Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d85f41-7701-44c2-bf2e-c5619859450c/1/S1dC-8FvWd5r91Ep_3NW-RYRFSM.roa
File:                     S1dC-8FvWd5r91Ep_3NW-RYRFSM.roa (raw, json)
Hash identifier:          WN6IJU4enC30WWGrEp1TUJBHxrmIxnrzAFySxPEWWA0=
Subject key identifier:   4B:57:42:FB:C1:6F:59:DE:6B:F7:51:29:FF:73:56:F9:16:11:15:23
Certificate issuer:       /CN=7e2e2918432849eb71e95dc40d1079ea865f6109
Certificate serial:       01942522349349B41B720F46CC0BACA4C072
Authority key identifier: 7E:2E:29:18:43:28:49:EB:71:E9:5D:C4:0D:10:79:EA:86:5F:61:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fi4pGEMoSetx6V3EDRB56oZfYQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/d85f41-7701-44c2-bf2e-c5619859450c/1/S1dC-8FvWd5r91Ep_3NW-RYRFSM.roa
Signing time:             Thu 02 Jan 2025 03:49:46 +0000
ROA not before:           Thu 02 Jan 2025 03:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208197
IP address blocks:        194.9.63.0/24 maxlen: 24
                          2a12:4640::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/d85f41-7701-44c2-bf2e-c5619859450c/1/fi4pGEMoSetx6V3EDRB56oZfYQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/d85f41-7701-44c2-bf2e-c5619859450c/1/fi4pGEMoSetx6V3EDRB56oZfYQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fi4pGEMoSetx6V3EDRB56oZfYQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:34:93:49:b4:1b:72:0f:46:cc:0b:ac:a4:c0:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e2e2918432849eb71e95dc40d1079ea865f6109
        Validity
            Not Before: Jan  2 03:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b5742fbc16f59de6bf75129ff7356f916111523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b6:23:fe:ec:5f:6b:7b:14:d6:fb:7b:4c:4b:
                    b4:92:05:70:95:6c:3d:98:6e:83:9e:b5:e0:63:48:
                    43:a4:89:ab:b8:95:2b:73:92:33:00:3e:92:77:e9:
                    f1:46:73:28:2f:bb:0c:a4:71:04:e4:5b:39:eb:21:
                    9b:ec:67:b1:4e:b9:bd:72:c6:08:8b:49:9e:32:c7:
                    bd:12:01:ac:b6:9f:e1:24:72:16:c3:2b:be:62:d7:
                    2a:3c:0a:86:99:0f:84:08:0e:84:49:68:ae:2e:f1:
                    61:51:5f:e1:0a:f5:91:28:30:f3:ae:5e:9d:48:4d:
                    6e:af:27:09:91:64:b3:ef:a5:90:d8:2c:68:7f:ce:
                    d4:17:c3:81:89:c1:a3:b2:ea:ef:6c:73:f7:7f:e6:
                    15:e3:d2:82:45:ac:75:1f:60:f2:94:74:a3:e6:4c:
                    9d:67:24:f1:a9:ba:d2:2f:cf:20:88:a0:97:e9:b2:
                    61:18:20:0a:8c:aa:0c:8a:94:1a:f8:83:99:f3:93:
                    63:a1:d5:e3:fd:cf:ce:c0:05:e7:8d:b7:18:37:a2:
                    eb:0a:4b:8f:35:88:f6:0f:55:e1:74:12:ca:23:e8:
                    3a:7b:3d:6f:21:b6:88:58:e2:4a:3b:4a:b6:7d:eb:
                    f3:dc:9c:ec:87:a3:8d:f9:ca:a6:30:45:58:af:c8:
                    22:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:57:42:FB:C1:6F:59:DE:6B:F7:51:29:FF:73:56:F9:16:11:15:23
            X509v3 Authority Key Identifier:
                keyid:7E:2E:29:18:43:28:49:EB:71:E9:5D:C4:0D:10:79:EA:86:5F:61:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fi4pGEMoSetx6V3EDRB56oZfYQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d85f41-7701-44c2-bf2e-c5619859450c/1/S1dC-8FvWd5r91Ep_3NW-RYRFSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d85f41-7701-44c2-bf2e-c5619859450c/1/fi4pGEMoSetx6V3EDRB56oZfYQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.63.0/24
                IPv6:
                  2a12:4640::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:4b:78:c5:2e:59:b7:7f:6e:ac:25:e8:88:9a:5d:18:b9:a2:
         d0:58:67:ff:c9:a2:eb:99:72:ea:46:e5:8f:b2:bd:4b:27:56:
         95:36:47:df:a3:3c:79:55:b5:8e:f9:cb:75:89:93:61:93:4f:
         00:8f:34:89:88:be:e2:74:e3:05:78:1f:2b:55:a0:8e:88:26:
         71:84:47:56:b9:fb:b5:5a:09:06:28:fa:b6:ff:d6:2e:22:fb:
         0f:23:e2:e8:01:d6:f0:aa:69:66:66:7e:f0:8c:ce:75:d4:6c:
         4a:9b:aa:e3:fd:c2:15:0a:27:00:4d:aa:1c:c1:a7:19:fe:6d:
         8c:7b:55:1e:17:c3:0d:4f:94:e1:7b:64:c1:f0:06:bf:f8:38:
         9c:2a:51:26:cb:2a:01:65:a0:c6:f7:39:24:f1:53:ae:bf:a7:
         a6:b9:3e:93:a7:15:a5:8a:78:83:89:3f:eb:e6:fd:af:cb:17:
         ba:e9:c7:0e:47:64:16:2d:35:9c:6b:ca:aa:22:30:44:25:46:
         4d:8c:eb:59:f4:a1:d6:96:83:b5:ad:19:d4:d5:d3:36:ec:15:
         77:e7:2f:5c:00:fa:30:c6:fb:79:ab:ca:26:de:8b:29:39:02:
         86:57:a3:b8:aa:f7:73:63:96:47:d6:eb:c5:eb:59:69:01:b3:
         e6:6d:78:c5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIjSTSbQbcg9GzAuspMByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmUyOTE4NDMyODQ5ZWI3MWU5NWRjNDBkMTA3OWVhODY1
ZjYxMDkwHhcNMjUwMTAyMDM0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU3NDJmYmMxNmY1OWRlNmJmNzUxMjlmZjczNTZmOTE2MTExNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7Yj/uxfa3sU1vt7TEu0kgVwlWw9
mG6DnrXgY0hDpImruJUrc5IzAD6Sd+nxRnMoL7sMpHEE5Fs56yGb7GexTrm9csYI
i0meMse9EgGstp/hJHIWwyu+YtcqPAqGmQ+ECA6ESWiuLvFhUV/hCvWRKDDzrl6d
SE1urycJkWSz76WQ2Cxof87UF8OBicGjsurvbHP3f+YV49KCRax1H2DylHSj5kyd
ZyTxqbrSL88giKCX6bJhGCAKjKoMipQa+IOZ85NjodXj/c/OwAXnjbcYN6LrCkuP
NYj2D1XhdBLKI+g6ez1vIbaIWOJKO0q2fevz3Jzsh6ON+cqmMEVYr8giWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEtXQvvBb1nea/dRKf9zVvkWERUjMB8GA1UdIwQY
MBaAFH4uKRhDKEnrceldxA0QeeqGX2EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmk0cEdFTW9TZXR4NlYzRURSQjU2b1pmWVFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kODVmNDEtNzcwMS00NGMyLWJmMmUt
YzU2MTk4NTk0NTBjLzEvUzFkQy04RnZXZDVyOTFFcF8zTlctUllSRlNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kODVmNDEtNzcwMS00NGMyLWJmMmUtYzU2MTk4NTk0NTBj
LzEvZmk0cEdFTW9TZXR4NlYzRURSQjU2b1pmWVFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgk/MA0E
AgACMAcDBQAqEkZAMA0GCSqGSIb3DQEBCwUAA4IBAQASS3jFLlm3f26sJeiIml0Y
uaLQWGf/yaLrmXLqRuWPsr1LJ1aVNkffozx5VbWO+ct1iZNhk08AjzSJiL7idOMF
eB8rVaCOiCZxhEdWufu1WgkGKPq2/9YuIvsPI+LoAdbwqmlmZn7wjM511GxKm6rj
/cIVCicATaocwacZ/m2Me1UeF8MNT5The2TB8Aa/+DicKlEmyyoBZaDG9zkk8VOu
v6emuT6TpxWliniDiT/r5v2vyxe66ccOR2QWLTWca8qqIjBEJUZNjOtZ9KHWloO1
rRnU1dM27BV35y9cAPowxvt5q8om3ospOQKGV6O4qvdzY5ZH1uvF61lpAbPmbXjF
-----END CERTIFICATE-----