Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zeSdVpv8-NqFpO8fCs1oEcSzOMs.roa
File:                     zeSdVpv8-NqFpO8fCs1oEcSzOMs.roa (raw, json)
Hash identifier:          rH+ycZ+MIMgTwMu1VBvK5UvaJMOPaBoU5YoUhBR1PfE=
Subject key identifier:   CD:E4:9D:56:9B:FC:F8:DA:85:A4:EF:1F:0A:CD:68:11:C4:B3:38:CB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0195F56D85A60EDF83039E5CDEA019596E15
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zeSdVpv8-NqFpO8fCs1oEcSzOMs.roa
Signing time:             Wed 02 Apr 2025 07:35:50 +0000
ROA not before:           Wed 02 Apr 2025 07:35:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        213.130.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f5:6d:85:a6:0e:df:83:03:9e:5c:de:a0:19:59:6e:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr  2 07:35:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cde49d569bfcf8da85a4ef1f0acd6811c4b338cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:81:b9:03:a1:53:d3:53:95:b9:dd:42:8a:ad:
                    71:59:ef:79:92:d1:1e:6b:3b:a0:16:1e:0a:97:da:
                    93:40:59:0c:67:83:d8:b2:16:5e:0a:f7:08:f1:86:
                    7c:b0:f3:1d:cd:42:95:ef:b2:fd:2e:49:4d:b7:c1:
                    a2:0a:60:1e:4b:24:b1:d0:e6:5b:87:0d:8d:2f:6f:
                    57:c5:74:22:2d:e6:46:a0:7d:a5:e8:08:9e:dc:58:
                    b3:1d:78:d3:5e:9d:a6:4b:49:c6:5d:cf:0e:6f:d6:
                    e5:13:16:ec:29:c7:38:44:36:a8:b3:01:a5:47:3c:
                    1f:d5:e5:de:00:53:19:e8:11:1e:a7:c0:fa:0a:ee:
                    3e:0f:2c:99:6c:59:6c:cf:c9:ae:15:66:f1:2c:5c:
                    e0:c9:be:82:70:b9:e0:5f:12:19:89:f7:36:bb:e1:
                    9f:da:34:32:96:e0:22:8f:27:97:fa:04:81:7d:72:
                    f6:5e:69:b5:6c:d8:a2:5c:c3:f9:72:51:f9:d0:ad:
                    76:ab:c4:bc:08:80:d7:60:85:07:f9:70:26:3f:65:
                    e1:0b:0f:15:ad:50:b7:82:e2:a5:6f:88:5b:06:fb:
                    90:7e:ee:2d:11:da:19:1a:49:5a:b4:42:df:f7:87:
                    0e:46:38:d8:fe:a2:b8:c3:55:36:89:a3:68:4e:7f:
                    82:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E4:9D:56:9B:FC:F8:DA:85:A4:EF:1F:0A:CD:68:11:C4:B3:38:CB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zeSdVpv8-NqFpO8fCs1oEcSzOMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:6e:8a:45:09:f6:04:fc:25:20:c4:87:41:2b:ca:99:24:83:
         88:44:5f:9d:aa:07:a9:25:47:f2:7a:42:3e:f8:6e:a3:46:5c:
         f0:2d:d7:e2:e2:09:fc:f9:8c:28:c2:c7:af:c7:e1:0d:19:e5:
         77:f4:0e:86:d1:eb:13:fb:d6:3f:69:7f:73:57:9e:63:31:bf:
         7a:14:1c:e5:da:ac:c9:7f:c3:cf:f1:d9:92:09:3c:5e:5e:fc:
         51:17:eb:dd:0a:dd:7a:76:59:bb:95:8e:68:5f:9c:4c:31:d3:
         c2:32:f6:85:0f:d8:93:69:a4:42:19:ea:77:29:8d:20:2a:54:
         e9:2d:70:67:51:30:6d:d7:94:f7:26:88:03:01:a1:2a:ca:01:
         8d:40:70:2f:17:c7:12:d8:d9:19:c1:f9:43:86:0b:11:51:44:
         42:7a:b6:f0:f1:0e:68:d3:c1:73:f0:64:0d:05:73:ca:06:03:
         27:d9:2d:5d:73:03:31:6e:8c:d7:1b:95:12:86:e1:f8:c1:af:
         2f:37:4e:29:3f:a5:0a:94:1e:d8:a2:9c:01:9e:dc:66:b7:d0:
         25:54:de:f2:0d:2b:d8:4a:b6:01:16:bd:f5:20:ab:04:65:34:
         14:1f:b4:85:46:23:d6:0b:44:c5:e6:50:e8:b8:fe:81:b9:c1:
         2c:0a:05:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX1bYWmDt+DA55c3qAZWW4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDAyMDczNTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGU0OWQ1NjliZmNmOGRhODVhNGVmMWYwYWNkNjgxMWM0YjMzOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4G5A6FT01OVud1Ciq1xWe95ktEe
azugFh4Kl9qTQFkMZ4PYshZeCvcI8YZ8sPMdzUKV77L9LklNt8GiCmAeSySx0OZb
hw2NL29XxXQiLeZGoH2l6Aie3FizHXjTXp2mS0nGXc8Ob9blExbsKcc4RDaoswGl
Rzwf1eXeAFMZ6BEep8D6Cu4+DyyZbFlsz8muFWbxLFzgyb6CcLngXxIZifc2u+Gf
2jQyluAijyeX+gSBfXL2Xmm1bNiiXMP5clH50K12q8S8CIDXYIUH+XAmP2XhCw8V
rVC3guKlb4hbBvuQfu4tEdoZGklatELf94cORjjY/qK4w1U2iaNoTn+C2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3knVab/PjahaTvHwrNaBHEszjLMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvemVTZFZwdjgtTnFGcE84ZkNzMW9FY1N6T01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKHMA0G
CSqGSIb3DQEBCwUAA4IBAQCYbopFCfYE/CUgxIdBK8qZJIOIRF+dqgepJUfyekI+
+G6jRlzwLdfi4gn8+Ywowsevx+ENGeV39A6G0esT+9Y/aX9zV55jMb96FBzl2qzJ
f8PP8dmSCTxeXvxRF+vdCt16dlm7lY5oX5xMMdPCMvaFD9iTaaRCGep3KY0gKlTp
LXBnUTBt15T3JogDAaEqygGNQHAvF8cS2NkZwflDhgsRUURCerbw8Q5o08Fz8GQN
BXPKBgMn2S1dcwMxbozXG5UShuH4wa8vN04pP6UKlB7YopwBntxmt9AlVN7yDSvY
SrYBFr31IKsEZTQUH7SFRiPWC0TF5lDouP6BucEsCgW2
-----END CERTIFICATE-----