Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SfShnKvUGcCNFGNTluqzWaSvLKg.roa
File:                     SfShnKvUGcCNFGNTluqzWaSvLKg.roa (raw, json)
Hash identifier:          MmDRDok0kqsQF5M49l20+XTHLRtvMv3sqt3cI+1Zci0=
Subject key identifier:   49:F4:A1:9C:AB:D4:19:C0:8D:14:63:53:96:EA:B3:59:A4:AF:2C:A8
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194ACDA4E8E6AA4B9E8311594F7208746D1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SfShnKvUGcCNFGNTluqzWaSvLKg.roa
Signing time:             Tue 28 Jan 2025 12:19:35 +0000
ROA not before:           Tue 28 Jan 2025 12:19:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203647
IP address blocks:        185.72.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:da:4e:8e:6a:a4:b9:e8:31:15:94:f7:20:87:46:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 28 12:19:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49f4a19cabd419c08d14635396eab359a4af2ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d7:23:2e:e0:7c:37:b6:33:ba:ae:79:a6:74:
                    4c:42:24:9a:a8:92:e8:47:20:04:0e:e5:ba:9b:b6:
                    8c:46:5a:02:5c:dc:4d:f5:48:ad:77:e4:b5:61:67:
                    f1:ac:d8:e6:08:66:ee:83:5d:bc:48:29:b6:c0:1a:
                    b4:d5:1c:4f:84:dd:3a:71:63:d3:74:87:22:bb:08:
                    f8:f9:bf:e8:04:a7:c9:de:c7:0e:19:f4:0a:12:d8:
                    a6:89:65:55:0d:d7:2f:7e:0c:3d:4f:ed:1c:ab:ef:
                    f6:a5:2a:a6:54:6e:9f:91:b5:31:9c:7e:02:db:31:
                    98:6f:8c:e7:99:e2:ee:bd:3a:c7:ae:05:23:07:0f:
                    a4:39:84:f4:83:95:a2:f6:ee:03:cf:1b:9a:21:c6:
                    1b:73:da:7b:3f:d3:ef:d5:d4:5f:6c:f9:a4:d9:91:
                    d6:f3:ae:eb:52:f9:2f:64:4d:ff:6e:cd:e4:ce:34:
                    f1:78:71:61:08:78:96:5e:68:eb:21:d0:f0:26:74:
                    89:37:66:f5:ac:90:62:6a:61:47:79:a7:f8:cd:c1:
                    c5:ee:6f:ad:97:14:9a:f6:15:8d:c2:ec:ad:f9:37:
                    41:01:71:91:9a:ea:5c:87:aa:07:0c:7c:35:75:c2:
                    1d:2e:d1:34:fe:23:cf:9b:7a:e5:3c:c0:eb:d1:1e:
                    3e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:F4:A1:9C:AB:D4:19:C0:8D:14:63:53:96:EA:B3:59:A4:AF:2C:A8
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SfShnKvUGcCNFGNTluqzWaSvLKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:7e:f2:08:34:e8:88:21:22:72:90:3d:e4:6f:b1:94:71:8b:
         09:b5:e9:b0:74:75:ff:c5:4b:e6:ae:08:6f:f1:e6:55:a7:f4:
         a9:5e:3e:2b:2a:e6:8f:bf:8a:8e:73:0f:48:e5:f2:1c:75:67:
         59:c6:fd:a9:41:80:b3:5c:bf:be:c4:75:ca:a9:17:e7:9f:2c:
         b1:d1:6c:5d:34:b1:56:15:b0:2f:e3:2a:ce:bc:a6:6d:91:32:
         b9:d9:68:89:fe:12:fb:f3:6a:4e:90:49:f3:a5:f0:02:cd:0c:
         87:33:3a:de:45:f6:64:25:bd:50:7f:bc:51:e3:eb:6c:23:48:
         bd:e7:3e:44:1b:a2:49:14:3d:fb:92:3c:13:65:6d:b3:e0:7a:
         d8:d9:ec:2d:84:79:58:08:98:ae:32:91:f8:c4:7f:1f:0c:cc:
         81:ef:67:57:ab:ca:2a:b4:da:60:f4:63:d7:56:ef:91:1d:51:
         0f:9e:c7:36:0a:02:7f:1a:ea:39:c8:b9:fb:2b:10:66:79:5e:
         30:09:82:70:e6:1d:ce:cc:c3:88:a9:5f:39:1e:af:d5:96:bc:
         91:4f:00:88:4e:dd:ab:ac:ea:6d:f1:c6:51:84:12:6c:63:2d:
         03:92:85:74:20:f2:b4:80:c9:cc:ca:62:05:f6:ab:c7:54:be:
         67:31:b8:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs2k6OaqS56DEVlPcgh0bRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTI4MTIxOTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWY0YTE5Y2FiZDQxOWMwOGQxNDYzNTM5NmVhYjM1OWE0YWYyY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNcjLuB8N7Yzuq55pnRMQiSaqJLo
RyAEDuW6m7aMRloCXNxN9Uitd+S1YWfxrNjmCGbug128SCm2wBq01RxPhN06cWPT
dIciuwj4+b/oBKfJ3scOGfQKEtimiWVVDdcvfgw9T+0cq+/2pSqmVG6fkbUxnH4C
2zGYb4znmeLuvTrHrgUjBw+kOYT0g5Wi9u4DzxuaIcYbc9p7P9Pv1dRfbPmk2ZHW
867rUvkvZE3/bs3kzjTxeHFhCHiWXmjrIdDwJnSJN2b1rJBiamFHeaf4zcHF7m+t
lxSa9hWNwuyt+TdBAXGRmupch6oHDHw1dcIdLtE0/iPPm3rlPMDr0R4+OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEn0oZyr1BnAjRRjU5bqs1mkryyoMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvU2ZTaG5LdlVHY0NORkdOVGx1cXpXYVN2TEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgLMA0G
CSqGSIb3DQEBCwUAA4IBAQAWfvIINOiIISJykD3kb7GUcYsJtemwdHX/xUvmrghv
8eZVp/SpXj4rKuaPv4qOcw9I5fIcdWdZxv2pQYCzXL++xHXKqRfnnyyx0WxdNLFW
FbAv4yrOvKZtkTK52WiJ/hL782pOkEnzpfACzQyHMzreRfZkJb1Qf7xR4+tsI0i9
5z5EG6JJFD37kjwTZW2z4HrY2ewthHlYCJiuMpH4xH8fDMyB72dXq8oqtNpg9GPX
Vu+RHVEPnsc2CgJ/Guo5yLn7KxBmeV4wCYJw5h3OzMOIqV85Hq/VlryRTwCITt2r
rOpt8cZRhBJsYy0DkoV0IPK0gMnMymIF9qvHVL5nMbj8
-----END CERTIFICATE-----