Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/stmwvrgwiDmdW3yQ2RwpffxrdH4.roa
File:                     stmwvrgwiDmdW3yQ2RwpffxrdH4.roa (raw, json)
Hash identifier:          M6/5WudG9M2RGs+UORk0C0oFYuyuyD+dpSvZVoPEBkQ=
Subject key identifier:   B2:D9:B0:BE:B8:30:88:39:9D:5B:7C:90:D9:1C:29:7D:FC:6B:74:7E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143E516677BB7E7323DF7E34F8DF3CF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/stmwvrgwiDmdW3yQ2RwpffxrdH4.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        217.144.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e5:16:67:7b:b7:e7:32:3d:f7:e3:4f:8d:f3:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2d9b0beb83088399d5b7c90d91c297dfc6b747e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2b:a9:0e:33:89:3c:a1:7e:18:5b:76:43:21:
                    95:28:5a:55:34:5a:b2:7a:69:d7:4f:52:48:5f:1e:
                    47:20:49:39:29:dd:5f:70:70:aa:44:87:6c:6c:ba:
                    2d:4a:75:3a:a2:74:e4:f9:b9:1a:aa:84:e0:ec:f3:
                    cd:53:c2:87:90:6c:26:e8:9f:ec:0a:bd:ac:25:16:
                    ba:1e:79:b8:9c:0a:42:38:59:33:bf:fa:91:a1:6e:
                    30:fd:d7:1c:56:ea:09:20:93:58:27:e6:3a:c3:0a:
                    b5:98:e0:3e:98:7f:e8:71:f3:f4:88:2a:1e:dc:9b:
                    35:7c:70:96:76:7d:34:7c:19:4b:b4:fa:6e:2e:c5:
                    a5:c0:ad:7d:a5:41:f7:2f:a5:00:a2:8d:29:cf:d4:
                    f6:53:04:7b:35:88:23:70:1b:24:76:a5:ed:78:52:
                    8b:c1:cd:71:33:e2:4b:8b:cb:57:02:34:56:0d:b0:
                    37:cc:36:12:80:4f:7b:4f:d2:09:37:fc:e6:07:2f:
                    e4:be:46:7b:45:fd:29:09:f5:37:30:81:f3:38:bd:
                    68:63:de:fc:0f:d4:1b:a4:8e:02:41:e2:09:56:ba:
                    86:98:34:82:35:e3:4e:06:50:1d:28:cb:57:74:1a:
                    f8:92:2d:d8:55:d2:08:53:5b:67:43:d0:b4:78:3b:
                    0e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D9:B0:BE:B8:30:88:39:9D:5B:7C:90:D9:1C:29:7D:FC:6B:74:7E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/stmwvrgwiDmdW3yQ2RwpffxrdH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:40:60:f7:6f:90:60:f2:b9:67:cf:08:b8:a1:07:ad:ab:d6:
         67:67:b5:fb:40:1a:14:5b:2e:76:ad:f7:49:f3:36:23:7e:34:
         40:1d:9b:dd:77:71:ab:61:dc:7e:a7:e5:f7:d9:3e:bb:e4:90:
         5c:78:aa:ea:72:99:6e:36:78:82:fd:9c:b3:1b:06:98:3d:eb:
         60:51:04:c6:18:cd:58:e5:ce:97:0a:5a:33:bb:ab:03:64:4c:
         66:ec:63:6c:84:a3:2a:b5:0d:cb:95:11:3e:43:78:65:0b:c1:
         3d:2f:09:34:c4:ed:c1:87:94:27:49:1a:e3:01:01:51:3a:50:
         43:9c:26:3a:f9:ef:75:a8:9a:be:fa:6a:f8:20:0d:73:8d:1c:
         60:68:7b:f4:88:ec:64:f0:aa:56:3d:a0:ba:c4:f8:65:fb:e1:
         61:f7:6d:bd:7f:03:34:5f:e9:73:ac:bf:20:cc:14:2c:ce:f1:
         c6:8d:e9:64:7e:2a:c7:7f:4f:5f:39:75:1b:28:c9:a2:25:76:
         38:d5:29:95:44:1c:89:f2:8c:31:35:ee:dc:6f:6a:f5:4e:77:
         88:2a:be:8d:ed:3c:b1:1d:a8:9a:0f:a3:97:7c:c4:c7:6c:e0:
         ae:1d:46:52:ea:75:19:49:b9:5d:88:16:d8:a2:60:aa:70:48:
         56:0c:a8:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+UWZ3u35zI99+NPjfPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmQ5YjBiZWI4MzA4ODM5OWQ1YjdjOTBkOTFjMjk3ZGZjNmI3NDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCupDjOJPKF+GFt2QyGVKFpVNFqy
emnXT1JIXx5HIEk5Kd1fcHCqRIdsbLotSnU6onTk+bkaqoTg7PPNU8KHkGwm6J/s
Cr2sJRa6Hnm4nApCOFkzv/qRoW4w/dccVuoJIJNYJ+Y6wwq1mOA+mH/ocfP0iCoe
3Js1fHCWdn00fBlLtPpuLsWlwK19pUH3L6UAoo0pz9T2UwR7NYgjcBskdqXteFKL
wc1xM+JLi8tXAjRWDbA3zDYSgE97T9IJN/zmBy/kvkZ7Rf0pCfU3MIHzOL1oY978
D9QbpI4CQeIJVrqGmDSCNeNOBlAdKMtXdBr4ki3YVdIIU1tnQ9C0eDsO/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLZsL64MIg5nVt8kNkcKX38a3R+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc3Rtd3ZyZ3dpRG1kVzN5UTJSd3BmZnhyZEg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZCaMA0G
CSqGSIb3DQEBCwUAA4IBAQBPQGD3b5Bg8rlnzwi4oQetq9ZnZ7X7QBoUWy52rfdJ
8zYjfjRAHZvdd3GrYdx+p+X32T675JBceKrqcpluNniC/ZyzGwaYPetgUQTGGM1Y
5c6XClozu6sDZExm7GNshKMqtQ3LlRE+Q3hlC8E9Lwk0xO3Bh5QnSRrjAQFROlBD
nCY6+e91qJq++mr4IA1zjRxgaHv0iOxk8KpWPaC6xPhl++Fh9229fwM0X+lzrL8g
zBQszvHGjelkfirHf09fOXUbKMmiJXY41SmVRByJ8owxNe7cb2r1TneIKr6N7Tyx
HaiaD6OXfMTHbOCuHUZS6nUZSbldiBbYomCqcEhWDKgo
-----END CERTIFICATE-----