Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0ugZG49ys9Q55P42CrLX8odiQr4.roa
File:                     0ugZG49ys9Q55P42CrLX8odiQr4.roa (raw, json)
Hash identifier:          uZkcoE8QFnVFu/qU3y3obS9NmU8d2RH6mwnvUE+5PbI=
Subject key identifier:   D2:E8:19:1B:8F:72:B3:D4:39:E4:FE:36:0A:B2:D7:F2:87:62:42:BE
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01967B916E1F74A84823061C3223689CA394
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0ugZG49ys9Q55P42CrLX8odiQr4.roa
Signing time:             Mon 28 Apr 2025 08:44:10 +0000
ROA not before:           Mon 28 Apr 2025 08:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150770
IP address blocks:        213.218.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 14:57:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:91:6e:1f:74:a8:48:23:06:1c:32:23:68:9c:a3:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 28 08:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2e8191b8f72b3d439e4fe360ab2d7f2876242be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f6:ca:ed:3d:cf:f4:f8:75:57:2c:a5:1b:8b:
                    e8:20:c1:28:8c:3c:fb:8c:75:af:38:61:fd:d2:50:
                    c2:5c:3b:8f:b9:bf:22:ec:fb:7e:b2:82:30:9d:f9:
                    76:31:74:22:f4:c0:0c:07:24:46:8f:e8:b0:ab:7d:
                    a0:9b:99:06:d0:11:c4:61:a1:e6:9f:83:4e:42:68:
                    72:40:b0:ca:19:36:7d:e2:af:67:49:e6:41:8e:9a:
                    b4:53:98:6d:74:86:f0:20:fd:50:5e:32:b5:a2:61:
                    8a:58:ca:ff:78:e2:98:fa:ee:61:c3:31:0c:91:07:
                    7f:be:d1:70:03:ac:3b:46:30:d7:ae:c4:84:28:1c:
                    04:61:95:7f:a6:a3:ad:e5:7c:dc:6b:ec:ae:38:d1:
                    8c:9c:8b:23:94:e5:4b:45:f1:b3:88:be:b6:a3:77:
                    53:41:34:71:df:39:d7:cd:5a:ac:e5:77:fc:ab:b0:
                    5f:67:fa:d2:62:3d:c0:3d:75:2a:5c:c1:b5:e6:02:
                    52:81:0f:a7:8a:ea:da:4a:ae:f9:b5:64:6e:1c:5c:
                    a5:dd:f3:83:d6:08:18:82:cc:0e:bc:e7:25:79:38:
                    27:10:82:b9:e2:2a:83:00:20:2d:d6:5b:0d:a9:8b:
                    d8:c5:a3:72:d4:ee:fe:66:e0:35:de:78:20:8e:9b:
                    74:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E8:19:1B:8F:72:B3:D4:39:E4:FE:36:0A:B2:D7:F2:87:62:42:BE
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0ugZG49ys9Q55P42CrLX8odiQr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:d2:63:72:ea:90:0f:9f:d6:f0:4b:01:6d:09:90:b0:98:e5:
         de:bd:f3:fa:7a:85:3b:6e:ac:28:61:2f:02:8c:b8:29:ce:f1:
         6b:32:08:42:21:0b:d7:08:10:2c:73:14:2d:3c:ef:8b:ca:c5:
         2e:b2:52:3a:e7:a0:03:bf:93:bb:97:69:13:1d:24:de:d1:97:
         05:7c:a5:4d:8c:8f:6f:24:a4:ba:d4:19:05:85:17:a5:f7:f6:
         25:cc:26:d3:b9:31:38:82:b6:f0:76:7e:c7:ae:fd:ee:07:fa:
         8b:ce:22:9e:a6:f9:a0:00:4a:74:2b:86:ce:33:b0:d0:0a:80:
         5d:e4:5a:b3:66:c5:23:6c:d4:95:59:a0:0e:05:a0:f4:0f:89:
         ce:7f:8d:a1:a0:f9:15:11:48:bb:b2:0c:7a:7d:71:ff:e1:51:
         4a:49:25:2e:10:2a:5b:7c:28:ce:48:a5:4a:b6:f3:68:4d:ec:
         0b:3c:4c:ac:cf:a3:4f:57:eb:0d:3d:08:11:48:5f:3c:18:23:
         99:f6:8d:98:e8:b6:64:f5:e3:60:96:a8:36:0c:05:81:ea:23:
         b8:68:a7:c7:c2:67:74:70:07:ac:b4:6a:57:d2:0c:bf:85:05:
         81:90:01:20:93:47:28:a2:14:03:70:54:be:09:fe:60:16:71:
         c1:0d:9c:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7kW4fdKhIIwYcMiNonKOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI4MDg0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU4MTkxYjhmNzJiM2Q0MzllNGZlMzYwYWIyZDdmMjg3NjI0MmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvbK7T3P9Ph1VyylG4voIMEojDz7
jHWvOGH90lDCXDuPub8i7Pt+soIwnfl2MXQi9MAMByRGj+iwq32gm5kG0BHEYaHm
n4NOQmhyQLDKGTZ94q9nSeZBjpq0U5htdIbwIP1QXjK1omGKWMr/eOKY+u5hwzEM
kQd/vtFwA6w7RjDXrsSEKBwEYZV/pqOt5Xzca+yuONGMnIsjlOVLRfGziL62o3dT
QTRx3znXzVqs5Xf8q7BfZ/rSYj3APXUqXMG15gJSgQ+niuraSq75tWRuHFyl3fOD
1ggYgswOvOcleTgnEIK54iqDACAt1lsNqYvYxaNy1O7+ZuA13nggjpt08wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLoGRuPcrPUOeT+Ngqy1/KHYkK+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMHVnWkc0OXlzOVE1NVA0MkNyTFg4b2RpUXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drYMA0G
CSqGSIb3DQEBCwUAA4IBAQBO0mNy6pAPn9bwSwFtCZCwmOXevfP6eoU7bqwoYS8C
jLgpzvFrMghCIQvXCBAscxQtPO+LysUuslI656ADv5O7l2kTHSTe0ZcFfKVNjI9v
JKS61BkFhRel9/YlzCbTuTE4grbwdn7Hrv3uB/qLziKepvmgAEp0K4bOM7DQCoBd
5FqzZsUjbNSVWaAOBaD0D4nOf42hoPkVEUi7sgx6fXH/4VFKSSUuECpbfCjOSKVK
tvNoTewLPEysz6NPV+sNPQgRSF88GCOZ9o2Y6LZk9eNglqg2DAWB6iO4aKfHwmd0
cAestGpX0gy/hQWBkAEgk0coohQDcFS+Cf5gFnHBDZxQ
-----END CERTIFICATE-----