Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CUViVYTHwLxCl5lX0vZd5dmfu1c.roa
File:                     CUViVYTHwLxCl5lX0vZd5dmfu1c.roa (raw, json)
Hash identifier:          0IpBQgIfikZ7zgHN4Dx0SiIQlrdOMEk0yfs2KUBgz0w=
Subject key identifier:   09:45:62:55:84:C7:C0:BC:42:97:99:57:D2:F6:5D:E5:D9:9F:BB:57
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019638C6209B193D945428FEDA26B8BA46D1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CUViVYTHwLxCl5lX0vZd5dmfu1c.roa
Signing time:             Tue 15 Apr 2025 09:27:10 +0000
ROA not before:           Tue 15 Apr 2025 09:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203758
IP address blocks:        82.153.70.0/24 maxlen: 24
                          89.213.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:c6:20:9b:19:3d:94:54:28:fe:da:26:b8:ba:46:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 15 09:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0945625584c7c0bc42979957d2f65de5d99fbb57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:de:c5:81:cf:17:98:4b:3e:ec:7e:8d:5d:d1:
                    bf:ca:a9:b8:4b:db:3a:66:c7:3a:10:e5:f1:7c:ee:
                    39:7e:c4:d6:cf:46:9a:97:c7:81:92:a3:3b:d0:8a:
                    17:e7:ac:e9:4b:bc:db:98:3b:d7:69:a3:77:fd:8c:
                    45:17:6c:20:3f:ab:2c:bb:96:91:1d:f9:c5:66:c0:
                    36:93:62:d4:b2:e7:4f:8b:bf:1a:ee:b2:dd:12:af:
                    3d:0e:8b:d4:66:e9:04:26:59:5a:2d:1e:a9:a7:c3:
                    1c:39:6d:82:29:49:be:a8:79:e6:6a:4d:b1:1b:3c:
                    b5:a9:95:e1:4a:d5:6d:11:52:e3:b6:df:65:cb:19:
                    97:c6:c1:85:59:ed:10:a7:ed:b9:6a:aa:42:42:bb:
                    bd:a2:2a:e2:3b:ce:3c:8c:02:38:51:1d:e2:39:9c:
                    57:2b:a8:be:c0:31:5a:e3:19:b9:bf:58:dc:82:24:
                    44:e2:da:23:0b:21:a9:ec:61:fd:f5:ed:44:61:c9:
                    29:11:a9:87:5e:9c:98:cd:84:55:c9:f7:28:99:0d:
                    98:b9:da:eb:ec:db:45:f9:b7:b4:40:b4:a2:30:c3:
                    14:40:0c:16:40:15:fb:8b:0f:a2:c5:ae:a7:4a:92:
                    cd:62:c8:0f:21:09:f2:e4:75:3b:c0:ee:67:ef:a3:
                    3f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:45:62:55:84:C7:C0:BC:42:97:99:57:D2:F6:5D:E5:D9:9F:BB:57
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CUViVYTHwLxCl5lX0vZd5dmfu1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.70.0/24
                  89.213.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f0:1a:d8:5e:24:91:b5:4d:25:0c:bf:7d:de:2f:4d:9a:28:
         1e:e0:23:7b:9b:aa:e3:65:33:33:36:c7:a8:14:f3:37:0a:61:
         32:ed:e6:e7:a4:72:35:3f:df:44:4b:5f:b7:ef:3e:04:7f:54:
         92:2d:1c:03:a5:79:45:1f:24:08:a9:be:a8:ec:3a:eb:bb:f5:
         dd:c4:1c:a4:11:7a:9d:72:39:4b:b3:42:51:9e:87:8b:a6:36:
         09:7b:15:32:7d:e4:ab:55:a7:f8:f2:80:ed:ad:7d:49:15:a0:
         73:65:58:30:a7:1a:29:87:91:d4:dd:ec:87:b7:9f:57:66:d3:
         2f:78:0e:06:01:d2:29:44:e3:cf:e1:96:14:e2:13:5b:59:f5:
         2b:7b:5f:21:48:2e:56:82:e7:5f:f6:1a:47:72:64:2a:0b:0c:
         af:1c:da:58:43:8b:3c:9a:72:78:09:2f:a3:9d:f9:19:3e:ff:
         98:48:ee:02:e5:ca:58:33:4c:6f:b1:e6:b7:5f:24:05:6e:7a:
         46:bf:8b:36:88:60:5e:4e:ce:1e:f4:8f:e3:40:6a:f6:ef:37:
         7c:20:5a:bc:3f:af:57:3c:38:64:2c:d4:19:86:51:df:5f:5b:
         0a:ff:84:37:9f:7c:9c:d0:7a:63:02:66:96:43:af:9f:df:80:
         39:82:fb:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY4xiCbGT2UVCj+2ia4ukbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDE1MDkyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ1NjI1NTg0YzdjMGJjNDI5Nzk5NTdkMmY2NWRlNWQ5OWZiYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA297Fgc8XmEs+7H6NXdG/yqm4S9s6
Zsc6EOXxfO45fsTWz0aal8eBkqM70IoX56zpS7zbmDvXaaN3/YxFF2wgP6ssu5aR
HfnFZsA2k2LUsudPi78a7rLdEq89DovUZukEJllaLR6pp8McOW2CKUm+qHnmak2x
Gzy1qZXhStVtEVLjtt9lyxmXxsGFWe0Qp+25aqpCQru9oiriO848jAI4UR3iOZxX
K6i+wDFa4xm5v1jcgiRE4tojCyGp7GH99e1EYckpEamHXpyYzYRVyfcomQ2Yudrr
7NtF+be0QLSiMMMUQAwWQBX7iw+ixa6nSpLNYsgPIQny5HU7wO5n76M/9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAlFYlWEx8C8QpeZV9L2XeXZn7tXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ1VWaVZZVEh3THhDbDVsWDB2WmQ1ZG1mdTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUplGAwQA
WdXEMA0GCSqGSIb3DQEBCwUAA4IBAQAP8BrYXiSRtU0lDL993i9Nmige4CN7m6rj
ZTMzNseoFPM3CmEy7ebnpHI1P99ES1+37z4Ef1SSLRwDpXlFHyQIqb6o7Drru/Xd
xBykEXqdcjlLs0JRnoeLpjYJexUyfeSrVaf48oDtrX1JFaBzZVgwpxoph5HU3eyH
t59XZtMveA4GAdIpROPP4ZYU4hNbWfUre18hSC5Wgudf9hpHcmQqCwyvHNpYQ4s8
mnJ4CS+jnfkZPv+YSO4C5cpYM0xvsea3XyQFbnpGv4s2iGBeTs4e9I/jQGr27zd8
IFq8P69XPDhkLNQZhlHfX1sK/4Q3n3yc0HpjAmaWQ6+f34A5gvuN
-----END CERTIFICATE-----