Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/SAc4N5mOYskXXQItNaC6-fHezN4.roa
File:                     SAc4N5mOYskXXQItNaC6-fHezN4.roa (raw, json)
Hash identifier:          3vn4QWZ4UzqrNwc2gut08M7Edo0Fd06IMg0+84eAYXA=
Subject key identifier:   48:07:38:37:99:8E:62:C9:17:5D:02:2D:35:A0:BA:F9:F1:DE:CC:DE
Certificate issuer:       /CN=6fa48e96197426e4c5eeb423e0fd9c2e952c4177
Certificate serial:       01942368E414867BEC806F43E755CEEC6EB1
Authority key identifier: 6F:A4:8E:96:19:74:26:E4:C5:EE:B4:23:E0:FD:9C:2E:95:2C:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6SOlhl0JuTF7rQj4P2cLpUsQXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/SAc4N5mOYskXXQItNaC6-fHezN4.roa
Signing time:             Wed 01 Jan 2025 19:47:44 +0000
ROA not before:           Wed 01 Jan 2025 19:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3292
IP address blocks:        193.163.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/b6SOlhl0JuTF7rQj4P2cLpUsQXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/b6SOlhl0JuTF7rQj4P2cLpUsQXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6SOlhl0JuTF7rQj4P2cLpUsQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:e4:14:86:7b:ec:80:6f:43:e7:55:ce:ec:6e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa48e96197426e4c5eeb423e0fd9c2e952c4177
        Validity
            Not Before: Jan  1 19:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48073837998e62c9175d022d35a0baf9f1deccde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:99:33:14:ec:98:22:90:57:d2:f3:6a:9c:fa:
                    dd:32:e4:f0:fb:12:93:b4:a9:bd:12:dd:1b:b4:7b:
                    24:0a:6c:c0:50:0b:54:09:07:b6:4d:9f:39:b0:fa:
                    87:20:15:e7:0c:1b:40:30:cb:e8:56:f0:b0:27:86:
                    8b:31:33:d6:30:e4:9e:5b:b0:d1:c0:c6:4f:73:92:
                    25:fa:2b:89:4a:83:0f:84:a1:cf:4c:a4:70:db:66:
                    3c:95:69:90:1f:c5:c7:86:75:ec:40:6d:eb:94:d0:
                    ec:63:0f:ad:97:8f:22:f5:f9:a0:d4:ae:dd:5a:01:
                    0d:d4:96:62:3e:7d:11:76:fb:0e:c7:d6:33:6a:9c:
                    e0:fe:a5:59:6e:45:cb:f2:6d:0d:b8:e8:ce:29:a3:
                    7b:90:71:c6:b6:55:f9:3b:49:99:ae:03:c0:93:37:
                    06:7d:45:44:67:51:50:c1:09:3d:ed:c8:6a:d4:5b:
                    48:5a:65:7d:59:be:bb:7f:55:a0:d6:14:8c:3a:0c:
                    e9:0d:6c:81:9b:bf:ee:ac:35:24:f8:d4:c9:e6:e3:
                    b5:f3:94:4d:19:8d:5d:d7:a0:1b:7a:a1:02:93:c9:
                    a6:4a:e7:e6:72:30:15:52:e0:3f:26:92:35:5e:3d:
                    57:62:d1:3e:0a:e8:c8:7d:fe:59:27:0b:37:4b:03:
                    2b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:07:38:37:99:8E:62:C9:17:5D:02:2D:35:A0:BA:F9:F1:DE:CC:DE
            X509v3 Authority Key Identifier:
                keyid:6F:A4:8E:96:19:74:26:E4:C5:EE:B4:23:E0:FD:9C:2E:95:2C:41:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6SOlhl0JuTF7rQj4P2cLpUsQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/SAc4N5mOYskXXQItNaC6-fHezN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/8c5bc7-55fa-4044-88da-68185fdb9003/1/b6SOlhl0JuTF7rQj4P2cLpUsQXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:41:f9:53:ab:ef:ed:91:ab:80:29:b2:ad:28:a5:9c:98:95:
         70:aa:f9:6f:54:23:17:ae:b9:ee:df:30:24:dc:3e:40:8d:d0:
         53:06:b5:ea:93:9b:64:24:65:67:f7:d4:0e:0c:88:7c:c6:bc:
         cb:26:b2:d1:a0:8a:1c:74:1d:ef:b5:62:1c:48:f2:2c:46:02:
         c5:f0:ff:55:23:30:e8:d5:60:af:2a:ba:c9:63:52:e7:3c:49:
         3e:27:8b:ba:68:b5:fc:06:aa:e5:a0:76:04:9e:78:5d:9e:4d:
         85:40:7a:36:a1:da:87:63:b7:6a:c4:d9:08:1d:a7:68:ac:b8:
         be:0a:4b:96:f7:70:43:41:9b:fb:c9:0f:30:00:9c:cb:1b:2d:
         d7:2a:d8:d6:0e:9d:22:bc:f6:cc:d5:7c:cd:9e:a8:b2:3a:2c:
         a5:b6:e8:b3:c6:d0:ed:84:e5:06:99:3b:31:fd:b3:a7:9d:01:
         e7:45:ab:7b:f9:4c:49:02:2d:52:b2:be:31:1b:25:51:5d:fd:
         41:3c:16:47:98:51:0c:1a:ec:41:02:a5:50:20:74:fe:5d:80:
         15:20:9c:43:88:93:1a:1f:1d:ab:51:eb:bd:b2:34:bf:5f:c1:
         9a:1d:b7:82:fa:27:de:a7:93:1f:67:0d:b6:b8:e9:f9:e1:4b:
         48:96:ef:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaOQUhnvsgG9D51XO7G6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTQ4ZTk2MTk3NDI2ZTRjNWVlYjQyM2UwZmQ5YzJlOTUy
YzQxNzcwHhcNMjUwMTAxMTk0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODA3MzgzNzk5OGU2MmM5MTc1ZDAyMmQzNWEwYmFmOWYxZGVjY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZkzFOyYIpBX0vNqnPrdMuTw+xKT
tKm9Et0btHskCmzAUAtUCQe2TZ85sPqHIBXnDBtAMMvoVvCwJ4aLMTPWMOSeW7DR
wMZPc5Il+iuJSoMPhKHPTKRw22Y8lWmQH8XHhnXsQG3rlNDsYw+tl48i9fmg1K7d
WgEN1JZiPn0RdvsOx9Yzapzg/qVZbkXL8m0NuOjOKaN7kHHGtlX5O0mZrgPAkzcG
fUVEZ1FQwQk97chq1FtIWmV9Wb67f1Wg1hSMOgzpDWyBm7/urDUk+NTJ5uO185RN
GY1d16AbeqECk8mmSufmcjAVUuA/JpI1Xj1XYtE+CujIff5ZJws3SwMr9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgHODeZjmLJF10CLTWguvnx3szeMB8GA1UdIwQY
MBaAFG+kjpYZdCbkxe60I+D9nC6VLEF3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZTT2xobDBKdVRGN3JRajRQMmNMcFVzUVhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC84YzViYzctNTVmYS00MDQ0LTg4ZGEt
NjgxODVmZGI5MDAzLzEvU0FjNE41bU9Zc2tYWFFJdE5hQzYtZkhlek40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC84YzViYzctNTVmYS00MDQ0LTg4ZGEtNjgxODVmZGI5MDAz
LzEvYjZTT2xobDBKdVRGN3JRajRQMmNMcFVzUVhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaPcMA0G
CSqGSIb3DQEBCwUAA4IBAQBkQflTq+/tkauAKbKtKKWcmJVwqvlvVCMXrrnu3zAk
3D5AjdBTBrXqk5tkJGVn99QODIh8xrzLJrLRoIocdB3vtWIcSPIsRgLF8P9VIzDo
1WCvKrrJY1LnPEk+J4u6aLX8BqrloHYEnnhdnk2FQHo2odqHY7dqxNkIHadorLi+
CkuW93BDQZv7yQ8wAJzLGy3XKtjWDp0ivPbM1XzNnqiyOiyltuizxtDthOUGmTsx
/bOnnQHnRat7+UxJAi1Ssr4xGyVRXf1BPBZHmFEMGuxBAqVQIHT+XYAVIJxDiJMa
Hx2rUeu9sjS/X8GaHbeC+ifep5MfZw22uOn54UtIlu/Z
-----END CERTIFICATE-----