Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/SUGGbjb1_Jk1qcT2JM8WcjQsO3o.roa
File:                     SUGGbjb1_Jk1qcT2JM8WcjQsO3o.roa (raw, json)
Hash identifier:          oGVNqEXP6azb1lMS8LZZ+mpr73t/MEzsv974PdYYkYc=
Subject key identifier:   49:41:86:6E:36:F5:FC:99:35:A9:C4:F6:24:CF:16:72:34:2C:3B:7A
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       019423D7DA57D709EB0C9A9CFD665A7DCEBE
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/SUGGbjb1_Jk1qcT2JM8WcjQsO3o.roa
Signing time:             Wed 01 Jan 2025 21:48:56 +0000
ROA not before:           Wed 01 Jan 2025 21:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35280
IP address blocks:        128.139.0.0/17 maxlen: 17
                          128.139.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:da:57:d7:09:eb:0c:9a:9c:fd:66:5a:7d:ce:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jan  1 21:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4941866e36f5fc9935a9c4f624cf1672342c3b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:38:c3:14:45:79:1a:51:a9:75:2a:ac:4b:d1:
                    7a:7f:93:67:a8:63:ce:9a:66:43:da:6a:6e:a8:23:
                    9f:60:8b:12:8d:27:8a:12:3c:a8:b9:49:20:8d:19:
                    fe:b8:45:51:c8:7e:b2:27:0b:87:3c:1e:84:f8:1d:
                    33:2e:0d:ea:10:2e:e0:6b:da:99:c1:81:82:af:1c:
                    b7:c4:5b:3b:32:1b:8f:98:34:96:ea:5c:d8:09:ba:
                    dc:b3:95:14:2c:4b:4a:e4:1b:6f:12:ac:66:2f:72:
                    d5:6b:91:6a:84:37:87:53:d0:11:c3:5e:b1:43:8c:
                    7f:20:55:1f:51:e6:34:eb:a8:34:ae:a6:92:4e:2d:
                    ea:98:36:2d:c8:de:89:c9:df:f3:cf:b2:91:b3:c0:
                    e2:84:d2:ef:ba:d4:10:f9:13:1e:7d:8a:d2:47:71:
                    26:c0:f4:92:87:d8:98:5b:d1:cc:69:cd:86:7e:fa:
                    3e:f7:63:c0:4c:d7:36:a6:5a:47:3e:d2:0f:53:58:
                    a8:34:48:69:e9:91:20:fa:87:ca:48:b6:24:45:c1:
                    19:cf:59:61:9b:1d:39:6c:66:fb:c7:cb:ee:14:e9:
                    f4:a5:02:a0:a8:ec:de:53:65:c2:3b:36:66:39:db:
                    9e:e2:c5:82:c9:3c:b6:ce:56:85:89:86:48:7c:8e:
                    c7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:41:86:6E:36:F5:FC:99:35:A9:C4:F6:24:CF:16:72:34:2C:3B:7A
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/SUGGbjb1_Jk1qcT2JM8WcjQsO3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4c:39:e1:4d:22:69:70:a3:b6:e3:ce:ea:96:9a:00:6c:e1:c1:
         d3:cf:09:2a:99:46:d3:bf:4f:9e:85:fa:84:ac:ce:c3:03:c6:
         3b:a5:d2:56:0b:c6:9c:86:80:79:96:77:d9:e7:f1:16:77:82:
         a0:7d:55:88:78:6e:60:da:6d:8b:b8:4a:85:ce:f7:c6:e0:26:
         7d:c8:8d:6e:df:0e:23:92:62:f2:62:5b:12:7c:72:22:5c:98:
         fb:14:99:3a:4b:64:d9:f9:d0:8e:05:89:d0:7e:10:4e:db:a0:
         7d:d0:03:7c:7f:4b:31:75:58:a4:8e:bf:d1:56:97:77:55:2b:
         2f:7c:ee:16:08:76:cf:8c:08:d8:49:44:86:0f:72:30:a2:05:
         ed:d6:60:bf:4d:72:e2:c2:a9:05:f8:2f:7c:5b:00:13:98:85:
         4d:5f:64:95:47:1e:50:31:1d:dc:96:55:c2:29:77:1b:73:3a:
         cb:91:75:79:f3:9b:85:3e:ab:21:38:9f:f3:06:8a:57:b7:4d:
         c7:cd:5e:1d:54:34:a3:27:bc:5a:4d:a8:5d:73:9c:42:f0:43:
         b5:6b:ce:60:c1:f2:1c:f0:7b:14:12:f4:bb:4f:35:7f:1f:b8:
         a0:14:76:6e:ee:d8:22:a9:91:44:a9:c8:0e:07:4b:75:fb:dd:
         2b:47:28:78
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQj19pX1wnrDJqc/WZafc6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjUwMTAxMjE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTQxODY2ZTM2ZjVmYzk5MzVhOWM0ZjYyNGNmMTY3MjM0MmMzYjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjjDFEV5GlGpdSqsS9F6f5NnqGPO
mmZD2mpuqCOfYIsSjSeKEjyouUkgjRn+uEVRyH6yJwuHPB6E+B0zLg3qEC7ga9qZ
wYGCrxy3xFs7MhuPmDSW6lzYCbrcs5UULEtK5BtvEqxmL3LVa5FqhDeHU9ARw16x
Q4x/IFUfUeY066g0rqaSTi3qmDYtyN6Jyd/zz7KRs8DihNLvutQQ+RMefYrSR3Em
wPSSh9iYW9HMac2Gfvo+92PATNc2plpHPtIPU1ioNEhp6ZEg+ofKSLYkRcEZz1lh
mx05bGb7x8vuFOn0pQKgqOzeU2XCOzZmOdue4sWCyTy2zlaFiYZIfI7HuQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFElBhm429fyZNanE9iTPFnI0LDt6MB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvU1VHR2JqYjFfSmsxcWNUMkpNOFdjalFzTzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgIswDQYJ
KoZIhvcNAQELBQADggEBAEw54U0iaXCjtuPO6paaAGzhwdPPCSqZRtO/T56F+oSs
zsMDxjul0lYLxpyGgHmWd9nn8RZ3gqB9VYh4bmDabYu4SoXO98bgJn3IjW7fDiOS
YvJiWxJ8ciJcmPsUmTpLZNn50I4FidB+EE7boH3QA3x/SzF1WKSOv9FWl3dVKy98
7hYIds+MCNhJRIYPcjCiBe3WYL9NcuLCqQX4L3xbABOYhU1fZJVHHlAxHdyWVcIp
dxtzOsuRdXnzm4U+qyE4n/MGile3TcfNXh1UNKMnvFpNqF1znELwQ7VrzmDB8hzw
exQS9LtPNX8fuKAUdm7u2CKpkUSpyA4HS3X73StHKHg=
-----END CERTIFICATE-----