Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/SaJps5NdZ3bVeOz3Y_T6YWQuimI.roa
File:                     SaJps5NdZ3bVeOz3Y_T6YWQuimI.roa (raw, json)
Hash identifier:          oi4EjPg7CTNf9EIHp927YsWRKdaqfzD1cBc8zdJg5ac=
Subject key identifier:   49:A2:69:B3:93:5D:67:76:D5:78:EC:F7:63:F4:FA:61:64:2E:8A:62
Certificate issuer:       /CN=833e0e480411b9c88e916def90fc3a901026394a
Certificate serial:       0194228D7095BF47C0A1A1FF05EF714DE89D
Authority key identifier: 83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/SaJps5NdZ3bVeOz3Y_T6YWQuimI.roa
Signing time:             Wed 01 Jan 2025 15:48:02 +0000
ROA not before:           Wed 01 Jan 2025 15:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.7.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:70:95:bf:47:c0:a1:a1:ff:05:ef:71:4d:e8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e0e480411b9c88e916def90fc3a901026394a
        Validity
            Not Before: Jan  1 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49a269b3935d6776d578ecf763f4fa61642e8a62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:be:cd:71:69:33:49:57:60:3b:39:39:57:a9:
                    50:f6:0c:f5:9a:94:42:28:2d:73:5a:e7:0f:b2:6f:
                    46:3a:b7:3f:1a:2e:34:42:67:cd:71:b8:53:73:aa:
                    3c:45:64:6c:31:2b:39:f4:e2:14:dc:e6:51:f2:d8:
                    a7:01:da:bc:2c:50:6f:c9:fe:d8:1b:24:ed:bf:c7:
                    48:a2:78:0e:31:55:3f:f0:60:ef:bc:dc:25:c9:9b:
                    46:da:33:b7:40:e2:28:e1:f4:f5:32:25:2a:9d:60:
                    46:4e:4a:7d:36:e8:27:ca:d8:93:42:dc:ca:e8:2a:
                    7b:3c:a1:89:d5:3e:41:89:44:55:61:a0:98:06:b5:
                    97:20:c7:81:b4:dc:9c:c9:3f:e5:36:57:a3:65:cd:
                    2d:e1:eb:32:da:b5:e8:51:a0:6c:49:b0:9e:1d:d3:
                    f3:b3:61:9c:33:90:a3:ac:0e:9a:02:4b:be:bc:af:
                    98:40:39:7d:d0:e8:05:40:c0:02:dd:51:e3:8c:ff:
                    a8:b1:88:6d:26:77:a6:db:e5:82:d4:0f:11:00:0e:
                    cb:4b:da:72:3e:68:34:be:c1:da:20:3d:ac:2f:84:
                    a5:2d:fa:d7:37:76:40:80:1d:32:c7:49:f1:2a:83:
                    2f:e2:1e:14:e7:42:db:2d:97:11:dd:5e:0b:d0:0c:
                    07:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:A2:69:B3:93:5D:67:76:D5:78:EC:F7:63:F4:FA:61:64:2E:8A:62
            X509v3 Authority Key Identifier:
                keyid:83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/SaJps5NdZ3bVeOz3Y_T6YWQuimI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:5c:98:83:fa:88:e6:12:73:c6:43:ca:dd:1e:51:ab:c5:f3:
         5c:72:90:ca:3f:8e:c8:40:e2:2d:3c:e0:4c:e1:88:3d:c1:65:
         99:45:92:8f:c1:fa:04:0e:c5:a7:4e:e3:9f:3c:36:fd:41:6c:
         28:26:00:64:38:f2:3d:1c:45:44:ff:90:09:f2:9b:74:d9:fe:
         91:5b:5f:0d:9f:e6:55:ee:94:fc:8c:7e:ce:fc:75:c8:f6:32:
         d9:f5:c0:ed:9f:f4:07:1b:4e:89:17:a8:96:3b:8a:1b:83:a2:
         fe:8f:4b:aa:60:5c:e3:74:d5:36:19:5f:2c:b8:ad:de:f4:0f:
         54:ef:e6:86:7d:22:22:cb:3e:84:a4:d8:a6:99:bc:74:1d:2f:
         d3:e7:6e:c6:11:f5:6a:fa:99:86:97:e8:6c:f9:c2:ff:36:ae:
         fe:70:7a:cf:73:82:45:63:c0:c1:00:4c:9d:f8:2b:15:71:3a:
         b6:6c:3a:38:24:19:45:20:c3:2e:3c:a0:ef:e3:b1:06:45:ef:
         7d:ce:9b:f1:8c:36:8e:4b:21:39:94:0c:24:57:84:c0:c5:85:
         89:f7:56:1c:5c:08:ef:fc:87:d3:cb:1b:e0:95:85:f5:aa:62:
         99:7d:05:c8:89:2f:53:f0:a5:a7:fd:12:9d:1f:af:69:2b:52:
         b8:c5:16:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijXCVv0fAoaH/Be9xTeidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UwZTQ4MDQxMWI5Yzg4ZTkxNmRlZjkwZmMzYTkwMTAy
NjM5NGEwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWEyNjliMzkzNWQ2Nzc2ZDU3OGVjZjc2M2Y0ZmE2MTY0MmU4YTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL7NcWkzSVdgOzk5V6lQ9gz1mpRC
KC1zWucPsm9GOrc/Gi40QmfNcbhTc6o8RWRsMSs59OIU3OZR8tinAdq8LFBvyf7Y
GyTtv8dIongOMVU/8GDvvNwlyZtG2jO3QOIo4fT1MiUqnWBGTkp9NugnytiTQtzK
6Cp7PKGJ1T5BiURVYaCYBrWXIMeBtNycyT/lNlejZc0t4esy2rXoUaBsSbCeHdPz
s2GcM5CjrA6aAku+vK+YQDl90OgFQMAC3VHjjP+osYhtJnem2+WC1A8RAA7LS9py
Pmg0vsHaID2sL4SlLfrXN3ZAgB0yx0nxKoMv4h4U50LbLZcR3V4L0AwHhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmiabOTXWd21Xjs92P0+mFkLopiMB8GA1UdIwQY
MBaAFIM+DkgEEbnIjpFt75D8OpAQJjlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMt
NmMyMGViYWYzMGE5LzEvU2FKcHM1TmRaM2JWZU96M1lfVDZZV1F1aW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMtNmMyMGViYWYzMGE5
LzEvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdJMA0G
CSqGSIb3DQEBCwUAA4IBAQCEXJiD+ojmEnPGQ8rdHlGrxfNccpDKP47IQOItPOBM
4Yg9wWWZRZKPwfoEDsWnTuOfPDb9QWwoJgBkOPI9HEVE/5AJ8pt02f6RW18Nn+ZV
7pT8jH7O/HXI9jLZ9cDtn/QHG06JF6iWO4obg6L+j0uqYFzjdNU2GV8suK3e9A9U
7+aGfSIiyz6EpNimmbx0HS/T527GEfVq+pmGl+hs+cL/Nq7+cHrPc4JFY8DBAEyd
+CsVcTq2bDo4JBlFIMMuPKDv47EGRe99zpvxjDaOSyE5lAwkV4TAxYWJ91YcXAjv
/IfTyxvglYX1qmKZfQXIiS9T8KWn/RKdH69pK1K4xRZ0
-----END CERTIFICATE-----