Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vrIrcFeyX2H-gd6F70U022Var4Q.roa
File:                     vrIrcFeyX2H-gd6F70U022Var4Q.roa (raw, json)
Hash identifier:          Fo4KAsqUdLanQ4EkpLVvAf4cG/X1KduL90sAM6nCvH4=
Subject key identifier:   BE:B2:2B:70:57:B2:5F:61:FE:81:DE:85:EF:45:34:DB:65:5A:AF:84
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421443660448B6031E53FF4DA80821441
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vrIrcFeyX2H-gd6F70U022Var4Q.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216200
IP address blocks:        109.176.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:36:60:44:8b:60:31:e5:3f:f4:da:80:82:14:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=beb22b7057b25f61fe81de85ef4534db655aaf84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f6:e7:1e:24:1b:d5:13:83:67:9e:32:a5:72:
                    ef:bd:ab:1a:0a:c9:e9:6c:0f:4f:a4:36:a4:f8:b1:
                    36:c1:a2:19:75:2b:0f:28:c0:d4:1a:73:d5:13:f0:
                    ed:a7:39:9d:63:43:d8:15:0c:71:4b:13:c4:6f:be:
                    18:1e:16:ef:db:4e:6c:54:62:d1:86:ab:f6:10:c9:
                    aa:9f:b2:0d:8f:a6:bd:29:58:a3:f2:4c:d5:54:fb:
                    a2:a4:53:a6:e0:8a:12:f0:08:5c:da:77:12:fe:3a:
                    63:fd:3f:9d:17:94:55:fe:d9:9b:ad:ab:f9:59:81:
                    1f:b3:bf:b8:22:ec:46:ef:ce:78:69:d0:d9:81:68:
                    94:84:db:4e:db:51:5c:53:88:9f:95:b9:99:58:10:
                    bb:de:d9:4e:ea:2b:55:7c:25:be:28:c3:28:bc:d4:
                    20:3e:73:6b:3e:c5:32:50:9d:53:20:01:a4:58:9f:
                    be:4f:bb:86:36:f3:96:0c:06:2f:1d:3e:d8:1e:0b:
                    d4:66:3c:12:ae:f2:f8:4b:86:09:fa:65:90:1a:3b:
                    e4:30:92:d6:68:31:10:57:22:25:cf:72:19:cb:89:
                    eb:74:6c:64:09:32:2d:ea:2e:bf:70:b6:a7:d3:48:
                    41:6a:d9:c5:2c:5a:7f:aa:58:07:74:93:fb:0b:f7:
                    74:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B2:2B:70:57:B2:5F:61:FE:81:DE:85:EF:45:34:DB:65:5A:AF:84
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vrIrcFeyX2H-gd6F70U022Var4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:74:da:34:84:71:45:be:20:3b:ad:34:cd:c3:d5:df:c8:10:
         52:10:b0:bc:cb:64:a1:0c:d6:42:df:43:2b:f4:3b:7c:e2:c9:
         0f:ae:f1:53:73:76:b8:95:c4:12:b8:90:65:41:7f:c7:39:b2:
         ec:6f:a4:2d:ca:27:ff:37:ee:28:79:4b:a4:a6:1c:66:3b:b0:
         dc:ef:a6:4c:87:ea:bc:f6:43:5c:1d:e9:44:b0:05:a1:78:1e:
         28:2a:80:77:53:15:8c:33:d3:d8:90:b3:97:aa:66:37:04:44:
         b6:c9:58:82:dc:02:9a:45:72:b0:c8:23:78:08:28:62:5a:b1:
         98:ba:d7:d2:da:e7:0a:71:99:b4:89:f1:51:31:1d:3a:20:1e:
         95:33:b3:9b:fc:f8:ea:2b:3f:8c:d9:c7:8c:5b:ce:2a:ba:df:
         19:e4:c8:a2:b5:bf:32:52:02:7c:7a:90:52:86:ff:70:2a:40:
         e5:01:a5:18:92:ac:e7:d2:de:c3:90:36:11:36:e3:13:68:5d:
         49:aa:02:a8:6b:3b:35:82:84:e5:2e:62:c5:c1:a0:43:70:d1:
         b2:92:e5:75:ac:43:57:11:ef:08:8b:1a:1d:fb:eb:36:bb:65:
         b1:8a:65:8c:be:9f:10:fb:83:7b:cf:09:7e:2b:31:ac:4a:5d:
         03:ac:94:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDZgRItgMeU/9NqAghRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWIyMmI3MDU3YjI1ZjYxZmU4MWRlODVlZjQ1MzRkYjY1NWFhZjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PbnHiQb1RODZ54ypXLvvasaCsnp
bA9PpDak+LE2waIZdSsPKMDUGnPVE/DtpzmdY0PYFQxxSxPEb74YHhbv205sVGLR
hqv2EMmqn7INj6a9KVij8kzVVPuipFOm4IoS8Ahc2ncS/jpj/T+dF5RV/tmbrav5
WYEfs7+4IuxG7854adDZgWiUhNtO21FcU4iflbmZWBC73tlO6itVfCW+KMMovNQg
PnNrPsUyUJ1TIAGkWJ++T7uGNvOWDAYvHT7YHgvUZjwSrvL4S4YJ+mWQGjvkMJLW
aDEQVyIlz3IZy4nrdGxkCTIt6i6/cLan00hBatnFLFp/qlgHdJP7C/d0jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6yK3BXsl9h/oHehe9FNNtlWq+EMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdnJJcmNGZXlYMkgtZ2Q2RjcwVTAyMlZhcjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDwMA0G
CSqGSIb3DQEBCwUAA4IBAQAOdNo0hHFFviA7rTTNw9XfyBBSELC8y2ShDNZC30Mr
9Dt84skPrvFTc3a4lcQSuJBlQX/HObLsb6Qtyif/N+4oeUukphxmO7Dc76ZMh+q8
9kNcHelEsAWheB4oKoB3UxWMM9PYkLOXqmY3BES2yViC3AKaRXKwyCN4CChiWrGY
utfS2ucKcZm0ifFRMR06IB6VM7Ob/PjqKz+M2ceMW84qut8Z5Miitb8yUgJ8epBS
hv9wKkDlAaUYkqzn0t7DkDYRNuMTaF1JqgKoazs1goTlLmLFwaBDcNGykuV1rENX
Ee8Iixod++s2u2WximWMvp8Q+4N7zwl+KzGsSl0DrJQY
-----END CERTIFICATE-----