Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/asmM4SVW61fpj__2d0Z9FrzMrZg.roa
File:                     asmM4SVW61fpj__2d0Z9FrzMrZg.roa (raw, json)
Hash identifier:          VVj7UR5R34DTloPYwbKZoI1kpoq8Oo0zbRrtaDulQAY=
Subject key identifier:   6A:C9:8C:E1:25:56:EB:57:E9:8F:FF:F6:77:46:7D:16:BC:CC:AD:98
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01967B9602751DC2ACD6389908E00322ED9E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/asmM4SVW61fpj__2d0Z9FrzMrZg.roa
Signing time:             Mon 28 Apr 2025 08:49:10 +0000
ROA not before:           Mon 28 Apr 2025 08:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213751
IP address blocks:        109.176.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 15:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:96:02:75:1d:c2:ac:d6:38:99:08:e0:03:22:ed:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 28 08:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ac98ce12556eb57e98ffff677467d16bcccad98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:1c:bc:57:e9:31:21:f3:33:6d:75:90:69:
                    6c:55:d4:23:b0:4d:90:89:65:a7:ea:2a:55:bf:18:
                    fe:45:6b:33:99:65:7a:29:76:6a:4c:f1:70:b1:7a:
                    c8:d1:69:1a:8a:4e:b1:3d:81:90:66:70:f2:7c:6b:
                    b2:0a:50:c2:9d:04:76:ea:08:30:b3:cf:13:59:d4:
                    c8:2f:9f:0f:18:26:1e:b0:4e:8a:d9:f4:91:53:fe:
                    31:10:6d:5e:62:9b:9f:26:cf:61:f3:4d:65:15:99:
                    0f:14:cc:f9:14:de:af:91:0d:db:31:bb:a5:c2:dc:
                    4f:bf:9b:6f:d6:36:a0:3f:5d:ff:7c:10:8c:f2:c9:
                    d4:fc:80:30:df:4a:f1:b9:dc:98:0f:a3:5c:af:61:
                    54:5b:1d:92:25:d4:f5:dc:6a:2d:f9:64:82:73:21:
                    1c:43:56:2e:5d:bb:c2:41:79:fe:77:4b:7c:d8:75:
                    f5:eb:fc:f1:54:5f:2f:66:c1:42:c5:06:a6:96:d1:
                    fd:15:5b:39:40:3c:16:16:b8:ee:d6:5e:b9:d6:ee:
                    68:98:e3:0d:9b:77:aa:21:46:1f:f2:9a:19:7c:52:
                    e0:8f:b3:3c:17:90:4e:6c:23:fa:7c:4b:81:4c:56:
                    ef:9b:b1:28:37:7c:1f:b7:45:79:71:0c:d9:5b:2e:
                    6a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C9:8C:E1:25:56:EB:57:E9:8F:FF:F6:77:46:7D:16:BC:CC:AD:98
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/asmM4SVW61fpj__2d0Z9FrzMrZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3e:53:ed:62:63:b5:e0:5d:b5:c8:08:f9:4a:e1:5c:0c:40:
         13:f2:dd:64:2b:58:10:33:d5:f8:a4:bc:03:66:b7:11:1c:d0:
         94:86:e0:6f:db:07:d9:68:43:83:22:94:e5:07:63:6d:c3:d5:
         2e:8d:db:62:14:61:23:e7:66:96:f8:02:ab:4f:ea:7f:2f:5f:
         3c:89:7e:e2:71:12:c5:fc:1c:00:65:be:c0:ab:51:84:9b:9a:
         2d:6d:9d:46:30:ff:11:44:b2:25:c7:43:cb:32:0a:15:86:08:
         82:79:77:54:eb:65:cc:50:d4:04:e3:0e:bd:36:34:cf:b2:97:
         c1:82:bf:5e:b2:40:dc:26:4c:e2:f2:a2:0c:92:ce:d0:1c:f5:
         8b:4e:d0:4a:30:c8:e6:5d:29:e9:28:a5:90:37:ba:2f:33:d4:
         f0:f2:ac:43:37:b1:b4:81:e1:26:f0:9b:50:e0:c4:f5:8d:f5:
         1e:25:d6:49:23:65:d9:e7:7f:94:0e:03:2a:9b:03:cd:6e:84:
         ae:67:7b:44:b0:dd:d5:08:5b:a8:34:5b:a4:a2:dc:8b:7c:ab:
         97:9d:ed:fd:1a:35:4d:7d:47:9a:9b:92:ea:59:ef:90:31:74:
         b4:46:b8:b8:0d:85:fa:e6:8c:91:7a:db:f7:1d:d8:ab:24:a0:
         88:16:1e:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7lgJ1HcKs1jiZCOADIu2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDI4MDg0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWM5OGNlMTI1NTZlYjU3ZTk4ZmZmZjY3NzQ2N2QxNmJjY2NhZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaEcvFfpMSHzM211kGlsVdQjsE2Q
iWWn6ipVvxj+RWszmWV6KXZqTPFwsXrI0Wkaik6xPYGQZnDyfGuyClDCnQR26ggw
s88TWdTIL58PGCYesE6K2fSRU/4xEG1eYpufJs9h801lFZkPFMz5FN6vkQ3bMbul
wtxPv5tv1jagP13/fBCM8snU/IAw30rxudyYD6Ncr2FUWx2SJdT13Got+WSCcyEc
Q1YuXbvCQXn+d0t82HX16/zxVF8vZsFCxQamltH9FVs5QDwWFrju1l651u5omOMN
m3eqIUYf8poZfFLgj7M8F5BObCP6fEuBTFbvm7EoN3wft0V5cQzZWy5q8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrJjOElVutX6Y//9ndGfRa8zK2YMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYXNtTTRTVlc2MWZwal9fMmQwWjlGcnpNclpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD9MA0G
CSqGSIb3DQEBCwUAA4IBAQAKPlPtYmO14F21yAj5SuFcDEAT8t1kK1gQM9X4pLwD
ZrcRHNCUhuBv2wfZaEODIpTlB2Ntw9UujdtiFGEj52aW+AKrT+p/L188iX7icRLF
/BwAZb7Aq1GEm5otbZ1GMP8RRLIlx0PLMgoVhgiCeXdU62XMUNQE4w69NjTPspfB
gr9eskDcJkzi8qIMks7QHPWLTtBKMMjmXSnpKKWQN7ovM9Tw8qxDN7G0geEm8JtQ
4MT1jfUeJdZJI2XZ53+UDgMqmwPNboSuZ3tEsN3VCFuoNFukotyLfKuXne39GjVN
fUeam5LqWe+QMXS0Rri4DYX65oyRetv3HdirJKCIFh59
-----END CERTIFICATE-----