Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/ScAFpN6HXhn2d-9KA3-XrhqvKKI.roa
File:                     ScAFpN6HXhn2d-9KA3-XrhqvKKI.roa (raw, json)
Hash identifier:          w5/z2L8qqgjYAxUqeC/hEc2RLTI0t7JTiIhe8154Qcw=
Subject key identifier:   49:C0:05:A4:DE:87:5E:19:F6:77:EF:4A:03:7F:97:AE:1A:AF:28:A2
Certificate issuer:       /CN=1a14445259732aa6736c248234465947fc2374d0
Certificate serial:       019421B1C412A8B83AD5FEFAB29E14B74394
Authority key identifier: 1A:14:44:52:59:73:2A:A6:73:6C:24:82:34:46:59:47:FC:23:74:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GhREUllzKqZzbCSCNEZZR_wjdNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/ScAFpN6HXhn2d-9KA3-XrhqvKKI.roa
Signing time:             Wed 01 Jan 2025 11:48:05 +0000
ROA not before:           Wed 01 Jan 2025 11:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        91.206.110.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/GhREUllzKqZzbCSCNEZZR_wjdNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/GhREUllzKqZzbCSCNEZZR_wjdNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GhREUllzKqZzbCSCNEZZR_wjdNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c4:12:a8:b8:3a:d5:fe:fa:b2:9e:14:b7:43:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a14445259732aa6736c248234465947fc2374d0
        Validity
            Not Before: Jan  1 11:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49c005a4de875e19f677ef4a037f97ae1aaf28a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a5:0c:e8:af:da:96:4a:13:c2:ba:93:0e:b7:
                    cf:8a:bb:a5:24:32:b1:91:c6:b4:79:c3:a4:1f:6a:
                    c9:00:50:54:eb:4c:4c:af:ab:2e:8e:7b:40:11:52:
                    e9:f6:49:2d:d8:85:24:5d:d5:5b:20:81:15:0e:fb:
                    44:2c:ef:6a:e8:63:f2:2d:8a:b6:f7:e8:99:dc:db:
                    d9:e8:cf:e8:a2:45:24:68:9b:26:7c:b0:79:b6:ca:
                    ff:58:ec:a3:2a:74:a1:b9:12:c0:d0:09:cc:ae:32:
                    a5:cb:97:12:cf:6e:0c:28:84:1d:66:ed:fc:bd:e8:
                    3b:68:17:26:e7:dd:f8:74:3f:c2:73:45:90:94:52:
                    70:31:30:66:da:84:15:b8:e1:81:85:db:ee:5b:5e:
                    7a:f6:6d:9d:7b:3f:6a:b6:aa:1b:77:0c:47:36:98:
                    58:35:65:07:37:df:20:12:99:bc:ce:59:f1:11:0c:
                    cc:a3:c5:7d:07:18:45:02:c9:b0:79:a6:80:23:1c:
                    ad:75:29:77:a5:c9:e1:2f:b4:51:31:b1:46:32:05:
                    77:cf:ec:66:e0:eb:e5:4c:87:f8:75:fa:cd:6b:ec:
                    e3:5c:78:23:f5:43:80:9f:27:07:7a:46:67:c3:c2:
                    3e:83:8c:b1:fb:48:e0:86:48:63:72:93:15:26:d8:
                    38:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:C0:05:A4:DE:87:5E:19:F6:77:EF:4A:03:7F:97:AE:1A:AF:28:A2
            X509v3 Authority Key Identifier:
                keyid:1A:14:44:52:59:73:2A:A6:73:6C:24:82:34:46:59:47:FC:23:74:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GhREUllzKqZzbCSCNEZZR_wjdNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/ScAFpN6HXhn2d-9KA3-XrhqvKKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d10841-7d44-46da-b29c-381f23f183d7/1/GhREUllzKqZzbCSCNEZZR_wjdNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:39:d1:f1:e2:3c:80:c4:71:11:0d:22:54:47:5e:4c:a4:45:
         20:b5:1b:5e:32:8b:ef:1b:d5:6a:a0:52:4d:1f:de:ec:02:6d:
         db:83:fb:c6:9c:4b:8d:bb:c9:4d:e8:d3:ed:7b:c5:2f:79:ae:
         01:7d:43:a9:cd:26:d6:db:3e:84:bb:2a:62:99:bf:2c:c9:cb:
         e6:99:eb:1e:8a:1b:d5:6f:8c:d8:50:57:0a:5f:91:ee:73:04:
         7f:8f:aa:ad:e6:3e:30:ce:d5:79:df:0d:3c:28:2f:84:39:45:
         f7:fc:72:9f:41:67:cf:10:89:9b:de:a6:0e:0d:26:71:d9:3c:
         60:27:24:e9:31:51:50:b1:72:35:02:66:f3:a5:4e:4c:14:80:
         42:e3:12:b9:d5:63:8a:38:2f:96:de:d9:7c:0c:68:c7:5d:7f:
         c1:ec:19:a5:a1:23:65:e1:5c:27:7e:dd:43:1e:e8:4d:e4:6d:
         99:ac:be:87:08:cf:9b:eb:22:7a:b5:ad:91:a6:bb:cc:da:87:
         5d:8f:1a:de:f3:2a:5e:fa:1f:cb:f5:a4:70:6f:07:b8:e2:59:
         6e:7d:d9:8e:a0:a9:1b:6f:d9:0b:81:f4:d8:63:e4:3d:39:ce:
         09:ac:a8:51:0a:fd:33:64:29:45:fd:ca:c2:df:2c:41:da:d1:
         5a:28:1a:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhscQSqLg61f76sp4Ut0OUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMTQ0NDUyNTk3MzJhYTY3MzZjMjQ4MjM0NDY1OTQ3ZmMy
Mzc0ZDAwHhcNMjUwMTAxMTE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWMwMDVhNGRlODc1ZTE5ZjY3N2VmNGEwMzdmOTdhZTFhYWYyOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qUM6K/alkoTwrqTDrfPirulJDKx
kca0ecOkH2rJAFBU60xMr6sujntAEVLp9kkt2IUkXdVbIIEVDvtELO9q6GPyLYq2
9+iZ3NvZ6M/ookUkaJsmfLB5tsr/WOyjKnShuRLA0AnMrjKly5cSz24MKIQdZu38
veg7aBcm5934dD/Cc0WQlFJwMTBm2oQVuOGBhdvuW1569m2dez9qtqobdwxHNphY
NWUHN98gEpm8zlnxEQzMo8V9BxhFAsmweaaAIxytdSl3pcnhL7RRMbFGMgV3z+xm
4OvlTIf4dfrNa+zjXHgj9UOAnycHekZnw8I+g4yx+0jghkhjcpMVJtg4BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnABaTeh14Z9nfvSgN/l64aryiiMB8GA1UdIwQY
MBaAFBoURFJZcyqmc2wkgjRGWUf8I3TQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2hSRVVsbHpLcVp6YkNTQ05FWlpSX3dqZE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kMTA4NDEtN2Q0NC00NmRhLWIyOWMt
MzgxZjIzZjE4M2Q3LzEvU2NBRnBONkhYaG4yZC05S0EzLVhyaHF2S0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kMTA4NDEtN2Q0NC00NmRhLWIyOWMtMzgxZjIzZjE4M2Q3
LzEvR2hSRVVsbHpLcVp6YkNTQ05FWlpSX3dqZE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW85uMA0G
CSqGSIb3DQEBCwUAA4IBAQCAOdHx4jyAxHERDSJUR15MpEUgtRteMovvG9VqoFJN
H97sAm3bg/vGnEuNu8lN6NPte8Uvea4BfUOpzSbW2z6Euypimb8sycvmmeseihvV
b4zYUFcKX5HucwR/j6qt5j4wztV53w08KC+EOUX3/HKfQWfPEImb3qYODSZx2Txg
JyTpMVFQsXI1AmbzpU5MFIBC4xK51WOKOC+W3tl8DGjHXX/B7BmloSNl4Vwnft1D
HuhN5G2ZrL6HCM+b6yJ6ta2RprvM2oddjxre8ype+h/L9aRwbwe44llufdmOoKkb
b9kLgfTYY+Q9Oc4JrKhRCv0zZClF/crC3yxB2tFaKBqo
-----END CERTIFICATE-----