Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jLIliWGL8bK-HZLHM44h99KS24g.roa
File:                     jLIliWGL8bK-HZLHM44h99KS24g.roa (raw, json)
Hash identifier:          no/Wh21i0GA6KYNY4CpLkT/UDqgZcKO3d5RAURpGBb8=
Subject key identifier:   8C:B2:25:89:61:8B:F1:B2:BE:1D:92:C7:33:8E:21:F7:D2:92:DB:88
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01963B3CED85FB61D1C3B933371264D77AA4
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jLIliWGL8bK-HZLHM44h99KS24g.roa
Signing time:             Tue 15 Apr 2025 20:56:10 +0000
ROA not before:           Tue 15 Apr 2025 20:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        82.153.159.0/24 maxlen: 24
                          109.176.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3b:3c:ed:85:fb:61:d1:c3:b9:33:37:12:64:d7:7a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 15 20:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cb22589618bf1b2be1d92c7338e21f7d292db88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1c:b2:45:82:10:f3:32:7a:ec:40:69:c9:ac:
                    f6:6e:59:44:aa:61:f5:ee:f0:f3:ea:28:f3:51:69:
                    e6:28:b8:ba:84:96:25:99:38:57:42:92:8c:11:4a:
                    d1:15:fd:ed:79:af:5d:23:b0:59:38:a5:04:8e:22:
                    53:63:05:d2:1e:99:7f:59:35:da:32:cd:64:28:06:
                    fd:d9:8f:42:f2:12:47:57:76:7f:79:3c:fb:5f:13:
                    43:96:65:8f:c8:a2:1d:1c:29:91:0c:da:50:e5:a4:
                    f8:b6:a3:40:b9:eb:b3:61:ef:ee:1d:dd:f2:8d:9f:
                    06:40:ab:9a:84:65:46:44:5b:49:95:31:02:73:c7:
                    66:96:d3:0a:a9:5f:67:92:c0:f9:ac:ee:1b:5f:96:
                    00:4e:19:c9:a3:62:fd:c6:79:9e:a4:ba:b2:53:f0:
                    eb:52:d2:63:b1:7e:c7:65:61:58:68:9f:57:de:19:
                    c2:55:25:ab:95:f5:2d:c3:45:86:cd:81:aa:5c:5f:
                    ad:c9:ff:08:c0:d8:d3:41:5f:d6:b1:9b:05:2c:c1:
                    64:38:7d:13:98:87:a5:2b:22:0c:1e:64:9d:02:11:
                    13:25:e7:98:9f:ad:fb:74:42:1f:94:0e:28:34:a4:
                    32:16:96:ac:68:19:9b:60:2d:9d:fb:e8:37:86:9f:
                    1a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B2:25:89:61:8B:F1:B2:BE:1D:92:C7:33:8E:21:F7:D2:92:DB:88
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jLIliWGL8bK-HZLHM44h99KS24g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.159.0/24
                  109.176.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:55:00:25:ee:57:f5:22:f8:c8:83:e7:0b:5d:a9:ec:a5:80:
         f7:5a:a1:c6:c3:f1:e8:ad:86:3f:7c:88:ad:2b:ed:8a:2a:8b:
         9e:4d:2d:a7:d5:46:70:f7:b1:27:27:9f:dc:f3:07:98:31:69:
         d4:ac:23:d6:72:75:94:2a:9a:44:f9:1a:c7:8c:fe:22:34:09:
         a5:c4:87:bb:dd:5e:cc:f2:02:5a:c2:41:80:ca:15:2c:8e:00:
         51:9a:4a:92:ee:5c:56:e9:61:35:09:64:a0:fb:e9:47:0a:9a:
         33:c2:b4:bb:6e:da:08:60:5b:84:29:43:da:20:a4:4a:75:2d:
         5e:4b:68:4d:65:04:3b:3b:9e:58:40:ff:30:75:2a:e7:d4:01:
         62:83:c6:8e:94:c8:b0:f3:0f:b4:f9:10:96:36:57:e6:a0:89:
         de:91:1b:8a:37:05:1d:63:a3:26:f4:0d:a2:ba:e4:64:1f:1d:
         58:f4:64:be:9a:36:2a:83:64:0d:c6:c0:61:a4:89:82:06:39:
         47:ec:68:e4:b2:78:37:42:19:ed:3f:2b:ed:59:bc:94:bf:1f:
         d5:f8:13:2e:f6:81:9e:d7:66:85:f8:34:bc:55:f5:46:14:8b:
         17:8f:6e:e1:c0:06:3f:83:3d:6a:ae:22:be:dc:28:5d:c5:68:
         6b:44:b8:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY7PO2F+2HRw7kzNxJk13qkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDE1MjA1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2IyMjU4OTYxOGJmMWIyYmUxZDkyYzczMzhlMjFmN2QyOTJkYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjByyRYIQ8zJ67EBpyaz2bllEqmH1
7vDz6ijzUWnmKLi6hJYlmThXQpKMEUrRFf3tea9dI7BZOKUEjiJTYwXSHpl/WTXa
Ms1kKAb92Y9C8hJHV3Z/eTz7XxNDlmWPyKIdHCmRDNpQ5aT4tqNAueuzYe/uHd3y
jZ8GQKuahGVGRFtJlTECc8dmltMKqV9nksD5rO4bX5YAThnJo2L9xnmepLqyU/Dr
UtJjsX7HZWFYaJ9X3hnCVSWrlfUtw0WGzYGqXF+tyf8IwNjTQV/WsZsFLMFkOH0T
mIelKyIMHmSdAhETJeeYn637dEIflA4oNKQyFpasaBmbYC2d++g3hp8awQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIyyJYlhi/Gyvh2SxzOOIffSktuIMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvakxJbGlXR0w4YkstSFpMSE00NGg5OUtTMjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUpmfAwQA
bbDmMA0GCSqGSIb3DQEBCwUAA4IBAQBpVQAl7lf1IvjIg+cLXanspYD3WqHGw/Ho
rYY/fIitK+2KKoueTS2n1UZw97EnJ5/c8weYMWnUrCPWcnWUKppE+RrHjP4iNAml
xIe73V7M8gJawkGAyhUsjgBRmkqS7lxW6WE1CWSg++lHCpozwrS7btoIYFuEKUPa
IKRKdS1eS2hNZQQ7O55YQP8wdSrn1AFig8aOlMiw8w+0+RCWNlfmoInekRuKNwUd
Y6Mm9A2iuuRkHx1Y9GS+mjYqg2QNxsBhpImCBjlH7Gjksng3QhntPyvtWbyUvx/V
+BMu9oGe12aF+DS8VfVGFIsXj27hwAY/gz1qriK+3ChdxWhrRLgy
-----END CERTIFICATE-----