Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pnpGpz0mhdXjaOsrloMcd91ixk4.roa
File:                     pnpGpz0mhdXjaOsrloMcd91ixk4.roa (raw, json)
Hash identifier:          p4DS0ZB7dKOF9QlEH94bPppd7NGNzsODLZ5R7hVrQTI=
Subject key identifier:   A6:7A:46:A7:3D:26:85:D5:E3:68:EB:2B:96:83:1C:77:DD:62:C6:4E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01930D030615E1F20685DFE5D81C2E5405D8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pnpGpz0mhdXjaOsrloMcd91ixk4.roa
Signing time:             Fri 08 Nov 2024 18:22:02 +0000
ROA not before:           Fri 08 Nov 2024 18:22:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150698
IP address blocks:        82.153.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0d:03:06:15:e1:f2:06:85:df:e5:d8:1c:2e:54:05:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  8 18:22:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a67a46a73d2685d5e368eb2b96831c77dd62c64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:60:bd:bb:5f:81:de:f2:90:93:d1:af:6c:2c:
                    04:de:ae:e4:8f:fc:61:d3:98:f0:15:e0:d1:ca:42:
                    59:74:1d:57:5a:52:89:35:74:5c:cb:41:42:f7:2d:
                    ff:d4:d3:e8:a1:d5:c7:62:86:22:23:37:e4:be:59:
                    10:e6:4d:1a:9b:de:c9:0a:41:71:11:06:a8:e2:4c:
                    2c:9a:9c:53:f0:95:3c:c2:f1:d1:51:65:dc:35:8d:
                    3d:0a:09:6f:c7:e8:01:b5:07:f6:02:6d:63:64:bf:
                    d2:d5:3f:93:ac:36:0f:90:64:96:4e:fc:d6:db:a7:
                    ab:a6:d0:a2:b0:53:82:a2:db:25:4a:f8:3d:55:0c:
                    76:22:d6:cf:a3:ea:8d:f3:c0:94:2a:6f:ad:0f:9b:
                    30:c0:75:56:63:2a:6b:7a:bb:e3:c2:47:c1:47:7a:
                    e6:da:87:98:72:cc:62:54:63:1b:5f:3b:56:02:c0:
                    85:a3:2e:65:db:f0:ba:9d:c6:a0:6b:19:e6:2d:c1:
                    10:87:62:51:46:91:84:91:45:6d:5d:91:d4:96:f1:
                    bc:e0:3b:52:9e:30:41:02:e8:66:ad:4f:45:f7:6f:
                    7c:7f:38:8b:2c:e1:a4:ed:53:7d:fd:bb:f0:60:80:
                    67:bd:98:53:f7:98:78:da:0b:96:d3:96:84:1d:12:
                    9e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7A:46:A7:3D:26:85:D5:E3:68:EB:2B:96:83:1C:77:DD:62:C6:4E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pnpGpz0mhdXjaOsrloMcd91ixk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:9d:8c:ee:1d:68:ef:f0:53:04:78:1f:63:e6:c1:36:cf:07:
         17:80:b2:ea:43:47:c9:8a:eb:e8:a0:b2:41:77:fa:49:d8:84:
         d1:d2:fd:ea:9c:cf:80:28:c1:ed:e4:a5:87:d4:42:ac:44:34:
         e2:76:a3:c0:4e:ab:a2:65:5d:d2:6e:d3:62:b5:cd:da:99:68:
         d2:6e:68:c9:67:86:89:ab:06:7d:11:3f:26:b8:c1:80:40:42:
         dc:e1:62:3c:ef:3e:8d:86:dc:38:1f:c4:bf:12:be:bc:ec:a9:
         32:a0:68:15:18:42:41:10:4f:15:d5:31:d4:72:11:c5:7f:0a:
         4a:d2:3b:02:99:71:7d:a2:17:93:ba:60:dc:26:67:e1:58:6e:
         18:a3:82:46:98:8d:7d:1b:6a:5c:fe:b1:85:75:17:19:7b:36:
         f0:94:b4:e3:b7:03:91:99:72:e5:c2:a2:8b:1d:f1:c5:b8:7d:
         e5:81:0e:2a:5e:50:9c:4f:b0:55:64:12:a8:7f:79:aa:63:7f:
         8a:56:44:65:57:6b:29:8e:92:24:ec:b9:c0:91:29:cd:5d:37:
         71:68:e5:75:a9:1b:15:7b:d3:67:10:c1:4b:39:55:de:d0:8d:
         30:86:4d:ca:a4:fe:3d:d5:13:2c:4f:3b:1a:fa:9c:25:a1:9b:
         87:9f:01:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMNAwYV4fIGhd/l2BwuVAXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMTA4MTgyMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjdhNDZhNzNkMjY4NWQ1ZTM2OGViMmI5NjgzMWM3N2RkNjJjNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWC9u1+B3vKQk9GvbCwE3q7kj/xh
05jwFeDRykJZdB1XWlKJNXRcy0FC9y3/1NPoodXHYoYiIzfkvlkQ5k0am97JCkFx
EQao4kwsmpxT8JU8wvHRUWXcNY09Cglvx+gBtQf2Am1jZL/S1T+TrDYPkGSWTvzW
26erptCisFOCotslSvg9VQx2ItbPo+qN88CUKm+tD5swwHVWYyprervjwkfBR3rm
2oeYcsxiVGMbXztWAsCFoy5l2/C6ncagaxnmLcEQh2JRRpGEkUVtXZHUlvG84DtS
njBBAuhmrU9F9298fziLLOGk7VN9/bvwYIBnvZhT95h42guW05aEHRKePQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ6Rqc9JoXV42jrK5aDHHfdYsZOMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcG5wR3B6MG1oZFhqYU9zcmxvTWNkOTFpeGs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnxMA0G
CSqGSIb3DQEBCwUAA4IBAQCOnYzuHWjv8FMEeB9j5sE2zwcXgLLqQ0fJiuvooLJB
d/pJ2ITR0v3qnM+AKMHt5KWH1EKsRDTidqPATquiZV3SbtNitc3amWjSbmjJZ4aJ
qwZ9ET8muMGAQELc4WI87z6Nhtw4H8S/Er687KkyoGgVGEJBEE8V1THUchHFfwpK
0jsCmXF9oheTumDcJmfhWG4Yo4JGmI19G2pc/rGFdRcZezbwlLTjtwORmXLlwqKL
HfHFuH3lgQ4qXlCcT7BVZBKof3mqY3+KVkRlV2spjpIk7LnAkSnNXTdxaOV1qRsV
e9NnEMFLOVXe0I0whk3KpP491RMsTzsa+pwloZuHnwG/
-----END CERTIFICATE-----