Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tJbSg0XF2Et00yyO_ZpLttgKgjk.roa
File:                     tJbSg0XF2Et00yyO_ZpLttgKgjk.roa (raw, json)
Hash identifier:          JeCW/sGUs15yNUDaFWO18m9eIUHo2xYXnpfJZJS7G2g=
Subject key identifier:   B4:96:D2:83:45:C5:D8:4B:74:D3:2C:8E:FD:9A:4B:B6:D8:0A:82:39
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0192777951AAFA309F25B8FC32A4984012F2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tJbSg0XF2Et00yyO_ZpLttgKgjk.roa
Signing time:             Thu 10 Oct 2024 17:28:12 +0000
ROA not before:           Thu 10 Oct 2024 17:28:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60117
IP address blocks:        109.176.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:77:79:51:aa:fa:30:9f:25:b8:fc:32:a4:98:40:12:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Oct 10 17:28:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b496d28345c5d84b74d32c8efd9a4bb6d80a8239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:52:49:f6:2d:b1:c3:83:91:8e:7e:fa:0b:05:
                    4d:27:76:eb:17:50:70:b5:40:6d:b5:e6:07:e4:f5:
                    e3:55:17:e8:a5:ab:e5:5b:6f:c5:1b:88:8c:3d:62:
                    16:84:d3:7f:bb:ad:46:8f:77:47:b3:91:ad:4e:51:
                    b8:de:2c:bd:ec:56:e5:93:65:df:7f:53:c5:01:df:
                    85:62:93:13:8b:dc:3c:24:0a:80:0b:00:b5:f0:ae:
                    18:1d:00:ce:c2:a4:b1:43:38:dc:cf:8b:c3:61:56:
                    87:57:29:4b:fe:cd:07:12:7d:ba:42:d6:99:2f:49:
                    05:c6:63:9a:b4:72:7e:ee:8c:41:ad:b7:e0:90:84:
                    ae:b2:47:1c:38:5c:94:9f:83:aa:d3:c2:5e:34:b3:
                    34:1c:a5:c9:90:69:ac:80:80:bb:d5:4a:bb:f0:67:
                    9e:75:2f:82:8e:bc:bb:fd:95:0f:ce:bb:c7:27:22:
                    d3:17:75:1c:ee:e9:5c:b3:12:77:fe:71:e6:70:34:
                    50:f4:9e:4d:dd:43:c8:74:d2:da:23:f0:8e:39:11:
                    52:e0:29:a1:5a:a3:33:53:1a:55:f8:ae:c7:80:26:
                    93:cf:22:08:1a:42:4e:ea:a2:d5:1c:0c:51:9b:5b:
                    32:c5:c0:94:c0:da:1f:07:c4:87:51:bd:38:49:1f:
                    03:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:96:D2:83:45:C5:D8:4B:74:D3:2C:8E:FD:9A:4B:B6:D8:0A:82:39
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/tJbSg0XF2Et00yyO_ZpLttgKgjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:af:e5:6d:d2:07:b5:7b:13:fa:28:c9:ff:75:dd:86:40:1d:
         ac:78:f3:e2:aa:0c:32:55:4a:5c:47:4d:93:00:7c:f4:55:8e:
         02:6e:7e:12:0c:19:51:99:49:4d:ae:4d:b5:7c:df:82:e6:08:
         74:da:25:c5:a3:11:4e:60:20:b9:a3:5b:41:cb:e6:e8:de:ca:
         79:c6:bb:96:b0:d7:3c:9c:60:71:4f:74:d6:7a:83:0d:ed:6d:
         46:22:95:a3:78:af:67:d9:5c:63:eb:fc:11:17:21:6a:03:17:
         a0:e9:e9:9a:9e:b8:18:c9:6a:7a:37:48:61:50:ba:f0:3d:f2:
         86:e6:7a:2b:c5:cb:36:59:f0:d9:fe:18:3a:59:5c:9c:2a:09:
         40:ee:2d:86:3e:8f:d7:78:eb:3e:d3:f8:09:cc:10:c2:73:70:
         61:05:81:76:af:20:c4:d0:50:2b:74:21:22:c0:19:4c:5e:db:
         e3:f4:5e:34:50:37:0e:f8:1f:6e:33:93:b9:5f:25:36:58:62:
         0d:0e:31:7a:c2:97:20:4d:ca:91:26:87:0d:ac:4d:9c:fd:71:
         99:75:0a:47:de:f7:8b:76:e3:82:f8:86:22:3d:11:68:0a:55:
         6a:55:c7:93:91:e5:b8:df:63:26:e2:c9:15:bb:a2:bb:da:bb:
         dd:5e:b4:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ3eVGq+jCfJbj8MqSYQBLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMDEwMTcyODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDk2ZDI4MzQ1YzVkODRiNzRkMzJjOGVmZDlhNGJiNmQ4MGE4MjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VJJ9i2xw4ORjn76CwVNJ3brF1Bw
tUBtteYH5PXjVRfopavlW2/FG4iMPWIWhNN/u61Gj3dHs5GtTlG43iy97Fblk2Xf
f1PFAd+FYpMTi9w8JAqACwC18K4YHQDOwqSxQzjcz4vDYVaHVylL/s0HEn26QtaZ
L0kFxmOatHJ+7oxBrbfgkISuskccOFyUn4Oq08JeNLM0HKXJkGmsgIC71Uq78Gee
dS+Cjry7/ZUPzrvHJyLTF3Uc7ulcsxJ3/nHmcDRQ9J5N3UPIdNLaI/COORFS4Cmh
WqMzUxpV+K7HgCaTzyIIGkJO6qLVHAxRm1syxcCUwNofB8SHUb04SR8DZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSW0oNFxdhLdNMsjv2aS7bYCoI5MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdEpiU2cwWEYyRXQwMHl5T19acEx0dGdLZ2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDBMA0G
CSqGSIb3DQEBCwUAA4IBAQCsr+Vt0ge1exP6KMn/dd2GQB2sePPiqgwyVUpcR02T
AHz0VY4Cbn4SDBlRmUlNrk21fN+C5gh02iXFoxFOYCC5o1tBy+bo3sp5xruWsNc8
nGBxT3TWeoMN7W1GIpWjeK9n2Vxj6/wRFyFqAxeg6emanrgYyWp6N0hhULrwPfKG
5norxcs2WfDZ/hg6WVycKglA7i2GPo/XeOs+0/gJzBDCc3BhBYF2ryDE0FArdCEi
wBlMXtvj9F40UDcO+B9uM5O5XyU2WGINDjF6wpcgTcqRJocNrE2c/XGZdQpH3veL
duOC+IYiPRFoClVqVceTkeW432Mm4skVu6K72rvdXrQd
-----END CERTIFICATE-----