Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r0XpZc7S20QpmL3LsEBqIQ_aAts.roa
File:                     r0XpZc7S20QpmL3LsEBqIQ_aAts.roa (raw, json)
Hash identifier:          +uhKNpNRQQgftkEOcfbkoPuSOOxcTOSpHHyhCyb5Hsk=
Subject key identifier:   AF:45:E9:65:CE:D2:DB:44:29:98:BD:CB:B0:40:6A:21:0F:DA:02:DB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144086E93F15464C0C4C752D7B8CB73
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r0XpZc7S20QpmL3LsEBqIQ_aAts.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207594
IP address blocks:        194.105.84.0/22 maxlen: 22
                          194.105.92.0/22 maxlen: 22
                          212.38.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:08:6e:93:f1:54:64:c0:c4:c7:52:d7:b8:cb:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af45e965ced2db442998bdcbb0406a210fda02db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:11:04:92:1a:c3:64:ec:3d:80:a8:d6:39:fa:
                    f5:00:82:24:64:59:d4:a9:ed:ab:d0:f3:0c:5b:9f:
                    df:d2:42:43:7d:2c:26:bf:6d:b1:e8:33:58:94:62:
                    53:b9:29:57:60:bf:f5:9d:f9:48:be:ca:94:a2:02:
                    9a:06:e4:72:d6:95:36:6e:87:cc:13:6a:10:c6:f3:
                    3d:c6:eb:7c:6f:ff:bf:86:a3:43:a1:8e:22:af:94:
                    a9:a3:43:5b:51:67:3b:58:64:90:5b:8d:b7:b0:10:
                    5d:d9:60:4f:b7:b7:3b:3a:c7:c9:ae:a5:ee:2d:2d:
                    43:1d:83:72:b9:2b:dd:3a:92:65:75:cf:23:8a:1e:
                    1b:12:d4:d1:0e:95:a4:9f:37:18:9a:bd:3c:3b:35:
                    3d:60:9b:e1:e8:6d:1b:e3:7f:a9:36:7e:3a:ad:c3:
                    02:eb:38:d2:e4:5a:66:9f:32:f5:a3:1b:bf:e5:e8:
                    d8:4e:51:1c:7c:05:4d:b3:a3:da:14:46:d3:ad:30:
                    d7:3f:83:31:d9:0a:d7:a7:8e:f1:64:da:df:9d:83:
                    c4:1b:b6:22:f7:ef:a6:88:3b:f4:12:eb:67:28:c0:
                    29:76:e8:7a:81:46:2f:1d:12:42:d4:9f:c0:3c:24:
                    30:8a:15:6c:19:fe:51:30:81:a3:7c:69:57:e7:ad:
                    1c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:45:E9:65:CE:D2:DB:44:29:98:BD:CB:B0:40:6A:21:0F:DA:02:DB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r0XpZc7S20QpmL3LsEBqIQ_aAts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.84.0/22
                  194.105.92.0/22
                  212.38.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:aa:e4:c9:61:d8:f4:f7:f3:ce:2c:75:20:de:a3:8d:c2:ec:
         61:23:9e:04:e1:2a:db:ca:b1:8e:cf:cb:f0:db:cc:12:8a:8a:
         de:4d:cc:78:93:e9:6e:b0:03:d7:9e:c9:3d:83:30:d9:cd:fa:
         ca:89:46:d2:ca:b0:a9:0a:0d:b1:2e:ad:8f:41:ec:39:0f:c3:
         b1:c2:68:47:0e:77:bd:98:c1:88:1b:52:d6:20:33:6a:12:35:
         1e:66:cd:71:4b:33:20:3e:fc:3e:de:c1:0b:da:4d:94:d4:64:
         e1:83:cd:d4:76:48:6f:a6:54:73:a0:e4:d3:ba:70:f2:c1:73:
         b0:50:4d:8b:50:2d:dd:de:64:bb:86:31:66:56:23:e6:22:8c:
         77:18:56:f2:63:a7:05:fb:12:6d:04:b0:9e:0b:10:86:57:98:
         bb:e0:4e:bc:b5:b0:f4:82:82:1a:9c:d1:c0:11:af:d3:ed:44:
         ad:63:27:e3:51:50:7d:85:5b:4c:29:25:b4:37:15:51:a8:dd:
         eb:b6:b3:42:2a:6e:65:49:af:45:21:e1:33:c1:df:1b:80:19:
         03:95:35:d8:c2:d4:79:3e:eb:ed:1e:8f:1c:fd:72:ef:3f:53:
         9f:80:2c:69:d8:a7:8f:bb:1a:f7:8d:90:f2:0c:90:b4:50:f3:
         47:70:ba:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRAhuk/FUZMDEx1LXuMtzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQ1ZTk2NWNlZDJkYjQ0Mjk5OGJkY2JiMDQwNmEyMTBmZGEwMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqREEkhrDZOw9gKjWOfr1AIIkZFnU
qe2r0PMMW5/f0kJDfSwmv22x6DNYlGJTuSlXYL/1nflIvsqUogKaBuRy1pU2bofM
E2oQxvM9xut8b/+/hqNDoY4ir5Spo0NbUWc7WGSQW423sBBd2WBPt7c7OsfJrqXu
LS1DHYNyuSvdOpJldc8jih4bEtTRDpWknzcYmr08OzU9YJvh6G0b43+pNn46rcMC
6zjS5FpmnzL1oxu/5ejYTlEcfAVNs6PaFEbTrTDXP4Mx2QrXp47xZNrfnYPEG7Yi
9++miDv0EutnKMApduh6gUYvHRJC1J/APCQwihVsGf5RMIGjfGlX560ciwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK9F6WXO0ttEKZi9y7BAaiEP2gLbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcjBYcFpjN1MyMFFwbUwzTHNFQnFJUV9hQXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCwmlUAwQC
wmlcAwQA1CZTMA0GCSqGSIb3DQEBCwUAA4IBAQA6quTJYdj09/POLHUg3qONwuxh
I54E4SrbyrGOz8vw28wSioreTcx4k+lusAPXnsk9gzDZzfrKiUbSyrCpCg2xLq2P
Qew5D8OxwmhHDne9mMGIG1LWIDNqEjUeZs1xSzMgPvw+3sEL2k2U1GThg83Udkhv
plRzoOTTunDywXOwUE2LUC3d3mS7hjFmViPmIox3GFbyY6cF+xJtBLCeCxCGV5i7
4E68tbD0goIanNHAEa/T7UStYyfjUVB9hVtMKSW0NxVRqN3rtrNCKm5lSa9FIeEz
wd8bgBkDlTXYwtR5PuvtHo8c/XLvP1OfgCxp2KePuxr3jZDyDJC0UPNHcLrt
-----END CERTIFICATE-----