Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/ScP8kW7fVZKKIlJqtoPhrGG1uQo.roa
File:                     ScP8kW7fVZKKIlJqtoPhrGG1uQo.roa (raw, json)
Hash identifier:          kBK8cN2i6ByxK8RJnTQxES9FzgvOd8FoOcnJVY/e4Bc=
Subject key identifier:   49:C3:FC:91:6E:DF:55:92:8A:22:52:6A:B6:83:E1:AC:61:B5:B9:0A
Certificate issuer:       /CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
Certificate serial:       019426D94E9A16BD3D78F8C49ECD802A0B93
Authority key identifier: C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/ScP8kW7fVZKKIlJqtoPhrGG1uQo.roa
Signing time:             Thu 02 Jan 2025 11:49:23 +0000
ROA not before:           Thu 02 Jan 2025 11:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     789
IP address blocks:        134.158.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:4e:9a:16:bd:3d:78:f8:c4:9e:cd:80:2a:0b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
        Validity
            Not Before: Jan  2 11:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49c3fc916edf55928a22526ab683e1ac61b5b90a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:84:67:0c:7a:5f:e7:5e:d7:ac:66:31:c2:cb:
                    05:4c:80:26:04:7b:eb:37:49:5c:1c:d7:ba:42:30:
                    b5:43:9f:02:71:fa:f1:60:d8:ea:20:b5:d8:03:14:
                    cb:53:19:6f:76:ea:f6:77:a7:b8:49:b8:16:48:13:
                    a8:3a:f1:7e:05:58:64:42:70:6c:12:08:0f:af:e7:
                    91:c0:da:a0:60:44:3c:fc:41:8a:24:1c:82:d4:1b:
                    75:6d:3a:ad:60:d0:11:8c:b0:d3:4b:f2:0e:e2:57:
                    73:6a:ab:79:e1:5e:ac:3b:78:1c:54:9e:61:db:69:
                    f1:65:1d:4d:5a:c7:6d:11:5b:0d:a2:a3:95:d8:76:
                    f0:28:23:9b:ab:12:46:44:c7:ef:6e:36:92:29:82:
                    85:03:86:bf:0b:0c:55:79:b9:bb:3a:52:25:c4:b4:
                    eb:e4:79:9e:3c:be:c7:fc:25:1f:2f:83:92:9f:a7:
                    95:e8:dd:01:94:31:10:5d:c8:5c:b7:1b:13:41:ca:
                    15:0d:a8:4d:a2:0e:33:19:51:64:2f:cb:62:58:d3:
                    a0:3c:73:32:12:1d:e7:8e:7e:17:20:4b:9b:a0:de:
                    0f:7e:49:05:87:18:e9:1c:ce:d8:b6:a4:50:7b:cf:
                    fa:21:5d:e8:4f:ba:75:a5:52:50:4d:6e:b0:f8:c6:
                    fd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:C3:FC:91:6E:DF:55:92:8A:22:52:6A:B6:83:E1:AC:61:B5:B9:0A
            X509v3 Authority Key Identifier:
                keyid:C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/ScP8kW7fVZKKIlJqtoPhrGG1uQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.158.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:0b:b8:95:65:f3:b3:b4:b4:ce:0a:e7:0b:92:c8:a4:0b:45:
         e2:73:79:35:d2:66:13:bd:32:41:20:0f:82:a7:63:0c:94:ea:
         72:05:2e:e3:f0:fa:aa:91:f7:27:40:11:64:f3:00:8d:dc:f2:
         c0:63:cb:b8:af:9d:56:45:fc:1c:2f:f1:a0:4b:ce:0d:c4:db:
         b9:e4:f8:8d:fa:b0:de:80:97:dd:30:bd:81:07:90:89:f8:c2:
         0b:d5:1b:a6:be:3f:7a:b7:aa:f6:32:22:bd:41:f5:8c:9f:56:
         cc:0e:6a:78:14:2d:d6:4b:b5:4b:c5:ae:71:f4:4b:77:a0:14:
         d0:e3:f0:a9:3d:05:ce:60:58:72:f5:4a:8c:4f:a3:f2:f1:78:
         76:47:3d:70:d8:cf:a2:84:74:8c:be:2c:0d:b3:6e:89:bd:85:
         32:33:d8:91:24:3e:2a:51:54:e3:68:e8:65:c1:17:3d:ef:f8:
         ca:50:13:06:34:7f:79:76:73:9e:60:6e:8a:58:35:22:e1:d7:
         5e:d4:28:30:57:6c:05:78:ea:7f:fc:95:29:58:78:d7:b9:76:
         61:6a:78:bd:83:b0:be:f2:73:39:ec:a8:db:67:7c:95:b3:04:
         a8:ef:5c:47:f9:35:b8:a3:92:07:ee:6b:e2:d1:9f:80:b0:2d:
         eb:bf:22:d4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQm2U6aFr09ePjEns2AKguTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YTdjM2Y0YjE0NjkzNTEyMjAyNTk1YThhNGY5NWIwZDZi
N2ExMDEwHhcNMjUwMTAyMTE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWMzZmM5MTZlZGY1NTkyOGEyMjUyNmFiNjgzZTFhYzYxYjViOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8oRnDHpf517XrGYxwssFTIAmBHvr
N0lcHNe6QjC1Q58CcfrxYNjqILXYAxTLUxlvdur2d6e4SbgWSBOoOvF+BVhkQnBs
EggPr+eRwNqgYEQ8/EGKJByC1Bt1bTqtYNARjLDTS/IO4ldzaqt54V6sO3gcVJ5h
22nxZR1NWsdtEVsNoqOV2HbwKCObqxJGRMfvbjaSKYKFA4a/CwxVebm7OlIlxLTr
5HmePL7H/CUfL4OSn6eV6N0BlDEQXchctxsTQcoVDahNog4zGVFkL8tiWNOgPHMy
Eh3njn4XIEuboN4PfkkFhxjpHM7YtqRQe8/6IV3oT7p1pVJQTW6w+Mb9eQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEnD/JFu31WSiiJSaraD4axhtbkKMB8GA1UdIwQY
MBaAFMWnw/SxRpNRIgJZWopPlbDWt6EBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgt
ZDEyZjFlMjQ1NmJhLzEvU2NQOGtXN2ZWWktLSWxKcXRvUGhyR0cxdVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgtZDEyZjFlMjQ1NmJh
LzEveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhp4wDQYJ
KoZIhvcNAQELBQADggEBAFILuJVl87O0tM4K5wuSyKQLReJzeTXSZhO9MkEgD4Kn
YwyU6nIFLuPw+qqR9ydAEWTzAI3c8sBjy7ivnVZF/Bwv8aBLzg3E27nk+I36sN6A
l90wvYEHkIn4wgvVG6a+P3q3qvYyIr1B9YyfVswOangULdZLtUvFrnH0S3egFNDj
8Kk9Bc5gWHL1SoxPo/LxeHZHPXDYz6KEdIy+LA2zbom9hTIz2JEkPipRVONo6GXB
Fz3v+MpQEwY0f3l2c55gbopYNSLh117UKDBXbAV46n/8lSlYeNe5dmFqeL2DsL7y
cznsqNtnfJWzBKjvXEf5Nbijkgfua+LRn4CwLeu/ItQ=
-----END CERTIFICATE-----