Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/SIC0wWMpDwMCH170jWGV4n8YVKg.roa
File:                     SIC0wWMpDwMCH170jWGV4n8YVKg.roa (raw, json)
Hash identifier:          11XuYsn3Bm92vB4Wx8w/k47zF7w2waOFdbevLO5t4Fc=
Subject key identifier:   48:80:B4:C1:63:29:0F:03:02:1F:5E:F4:8D:61:95:E2:7F:18:54:A8
Certificate issuer:       /CN=4687dac0837ed31137a32496a6c93e9431c60784
Certificate serial:       019420D59BD8861520B499379F43BC2063CF
Authority key identifier: 46:87:DA:C0:83:7E:D3:11:37:A3:24:96:A6:C9:3E:94:31:C6:07:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RofawIN-0xE3oySWpsk-lDHGB4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/SIC0wWMpDwMCH170jWGV4n8YVKg.roa
Signing time:             Wed 01 Jan 2025 07:47:37 +0000
ROA not before:           Wed 01 Jan 2025 07:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        212.19.235.0/24 maxlen: 24
                          212.19.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/RofawIN-0xE3oySWpsk-lDHGB4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/RofawIN-0xE3oySWpsk-lDHGB4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RofawIN-0xE3oySWpsk-lDHGB4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9b:d8:86:15:20:b4:99:37:9f:43:bc:20:63:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4687dac0837ed31137a32496a6c93e9431c60784
        Validity
            Not Before: Jan  1 07:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4880b4c163290f03021f5ef48d6195e27f1854a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:10:6f:61:01:00:de:2f:41:0f:8a:ae:6c:e0:
                    20:58:58:65:70:10:2c:52:07:2b:53:07:3b:d7:f7:
                    07:e7:af:80:80:ba:7b:31:08:ec:eb:a6:ca:68:60:
                    f4:f0:f7:80:a4:ee:8e:d4:ba:84:a6:56:61:66:03:
                    98:57:49:b6:de:90:2a:a3:c1:d6:9f:43:cb:3f:17:
                    c1:f6:b7:90:44:64:a7:b8:01:d9:53:71:dc:7f:93:
                    f1:7e:86:8c:54:27:b9:3f:88:68:e9:7b:d1:3d:2e:
                    e5:cf:0a:63:28:8b:e5:67:bf:e3:50:45:06:9e:8b:
                    28:47:69:77:cb:a0:56:21:d1:77:ad:c6:a0:88:7d:
                    ea:fc:88:7a:85:10:ba:9c:09:59:5f:bb:f0:18:b5:
                    d7:f3:25:87:d7:fd:a8:00:f8:0a:c4:d0:0c:c6:86:
                    a2:28:53:29:a1:04:db:a4:9f:0a:1a:fa:e2:8e:78:
                    c6:46:81:2b:7d:0a:52:05:57:d3:94:a9:27:34:1a:
                    22:9b:22:90:67:13:78:41:b3:ed:43:9d:e9:31:88:
                    09:e3:0d:b6:33:d0:7f:1d:d2:de:8b:d3:f7:ab:cb:
                    03:c7:12:10:58:70:bd:ce:d8:d1:f1:fb:38:98:aa:
                    43:06:26:23:14:af:c4:aa:ff:c9:f3:83:e3:94:5a:
                    28:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:80:B4:C1:63:29:0F:03:02:1F:5E:F4:8D:61:95:E2:7F:18:54:A8
            X509v3 Authority Key Identifier:
                keyid:46:87:DA:C0:83:7E:D3:11:37:A3:24:96:A6:C9:3E:94:31:C6:07:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RofawIN-0xE3oySWpsk-lDHGB4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/SIC0wWMpDwMCH170jWGV4n8YVKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/1264f8-9c7d-40cd-9729-7089bc598d83/1/RofawIN-0xE3oySWpsk-lDHGB4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.19.235.0-212.19.236.255

    Signature Algorithm: sha256WithRSAEncryption
         06:63:e8:15:30:bd:01:03:6e:19:91:d1:6c:a2:b2:16:8a:20:
         b3:d3:1a:32:6e:30:8f:b3:e3:d5:bd:91:5e:3d:85:06:19:22:
         19:48:c8:9f:81:14:8b:f0:50:b6:c1:44:31:bf:7c:45:0d:18:
         04:d9:ff:6f:65:79:d5:b9:6c:17:e7:b1:1c:d7:c3:e9:71:36:
         05:19:6f:e8:d8:a8:31:f5:13:89:2f:51:c7:08:0b:78:b4:5a:
         94:f0:75:34:a5:34:2e:3c:5d:9b:16:ca:ae:3e:a3:24:4c:30:
         73:e3:71:d6:e9:d1:93:49:44:46:e4:d0:cd:4e:5e:1e:b2:6f:
         4a:7a:56:52:97:fe:35:9d:91:3a:f4:13:a3:29:33:f1:2e:10:
         ed:82:43:89:a6:c1:06:6a:2f:5e:7e:21:92:ca:0d:59:d3:23:
         f7:65:14:e3:9e:84:48:71:79:17:a3:ee:84:3d:a5:cf:bf:4d:
         4e:10:b0:50:40:9f:5d:47:ff:34:84:66:e4:e3:ff:e4:34:c1:
         98:eb:a1:5e:c4:97:12:49:30:d1:6a:d7:68:07:5e:dd:26:56:
         5f:cb:05:d3:f2:6f:1a:06:da:76:d5:ee:27:c3:c5:e8:cc:23:
         f9:4b:31:f6:c4:f8:7c:a6:ce:5b:fb:3b:67:61:92:a9:6b:59:
         0d:6d:c6:6a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQg1ZvYhhUgtJk3n0O8IGPPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ODdkYWMwODM3ZWQzMTEzN2EzMjQ5NmE2YzkzZTk0MzFj
NjA3ODQwHhcNMjUwMTAxMDc0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODgwYjRjMTYzMjkwZjAzMDIxZjVlZjQ4ZDYxOTVlMjdmMTg1NGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBBvYQEA3i9BD4qubOAgWFhlcBAs
UgcrUwc71/cH56+AgLp7MQjs66bKaGD08PeApO6O1LqEplZhZgOYV0m23pAqo8HW
n0PLPxfB9reQRGSnuAHZU3Hcf5PxfoaMVCe5P4ho6XvRPS7lzwpjKIvlZ7/jUEUG
nosoR2l3y6BWIdF3rcagiH3q/Ih6hRC6nAlZX7vwGLXX8yWH1/2oAPgKxNAMxoai
KFMpoQTbpJ8KGvrijnjGRoErfQpSBVfTlKknNBoimyKQZxN4QbPtQ53pMYgJ4w22
M9B/HdLei9P3q8sDxxIQWHC9ztjR8fs4mKpDBiYjFK/Eqv/J84PjlFooJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEiAtMFjKQ8DAh9e9I1hleJ/GFSoMB8GA1UdIwQY
MBaAFEaH2sCDftMRN6MklqbJPpQxxgeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm9mYXdJTi0weEUzb3lTV3Bzay1sREhHQjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8xMjY0ZjgtOWM3ZC00MGNkLTk3Mjkt
NzA4OWJjNTk4ZDgzLzEvU0lDMHdXTXBEd01DSDE3MGpXR1Y0bjhZVktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8xMjY0ZjgtOWM3ZC00MGNkLTk3MjktNzA4OWJjNTk4ZDgz
LzEvUm9mYXdJTi0weEUzb3lTV3Bzay1sREhHQjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUE+sD
BADUE+wwDQYJKoZIhvcNAQELBQADggEBAAZj6BUwvQEDbhmR0WyishaKILPTGjJu
MI+z49W9kV49hQYZIhlIyJ+BFIvwULbBRDG/fEUNGATZ/29ledW5bBfnsRzXw+lx
NgUZb+jYqDH1E4kvUccIC3i0WpTwdTSlNC48XZsWyq4+oyRMMHPjcdbp0ZNJREbk
0M1OXh6yb0p6VlKX/jWdkTr0E6MpM/EuEO2CQ4mmwQZqL15+IZLKDVnTI/dlFOOe
hEhxeRej7oQ9pc+/TU4QsFBAn11H/zSEZuTj/+Q0wZjroV7ElxJJMNFq12gHXt0m
Vl/LBdPybxoG2nbV7ifDxejMI/lLMfbE+Hymzlv7O2dhkqlrWQ1txmo=
-----END CERTIFICATE-----