Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xS-0xr9AMEC2d7642hCLO8YwQYc.roa
File:                     xS-0xr9AMEC2d7642hCLO8YwQYc.roa (raw, json)
Hash identifier:          tsLZatiweGXbEjNcG7V9lyaFnceQUtLTij6oEe7EZH4=
Subject key identifier:   C5:2F:B4:C6:BF:40:30:40:B6:77:BE:B8:DA:10:8B:3B:C6:30:41:87
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214430FA4DE002076F3601CBDDFDFF89
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xS-0xr9AMEC2d7642hCLO8YwQYc.roa
Signing time:             Wed 01 Jan 2025 09:48:24 +0000
ROA not before:           Wed 01 Jan 2025 09:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215672
IP address blocks:        82.153.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:30:fa:4d:e0:02:07:6f:36:01:cb:dd:fd:ff:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c52fb4c6bf403040b677beb8da108b3bc6304187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e5:d6:ea:2e:e9:54:ae:91:68:80:cd:52:4b:
                    f1:43:1b:74:a2:8f:d9:9a:9c:a8:ea:8a:1e:d1:a5:
                    51:d1:a6:53:ec:c9:72:a1:69:5d:c3:1b:b1:c7:c3:
                    89:48:6d:1c:d7:f6:0b:c5:ee:bd:24:25:5b:dd:a1:
                    3a:be:b1:84:ae:36:63:1c:90:33:0b:bc:6b:81:50:
                    db:3f:ff:0d:d1:43:15:77:7b:84:b3:f4:12:0b:a3:
                    e1:d5:af:4c:68:65:38:62:2f:a1:3d:11:d5:9b:1c:
                    b5:da:a9:f7:6e:01:92:94:83:7d:bf:aa:8a:eb:26:
                    08:81:fc:5a:5c:83:9d:a5:9b:1c:d1:17:dd:62:3d:
                    40:f1:c8:bf:f4:df:d3:0a:9a:db:08:db:81:e9:1c:
                    86:cb:7f:3c:31:9e:fb:d8:dd:24:eb:75:ce:02:f6:
                    28:8c:01:97:e5:8d:d0:6f:ed:40:ac:10:eb:0e:1d:
                    69:35:91:90:df:4c:4c:1d:92:88:e8:68:c4:ce:3d:
                    c4:b6:65:bd:8c:06:6c:3a:ea:ff:60:23:a5:89:e8:
                    92:33:87:2f:bd:ec:da:9a:f7:2c:4a:53:d2:f2:f7:
                    4c:0e:ba:7f:7c:3b:bc:dd:74:b2:20:f0:c2:18:3a:
                    ab:b0:87:f8:e7:d9:0c:16:ad:bd:13:2d:5e:40:2e:
                    93:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2F:B4:C6:BF:40:30:40:B6:77:BE:B8:DA:10:8B:3B:C6:30:41:87
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xS-0xr9AMEC2d7642hCLO8YwQYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:8d:80:c8:b0:c3:06:79:eb:35:a3:1d:19:08:ab:d5:7e:4d:
         17:7a:75:5b:c0:d5:bd:59:26:8a:dc:3f:02:72:02:7f:2f:e2:
         02:20:18:71:66:1a:b8:e3:fb:3e:09:82:7d:38:a2:e3:2a:ce:
         ad:b9:47:37:b0:3a:13:bc:0b:e5:84:b2:f5:c7:b6:05:7f:2f:
         b6:80:64:54:8b:04:df:3e:6a:cc:85:f0:24:44:09:6b:2c:29:
         aa:30:27:96:f3:52:a0:1d:7f:a5:18:80:1a:af:94:f9:23:c4:
         cf:2a:cb:14:05:84:f8:85:9d:a0:bc:56:ef:1f:d0:14:79:10:
         85:a5:36:77:6c:58:23:61:7a:7c:1c:34:08:b6:ec:08:54:38:
         84:58:29:80:9d:78:71:0a:8f:75:de:5e:04:6b:b8:ec:90:4a:
         c4:6f:36:1b:f9:88:c4:0e:2f:28:11:e1:c6:77:ab:08:15:8d:
         13:02:26:c0:c9:f6:8e:48:ed:6c:89:ad:38:96:c1:6c:44:01:
         5e:71:2e:0c:6f:03:51:bc:cf:11:2d:70:67:cd:50:f0:60:1d:
         4b:7f:65:b4:8d:11:f0:f5:1b:10:f2:69:2c:5e:d1:6d:7a:cb:
         f2:1f:73:1e:0f:7b:92:e6:33:a9:d1:73:43:7c:67:25:8d:46:
         5a:d1:b5:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDD6TeACB282Acvd/f+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJmYjRjNmJmNDAzMDQwYjY3N2JlYjhkYTEwOGIzYmM2MzA0MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+XW6i7pVK6RaIDNUkvxQxt0oo/Z
mpyo6ooe0aVR0aZT7MlyoWldwxuxx8OJSG0c1/YLxe69JCVb3aE6vrGErjZjHJAz
C7xrgVDbP/8N0UMVd3uEs/QSC6Ph1a9MaGU4Yi+hPRHVmxy12qn3bgGSlIN9v6qK
6yYIgfxaXIOdpZsc0RfdYj1A8ci/9N/TCprbCNuB6RyGy388MZ772N0k63XOAvYo
jAGX5Y3Qb+1ArBDrDh1pNZGQ30xMHZKI6GjEzj3EtmW9jAZsOur/YCOlieiSM4cv
vezamvcsSlPS8vdMDrp/fDu83XSyIPDCGDqrsIf459kMFq29Ey1eQC6T5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUvtMa/QDBAtne+uNoQizvGMEGHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveFMtMHhyOUFNRUMyZDc2NDJoQ0xPOFl3UVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmdMA0G
CSqGSIb3DQEBCwUAA4IBAQB9jYDIsMMGees1ox0ZCKvVfk0XenVbwNW9WSaK3D8C
cgJ/L+ICIBhxZhq44/s+CYJ9OKLjKs6tuUc3sDoTvAvlhLL1x7YFfy+2gGRUiwTf
PmrMhfAkRAlrLCmqMCeW81KgHX+lGIAar5T5I8TPKssUBYT4hZ2gvFbvH9AUeRCF
pTZ3bFgjYXp8HDQItuwIVDiEWCmAnXhxCo913l4Ea7jskErEbzYb+YjEDi8oEeHG
d6sIFY0TAibAyfaOSO1sia04lsFsRAFecS4MbwNRvM8RLXBnzVDwYB1Lf2W0jRHw
9RsQ8mksXtFtesvyH3MeD3uS5jOp0XNDfGcljUZa0bWy
-----END CERTIFICATE-----