Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/sdK_SGNByLEnaTshl3f4J-mnwhI.roa
File:                     sdK_SGNByLEnaTshl3f4J-mnwhI.roa (raw, json)
Hash identifier:          EFBk6m2IGTzBREwP3M6fW+V6jcaaklYnotKHjh7jFfg=
Subject key identifier:   B1:D2:BF:48:63:41:C8:B1:27:69:3B:21:97:77:F8:27:E9:A7:C2:12
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019423D711E44378F4DE0F4DBC06FD0FA936
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/sdK_SGNByLEnaTshl3f4J-mnwhI.roa
Signing time:             Wed 01 Jan 2025 21:48:04 +0000
ROA not before:           Wed 01 Jan 2025 21:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213083
IP address blocks:        213.238.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:11:e4:43:78:f4:de:0f:4d:bc:06:fd:0f:a9:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 21:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1d2bf486341c8b127693b219777f827e9a7c212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:47:f7:67:96:a4:6c:ec:b8:37:3f:2e:0a:fd:
                    3d:08:8c:07:cb:3f:04:e0:30:67:b1:ad:ec:e8:d8:
                    65:72:a1:20:6a:15:42:01:0d:c5:3c:8a:42:aa:e7:
                    95:e0:bd:6c:5d:dc:84:b1:52:91:3a:47:9a:72:5a:
                    d7:6a:f3:a9:8b:6d:34:4c:d1:bd:5c:33:fa:76:d7:
                    1d:ff:05:b4:96:8e:6b:9f:90:fd:cb:b4:cb:75:ba:
                    d9:ba:86:29:0b:cc:e3:a9:bb:df:2b:fc:11:05:36:
                    39:ea:6f:1d:01:c8:d8:a4:58:63:24:c3:18:76:dd:
                    8b:56:0a:3a:94:70:23:94:54:31:4d:50:12:9f:ca:
                    76:8c:a8:bb:ac:cb:a8:30:1d:98:69:07:d8:95:cb:
                    fe:84:a8:74:9f:72:bd:ad:d9:05:6b:17:d5:08:1a:
                    78:e4:2b:36:9b:8e:e2:8f:2b:17:04:61:0f:16:d3:
                    cb:ed:0f:e4:b9:a7:06:25:f4:68:61:7d:47:cd:4d:
                    a3:e7:80:26:58:e3:88:f2:3e:e1:dd:de:31:d1:a6:
                    fe:c9:a3:78:15:7f:ff:8c:24:49:b8:33:b9:68:a9:
                    67:66:70:85:52:d9:e9:2c:6b:75:fd:ba:af:50:e6:
                    0d:e2:c4:b2:6e:c0:7c:61:ec:7a:66:f4:c4:12:97:
                    a8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D2:BF:48:63:41:C8:B1:27:69:3B:21:97:77:F8:27:E9:A7:C2:12
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/sdK_SGNByLEnaTshl3f4J-mnwhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f2:7a:53:80:a7:a9:9e:6c:18:b5:e1:d2:04:72:1d:e7:c5:
         b8:1e:21:00:6a:84:fc:b3:08:86:5f:83:00:59:29:24:4e:bb:
         14:13:a3:28:ab:b4:73:8e:5b:ca:cd:5d:92:ab:e8:65:56:11:
         a8:0b:be:14:11:b3:46:53:98:a4:67:ab:fb:e1:e9:4a:aa:2b:
         14:fa:ae:79:49:82:6f:11:7a:79:05:75:49:a5:85:cb:bc:11:
         31:e3:51:c9:39:82:f5:5a:ab:30:29:f6:0a:73:d5:d4:16:5d:
         f9:b0:88:9a:f9:a4:f5:79:90:c3:2b:c0:ce:df:0b:cf:85:97:
         3b:41:3a:3d:fc:27:44:24:ba:20:7c:e3:1f:65:00:e1:45:bb:
         98:1d:17:03:90:0c:2c:bf:c7:cc:df:c5:98:d4:ac:36:77:1a:
         02:21:2b:ea:bb:3e:c7:5c:a3:20:59:46:1f:b7:9a:16:ec:10:
         c3:b4:20:ba:58:d1:d7:38:33:14:a8:f0:ac:b9:5d:5e:7f:74:
         94:9e:50:6d:2d:dd:cb:da:62:9e:91:f5:15:8c:1d:a7:7d:fe:
         f4:96:a0:10:9b:a7:a1:dc:a7:cb:e0:23:ee:52:0f:27:e4:34:
         b3:60:8e:08:cd:58:d6:c4:36:6e:e4:e7:bb:56:8f:d5:9e:cd:
         91:91:9c:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xHkQ3j03g9NvAb9D6k2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQyYmY0ODYzNDFjOGIxMjc2OTNiMjE5Nzc3ZjgyN2U5YTdjMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20f3Z5akbOy4Nz8uCv09CIwHyz8E
4DBnsa3s6NhlcqEgahVCAQ3FPIpCqueV4L1sXdyEsVKROkeaclrXavOpi200TNG9
XDP6dtcd/wW0lo5rn5D9y7TLdbrZuoYpC8zjqbvfK/wRBTY56m8dAcjYpFhjJMMY
dt2LVgo6lHAjlFQxTVASn8p2jKi7rMuoMB2YaQfYlcv+hKh0n3K9rdkFaxfVCBp4
5Cs2m47ijysXBGEPFtPL7Q/kuacGJfRoYX1HzU2j54AmWOOI8j7h3d4x0ab+yaN4
FX//jCRJuDO5aKlnZnCFUtnpLGt1/bqvUOYN4sSybsB8Yex6ZvTEEpeolQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHSv0hjQcixJ2k7IZd3+Cfpp8ISMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvc2RLX1NHTkJ5TEVuYVRzaGwzZjRKLW1ud2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e65MA0G
CSqGSIb3DQEBCwUAA4IBAQCR8npTgKepnmwYteHSBHId58W4HiEAaoT8swiGX4MA
WSkkTrsUE6Moq7RzjlvKzV2Sq+hlVhGoC74UEbNGU5ikZ6v74elKqisU+q55SYJv
EXp5BXVJpYXLvBEx41HJOYL1WqswKfYKc9XUFl35sIia+aT1eZDDK8DO3wvPhZc7
QTo9/CdEJLogfOMfZQDhRbuYHRcDkAwsv8fM38WY1Kw2dxoCISvquz7HXKMgWUYf
t5oW7BDDtCC6WNHXODMUqPCsuV1ef3SUnlBtLd3L2mKekfUVjB2nff70lqAQm6eh
3KfL4CPuUg8n5DSzYI4IzVjWxDZu5Oe7Vo/Vns2RkZyY
-----END CERTIFICATE-----