Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/48SAL-XLUksWWK1voy4rKInz7oY.roa
File:                     48SAL-XLUksWWK1voy4rKInz7oY.roa (raw, json)
Hash identifier:          gFJO835mNcJuKRXk34iwBhwCN0pZ40KaHdrECvT9LmA=
Subject key identifier:   E3:C4:80:2F:E5:CB:52:4B:16:58:AD:6F:A3:2E:2B:28:89:F3:EE:86
Certificate issuer:       /CN=232872f431ada9b6826c5f0897ec4e5342092e98
Certificate serial:       0194221FF0ADDC87297BAF3283167B3D7DAE
Authority key identifier: 23:28:72:F4:31:AD:A9:B6:82:6C:5F:08:97:EC:4E:53:42:09:2E:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/48SAL-XLUksWWK1voy4rKInz7oY.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        185.201.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f0:ad:dc:87:29:7b:af:32:83:16:7b:3d:7d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=232872f431ada9b6826c5f0897ec4e5342092e98
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3c4802fe5cb524b1658ad6fa32e2b2889f3ee86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ed:cb:9d:8b:68:e3:9a:7b:67:d0:37:0b:8c:
                    eb:b0:f3:48:09:1f:19:da:8d:7b:92:08:9c:4b:f1:
                    34:95:c8:d3:2e:85:34:59:b1:bd:44:25:d1:7a:1c:
                    5c:d9:31:4a:fe:04:1a:28:1b:a7:2a:7f:55:7d:6e:
                    36:1f:4b:70:03:bf:f2:0b:17:3a:69:d0:ae:cc:e2:
                    a6:c4:2e:38:ff:33:80:5d:7d:a3:75:61:df:1a:ba:
                    67:62:96:05:da:bd:d1:47:d4:1d:0e:9c:bd:be:33:
                    17:e9:0a:07:2d:17:5e:ae:5a:60:87:ee:a9:62:e3:
                    bf:cd:df:99:6f:01:53:38:ed:0c:3b:a4:fe:7b:49:
                    a5:51:6a:fa:17:70:f9:4f:1f:8e:ca:b1:93:8f:63:
                    d7:16:51:56:ba:df:7c:7e:38:ae:6d:56:85:f0:f1:
                    07:80:47:95:09:80:99:12:bf:54:91:04:1f:83:93:
                    75:71:8b:2a:ed:ee:34:0b:de:52:07:4b:97:5b:de:
                    91:c9:73:2b:b8:be:2b:76:d1:1f:2a:73:ca:97:c2:
                    a9:78:b8:8c:5e:80:9a:bb:78:48:03:d6:b9:3a:0d:
                    d3:07:22:e1:ea:9e:3a:f0:2d:0a:5f:73:84:50:e2:
                    f6:64:02:91:8a:03:64:df:94:e9:88:e9:e2:09:0d:
                    a1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C4:80:2F:E5:CB:52:4B:16:58:AD:6F:A3:2E:2B:28:89:F3:EE:86
            X509v3 Authority Key Identifier:
                keyid:23:28:72:F4:31:AD:A9:B6:82:6C:5F:08:97:EC:4E:53:42:09:2E:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/48SAL-XLUksWWK1voy4rKInz7oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7472f9-b403-42e0-b306-71aa63125128/1/Iyhy9DGtqbaCbF8Il-xOU0IJLpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:14:ef:24:cf:ca:95:53:0f:a0:6f:d7:6d:f4:9c:a7:85:18:
         b3:a2:a6:3e:23:f2:b9:c1:75:16:8e:d9:c4:59:52:31:a3:1e:
         6e:6c:19:66:d5:2c:8d:d8:09:a5:04:a2:4e:76:f1:18:23:11:
         60:01:17:ab:31:ca:e7:3f:c6:78:74:98:8f:e8:18:9b:59:5e:
         0e:6d:7e:a5:c2:b2:14:19:a2:2f:37:f3:fc:b3:7a:a8:7a:9d:
         1c:b7:0f:41:5a:11:d0:f3:44:fa:0a:54:06:65:21:e0:14:11:
         d6:27:ba:51:dd:b1:5b:a4:ed:dd:87:56:36:2c:40:bf:66:b4:
         9e:11:6e:36:f8:9a:ee:53:bd:4d:21:3f:f7:5e:ae:fb:57:44:
         fc:96:9d:33:d1:47:22:e3:5d:f2:bd:df:48:8b:7c:ca:47:95:
         61:f2:29:37:60:99:a0:d3:2e:0d:4d:c3:22:22:4f:26:fd:be:
         b2:9d:fb:98:17:24:f2:e5:0b:c4:ea:3c:08:11:9d:41:8d:16:
         f0:4b:fa:5c:25:14:3d:a9:85:98:f6:bf:19:5a:f3:84:8c:40:
         5c:a1:2d:a1:37:b5:43:09:72:39:8c:7d:7d:5b:01:7d:d3:45:
         fe:f4:80:e9:e3:c8:b6:3b:85:99:3e:cf:5a:16:3f:d6:dc:c6:
         6b:9c:8b:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/Ct3Icpe68ygxZ7PX2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjg3MmY0MzFhZGE5YjY4MjZjNWYwODk3ZWM0ZTUzNDIw
OTJlOTgwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2M0ODAyZmU1Y2I1MjRiMTY1OGFkNmZhMzJlMmIyODg5ZjNlZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5e3LnYto45p7Z9A3C4zrsPNICR8Z
2o17kgicS/E0lcjTLoU0WbG9RCXRehxc2TFK/gQaKBunKn9VfW42H0twA7/yCxc6
adCuzOKmxC44/zOAXX2jdWHfGrpnYpYF2r3RR9QdDpy9vjMX6QoHLRderlpgh+6p
YuO/zd+ZbwFTOO0MO6T+e0mlUWr6F3D5Tx+OyrGTj2PXFlFWut98fjiubVaF8PEH
gEeVCYCZEr9UkQQfg5N1cYsq7e40C95SB0uXW96RyXMruL4rdtEfKnPKl8KpeLiM
XoCau3hIA9a5Og3TByLh6p468C0KX3OEUOL2ZAKRigNk35TpiOniCQ2h0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPEgC/ly1JLFlitb6MuKyiJ8+6GMB8GA1UdIwQY
MBaAFCMocvQxram2gmxfCJfsTlNCCS6YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXloeTlER3RxYmFDYkY4SWwteE9VMElKTHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83NDcyZjktYjQwMy00MmUwLWIzMDYt
NzFhYTYzMTI1MTI4LzEvNDhTQUwtWExVa3NXV0sxdm95NHJLSW56N29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83NDcyZjktYjQwMy00MmUwLWIzMDYtNzFhYTYzMTI1MTI4
LzEvSXloeTlER3RxYmFDYkY4SWwteE9VMElKTHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucljMA0G
CSqGSIb3DQEBCwUAA4IBAQABFO8kz8qVUw+gb9dt9JynhRizoqY+I/K5wXUWjtnE
WVIxox5ubBlm1SyN2AmlBKJOdvEYIxFgARerMcrnP8Z4dJiP6BibWV4ObX6lwrIU
GaIvN/P8s3qoep0ctw9BWhHQ80T6ClQGZSHgFBHWJ7pR3bFbpO3dh1Y2LEC/ZrSe
EW42+JruU71NIT/3Xq77V0T8lp0z0Uci413yvd9Ii3zKR5Vh8ik3YJmg0y4NTcMi
Ik8m/b6ynfuYFyTy5QvE6jwIEZ1BjRbwS/pcJRQ9qYWY9r8ZWvOEjEBcoS2hN7VD
CXI5jH19WwF900X+9IDp48i2O4WZPs9aFj/W3MZrnIvu
-----END CERTIFICATE-----