Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sd0VuaafM4gdqDQd3xq5KNlrkPc.roa
File:                     sd0VuaafM4gdqDQd3xq5KNlrkPc.roa (raw, json)
Hash identifier:          Z+Vyb00OG/I7OP+V7sDyul2PdI+fOGVmWeL8mXIU/L4=
Subject key identifier:   B1:DD:15:B9:A6:9F:33:88:1D:A8:34:1D:DF:1A:B9:28:D9:6B:90:F7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FB3C99304925FD74E0ADEE3DF15B02118
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sd0VuaafM4gdqDQd3xq5KNlrkPc.roa
Signing time:             Sun 26 May 2024 07:24:42 +0000
ROA not before:           Sun 26 May 2024 07:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62390
IP address blocks:        109.176.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b3:c9:93:04:92:5f:d7:4e:0a:de:e3:df:15:b0:21:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1dd15b9a69f33881da8341ddf1ab928d96b90f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ba:ce:5f:b7:4c:89:3c:3d:59:21:43:c8:d7:
                    1c:fd:9b:27:46:55:d4:76:c1:0f:7e:26:66:a4:1b:
                    10:22:72:ae:4a:6e:06:2b:c1:46:ee:cc:9c:a5:aa:
                    d3:09:3a:4f:d1:b0:d5:ac:9c:05:10:3f:f2:6f:dd:
                    fe:48:df:db:1c:4c:4c:7d:ba:0c:ec:92:30:ee:15:
                    74:56:9e:57:dd:33:8d:5a:3e:1b:80:4b:5b:f2:77:
                    f3:99:e4:05:40:69:ba:e7:15:39:7e:8d:ef:51:e0:
                    ee:16:b9:68:8f:a7:a2:58:52:52:01:d5:76:3b:6a:
                    64:f6:ec:6c:20:61:76:d3:19:0a:88:be:f0:5d:1a:
                    07:81:a5:1e:28:ec:25:30:c8:c8:05:99:a7:b3:e8:
                    44:ed:91:a7:08:82:27:bb:78:30:3f:41:44:22:d0:
                    9c:29:22:09:4c:ae:1a:db:8c:94:01:b4:8b:34:7b:
                    87:da:59:4b:f9:ef:98:99:fa:ff:d0:e6:bd:e2:86:
                    f8:0a:95:fd:f3:b3:14:6d:af:bd:bb:76:e1:e0:f4:
                    2b:4e:ef:f3:57:93:c6:82:0a:5c:a1:52:cc:ef:0c:
                    75:ab:86:81:81:22:b3:22:39:8f:ce:31:39:e1:9a:
                    99:3e:80:64:c6:d2:02:62:01:45:bd:96:0d:58:18:
                    bb:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:DD:15:B9:A6:9F:33:88:1D:A8:34:1D:DF:1A:B9:28:D9:6B:90:F7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/sd0VuaafM4gdqDQd3xq5KNlrkPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:90:13:eb:5f:c3:d6:52:1f:39:93:04:9b:27:6e:a0:83:f9:
         fd:c6:e2:1f:ef:0c:4a:7a:85:7e:c2:54:c8:6b:71:a9:d1:a3:
         36:f5:6b:a4:6d:91:bf:a1:9d:b5:8f:cd:1b:44:d6:89:6c:cc:
         17:97:87:c2:d0:50:65:49:aa:c2:63:4e:fa:ce:90:d4:8a:72:
         89:ff:b0:f4:f5:6d:9e:b8:b1:6d:52:ce:28:28:bd:c9:2e:ca:
         7a:a2:f1:2b:06:2e:98:b3:51:7d:eb:27:f2:6c:d2:6d:0e:bf:
         9e:f1:a4:a5:1c:e1:33:89:35:c2:be:a4:03:9e:c8:7f:01:d1:
         41:48:1a:e8:cc:6e:02:d2:50:88:94:66:9b:4b:e1:73:d5:47:
         18:c2:e7:6c:c7:9c:6b:5e:3a:f4:9c:44:6b:8e:9e:79:69:c7:
         76:43:7d:cd:c7:cb:8d:9e:05:8e:fe:3e:4f:68:1c:c1:3e:f9:
         92:f6:cc:a9:71:2b:f1:09:a1:ab:26:67:50:9f:12:8a:37:88:
         f1:32:6b:cd:ff:a5:d0:50:50:89:74:03:8e:d2:20:73:1c:09:
         c1:fc:64:9f:ae:0c:76:11:3d:80:62:b5:f3:3b:51:7d:3e:cd:
         18:2a:45:32:fa:60:8e:54:40:31:1c:66:b3:00:82:57:73:83:
         f7:c4:89:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+zyZMEkl/XTgre498VsCEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI2MDcyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWRkMTViOWE2OWYzMzg4MWRhODM0MWRkZjFhYjkyOGQ5NmI5MGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbrOX7dMiTw9WSFDyNcc/ZsnRlXU
dsEPfiZmpBsQInKuSm4GK8FG7sycparTCTpP0bDVrJwFED/yb93+SN/bHExMfboM
7JIw7hV0Vp5X3TONWj4bgEtb8nfzmeQFQGm65xU5fo3vUeDuFrloj6eiWFJSAdV2
O2pk9uxsIGF20xkKiL7wXRoHgaUeKOwlMMjIBZmns+hE7ZGnCIInu3gwP0FEItCc
KSIJTK4a24yUAbSLNHuH2llL+e+Ymfr/0Oa94ob4CpX987MUba+9u3bh4PQrTu/z
V5PGggpcoVLM7wx1q4aBgSKzIjmPzjE54ZqZPoBkxtICYgFFvZYNWBi76QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHdFbmmnzOIHag0Hd8auSjZa5D3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc2QwVnVhYWZNNGdkcURRZDN4cTVLTmxya1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD2MA0G
CSqGSIb3DQEBCwUAA4IBAQB5kBPrX8PWUh85kwSbJ26gg/n9xuIf7wxKeoV+wlTI
a3Gp0aM29WukbZG/oZ21j80bRNaJbMwXl4fC0FBlSarCY076zpDUinKJ/7D09W2e
uLFtUs4oKL3JLsp6ovErBi6Ys1F96yfybNJtDr+e8aSlHOEziTXCvqQDnsh/AdFB
SBrozG4C0lCIlGabS+Fz1UcYwudsx5xrXjr0nERrjp55acd2Q33Nx8uNngWO/j5P
aBzBPvmS9sypcSvxCaGrJmdQnxKKN4jxMmvN/6XQUFCJdAOO0iBzHAnB/GSfrgx2
ET2AYrXzO1F9Ps0YKkUy+mCOVEAxHGazAIJXc4P3xIm9
-----END CERTIFICATE-----