:f1:
                    c2:cf:c0:e9:bb:78:2b:10:40:1b:cc:28:20:4c:cc:
                    c0:3e:60:4c:cc:9f:86:87:d2:b2:74:14:1a:bf:26:
                    41:5f:9e:c1:b3:7c:09:6d:f0:44:f5:9c:de:b1:64:
                    e3:b8:42:bf:b4:0a:8d:49:34:89:5b:a0:e9:c3:55:
                    5b:96:4b:4b:c6:18:9e:b4:c4:d8:85:8d:90:58:75:
                    65:f5:3b:2f:f0:08:26:33:3c:62:de:ac:d4:7b:c7:
                    0c:26:28:6b:83:c5:ac:06:87:8f:b9:12:4d:16:fc:
                    81:47:0d:9e:89:b8:c2:97:b0:66:50:cc:70:11:d1:
                    68:c6:c1:67:c2:2f:3c:9f:84:57:04:85:78:40:03:
                    20:0e:e4:9d:d3:d2:2f:ec:f8:59:49:42:87:b9:a2:
                    08:60:92:fa:2a:3d:14:8a:5c:8c:8a:01:13:3f:94:
                    04:e3:32:80:c5:06:5e:d7:47:a4:aa:12:d2:a1:20:
                    c5:56:fd:ec:8e:ca:d9:f3:21:08:dc:d4:22:c1:f4:
                    e0:91:d4:a0:04:f1:b1:d0:64:5d:a7:f1:cd:41:55:
                    96:a8:26:27:da:f9:56:fa:14:40:44:47:b3:56:f6:
                    8d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:8E:2F:D8:02:5B:A5:F9:FE:5D:59:7D:6A:C4:DF:1D:C8:FB:CA:46
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oo4v2AJbpfn-XVl9asTfHcj7ykY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:a2:fe:5f:3b:a1:10:31:7f:39:85:9c:da:a2:24:e4:55:9b:
         6d:56:ef:01:b0:68:c6:85:54:4f:52:c1:41:21:f3:cb:ab:e4:
         91:0f:f1:64:af:92:65:0a:0d:17:84:8a:69:87:62:da:66:2b:
         72:8b:2e:80:1c:88:36:c7:01:72:d3:31:42:23:fe:af:92:20:
         5b:04:3e:9a:97:44:52:18:52:3d:96:ef:bd:ea:19:1f:28:54:
         f9:73:ab:99:77:29:c0:e1:bb:4e:13:8b:32:d1:be:52:2d:07:
         55:7c:93:ff:f1:30:da:ee:ed:ac:44:b5:21:59:38:75:d3:2a:
         da:ad:96:cc:b4:78:db:90:f0:e7:4d:d6:d8:12:7d:a4:ad:37:
         7b:72:3b:aa:27:ff:d6:06:4a:89:e8:e3:49:3c:4d:e5:5c:48:
         83:b2:21:80:0b:98:24:15:4a:ec:bd:8d:97:b9:f3:78:7e:28:
         1e:70:2b:7f:2d:21:bf:5e:0d:07:c1:ac:7b:b5:b8:30:7c:aa:
         99:44:8f:35:98:87:5f:9b:32:53:06:9d:0d:41:18:fb:f0:7a:
         2a:73:c5:5d:fb:5c:38:d6:5f:10:42:83:ee:9a:f5:29:ff:17:
         14:12:92:24:34:d9:f6:53:42:ea:55:57:c7:0d:38:ad:5b:d8:
         9d:c9:c8:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+pWVKN80zah03UiPdWnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjhlMmZkODAyNWJhNWY5ZmU1ZDU5N2Q2YWM0ZGYxZGM4ZmJjYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArISAQjkC7MZDpsEB3jJgaBXIqgsn
3uwscMXA4PHCz8Dpu3grEEAbzCggTMzAPmBMzJ+Gh9KydBQavyZBX57Bs3wJbfBE
9ZzesWTjuEK/tAqNSTSJW6Dpw1VblktLxhietMTYhY2QWHVl9Tsv8AgmMzxi3qzU
e8cMJihrg8WsBoePuRJNFvyBRw2eibjCl7BmUMxwEdFoxsFnwi88n4RXBIV4QAMg
DuSd09Iv7PhZSUKHuaIIYJL6Kj0UilyMigETP5QE4zKAxQZe10ekqhLSoSDFVv3s
jsrZ8yEI3NQiwfTgkdSgBPGx0GRdp/HNQVWWqCYn2vlW+hRAREezVvaNpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKOL9gCW6X5/l1ZfWrE3x3I+8pGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb280djJBSmJwZm4tWFZsOWFzVGZIY2o3eWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFPMA0G
CSqGSIb3DQEBCwUAA4IBAQAKov5fO6EQMX85hZzaoiTkVZttVu8BsGjGhVRPUsFB
IfPLq+SRD/Fkr5JlCg0XhIpph2LaZityiy6AHIg2xwFy0zFCI/6vkiBbBD6al0RS
GFI9lu+96hkfKFT5c6uZdynA4btOE4sy0b5SLQdVfJP/8TDa7u2sRLUhWTh10yra
rZbMtHjbkPDnTdbYEn2krTd7cjuqJ//WBkqJ6ONJPE3lXEiDsiGAC5gkFUrsvY2X
ufN4figecCt/LSG/Xg0Hwax7tbgwfKqZRI81mIdfmzJTBp0NQRj78Hoqc8Vd+1w4
1l8QQoPumvUp/xcUEpIkNNn2U0LqVVfHDTitW9idychv
-----END CERTIFICATE-----