Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/SJGBqzFK1fKvf_f1FLUR0zwV0Gc.roa
File:                     SJGBqzFK1fKvf_f1FLUR0zwV0Gc.roa (raw, json)
Hash identifier:          JWbwRQNzKTz8Hk/uB2kU3wtUKCfpZrGDqBglxxPGaxw=
Subject key identifier:   48:91:81:AB:31:4A:D5:F2:AF:7F:F7:F5:14:B5:11:D3:3C:15:D0:67
Certificate issuer:       /CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Certificate serial:       0191BE1BDD4268CEEE9A2D4DA6EC4406EBD2
Authority key identifier: 30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/SJGBqzFK1fKvf_f1FLUR0zwV0Gc.roa
Signing time:             Wed 04 Sep 2024 17:36:22 +0000
ROA not before:           Wed 04 Sep 2024 17:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.130.49.0/24 maxlen: 24
                          2a13:141:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:be:1b:dd:42:68:ce:ee:9a:2d:4d:a6:ec:44:06:eb:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
        Validity
            Not Before: Sep  4 17:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=489181ab314ad5f2af7ff7f514b511d33c15d067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:bf:80:41:2a:b0:9f:b1:ae:19:95:f5:ac:ce:
                    09:93:03:c6:da:56:7b:ff:07:2d:29:01:b8:a9:08:
                    34:59:ed:ef:20:c8:3a:5c:74:ae:d5:2c:b6:10:e3:
                    61:ce:93:fe:29:da:e2:7c:7d:3e:2e:7d:9d:cc:45:
                    66:7b:fd:0e:cf:7c:27:44:7d:b4:0e:5d:34:8d:09:
                    12:01:92:26:7b:cc:b1:8f:50:c3:81:ac:c7:08:e8:
                    01:5d:d3:c1:6f:28:10:bf:5b:53:24:3d:e1:c8:34:
                    82:92:cc:77:88:7e:22:d6:27:be:81:f8:b1:73:84:
                    b9:84:88:91:89:e4:4e:f1:f7:33:5d:ab:f7:c3:0b:
                    ec:a2:14:e6:d0:84:c0:0d:48:3a:49:ae:70:19:90:
                    42:20:bd:a9:2a:63:63:fd:c5:da:b6:9c:53:cc:2f:
                    77:fc:04:8f:d1:fb:aa:d6:e5:87:5c:67:a8:b0:49:
                    20:d1:e5:e5:ab:ea:11:b1:91:89:41:f8:c9:de:a8:
                    1d:3e:9a:4e:67:36:37:1b:cb:f9:a5:12:18:38:17:
                    97:fc:88:e7:4f:22:5d:e0:b2:1b:67:e9:e4:ef:0c:
                    b7:d9:20:7a:52:9f:a7:ec:89:06:90:0b:13:5c:cd:
                    cc:17:fa:bc:ef:ed:0d:b6:15:b1:81:39:9a:71:ca:
                    ee:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:91:81:AB:31:4A:D5:F2:AF:7F:F7:F5:14:B5:11:D3:3C:15:D0:67
            X509v3 Authority Key Identifier:
                keyid:30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/SJGBqzFK1fKvf_f1FLUR0zwV0Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.49.0/24
                IPv6:
                  2a13:141:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:07:4d:ca:b9:c5:dd:97:ed:69:f5:de:8a:76:eb:8b:8f:88:
         93:12:9e:48:a2:1c:8d:38:96:1c:86:f5:79:fb:2d:c9:06:1c:
         ec:3e:f5:f2:c2:bc:94:5d:fb:45:2e:e0:a8:46:fb:86:63:b5:
         bf:ec:bb:4e:d7:a0:c6:96:72:b5:82:89:22:4b:34:60:72:be:
         53:44:fe:cf:62:1e:b3:e3:4d:fc:28:79:20:65:f1:1b:9c:d9:
         8a:09:8f:41:3e:0f:f1:50:57:8f:0e:e1:72:e9:97:82:fb:37:
         a5:c5:35:41:5b:9a:48:6d:9a:a4:e2:7d:c6:85:5c:d4:c9:f9:
         bf:9a:b1:c1:6d:61:51:09:4b:13:b0:69:6c:2d:2c:ee:87:11:
         27:6e:1f:53:9c:3f:5d:39:a5:ca:ff:8e:97:af:80:55:90:4f:
         c2:18:f1:6e:08:3b:9c:9b:97:55:1f:0a:e7:58:d1:8f:22:71:
         5f:e1:2b:9d:f4:37:44:91:a8:60:c3:e2:91:e5:4c:32:a7:0a:
         74:11:1a:da:f8:2f:b7:41:16:2f:29:4f:b0:af:60:b7:68:a7:
         2c:e4:a6:68:00:79:c9:fb:03:ac:0c:41:9f:ed:dc:3d:4d:db:
         fa:0e:24:34:b7:cf:ea:4e:99:af:e1:1d:2a:50:8e:64:b8:92:
         e5:95:c5:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZG+G91CaM7umi1NpuxEBuvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDU4ZTQwYzZkOTFmMzcyOWU1N2UzMzQ0ZDMwOGI1OTky
ZmU0NmUwHhcNMjQwOTA0MTczNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODkxODFhYjMxNGFkNWYyYWY3ZmY3ZjUxNGI1MTFkMzNjMTVkMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0b+AQSqwn7GuGZX1rM4JkwPG2lZ7
/wctKQG4qQg0We3vIMg6XHSu1Sy2EONhzpP+KdrifH0+Ln2dzEVme/0Oz3wnRH20
Dl00jQkSAZIme8yxj1DDgazHCOgBXdPBbygQv1tTJD3hyDSCksx3iH4i1ie+gfix
c4S5hIiRieRO8fczXav3wwvsohTm0ITADUg6Sa5wGZBCIL2pKmNj/cXatpxTzC93
/ASP0fuq1uWHXGeosEkg0eXlq+oRsZGJQfjJ3qgdPppOZzY3G8v5pRIYOBeX/Ijn
TyJd4LIbZ+nk7wy32SB6Up+n7IkGkAsTXM3MF/q87+0NthWxgTmaccrudQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEiRgasxStXyr3/39RS1EdM8FdBnMB8GA1UdIwQY
MBaAFDDVjkDG2R83KeV+M0TTCLWZL+RuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEt
ZjgyYjcwZDhhMGE3LzEvU0pHQnF6RksxZkt2Zl9mMUZMVVIwendWMEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEtZjgyYjcwZDhhMGE3
LzEvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYIxMA8E
AgACMAkDBwAqEwFBAAMwDQYJKoZIhvcNAQELBQADggEBAIQHTcq5xd2X7Wn13op2
64uPiJMSnkiiHI04lhyG9Xn7LckGHOw+9fLCvJRd+0Uu4KhG+4Zjtb/su07XoMaW
crWCiSJLNGByvlNE/s9iHrPjTfwoeSBl8Ruc2YoJj0E+D/FQV48O4XLpl4L7N6XF
NUFbmkhtmqTifcaFXNTJ+b+ascFtYVEJSxOwaWwtLO6HESduH1OcP105pcr/jpev
gFWQT8IY8W4IO5ybl1UfCudY0Y8icV/hK530N0SRqGDD4pHlTDKnCnQRGtr4L7dB
Fi8pT7CvYLdopyzkpmgAecn7A6wMQZ/t3D1N2/oOJDS3z+pOma/hHSpQjmS4kuWV
xTU=
-----END CERTIFICATE-----