Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/soXqp2GvgXzQk1EbXUjtWUZw1uA.roa
File:                     soXqp2GvgXzQk1EbXUjtWUZw1uA.roa (raw, json)
Hash identifier:          SElGhgpHGw1dm+51QG6k7uVsQ1rrIPp0pxjm3UaAGRE=
Subject key identifier:   B2:85:EA:A7:61:AF:81:7C:D0:93:51:1B:5D:48:ED:59:46:70:D6:E0
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019426A9DAB4BB180CB67951E35E42AEC6DF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/soXqp2GvgXzQk1EbXUjtWUZw1uA.roa
Signing time:             Thu 02 Jan 2025 10:57:33 +0000
ROA not before:           Thu 02 Jan 2025 10:57:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        82.152.12.0/24 maxlen: 24
                          213.130.138.0/24 maxlen: 24
                          213.218.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:a9:da:b4:bb:18:0c:b6:79:51:e3:5e:42:ae:c6:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  2 10:57:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b285eaa761af817cd093511b5d48ed594670d6e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:b8:b1:9a:0b:cb:0e:01:c6:bf:d7:ce:46:a2:
                    30:d8:d0:cc:48:97:8f:2f:87:cd:b1:92:12:64:a6:
                    d8:91:6f:e0:b0:e0:90:f4:c5:33:df:9f:d1:ea:92:
                    85:86:91:01:48:be:c8:1c:b9:e3:1e:f9:1e:0f:7a:
                    79:2c:f4:47:b1:08:ac:76:1a:7f:60:d0:ea:c6:24:
                    84:6a:08:99:00:c4:62:ca:e4:0b:3b:7f:c5:d7:ed:
                    cb:11:0f:3d:1d:46:ab:eb:6f:60:3f:65:82:2d:d8:
                    5e:6f:24:cc:77:1d:90:d3:97:cb:ba:7b:4f:25:02:
                    26:38:6e:e2:80:32:06:ee:2b:b1:a5:47:39:50:76:
                    15:66:f9:3a:1d:51:1a:ec:ff:d6:6e:a5:89:0e:e6:
                    38:dd:44:56:ac:f5:cf:d1:9a:2a:69:a7:f1:52:a0:
                    e7:1c:86:c3:ea:7c:68:e0:fc:3e:31:b3:1d:e7:8f:
                    ea:7e:4d:02:cc:56:69:5b:de:1d:f1:4c:23:cf:2a:
                    a7:04:13:1a:55:a8:05:fe:e9:d8:d0:47:e8:b8:1e:
                    f8:a6:7c:21:3b:72:b9:2f:03:4b:20:33:cd:fd:98:
                    bb:cc:a8:8e:08:62:c7:13:81:59:4b:70:d9:a6:18:
                    5d:7b:2b:1b:73:88:2d:11:4d:e6:51:43:64:e5:20:
                    3c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:85:EA:A7:61:AF:81:7C:D0:93:51:1B:5D:48:ED:59:46:70:D6:E0
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/soXqp2GvgXzQk1EbXUjtWUZw1uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.12.0/24
                  213.130.138.0/24
                  213.218.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:eb:23:b7:bf:24:97:ad:74:06:0b:c8:63:08:4a:33:5b:80:
         41:23:f1:67:7d:79:c0:0d:c3:9e:10:27:ec:51:80:f3:6e:3a:
         21:93:6a:fa:98:d4:23:b6:82:2c:8e:79:47:9b:fb:5a:ef:f9:
         08:c1:ec:34:3e:f0:f9:27:03:5d:9b:9d:6c:1d:a3:55:83:f5:
         04:97:30:b1:ed:2a:f8:c4:b7:48:e9:d3:7b:61:4e:5e:ca:d9:
         c6:b6:a0:a4:91:de:ee:08:1d:f8:e9:b0:c0:04:6a:2c:19:d2:
         15:51:68:98:7e:2a:45:fb:28:ac:24:f0:c7:0d:04:d2:4a:1d:
         7b:31:6f:ca:36:cf:76:e9:d1:74:67:ca:1c:d5:a6:99:71:a7:
         78:4f:6b:a1:cb:2f:8c:f6:0e:52:d7:b5:92:20:5e:c2:2c:d0:
         97:51:9e:26:12:35:68:fc:5b:46:7b:6c:99:a4:ee:91:5b:b8:
         d9:26:9a:92:ca:72:3b:4b:51:16:57:da:29:7a:ec:bb:40:50:
         0d:a0:4d:fa:58:9d:19:c8:65:e1:39:96:76:95:cc:e5:bc:17:
         1c:d8:5d:65:6c:f1:bc:49:ca:d0:d4:34:09:16:5a:da:57:78:
         c9:ce:25:07:ff:31:93:26:55:2f:5d:be:31:84:87:17:fc:42:
         a3:7d:f1:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQmqdq0uxgMtnlR415CrsbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAyMTA1NzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg1ZWFhNzYxYWY4MTdjZDA5MzUxMWI1ZDQ4ZWQ1OTQ2NzBkNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rixmgvLDgHGv9fORqIw2NDMSJeP
L4fNsZISZKbYkW/gsOCQ9MUz35/R6pKFhpEBSL7IHLnjHvkeD3p5LPRHsQisdhp/
YNDqxiSEagiZAMRiyuQLO3/F1+3LEQ89HUar629gP2WCLdhebyTMdx2Q05fLuntP
JQImOG7igDIG7iuxpUc5UHYVZvk6HVEa7P/WbqWJDuY43URWrPXP0ZoqaafxUqDn
HIbD6nxo4Pw+MbMd54/qfk0CzFZpW94d8UwjzyqnBBMaVagF/unY0EfouB74pnwh
O3K5LwNLIDPN/Zi7zKiOCGLHE4FZS3DZphhdeysbc4gtEU3mUUNk5SA82wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLKF6qdhr4F80JNRG11I7VlGcNbgMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc29YcXAyR3ZnWHpRazFFYlhVanRXVVp3MXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpgMAwQA
1YKKAwQA1drgMA0GCSqGSIb3DQEBCwUAA4IBAQBM6yO3vySXrXQGC8hjCEozW4BB
I/FnfXnADcOeECfsUYDzbjohk2r6mNQjtoIsjnlHm/ta7/kIwew0PvD5JwNdm51s
HaNVg/UElzCx7Sr4xLdI6dN7YU5eytnGtqCkkd7uCB346bDABGosGdIVUWiYfipF
+yisJPDHDQTSSh17MW/KNs926dF0Z8oc1aaZcad4T2uhyy+M9g5S17WSIF7CLNCX
UZ4mEjVo/FtGe2yZpO6RW7jZJpqSynI7S1EWV9opeuy7QFANoE36WJ0ZyGXhOZZ2
lczlvBcc2F1lbPG8ScrQ1DQJFlraV3jJziUH/zGTJlUvXb4xhIcX/EKjffGh
-----END CERTIFICATE-----