Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/SKTIyHXtcBSWgsqArOetabgC6Iw.roa
File:                     SKTIyHXtcBSWgsqArOetabgC6Iw.roa (raw, json)
Hash identifier:          wlTzqtL7XXgCSVJcIXH5FrXlb2kC7qEyd0/a19pmV6M=
Subject key identifier:   48:A4:C8:C8:75:ED:70:14:96:82:CA:80:AC:E7:AD:69:B8:02:E8:8C
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0194244553F2150A2488891EC80099BDAB09
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/SKTIyHXtcBSWgsqArOetabgC6Iw.roa
Signing time:             Wed 01 Jan 2025 23:48:30 +0000
ROA not before:           Wed 01 Jan 2025 23:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.221.26.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:53:f2:15:0a:24:88:89:1e:c8:00:99:bd:ab:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48a4c8c875ed70149682ca80ace7ad69b802e88c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:41:0f:35:a2:3c:81:37:af:d0:03:7d:ad:1f:
                    28:c2:5d:50:a8:2d:40:c0:df:6d:e4:3f:b2:ba:d2:
                    5f:a3:a7:50:0f:45:89:20:8b:e8:09:f7:57:03:47:
                    e4:f3:a9:82:ba:26:17:ed:2e:5d:d6:15:78:79:22:
                    0e:cb:8a:9c:02:63:23:72:00:6e:9d:a0:4d:a9:36:
                    0b:a1:6f:c4:be:e3:91:51:0c:23:41:36:44:54:ee:
                    c7:f4:70:0f:37:ee:bf:a4:32:fa:ff:6d:ae:13:38:
                    1b:d2:53:6b:50:1d:fd:ed:3f:94:86:91:2d:aa:b4:
                    c5:20:6d:28:fc:c5:36:ec:b1:bd:0e:b2:45:a8:2e:
                    9d:f0:9b:fc:5e:70:35:08:25:f3:d2:c2:88:4e:1e:
                    86:8d:af:25:43:b6:15:da:18:af:4a:71:1a:d1:07:
                    3b:3e:f5:48:4c:2a:cf:52:2f:72:c5:17:db:b5:5b:
                    8f:24:77:5d:27:b3:4c:ce:32:27:6b:25:42:e2:3c:
                    e4:b5:15:7d:de:af:90:83:26:3d:57:9b:ea:50:e0:
                    5e:20:ec:97:ca:48:d0:31:a1:c4:56:a8:95:f6:c7:
                    a4:b1:8c:6b:4e:df:00:f5:cd:55:aa:18:c2:2f:e8:
                    45:2b:dc:e8:5b:3a:5e:ce:83:90:83:d7:6a:9c:3d:
                    7f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A4:C8:C8:75:ED:70:14:96:82:CA:80:AC:E7:AD:69:B8:02:E8:8C
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/SKTIyHXtcBSWgsqArOetabgC6Iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.26.0/24
                  194.146.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:4c:6a:65:1f:12:64:fb:df:93:06:f8:54:a2:58:23:62:20:
         2d:0c:86:e1:fa:00:48:a0:75:c4:45:5d:25:22:c4:1b:00:dd:
         29:5f:a2:7e:a3:b0:4c:24:a0:3b:1d:2f:99:32:ec:83:30:ac:
         85:0c:37:cf:e7:ff:57:92:f3:d6:c8:7b:f9:e9:5d:c8:cb:36:
         f7:55:3e:31:f5:ce:f3:56:26:4e:f0:12:4c:e8:37:6e:47:02:
         5e:b8:2f:df:ff:b9:f8:61:5a:38:c3:8a:27:ce:4f:22:8f:df:
         98:2a:58:14:aa:01:c2:20:bb:f0:18:e2:1e:6f:d3:ad:23:d0:
         55:e1:0a:8d:2c:6f:e9:bb:29:a2:f5:07:52:3c:4f:84:92:cf:
         7c:0c:40:ac:23:99:a7:5a:2f:a3:e4:be:26:6e:96:df:2a:b6:
         46:06:13:04:a6:86:e4:03:f5:16:d7:6c:75:ca:62:28:ed:14:
         bd:17:46:bf:7b:4f:ed:fe:87:08:2f:d1:b7:10:d9:da:83:41:
         aa:e2:f7:76:6a:5d:63:1e:99:85:8d:b3:4b:d0:91:71:4e:df:
         7a:1e:7e:9c:fa:d9:30:99:a2:b4:74:49:1e:0c:35:66:65:12:
         0f:81:06:02:0f:35:d2:46:bd:30:f2:8f:37:d6:74:6f:a0:9e:
         26:2b:08:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRVPyFQokiIkeyACZvasJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE0YzhjODc1ZWQ3MDE0OTY4MmNhODBhY2U3YWQ2OWI4MDJlODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkEPNaI8gTev0AN9rR8owl1QqC1A
wN9t5D+yutJfo6dQD0WJIIvoCfdXA0fk86mCuiYX7S5d1hV4eSIOy4qcAmMjcgBu
naBNqTYLoW/EvuORUQwjQTZEVO7H9HAPN+6/pDL6/22uEzgb0lNrUB397T+UhpEt
qrTFIG0o/MU27LG9DrJFqC6d8Jv8XnA1CCXz0sKITh6Gja8lQ7YV2hivSnEa0Qc7
PvVITCrPUi9yxRfbtVuPJHddJ7NMzjInayVC4jzktRV93q+QgyY9V5vqUOBeIOyX
ykjQMaHEVqiV9seksYxrTt8A9c1VqhjCL+hFK9zoWzpezoOQg9dqnD1/OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEikyMh17XAUloLKgKznrWm4AuiMMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvU0tUSXlIWHRjQlNXZ3NxQXJPZXRhYmdDNkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAud0aAwQA
wpJcMA0GCSqGSIb3DQEBCwUAA4IBAQAVTGplHxJk+9+TBvhUolgjYiAtDIbh+gBI
oHXERV0lIsQbAN0pX6J+o7BMJKA7HS+ZMuyDMKyFDDfP5/9XkvPWyHv56V3Iyzb3
VT4x9c7zViZO8BJM6DduRwJeuC/f/7n4YVo4w4onzk8ij9+YKlgUqgHCILvwGOIe
b9OtI9BV4QqNLG/puymi9QdSPE+Eks98DECsI5mnWi+j5L4mbpbfKrZGBhMEpobk
A/UW12x1ymIo7RS9F0a/e0/t/ocIL9G3ENnag0Gq4vd2al1jHpmFjbNL0JFxTt96
Hn6c+tkwmaK0dEkeDDVmZRIPgQYCDzXSRr0w8o831nRvoJ4mKwhl
-----END CERTIFICATE-----