Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5a448a-5e7a-47e0-87da-cdcfbb100447/1/SCHcZAvBuEDabGE8ZnvuGrNm6LM.roa
File:                     SCHcZAvBuEDabGE8ZnvuGrNm6LM.roa (raw, json)
Hash identifier:          +7HN05BMaB78AnyjOqZ5Q8EXtIVzWFh5zSmSPi10HzA=
Subject key identifier:   48:21:DC:64:0B:C1:B8:40:DA:6C:61:3C:66:7B:EE:1A:B3:66:E8:B3
Certificate issuer:       /CN=3195f73419e822329794cf17fba7e93f375374a9
Certificate serial:       019423D704DC61C36B29EC560D38A6AD1F2E
Authority key identifier: 31:95:F7:34:19:E8:22:32:97:94:CF:17:FB:A7:E9:3F:37:53:74:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MZX3NBnoIjKXlM8X-6fpPzdTdKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5a448a-5e7a-47e0-87da-cdcfbb100447/1/SCHcZAvBuEDabGE8ZnvuGrNm6LM.roa
Signing time:             Wed 01 Jan 2025 21:48:01 +0000
ROA not before:           Wed 01 Jan 2025 21:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8255
IP address blocks:        193.57.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/5a448a-5e7a-47e0-87da-cdcfbb100447/1/MZX3NBnoIjKXlM8X-6fpPzdTdKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/5a448a-5e7a-47e0-87da-cdcfbb100447/1/MZX3NBnoIjKXlM8X-6fpPzdTdKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MZX3NBnoIjKXlM8X-6fpPzdTdKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:04:dc:61:c3:6b:29:ec:56:0d:38:a6:ad:1f:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3195f73419e822329794cf17fba7e93f375374a9
        Validity
            Not Before: Jan  1 21:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4821dc640bc1b840da6c613c667bee1ab366e8b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bd:3d:e0:52:28:ee:d2:be:ad:70:74:95:77:
                    77:0d:b3:fc:42:51:c0:c1:57:4b:ad:e5:45:3b:3c:
                    04:b0:f3:c5:6f:c6:3e:63:71:d7:c9:a7:21:77:94:
                    d6:3b:5f:0c:6e:72:e1:24:0b:0f:80:5c:44:a2:88:
                    84:83:1a:d8:a7:5b:7e:b2:2e:f5:49:9c:8d:07:11:
                    c5:dc:29:43:b7:ca:cf:e0:2a:29:11:21:34:ee:1f:
                    27:eb:b5:35:c2:73:2e:9f:0d:79:8e:92:71:7e:9b:
                    9e:0f:b2:0c:56:18:36:35:5c:08:0d:c9:b0:21:18:
                    fc:42:11:fa:17:27:76:8b:03:04:4e:47:e2:30:54:
                    3b:09:69:0d:9e:9e:af:08:04:84:0c:d4:d1:17:d8:
                    c9:36:ed:e8:0d:4c:54:f3:a2:7c:14:c0:89:11:50:
                    9f:85:9a:70:b8:69:7a:54:d2:45:a3:27:f8:13:8d:
                    6f:18:a6:bc:0b:1e:64:57:52:54:4d:55:ec:2d:10:
                    36:37:de:e2:d6:61:cf:bf:38:c1:4b:1f:6e:e4:eb:
                    d1:cb:88:5c:3d:92:b0:b4:d8:b5:11:0c:7f:66:aa:
                    4f:f8:cb:8c:29:22:90:75:17:bc:1b:6a:82:6b:33:
                    ed:71:3e:54:5f:a6:22:99:64:c1:c8:86:ce:47:e6:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:21:DC:64:0B:C1:B8:40:DA:6C:61:3C:66:7B:EE:1A:B3:66:E8:B3
            X509v3 Authority Key Identifier:
                keyid:31:95:F7:34:19:E8:22:32:97:94:CF:17:FB:A7:E9:3F:37:53:74:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MZX3NBnoIjKXlM8X-6fpPzdTdKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5a448a-5e7a-47e0-87da-cdcfbb100447/1/SCHcZAvBuEDabGE8ZnvuGrNm6LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5a448a-5e7a-47e0-87da-cdcfbb100447/1/MZX3NBnoIjKXlM8X-6fpPzdTdKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:f7:47:3a:68:f7:cb:21:ce:19:b5:84:3d:a1:a9:71:1c:25:
         32:8b:d7:34:7f:8e:00:24:f3:07:85:a8:56:bc:17:69:0f:1e:
         9c:d9:91:fb:21:b4:e5:da:86:3b:e9:2e:f0:9c:b4:31:e9:24:
         8b:ea:33:41:97:58:a9:a3:41:6e:ec:1b:63:44:0f:0a:5e:e2:
         be:8b:59:73:89:ba:08:fe:1b:17:6e:6c:6b:a6:e6:87:3a:90:
         33:2e:1b:51:48:b9:f5:e4:ed:97:11:46:01:db:5a:d6:17:34:
         dd:ea:06:54:3c:bc:9c:9e:ec:c2:30:ce:c9:dd:33:99:02:8f:
         e1:eb:34:46:79:a4:ac:eb:17:fe:db:ab:4f:f4:b8:76:27:ba:
         a9:38:5d:aa:c9:38:d9:d3:ab:64:81:50:76:ec:ed:bf:fa:6b:
         e0:97:6d:74:58:94:cb:84:f8:97:c3:b6:e0:89:67:d3:2f:ed:
         86:5e:64:5c:4e:f4:f1:d9:2a:be:04:d7:1f:d7:80:e8:c6:9e:
         39:16:c0:a7:14:a9:59:51:be:7b:a3:e5:8c:ee:fa:c4:b5:1c:
         0f:6b:2f:64:69:40:59:69:70:22:df:a9:38:00:21:47:b4:0c:
         8f:3a:61:ea:1c:d8:e3:76:50:02:0f:d6:11:71:4f:4a:49:f2:
         9d:ba:9d:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1wTcYcNrKexWDTimrR8uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxOTVmNzM0MTllODIyMzI5Nzk0Y2YxN2ZiYTdlOTNmMzc1
Mzc0YTkwHhcNMjUwMTAxMjE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODIxZGM2NDBiYzFiODQwZGE2YzYxM2M2NjdiZWUxYWIzNjZlOGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb094FIo7tK+rXB0lXd3DbP8QlHA
wVdLreVFOzwEsPPFb8Y+Y3HXyachd5TWO18MbnLhJAsPgFxEooiEgxrYp1t+si71
SZyNBxHF3ClDt8rP4CopESE07h8n67U1wnMunw15jpJxfpueD7IMVhg2NVwIDcmw
IRj8QhH6Fyd2iwMETkfiMFQ7CWkNnp6vCASEDNTRF9jJNu3oDUxU86J8FMCJEVCf
hZpwuGl6VNJFoyf4E41vGKa8Cx5kV1JUTVXsLRA2N97i1mHPvzjBSx9u5OvRy4hc
PZKwtNi1EQx/ZqpP+MuMKSKQdRe8G2qCazPtcT5UX6YimWTByIbOR+bXZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgh3GQLwbhA2mxhPGZ77hqzZuizMB8GA1UdIwQY
MBaAFDGV9zQZ6CIyl5TPF/un6T83U3SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVpYM05Cbm9JaktYbE04WC02ZnBQemRUZEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC81YTQ0OGEtNWU3YS00N2UwLTg3ZGEt
Y2RjZmJiMTAwNDQ3LzEvU0NIY1pBdkJ1RURhYkdFOFpudnVHck5tNkxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC81YTQ0OGEtNWU3YS00N2UwLTg3ZGEtY2RjZmJiMTAwNDQ3
LzEvTVpYM05Cbm9JaktYbE04WC02ZnBQemRUZEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTnhMA0G
CSqGSIb3DQEBCwUAA4IBAQCV90c6aPfLIc4ZtYQ9oalxHCUyi9c0f44AJPMHhahW
vBdpDx6c2ZH7IbTl2oY76S7wnLQx6SSL6jNBl1ipo0Fu7BtjRA8KXuK+i1lziboI
/hsXbmxrpuaHOpAzLhtRSLn15O2XEUYB21rWFzTd6gZUPLycnuzCMM7J3TOZAo/h
6zRGeaSs6xf+26tP9Lh2J7qpOF2qyTjZ06tkgVB27O2/+mvgl210WJTLhPiXw7bg
iWfTL+2GXmRcTvTx2Sq+BNcf14Doxp45FsCnFKlZUb57o+WM7vrEtRwPay9kaUBZ
aXAi36k4ACFHtAyPOmHqHNjjdlACD9YRcU9KSfKdup2/
-----END CERTIFICATE-----