Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xKacQEofk6ogzBq8Hr6neRK3f8c.roa
File:                     xKacQEofk6ogzBq8Hr6neRK3f8c.roa (raw, json)
Hash identifier:          KHja0jJe5tNZ2dTM8HeBnBQTX/IsRBEbPkKffgXcl74=
Subject key identifier:   C4:A6:9C:40:4A:1F:93:AA:20:CC:1A:BC:1E:BE:A7:79:12:B7:7F:C7
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018FBA4657859D48A118DF34E2D6200F1E24
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xKacQEofk6ogzBq8Hr6neRK3f8c.roa
Signing time:             Mon 27 May 2024 13:38:43 +0000
ROA not before:           Mon 27 May 2024 13:38:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215238
IP address blocks:        212.38.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ba:46:57:85:9d:48:a1:18:df:34:e2:d6:20:0f:1e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 27 13:38:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4a69c404a1f93aa20cc1abc1ebea77912b77fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:c6:bb:3a:bd:48:04:bc:84:10:ea:0e:29:8b:
                    67:aa:2e:3c:59:82:59:dc:8a:17:74:c9:cd:b9:c6:
                    9e:4b:13:09:a2:38:2b:bf:dd:f0:b7:a4:8d:d7:e0:
                    97:4d:9a:1c:0b:73:da:07:80:2b:ea:37:b0:61:c3:
                    e1:42:83:8f:8a:cd:88:25:71:66:5c:4e:b5:1c:1b:
                    c6:e9:37:78:45:14:41:10:e7:1e:bc:06:e2:37:4c:
                    b3:e2:9e:fe:b9:66:58:59:4f:db:5e:d8:e9:2d:9a:
                    2c:6c:00:e5:63:29:9d:2b:0e:7d:d0:81:5b:f5:0e:
                    12:65:2f:77:99:eb:bb:21:e7:37:81:89:69:c2:cd:
                    06:c7:b1:ab:7b:5b:f7:d6:c0:15:fd:52:dc:56:3f:
                    31:eb:4b:5c:ba:58:da:fe:27:af:be:81:2a:2b:3a:
                    67:71:64:2d:17:50:15:d5:11:fd:78:e1:04:d7:7b:
                    52:59:63:b6:30:c7:ec:2c:63:cc:3a:01:59:a5:61:
                    e8:38:26:81:43:86:46:bd:fd:4c:e0:f8:5b:a7:f8:
                    5d:5b:66:6e:4b:1c:57:89:17:4a:09:04:7c:f2:dc:
                    43:27:cc:ea:6f:c1:80:99:e0:13:fd:71:97:9b:d0:
                    f5:df:45:1b:9f:cc:d5:3f:69:4e:ef:64:b7:c5:c4:
                    af:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A6:9C:40:4A:1F:93:AA:20:CC:1A:BC:1E:BE:A7:79:12:B7:7F:C7
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xKacQEofk6ogzBq8Hr6neRK3f8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.38.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:b3:73:fa:a8:2c:32:d4:54:28:e3:36:ae:8e:be:e4:83:00:
         4d:41:82:9a:f2:71:31:d9:8c:eb:46:04:ac:06:39:ae:f7:6a:
         29:3f:1d:e6:bc:27:04:8d:de:54:95:cd:9d:b2:e2:e1:62:2e:
         95:b7:bf:f2:49:64:8f:60:42:59:2c:99:31:e4:ca:ee:23:c5:
         70:57:25:ea:43:45:80:a6:71:6b:71:07:55:7f:69:54:f9:7f:
         dc:dd:a8:a1:5c:81:09:32:16:35:d3:f4:7e:ee:a4:6e:c5:04:
         1f:a1:b5:39:ef:d5:36:15:b9:65:9e:71:d8:65:8b:e9:17:ce:
         75:40:70:bd:b7:88:22:d8:6d:b4:b7:8f:99:6b:f5:ba:59:6a:
         7c:ad:d3:c1:5a:f6:1d:5d:a2:ea:52:9d:d4:70:e8:f5:fd:e1:
         50:03:4f:73:5f:a2:61:16:10:8b:80:d4:e2:1b:c6:df:5f:fd:
         5d:d2:55:1c:ee:1a:5b:a3:2f:26:fd:05:bf:07:de:b9:3d:d5:
         e3:ef:23:e0:9e:da:33:93:16:2a:01:1e:36:53:19:4c:49:d7:
         8a:88:4b:ef:d8:e1:43:cf:72:a8:9f:4a:c1:6b:76:a6:8d:d1:
         32:cc:2f:6c:56:b1:50:be:90:c8:d1:12:71:dd:8c:86:2f:d3:
         04:a8:63:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+6RleFnUihGN804tYgDx4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI3MTMzODQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE2OWM0MDRhMWY5M2FhMjBjYzFhYmMxZWJlYTc3OTEyYjc3ZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ma7Or1IBLyEEOoOKYtnqi48WYJZ
3IoXdMnNucaeSxMJojgrv93wt6SN1+CXTZocC3PaB4Ar6jewYcPhQoOPis2IJXFm
XE61HBvG6Td4RRRBEOcevAbiN0yz4p7+uWZYWU/bXtjpLZosbADlYymdKw590IFb
9Q4SZS93meu7Iec3gYlpws0Gx7Gre1v31sAV/VLcVj8x60tculja/ievvoEqKzpn
cWQtF1AV1RH9eOEE13tSWWO2MMfsLGPMOgFZpWHoOCaBQ4ZGvf1M4Phbp/hdW2Zu
SxxXiRdKCQR88txDJ8zqb8GAmeAT/XGXm9D130Ubn8zVP2lO72S3xcSvrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSmnEBKH5OqIMwavB6+p3kSt3/HMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveEthY1FFb2ZrNm9nekJxOEhyNm5lUkszZjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CZYMA0G
CSqGSIb3DQEBCwUAA4IBAQArs3P6qCwy1FQo4zaujr7kgwBNQYKa8nEx2YzrRgSs
Bjmu92opPx3mvCcEjd5Ulc2dsuLhYi6Vt7/ySWSPYEJZLJkx5MruI8VwVyXqQ0WA
pnFrcQdVf2lU+X/c3aihXIEJMhY10/R+7qRuxQQfobU579U2FbllnnHYZYvpF851
QHC9t4gi2G20t4+Za/W6WWp8rdPBWvYdXaLqUp3UcOj1/eFQA09zX6JhFhCLgNTi
G8bfX/1d0lUc7hpboy8m/QW/B965PdXj7yPgntozkxYqAR42UxlMSdeKiEvv2OFD
z3Kon0rBa3amjdEyzC9sVrFQvpDI0RJx3YyGL9MEqGMe
-----END CERTIFICATE-----