Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/STbkSsaZ4h0iV7Ywpice3xeLm7Q.roa
File:                     STbkSsaZ4h0iV7Ywpice3xeLm7Q.roa (raw, json)
Hash identifier:          OYYfvGM7goZ9gxelNf2ly9w5B8haX1abcCwOvQfYiPk=
Subject key identifier:   49:36:E4:4A:C6:99:E2:1D:22:57:B6:30:A6:27:1E:DF:17:8B:9B:B4
Certificate issuer:       /CN=9aae46e2135930da268c064dce5adbb63a0cec36
Certificate serial:       01942747F08A6F2EE5CA0369580C8FCF5B53
Authority key identifier: 9A:AE:46:E2:13:59:30:DA:26:8C:06:4D:CE:5A:DB:B6:3A:0C:EC:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mq5G4hNZMNomjAZNzlrbtjoM7DY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/STbkSsaZ4h0iV7Ywpice3xeLm7Q.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210875
IP address blocks:        87.236.160.0/24 maxlen: 24
                          2a11:4c80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/mq5G4hNZMNomjAZNzlrbtjoM7DY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/mq5G4hNZMNomjAZNzlrbtjoM7DY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mq5G4hNZMNomjAZNzlrbtjoM7DY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f0:8a:6f:2e:e5:ca:03:69:58:0c:8f:cf:5b:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aae46e2135930da268c064dce5adbb63a0cec36
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4936e44ac699e21d2257b630a6271edf178b9bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4f:88:c7:36:73:a1:31:07:f1:59:a2:09:0a:
                    6a:4c:1e:31:f8:1b:b4:31:0b:f8:f3:28:e2:dc:73:
                    77:1f:6f:36:9c:d5:eb:e3:d4:0e:d6:57:d7:ec:85:
                    6f:e9:44:6c:ce:f3:88:97:33:cb:2f:00:74:79:1b:
                    e4:69:55:62:d1:b6:39:5e:02:f4:c7:1d:9a:f8:79:
                    32:71:4d:b6:17:9b:a2:01:a2:20:06:a4:de:1b:20:
                    ee:fb:27:af:06:26:5b:60:de:1d:68:5d:62:57:60:
                    cf:17:07:d9:15:44:3b:29:43:3f:df:d8:d8:6f:7b:
                    ae:b2:96:59:9b:41:90:dc:cc:06:3e:4e:72:37:f3:
                    10:5f:4f:06:c4:36:da:05:5c:d6:09:29:1c:9a:61:
                    0a:d0:b4:06:44:5e:f4:69:68:96:79:71:e4:91:33:
                    81:b5:57:f9:2b:ce:d0:83:0a:b6:dc:99:3b:6f:b1:
                    e5:eb:cd:cd:03:43:30:a1:a8:8d:7b:c7:c6:6a:43:
                    82:d2:a9:9c:55:96:a4:b1:d6:e0:c8:e8:7b:6a:9b:
                    b9:45:18:ae:97:4f:fb:14:50:45:dd:60:cf:33:e7:
                    e9:b5:29:45:d9:fc:15:88:ba:cd:24:49:99:36:ca:
                    a4:46:90:cc:89:af:1d:d0:f4:55:00:64:b3:23:73:
                    8d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:36:E4:4A:C6:99:E2:1D:22:57:B6:30:A6:27:1E:DF:17:8B:9B:B4
            X509v3 Authority Key Identifier:
                keyid:9A:AE:46:E2:13:59:30:DA:26:8C:06:4D:CE:5A:DB:B6:3A:0C:EC:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mq5G4hNZMNomjAZNzlrbtjoM7DY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/STbkSsaZ4h0iV7Ywpice3xeLm7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d8fc78-a51b-43dc-b50a-8ae43081aa36/1/mq5G4hNZMNomjAZNzlrbtjoM7DY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.160.0/24
                IPv6:
                  2a11:4c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:45:80:aa:a5:28:3b:4c:74:2c:7b:74:00:63:e2:0c:10:7a:
         b1:bb:8b:be:24:d9:b4:d3:c4:86:e6:46:6e:33:c6:0b:a8:fa:
         40:f0:25:1b:79:0f:6d:21:5f:d8:f4:7c:a0:9e:da:c4:30:4f:
         bf:05:06:57:8a:a4:bd:43:2a:38:4e:51:31:ee:5e:77:33:7f:
         78:0e:a4:a4:fb:4e:fe:f9:7d:05:df:df:a9:af:fb:18:cb:0d:
         a3:95:da:44:bc:81:a9:d1:e9:a1:50:d2:3a:29:9f:f0:c2:6d:
         0e:f3:17:06:cc:43:47:ec:d5:ff:86:2f:78:2d:8d:a4:77:87:
         26:e3:96:d2:da:95:59:d9:05:56:4c:16:86:50:08:2b:b5:14:
         4c:c6:dc:87:77:21:a5:d3:69:c9:af:26:bd:e6:61:9c:4c:11:
         53:8e:ec:ce:fd:46:24:e7:d9:30:68:50:99:81:36:28:3b:0c:
         0a:33:0e:8a:c5:1d:9b:9c:bd:26:14:44:83:f4:eb:01:4c:e8:
         d9:d4:0c:fa:98:dc:6e:e5:12:57:dd:e5:70:f2:ec:92:7d:6f:
         83:91:a2:12:be:e4:2a:d6:ba:a9:4b:fa:01:89:6f:71:5f:98:
         e2:02:0d:cc:ff:ca:65:25:9a:e4:97:5d:fc:d9:e2:6a:40:66:
         76:84:56:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR/CKby7lygNpWAyPz1tTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhYWU0NmUyMTM1OTMwZGEyNjhjMDY0ZGNlNWFkYmI2M2Ew
Y2VjMzYwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM2ZTQ0YWM2OTllMjFkMjI1N2I2MzBhNjI3MWVkZjE3OGI5YmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU+IxzZzoTEH8VmiCQpqTB4x+Bu0
MQv48yji3HN3H282nNXr49QO1lfX7IVv6URszvOIlzPLLwB0eRvkaVVi0bY5XgL0
xx2a+HkycU22F5uiAaIgBqTeGyDu+yevBiZbYN4daF1iV2DPFwfZFUQ7KUM/39jY
b3uuspZZm0GQ3MwGPk5yN/MQX08GxDbaBVzWCSkcmmEK0LQGRF70aWiWeXHkkTOB
tVf5K87Qgwq23Jk7b7Hl683NA0MwoaiNe8fGakOC0qmcVZaksdbgyOh7apu5RRiu
l0/7FFBF3WDPM+fptSlF2fwViLrNJEmZNsqkRpDMia8d0PRVAGSzI3ON/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEk25ErGmeIdIle2MKYnHt8Xi5u0MB8GA1UdIwQY
MBaAFJquRuITWTDaJowGTc5a27Y6DOw2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXE1RzRoTlpNTm9takFaTnpscmJ0am9NN0RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kOGZjNzgtYTUxYi00M2RjLWI1MGEt
OGFlNDMwODFhYTM2LzEvU1Ria1NzYVo0aDBpVjdZd3BpY2UzeGVMbTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kOGZjNzgtYTUxYi00M2RjLWI1MGEtOGFlNDMwODFhYTM2
LzEvbXE1RzRoTlpNTm9takFaTnpscmJ0am9NN0RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAV+ygMA0E
AgACMAcDBQMqEUyAMA0GCSqGSIb3DQEBCwUAA4IBAQAiRYCqpSg7THQse3QAY+IM
EHqxu4u+JNm008SG5kZuM8YLqPpA8CUbeQ9tIV/Y9HygntrEME+/BQZXiqS9Qyo4
TlEx7l53M394DqSk+07++X0F39+pr/sYyw2jldpEvIGp0emhUNI6KZ/wwm0O8xcG
zENH7NX/hi94LY2kd4cm45bS2pVZ2QVWTBaGUAgrtRRMxtyHdyGl02nJrya95mGc
TBFTjuzO/UYk59kwaFCZgTYoOwwKMw6KxR2bnL0mFESD9OsBTOjZ1Az6mNxu5RJX
3eVw8uySfW+DkaISvuQq1rqpS/oBiW9xX5jiAg3M/8plJZrkl1382eJqQGZ2hFbm
-----END CERTIFICATE-----