Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ozN6qAe5TZMAMyds4tGSTkAnZuc.roa
File:                     ozN6qAe5TZMAMyds4tGSTkAnZuc.roa (raw, json)
Hash identifier:          jnm3FFHe3AhYJik+KkFTJQswssfMgZGDm9ydGprwSfY=
Subject key identifier:   A3:33:7A:A8:07:B9:4D:93:00:33:27:6C:E2:D1:92:4E:40:27:66:E7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0191D73744438813797FFD76356D4BCCDB29
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ozN6qAe5TZMAMyds4tGSTkAnZuc.roa
Signing time:             Mon 09 Sep 2024 14:36:49 +0000
ROA not before:           Mon 09 Sep 2024 14:36:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215523
IP address blocks:        217.145.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d7:37:44:43:88:13:79:7f:fd:76:35:6d:4b:cc:db:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Sep  9 14:36:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3337aa807b94d930033276ce2d1924e402766e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:33:b0:44:0d:07:40:6e:dd:bc:c1:4e:03:51:
                    40:3f:d9:cc:05:46:10:fe:17:97:55:19:44:4f:b9:
                    bd:13:70:d6:1c:11:3e:f3:b6:49:a8:ee:02:bb:9f:
                    b8:78:86:4c:29:1f:f6:d8:56:ed:74:b3:a5:08:f8:
                    57:83:0a:a6:68:d5:b5:a3:3c:db:1b:6b:75:cd:7e:
                    e1:89:77:92:99:2b:1a:2e:a3:2f:1f:68:be:91:dc:
                    2e:c7:ac:16:d7:ba:62:c8:24:b7:4e:30:73:ae:53:
                    37:34:a8:93:90:2d:fd:74:be:76:fa:be:73:79:3a:
                    59:3f:16:58:6a:bc:2c:9a:02:93:81:cc:b2:9c:5f:
                    08:9b:8b:72:04:af:4b:a7:e2:9d:d9:96:41:3a:b4:
                    cc:d7:db:2d:e1:49:1f:5b:70:57:68:2e:46:f6:ab:
                    65:19:c3:14:7c:a6:d7:bc:f2:b9:74:25:7b:85:d6:
                    3d:27:4d:cb:1a:2a:82:58:8a:6e:7d:63:09:40:4a:
                    ce:70:3e:42:55:cb:c2:c2:8e:c2:a7:76:0f:9f:e8:
                    16:d5:f3:02:f8:7d:aa:fe:82:11:55:0e:5a:4e:d3:
                    78:52:1d:82:7d:d6:bd:68:90:16:bc:5d:4a:a9:a7:
                    0c:e9:fa:b7:55:9a:bd:55:d8:f0:ed:f1:6a:1e:d4:
                    42:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:33:7A:A8:07:B9:4D:93:00:33:27:6C:E2:D1:92:4E:40:27:66:E7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ozN6qAe5TZMAMyds4tGSTkAnZuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:f9:c2:6e:6b:92:8f:6d:de:59:3f:d7:2f:07:36:d2:69:0d:
         2c:88:42:9e:9e:94:11:4d:57:18:f2:ff:28:ef:9b:0e:88:3e:
         be:85:17:8a:c1:b1:1a:4d:97:1f:a2:de:0f:4a:b9:21:a1:65:
         0c:bc:e7:65:83:82:64:f0:ba:d2:36:4a:90:0c:97:be:9f:0c:
         52:4d:16:0d:ff:6d:94:de:44:47:72:fa:4e:2d:a1:a8:64:32:
         69:1e:04:34:b1:ff:05:b5:f8:e9:a2:49:ae:76:e1:cc:9d:7a:
         c5:23:68:2f:4c:b4:6d:13:cd:1e:ab:a9:ed:10:5e:04:3a:27:
         3b:70:15:3e:53:20:ef:03:c4:df:a8:63:30:b7:91:1b:9b:4a:
         83:db:91:be:20:98:9f:f6:68:40:cb:9b:12:3c:86:ea:b7:3d:
         d5:86:e8:c8:34:ae:de:43:1a:70:90:54:6a:97:8b:6c:de:de:
         fa:d8:09:24:16:ac:c1:a6:7f:c3:c5:a5:d1:1d:9c:a7:df:54:
         34:75:87:bd:15:0f:77:34:f2:17:dc:0f:c8:c3:01:c5:35:ff:
         80:dd:6a:c3:d3:ab:cb:57:77:00:19:79:24:1f:86:10:cf:de:
         47:06:64:17:b5:10:91:13:f9:b2:74:5f:2b:b2:a4:92:b7:1e:
         6c:f2:83:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHXN0RDiBN5f/12NW1LzNspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTA5MTQzNjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzMzN2FhODA3Yjk0ZDkzMDAzMzI3NmNlMmQxOTI0ZTQwMjc2NmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzOwRA0HQG7dvMFOA1FAP9nMBUYQ
/heXVRlET7m9E3DWHBE+87ZJqO4Cu5+4eIZMKR/22FbtdLOlCPhXgwqmaNW1ozzb
G2t1zX7hiXeSmSsaLqMvH2i+kdwux6wW17piyCS3TjBzrlM3NKiTkC39dL52+r5z
eTpZPxZYarwsmgKTgcyynF8Im4tyBK9Lp+Kd2ZZBOrTM19st4UkfW3BXaC5G9qtl
GcMUfKbXvPK5dCV7hdY9J03LGiqCWIpufWMJQErOcD5CVcvCwo7Cp3YPn+gW1fMC
+H2q/oIRVQ5aTtN4Uh2Cfda9aJAWvF1KqacM6fq3VZq9Vdjw7fFqHtRCjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMzeqgHuU2TADMnbOLRkk5AJ2bnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb3pONnFBZTVUWk1BTXlkczR0R1NUa0FuWnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFMMA0G
CSqGSIb3DQEBCwUAA4IBAQCT+cJua5KPbd5ZP9cvBzbSaQ0siEKenpQRTVcY8v8o
75sOiD6+hReKwbEaTZcfot4PSrkhoWUMvOdlg4Jk8LrSNkqQDJe+nwxSTRYN/22U
3kRHcvpOLaGoZDJpHgQ0sf8FtfjpokmuduHMnXrFI2gvTLRtE80eq6ntEF4EOic7
cBU+UyDvA8TfqGMwt5Ebm0qD25G+IJif9mhAy5sSPIbqtz3VhujINK7eQxpwkFRq
l4ts3t762AkkFqzBpn/DxaXRHZyn31Q0dYe9FQ93NPIX3A/IwwHFNf+A3WrD06vL
V3cAGXkkH4YQz95HBmQXtRCRE/mydF8rsqSStx5s8oNz
-----END CERTIFICATE-----