Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/syHGYqFn4Yi8kLxy6yw6gCRugUY.roa
File:                     syHGYqFn4Yi8kLxy6yw6gCRugUY.roa (raw, json)
Hash identifier:          DlP64YHT7KjV5J9n+x9KnP9VNsYnRNL/d7Z+I9Vh3SU=
Subject key identifier:   B3:21:C6:62:A1:67:E1:88:BC:90:BC:72:EB:2C:3A:80:24:6E:81:46
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144098E1F2C873C127BAC9A8C9F1928
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/syHGYqFn4Yi8kLxy6yw6gCRugUY.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208328
IP address blocks:        81.168.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:09:8e:1f:2c:87:3c:12:7b:ac:9a:8c:9f:19:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b321c662a167e188bc90bc72eb2c3a80246e8146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4e:48:0e:83:42:b3:18:d6:39:7c:62:4d:fb:
                    bc:6d:a7:2a:48:b3:6b:ba:b9:70:a4:5c:3a:18:8d:
                    23:ca:2d:c7:85:6c:f8:14:37:35:fe:ca:5c:f7:49:
                    1b:e8:17:ed:f5:3f:ad:5b:71:19:36:4d:63:64:ba:
                    fb:18:97:29:8e:4a:95:e0:c8:ce:32:06:24:f3:a0:
                    70:2b:e4:84:59:36:b7:c4:55:10:b3:c6:5b:97:f7:
                    93:71:a4:3c:f8:b7:04:d4:c6:b2:63:c3:88:7f:ba:
                    f8:7d:54:83:66:4a:5f:7d:cf:3e:33:32:0a:91:92:
                    e2:e8:78:fc:6c:63:43:42:74:65:a0:70:44:22:d5:
                    eb:2f:8e:ef:c4:5a:73:de:73:87:c9:f1:4b:c1:69:
                    8f:08:41:ed:83:71:8a:07:b0:fd:58:42:b9:03:88:
                    a2:ad:fb:94:f2:9d:87:7e:ba:b8:29:3f:e6:7f:42:
                    ae:3c:c2:79:eb:5f:2d:da:48:aa:eb:4b:b1:1c:6d:
                    ca:ee:1c:83:a9:c2:6d:df:b4:ea:8c:b7:2f:f9:fd:
                    22:82:57:07:20:51:cb:85:de:cd:90:b2:fe:8a:b5:
                    f9:db:2a:60:22:1c:d7:0d:a3:f3:5f:f2:e0:6d:a7:
                    56:e8:51:d3:15:25:1f:1f:1a:24:96:75:43:6e:10:
                    5c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:21:C6:62:A1:67:E1:88:BC:90:BC:72:EB:2C:3A:80:24:6E:81:46
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/syHGYqFn4Yi8kLxy6yw6gCRugUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:ec:2f:d5:ad:8d:09:b9:47:c8:83:17:f4:93:02:fb:17:c1:
         a8:ef:30:d7:ee:33:a8:40:59:09:bf:7c:19:86:5a:57:c2:02:
         ca:ea:2e:c9:70:d3:d7:96:12:f0:04:86:70:0f:c3:52:42:43:
         0d:e3:ea:e3:ce:ad:aa:03:1d:9d:48:fa:d0:c3:f7:9e:b7:d7:
         c6:d6:25:76:7e:19:d5:e8:53:4d:d4:dc:02:d7:35:ef:34:b8:
         83:ad:0d:67:1a:18:85:61:68:ef:32:e9:21:3d:35:f4:f6:dc:
         bb:89:bd:61:03:7f:d8:f1:fc:b5:c1:ad:eb:0a:af:53:a4:f3:
         05:df:ca:92:19:bb:28:fe:c4:e2:31:b8:a7:af:0d:c1:29:c1:
         91:b0:bd:a7:fb:6e:bd:f0:78:e7:3e:f2:65:59:95:96:6f:d2:
         c1:84:e0:b0:b0:8b:f8:6c:59:ae:cc:bc:fb:fa:dc:04:cb:7e:
         dd:02:80:b1:ee:59:e9:a7:69:42:a0:29:48:e2:00:0d:1e:c3:
         5b:f4:9b:68:95:c6:3a:bf:a1:7f:07:75:b5:6b:03:6f:29:4f:
         15:0b:d4:16:77:bd:a6:7c:71:20:02:a0:7c:4c:49:c0:aa:36:
         1b:36:15:75:98:9c:50:98:4e:42:5e:08:3a:34:1a:15:42:b6:
         1f:89:b3:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAmOHyyHPBJ7rJqMnxkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzIxYzY2MmExNjdlMTg4YmM5MGJjNzJlYjJjM2E4MDI0NmU4MTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E5IDoNCsxjWOXxiTfu8bacqSLNr
urlwpFw6GI0jyi3HhWz4FDc1/spc90kb6Bft9T+tW3EZNk1jZLr7GJcpjkqV4MjO
MgYk86BwK+SEWTa3xFUQs8Zbl/eTcaQ8+LcE1MayY8OIf7r4fVSDZkpffc8+MzIK
kZLi6Hj8bGNDQnRloHBEItXrL47vxFpz3nOHyfFLwWmPCEHtg3GKB7D9WEK5A4ii
rfuU8p2Hfrq4KT/mf0KuPMJ5618t2kiq60uxHG3K7hyDqcJt37TqjLcv+f0iglcH
IFHLhd7NkLL+irX52ypgIhzXDaPzX/LgbadW6FHTFSUfHxoklnVDbhBc+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMhxmKhZ+GIvJC8cussOoAkboFGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvc3lIR1lxRm40WWk4a0x4eTZ5dzZnQ1J1Z1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUahTMA0G
CSqGSIb3DQEBCwUAA4IBAQA47C/VrY0JuUfIgxf0kwL7F8Go7zDX7jOoQFkJv3wZ
hlpXwgLK6i7JcNPXlhLwBIZwD8NSQkMN4+rjzq2qAx2dSPrQw/eet9fG1iV2fhnV
6FNN1NwC1zXvNLiDrQ1nGhiFYWjvMukhPTX09ty7ib1hA3/Y8fy1wa3rCq9TpPMF
38qSGbso/sTiMbinrw3BKcGRsL2n+2698HjnPvJlWZWWb9LBhOCwsIv4bFmuzLz7
+twEy37dAoCx7lnpp2lCoClI4gANHsNb9JtolcY6v6F/B3W1awNvKU8VC9QWd72m
fHEgAqB8TEnAqjYbNhV1mJxQmE5CXgg6NBoVQrYfibOj
-----END CERTIFICATE-----