Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vFvsLjOfdQC_0CckhCDzfus0OvU.roa
File:                     vFvsLjOfdQC_0CckhCDzfus0OvU.roa (raw, json)
Hash identifier:          Ft3GF/c3fSSFDZiTznYG9vWxgROOyhTEAu71MIWrBj4=
Subject key identifier:   BC:5B:EC:2E:33:9F:75:00:BF:D0:27:24:84:20:F3:7E:EB:34:3A:F5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E810496B70E0D14B07CDCCC616D44493C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vFvsLjOfdQC_0CckhCDzfus0OvU.roa
Signing time:             Wed 27 Mar 2024 17:45:45 +0000
ROA not before:           Wed 27 Mar 2024 17:45:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400799
IP address blocks:        212.38.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:81:04:96:b7:0e:0d:14:b0:7c:dc:cc:61:6d:44:49:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 27 17:45:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc5bec2e339f7500bfd027248420f37eeb343af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6a:07:c1:3a:eb:99:0e:93:5c:3f:a8:c8:43:
                    d8:9a:e4:82:d0:07:6c:18:fe:00:21:44:28:eb:2d:
                    bd:df:08:35:19:4f:65:d1:43:85:64:3e:47:b0:e3:
                    33:c5:f8:f3:ec:05:96:af:d8:64:7f:86:bd:a1:41:
                    7c:4b:c9:86:73:ce:ca:8d:c7:48:e5:0d:21:46:d3:
                    c6:2a:d1:be:38:7c:28:74:8f:54:65:0c:a4:b4:32:
                    26:23:3c:88:1a:8f:5d:57:71:f8:a5:2d:1d:f0:c8:
                    cc:04:a9:b1:96:bd:da:89:58:44:2e:dc:2a:3d:3d:
                    b5:15:93:08:cb:a3:d3:eb:80:1e:b7:4b:2a:99:31:
                    02:bc:6f:33:77:86:15:ce:cf:53:c1:38:68:a3:99:
                    6c:15:41:3e:57:1d:e2:6e:16:fb:4d:14:a2:33:99:
                    bb:29:36:9b:67:e4:2b:64:4a:01:be:4b:73:c0:65:
                    95:77:49:0b:f6:ea:b0:5c:b1:00:f8:fb:24:f2:ce:
                    82:65:dd:89:d7:ad:02:fd:61:01:bf:94:b1:c2:f3:
                    ff:31:ea:84:7f:72:41:24:70:23:80:55:43:1b:94:
                    da:1d:dc:c5:3c:52:c7:1b:a3:f7:84:a0:e3:36:fd:
                    35:6c:d9:61:2f:cd:d1:26:8d:61:e3:0f:d7:c9:59:
                    7f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:5B:EC:2E:33:9F:75:00:BF:D0:27:24:84:20:F3:7E:EB:34:3A:F5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vFvsLjOfdQC_0CckhCDzfus0OvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:1e:e3:08:7e:74:ea:5c:d1:20:ec:e1:62:3b:0e:ea:37:2e:
         33:25:d2:a3:2c:23:9e:cf:6d:83:22:90:25:24:e1:99:e8:62:
         c7:04:17:14:ec:8c:fe:44:70:66:c7:08:c5:7f:c4:ce:d7:c8:
         39:b3:c3:45:f0:88:6e:3e:f2:b0:c3:82:c6:90:04:81:a2:ef:
         5e:79:da:c7:3e:e2:0c:4f:b1:43:a6:78:e6:ba:60:37:24:59:
         ae:30:51:93:d5:89:8d:f0:8d:cf:38:b6:75:28:fd:ed:08:76:
         5d:88:a8:b4:d2:3f:d0:cf:08:f2:1f:db:5a:0d:42:dc:c5:2b:
         5e:69:70:6d:43:cc:84:77:c8:b3:d3:ee:a3:29:20:3b:1e:e7:
         34:28:a7:10:5b:08:2d:13:29:a1:1f:b9:cf:f3:e6:d7:0e:b4:
         15:98:a1:d5:e8:b2:97:06:60:fd:e6:52:3c:a9:44:16:dc:de:
         67:1c:44:e3:f5:66:bf:45:66:21:c8:2a:e5:7d:b7:4f:f7:25:
         d1:86:0a:9a:bf:24:6a:33:f7:e8:3d:8f:ea:ee:df:f5:4e:0f:
         49:ee:06:b5:1c:c5:f1:e1:ab:3d:e1:fa:e9:87:72:a9:78:74:
         e8:d3:ad:26:9d:d1:76:04:fb:54:ba:b8:81:28:a6:f0:91:0d:
         ff:ff:e0:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6BBJa3Dg0UsHzczGFtREk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI3MTc0NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzViZWMyZTMzOWY3NTAwYmZkMDI3MjQ4NDIwZjM3ZWViMzQzYWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWoHwTrrmQ6TXD+oyEPYmuSC0Ads
GP4AIUQo6y293wg1GU9l0UOFZD5HsOMzxfjz7AWWr9hkf4a9oUF8S8mGc87KjcdI
5Q0hRtPGKtG+OHwodI9UZQyktDImIzyIGo9dV3H4pS0d8MjMBKmxlr3aiVhELtwq
PT21FZMIy6PT64Aet0sqmTECvG8zd4YVzs9TwThoo5lsFUE+Vx3ibhb7TRSiM5m7
KTabZ+QrZEoBvktzwGWVd0kL9uqwXLEA+Psk8s6CZd2J160C/WEBv5SxwvP/MeqE
f3JBJHAjgFVDG5TaHdzFPFLHG6P3hKDjNv01bNlhL83RJo1h4w/XyVl/PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxb7C4zn3UAv9AnJIQg837rNDr1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdkZ2c0xqT2ZkUUNfMENja2hDRHpmdXMwT3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZRMA0G
CSqGSIb3DQEBCwUAA4IBAQBbHuMIfnTqXNEg7OFiOw7qNy4zJdKjLCOez22DIpAl
JOGZ6GLHBBcU7Iz+RHBmxwjFf8TO18g5s8NF8IhuPvKww4LGkASBou9eedrHPuIM
T7FDpnjmumA3JFmuMFGT1YmN8I3POLZ1KP3tCHZdiKi00j/QzwjyH9taDULcxSte
aXBtQ8yEd8iz0+6jKSA7Huc0KKcQWwgtEymhH7nP8+bXDrQVmKHV6LKXBmD95lI8
qUQW3N5nHETj9Wa/RWYhyCrlfbdP9yXRhgqavyRqM/foPY/q7t/1Tg9J7ga1HMXx
4as94frph3KpeHTo060mndF2BPtUuriBKKbwkQ3//+C8
-----END CERTIFICATE-----