Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/2a1ce9-fb4c-41ee-9ff6-316ef261f4a5/1/StSC9N03azFTttR3EoIav2MRsZc.roa
File:                     StSC9N03azFTttR3EoIav2MRsZc.roa (raw, json)
Hash identifier:          Cu2Gg7GKVcYUuysW1qolVhXM9Kgp01W96yjaPNDKJxk=
Subject key identifier:   4A:D4:82:F4:DD:37:6B:31:53:B6:D4:77:12:82:1A:BF:63:11:B1:97
Certificate issuer:       /CN=213e1d50d52288bee80eea435577018712409bbe
Certificate serial:       0194274774AA2BE0B4143938E4B1E806D0EC
Authority key identifier: 21:3E:1D:50:D5:22:88:BE:E8:0E:EA:43:55:77:01:87:12:40:9B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IT4dUNUiiL7oDupDVXcBhxJAm74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/2a1ce9-fb4c-41ee-9ff6-316ef261f4a5/1/StSC9N03azFTttR3EoIav2MRsZc.roa
Signing time:             Thu 02 Jan 2025 13:49:41 +0000
ROA not before:           Thu 02 Jan 2025 13:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        193.22.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/2a1ce9-fb4c-41ee-9ff6-316ef261f4a5/1/IT4dUNUiiL7oDupDVXcBhxJAm74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/2a1ce9-fb4c-41ee-9ff6-316ef261f4a5/1/IT4dUNUiiL7oDupDVXcBhxJAm74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IT4dUNUiiL7oDupDVXcBhxJAm74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:74:aa:2b:e0:b4:14:39:38:e4:b1:e8:06:d0:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=213e1d50d52288bee80eea435577018712409bbe
        Validity
            Not Before: Jan  2 13:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ad482f4dd376b3153b6d47712821abf6311b197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fa:9d:52:a5:00:e7:2e:6a:d4:97:5b:f6:d4:
                    bf:b6:76:8d:33:46:cc:ed:8a:81:7e:d2:9d:ab:5a:
                    71:8e:4e:f7:e3:23:9c:03:fe:1a:aa:a3:3a:d0:b9:
                    23:b3:14:24:f1:0d:05:50:47:d6:43:da:da:f4:fe:
                    0c:dd:86:ae:bf:dd:fb:4b:5b:0a:f3:39:8d:a3:4f:
                    12:93:ed:6b:08:9f:3a:c4:04:ce:29:e4:cc:c6:64:
                    84:49:6e:c1:d7:57:e2:a1:5d:b9:59:19:c9:37:60:
                    0f:0e:c9:05:d6:3b:8b:bc:15:be:66:ef:37:1b:ac:
                    73:78:bd:82:34:d0:5a:8f:72:8e:00:78:ce:a2:26:
                    0a:57:36:1c:b0:8c:60:9f:8f:5c:45:c9:1a:e4:04:
                    88:3b:4f:8c:1f:62:bf:a1:e8:8b:86:04:6c:b3:f5:
                    66:70:1e:f4:7a:8e:8a:84:f8:4d:08:37:ba:c4:0e:
                    68:74:b6:27:a9:a1:16:35:7c:39:9d:ce:57:cb:a3:
                    46:8d:e3:69:64:a8:74:bf:48:da:2c:9a:20:e3:c5:
                    7f:6b:20:50:7d:43:66:a1:f5:8a:cc:e2:6d:ec:7f:
                    ef:c6:de:00:6a:68:93:a3:11:ed:d5:9f:00:84:17:
                    c0:52:4b:a2:ba:83:2a:6b:85:32:f9:8b:d7:e9:fe:
                    e6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:D4:82:F4:DD:37:6B:31:53:B6:D4:77:12:82:1A:BF:63:11:B1:97
            X509v3 Authority Key Identifier:
                keyid:21:3E:1D:50:D5:22:88:BE:E8:0E:EA:43:55:77:01:87:12:40:9B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IT4dUNUiiL7oDupDVXcBhxJAm74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2a1ce9-fb4c-41ee-9ff6-316ef261f4a5/1/StSC9N03azFTttR3EoIav2MRsZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/2a1ce9-fb4c-41ee-9ff6-316ef261f4a5/1/IT4dUNUiiL7oDupDVXcBhxJAm74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:b4:4c:72:78:be:87:8a:29:b3:16:a6:49:62:46:d7:11:1f:
         25:d9:08:ab:73:30:b9:aa:78:b0:a2:da:7d:c9:eb:2b:83:af:
         ee:09:fb:20:18:14:6b:d8:26:22:5a:81:03:fb:2c:78:49:ea:
         b9:3f:ab:24:c0:cc:cb:49:f1:61:12:3c:23:83:81:a3:3f:54:
         c0:16:5d:ed:52:f3:d1:c0:58:0e:69:4e:f9:07:2a:a9:1d:18:
         3f:b8:88:24:ed:57:ea:15:de:61:77:5f:d5:b9:07:c9:d4:b6:
         40:e3:52:20:f8:15:2d:c2:8f:8a:11:07:bb:2d:e5:b8:b9:bb:
         5e:e8:00:dc:88:fd:65:42:ce:09:84:7c:b4:49:b7:b1:da:f6:
         9d:d2:71:36:c0:7a:33:98:f0:68:8a:38:21:04:75:a6:4d:45:
         07:b0:29:e8:a4:19:6c:08:56:44:63:e0:50:4f:67:3c:b9:cd:
         74:03:e4:ad:4b:a6:22:48:44:75:11:5e:f4:9d:5c:15:80:a0:
         0d:4b:13:7f:5f:a8:ba:a3:f9:f4:69:99:c4:e9:90:2c:b3:e5:
         d7:29:ea:da:a2:47:d7:7f:a3:8d:e5:46:50:64:63:dc:03:27:
         43:68:2d:e7:58:f6:d6:66:bf:27:34:1a:5d:49:41:29:23:bc:
         85:99:6c:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR3SqK+C0FDk45LHoBtDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxM2UxZDUwZDUyMjg4YmVlODBlZWE0MzU1NzcwMTg3MTI0
MDliYmUwHhcNMjUwMTAyMTM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWQ0ODJmNGRkMzc2YjMxNTNiNmQ0NzcxMjgyMWFiZjYzMTFiMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofqdUqUA5y5q1Jdb9tS/tnaNM0bM
7YqBftKdq1pxjk734yOcA/4aqqM60LkjsxQk8Q0FUEfWQ9ra9P4M3Yauv937S1sK
8zmNo08Sk+1rCJ86xATOKeTMxmSESW7B11fioV25WRnJN2APDskF1juLvBW+Zu83
G6xzeL2CNNBaj3KOAHjOoiYKVzYcsIxgn49cRcka5ASIO0+MH2K/oeiLhgRss/Vm
cB70eo6KhPhNCDe6xA5odLYnqaEWNXw5nc5Xy6NGjeNpZKh0v0jaLJog48V/ayBQ
fUNmofWKzOJt7H/vxt4AamiToxHt1Z8AhBfAUkuiuoMqa4Uy+YvX6f7m9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErUgvTdN2sxU7bUdxKCGr9jEbGXMB8GA1UdIwQY
MBaAFCE+HVDVIoi+6A7qQ1V3AYcSQJu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVQ0ZFVOVWlpTDdvRHVwRFZYY0JoeEpBbTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8yYTFjZTktZmI0Yy00MWVlLTlmZjYt
MzE2ZWYyNjFmNGE1LzEvU3RTQzlOMDNhekZUdHRSM0VvSWF2Mk1Sc1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8yYTFjZTktZmI0Yy00MWVlLTlmZjYtMzE2ZWYyNjFmNGE1
LzEvSVQ0ZFVOVWlpTDdvRHVwRFZYY0JoeEpBbTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRYMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqtExyeL6HiimzFqZJYkbXER8l2QirczC5qniwotp9
yesrg6/uCfsgGBRr2CYiWoED+yx4Seq5P6skwMzLSfFhEjwjg4GjP1TAFl3tUvPR
wFgOaU75ByqpHRg/uIgk7VfqFd5hd1/VuQfJ1LZA41Ig+BUtwo+KEQe7LeW4ubte
6ADciP1lQs4JhHy0Sbex2vad0nE2wHozmPBoijghBHWmTUUHsCnopBlsCFZEY+BQ
T2c8uc10A+StS6YiSER1EV70nVwVgKANSxN/X6i6o/n0aZnE6ZAss+XXKeraokfX
f6ON5UZQZGPcAydDaC3nWPbWZr8nNBpdSUEpI7yFmWwn
-----END CERTIFICATE-----