Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uo4gXMowClQ3Np8gY8PFHd8Ux-Q.roa
File:                     uo4gXMowClQ3Np8gY8PFHd8Ux-Q.roa (raw, json)
Hash identifier:          Z9s+7r2P8IHof2g1Tj6PI7XJYidgLlg53enGyHmNGLg=
Subject key identifier:   BA:8E:20:5C:CA:30:0A:54:37:36:9F:20:63:C3:C5:1D:DF:14:C7:E4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421441AC22C6DC14C3BB8E3F35C578D1E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uo4gXMowClQ3Np8gY8PFHd8Ux-Q.roa
Signing time:             Wed 01 Jan 2025 09:48:18 +0000
ROA not before:           Wed 01 Jan 2025 09:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212762
IP address blocks:        109.176.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1a:c2:2c:6d:c1:4c:3b:b8:e3:f3:5c:57:8d:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba8e205cca300a5437369f2063c3c51ddf14c7e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:45:43:a1:4f:30:29:6b:70:f2:34:66:92:0c:
                    1f:e0:f6:25:89:56:73:69:df:7a:f4:7e:16:a9:a1:
                    2c:7b:af:e6:b7:95:6a:a8:41:0c:7b:26:1a:dc:31:
                    f3:25:c3:88:8c:eb:68:dd:c4:64:80:64:7e:91:c5:
                    84:76:d0:80:4b:74:e1:7d:e8:8b:f3:52:b6:3a:2d:
                    1d:76:f7:ee:bc:e3:1a:3f:6d:f4:ff:2f:c6:5b:a6:
                    01:70:3c:57:9d:d0:96:5f:7f:bd:ec:04:99:e5:d3:
                    89:8d:0e:33:d8:64:ce:2e:97:93:e8:17:4c:ef:27:
                    75:33:b5:21:f5:b1:45:5c:bd:42:f9:f1:8e:e6:92:
                    68:be:f1:86:82:6d:e9:b7:11:f2:44:8f:cd:b8:8a:
                    c7:e4:4e:f9:c5:12:ab:e3:97:ea:24:74:c6:ea:d3:
                    97:12:00:c2:22:4a:b3:11:ef:56:41:e7:c9:96:d4:
                    6c:11:72:c9:4a:1f:d2:50:90:cb:cf:4d:5a:56:d8:
                    17:25:e6:fa:8a:08:69:aa:89:60:f3:2f:12:c1:2b:
                    a2:02:8c:ec:38:4a:a4:d0:28:b8:11:37:86:61:e8:
                    bd:2a:fb:c1:cf:1d:76:e8:f9:7c:71:a7:71:ce:c8:
                    f8:85:63:32:b6:63:e1:13:2c:67:a8:28:57:c4:af:
                    b6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:8E:20:5C:CA:30:0A:54:37:36:9F:20:63:C3:C5:1D:DF:14:C7:E4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uo4gXMowClQ3Np8gY8PFHd8Ux-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:a6:11:5e:54:df:b3:2b:2d:8b:e3:66:10:0b:a5:94:b6:cc:
         19:1f:6f:e1:2b:74:09:ed:2f:87:dc:b8:b3:71:61:24:bc:42:
         06:4a:f3:6e:b3:8a:78:14:f4:7d:ed:b1:18:7a:62:c5:21:13:
         97:e9:eb:c2:1e:af:64:4d:37:21:94:ff:c3:9a:f1:07:08:6f:
         5c:b6:48:f1:f4:3f:55:3f:17:65:3d:db:ea:5f:5e:50:b6:b3:
         63:79:bc:04:99:8c:1e:cf:25:37:80:fe:aa:e1:5e:10:39:33:
         05:5c:a5:5b:b7:aa:4c:99:e5:04:22:ed:31:f5:df:fe:28:4d:
         1a:cc:2d:3b:61:8d:51:0e:00:7d:a5:42:ba:0e:b9:8f:a3:5f:
         f5:6c:58:a1:b9:1d:1a:06:1e:ce:6a:5d:7d:47:f8:68:3e:46:
         3f:2d:15:60:50:ae:55:46:5e:f1:87:99:b4:ef:86:83:7d:60:
         df:1e:f5:d1:5c:40:af:b8:55:ef:48:11:d2:5a:20:38:81:97:
         fe:8a:44:bb:a3:c6:69:ee:0c:d4:d3:03:47:d1:a7:7d:d3:cc:
         55:77:37:dc:9b:7a:0b:d3:c4:e4:a8:cf:48:00:84:0e:fc:66:
         1a:56:3f:62:ad:7c:83:8f:1c:77:b6:f0:e4:30:9b:3b:e5:ab:
         f1:5d:78:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBrCLG3BTDu44/NcV40eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYThlMjA1Y2NhMzAwYTU0MzczNjlmMjA2M2MzYzUxZGRmMTRjN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EVDoU8wKWtw8jRmkgwf4PYliVZz
ad969H4WqaEse6/mt5VqqEEMeyYa3DHzJcOIjOto3cRkgGR+kcWEdtCAS3ThfeiL
81K2Oi0ddvfuvOMaP230/y/GW6YBcDxXndCWX3+97ASZ5dOJjQ4z2GTOLpeT6BdM
7yd1M7Uh9bFFXL1C+fGO5pJovvGGgm3ptxHyRI/NuIrH5E75xRKr45fqJHTG6tOX
EgDCIkqzEe9WQefJltRsEXLJSh/SUJDLz01aVtgXJeb6ighpqolg8y8SwSuiAozs
OEqk0Ci4ETeGYei9KvvBzx126Pl8cadxzsj4hWMytmPhEyxnqChXxK+2zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqOIFzKMApUNzafIGPDxR3fFMfkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdW80Z1hNb3dDbFEzTnA4Z1k4UEZIZDhVeC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDKMA0G
CSqGSIb3DQEBCwUAA4IBAQAVphFeVN+zKy2L42YQC6WUtswZH2/hK3QJ7S+H3Liz
cWEkvEIGSvNus4p4FPR97bEYemLFIROX6evCHq9kTTchlP/DmvEHCG9ctkjx9D9V
PxdlPdvqX15QtrNjebwEmYwezyU3gP6q4V4QOTMFXKVbt6pMmeUEIu0x9d/+KE0a
zC07YY1RDgB9pUK6DrmPo1/1bFihuR0aBh7Oal19R/hoPkY/LRVgUK5VRl7xh5m0
74aDfWDfHvXRXECvuFXvSBHSWiA4gZf+ikS7o8Zp7gzU0wNH0ad908xVdzfcm3oL
08TkqM9IAIQO/GYaVj9irXyDjxx3tvDkMJs75avxXXjK
-----END CERTIFICATE-----