Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/S4tCuljlSDudC5hWFI16K1vZQrc.roa
File:                     S4tCuljlSDudC5hWFI16K1vZQrc.roa (raw, json)
Hash identifier:          IVL1gZ3kqiPfJXguPGcyEwPZH9+ml2IO0/FYl1DVPU4=
Subject key identifier:   4B:8B:42:BA:58:E5:48:3B:9D:0B:98:56:14:8D:7A:2B:5B:D9:42:B7
Certificate issuer:       /CN=c937d2f6f0b78c0ed75b8efc28009d7979614003
Certificate serial:       0194236968E5B74081F448F3B1A91D945CB8
Authority key identifier: C9:37:D2:F6:F0:B7:8C:0E:D7:5B:8E:FC:28:00:9D:79:79:61:40:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yTfS9vC3jA7XW478KACdeXlhQAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/S4tCuljlSDudC5hWFI16K1vZQrc.roa
Signing time:             Wed 01 Jan 2025 19:48:18 +0000
ROA not before:           Wed 01 Jan 2025 19:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62134
IP address blocks:        185.46.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yTfS9vC3jA7XW478KACdeXlhQAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yTfS9vC3jA7XW478KACdeXlhQAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yTfS9vC3jA7XW478KACdeXlhQAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:68:e5:b7:40:81:f4:48:f3:b1:a9:1d:94:5c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c937d2f6f0b78c0ed75b8efc28009d7979614003
        Validity
            Not Before: Jan  1 19:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b8b42ba58e5483b9d0b9856148d7a2b5bd942b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:32:cc:76:35:af:68:74:46:cb:08:47:e4:7f:
                    64:cf:1d:26:8a:7d:02:fc:a9:81:a3:71:0f:99:e3:
                    4c:d6:d9:30:fc:5d:cb:48:d5:9f:a2:33:1b:40:73:
                    69:0a:cc:0f:fe:f9:06:88:dd:97:8b:67:d7:bb:8f:
                    0d:98:b4:33:a5:c6:74:54:2b:73:b3:cb:14:92:97:
                    01:09:08:1f:16:94:3d:97:f2:d5:26:60:b6:ec:4a:
                    97:b8:0e:70:54:56:07:ee:bc:53:65:ee:08:41:a0:
                    e3:e1:46:b7:6a:7e:97:93:e1:65:60:29:f0:50:c1:
                    35:4b:c6:8c:9e:b6:41:5e:68:f9:98:f1:2c:60:b6:
                    dc:10:3d:7a:e0:cc:22:d1:4a:47:6b:46:d8:5c:ee:
                    7a:c8:3a:af:bf:c0:87:ce:fc:e5:1d:4d:5a:58:43:
                    7f:5d:b3:05:98:7f:f7:83:a5:ce:7b:34:c7:02:83:
                    a5:f5:f2:fe:e3:18:8c:60:f5:ad:41:fe:11:d9:d8:
                    20:76:85:3e:52:7e:8e:76:e1:a8:7e:d0:ae:73:d4:
                    f6:9a:2a:0f:d3:bd:be:37:c6:ff:b8:e5:7e:b8:0a:
                    c3:ed:3e:01:d2:01:d1:fa:5c:46:d0:b1:a9:f4:ae:
                    76:ba:48:80:40:e6:4e:65:29:cf:84:18:22:70:24:
                    47:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8B:42:BA:58:E5:48:3B:9D:0B:98:56:14:8D:7A:2B:5B:D9:42:B7
            X509v3 Authority Key Identifier:
                keyid:C9:37:D2:F6:F0:B7:8C:0E:D7:5B:8E:FC:28:00:9D:79:79:61:40:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yTfS9vC3jA7XW478KACdeXlhQAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/S4tCuljlSDudC5hWFI16K1vZQrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9bd06-96c8-4e71-ba12-937754cbb505/1/yTfS9vC3jA7XW478KACdeXlhQAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:5a:41:34:38:b7:de:dc:ed:bb:f8:65:09:54:00:78:9b:a5:
         e2:af:56:50:65:a0:79:ed:7a:df:9a:38:9d:56:69:55:42:28:
         e5:d3:9e:bf:fd:71:b4:e8:72:8d:49:9a:e3:7b:40:63:f3:31:
         54:97:f4:8c:dc:13:a9:16:5e:f9:ec:97:32:72:5a:2d:8a:cf:
         a1:ae:b6:70:1d:d8:40:a4:da:77:24:1d:e1:16:28:19:e8:38:
         21:fa:f2:f1:8e:eb:6f:bf:d3:ef:21:aa:1b:c8:fa:e9:65:eb:
         ed:6c:d9:3a:52:16:52:ad:2c:18:92:47:82:e9:43:d3:18:a9:
         9c:44:f3:af:e5:c9:74:b4:af:c8:d3:f1:78:f3:51:68:7d:76:
         09:38:7f:25:1e:a2:60:8c:52:fe:fd:c0:e2:69:9f:97:8a:94:
         69:53:e2:a3:46:71:18:21:d6:14:9f:e5:f6:b8:e2:c7:47:57:
         dd:39:8c:70:e1:76:0e:bf:0b:8f:f1:f0:82:d6:8d:cd:f2:79:
         7f:9f:05:e3:54:22:f7:c4:b8:10:3b:a9:5f:d2:ac:c1:fc:79:
         42:5b:b9:a9:b7:e0:0a:34:6c:fc:e4:6f:5e:77:5b:71:b2:fb:
         cb:c8:65:7d:3e:8a:62:c8:88:59:b5:bb:8d:1f:09:11:75:fd:
         46:b1:5a:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaWjlt0CB9EjzsakdlFy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MzdkMmY2ZjBiNzhjMGVkNzViOGVmYzI4MDA5ZDc5Nzk2
MTQwMDMwHhcNMjUwMTAxMTk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjhiNDJiYTU4ZTU0ODNiOWQwYjk4NTYxNDhkN2EyYjViZDk0MmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDLMdjWvaHRGywhH5H9kzx0min0C
/KmBo3EPmeNM1tkw/F3LSNWfojMbQHNpCswP/vkGiN2Xi2fXu48NmLQzpcZ0VCtz
s8sUkpcBCQgfFpQ9l/LVJmC27EqXuA5wVFYH7rxTZe4IQaDj4Ua3an6Xk+FlYCnw
UME1S8aMnrZBXmj5mPEsYLbcED164Mwi0UpHa0bYXO56yDqvv8CHzvzlHU1aWEN/
XbMFmH/3g6XOezTHAoOl9fL+4xiMYPWtQf4R2dggdoU+Un6OduGoftCuc9T2mioP
072+N8b/uOV+uArD7T4B0gHR+lxG0LGp9K52ukiAQOZOZSnPhBgicCRHDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuLQrpY5Ug7nQuYVhSNeitb2UK3MB8GA1UdIwQY
MBaAFMk30vbwt4wO11uO/CgAnXl5YUADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVRmUzl2QzNqQTdYVzQ3OEtBQ2RlWGxoUUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iOWJkMDYtOTZjOC00ZTcxLWJhMTIt
OTM3NzU0Y2JiNTA1LzEvUzR0Q3VsamxTRHVkQzVoV0ZJMTZLMXZaUXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iOWJkMDYtOTZjOC00ZTcxLWJhMTItOTM3NzU0Y2JiNTA1
LzEveVRmUzl2QzNqQTdYVzQ3OEtBQ2RlWGxoUUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS54MA0G
CSqGSIb3DQEBCwUAA4IBAQA1WkE0OLfe3O27+GUJVAB4m6Xir1ZQZaB57Xrfmjid
VmlVQijl056//XG06HKNSZrje0Bj8zFUl/SM3BOpFl757Jcyclotis+hrrZwHdhA
pNp3JB3hFigZ6Dgh+vLxjutvv9PvIaobyPrpZevtbNk6UhZSrSwYkkeC6UPTGKmc
RPOv5cl0tK/I0/F481FofXYJOH8lHqJgjFL+/cDiaZ+XipRpU+KjRnEYIdYUn+X2
uOLHR1fdOYxw4XYOvwuP8fCC1o3N8nl/nwXjVCL3xLgQO6lf0qzB/HlCW7mpt+AK
NGz85G9ed1txsvvLyGV9PopiyIhZtbuNHwkRdf1GsVrT
-----END CERTIFICATE-----