Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/sxEbMVXxezgFHIuSSYFInfXpizE.roa
File:                     sxEbMVXxezgFHIuSSYFInfXpizE.roa (raw, json)
Hash identifier:          ZwybRY1zu9AemOu7O2YllM3HQ5PSxj94bjs9pLEXpyQ=
Subject key identifier:   B3:11:1B:31:55:F1:7B:38:05:1C:8B:92:49:81:48:9D:F5:E9:8B:31
Certificate issuer:       /CN=40a249eadeb2a928fe0c2e75c918248b5a1a28b9
Certificate serial:       01941FFA0889DE8A37CEFD82605237356EE7
Authority key identifier: 40:A2:49:EA:DE:B2:A9:28:FE:0C:2E:75:C9:18:24:8B:5A:1A:28:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/sxEbMVXxezgFHIuSSYFInfXpizE.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48137
IP address blocks:        84.11.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:08:89:de:8a:37:ce:fd:82:60:52:37:35:6e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40a249eadeb2a928fe0c2e75c918248b5a1a28b9
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3111b3155f17b38051c8b924981489df5e98b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ce:83:7d:6f:a5:8c:ec:90:18:ed:04:3f:a0:
                    49:99:3c:08:65:8a:22:06:f1:60:2c:2d:f7:71:d1:
                    a9:83:31:60:ef:ca:a5:4f:eb:be:53:bc:bd:03:dd:
                    a2:ac:cb:a3:0d:2d:36:13:cc:e4:0f:e7:4c:e4:b6:
                    de:66:c0:18:b8:c2:c4:d8:7a:2d:2c:88:3c:52:ba:
                    f2:8b:89:a3:40:62:28:75:85:d7:14:36:25:5d:87:
                    7d:43:be:b6:a5:00:a1:8c:cc:ac:a4:f3:d1:e0:72:
                    e7:fc:e4:09:01:4d:7f:e2:9e:8c:00:c8:c5:f2:9d:
                    0f:72:db:ea:12:b1:d2:09:83:87:20:4a:b3:4f:43:
                    1b:94:e2:1a:85:90:dc:d0:3c:3a:44:53:89:8b:f1:
                    6f:7b:a4:c3:eb:7d:b4:52:e3:56:73:ae:58:ad:92:
                    aa:1c:48:86:d7:b9:d3:11:0f:6e:ac:3b:fd:2f:b7:
                    54:a9:61:ca:6e:8b:66:a4:3d:d1:ec:fc:33:55:a1:
                    37:e2:f7:d8:b8:44:4e:36:5a:05:d0:1a:71:20:6a:
                    bb:e7:d4:35:8b:4e:11:de:14:e3:4b:a0:29:d2:c7:
                    e9:9b:9c:fb:3c:15:88:45:ac:89:4e:66:3c:33:48:
                    d4:8b:de:bd:01:28:90:16:d9:3e:1e:af:5d:39:f3:
                    09:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:11:1B:31:55:F1:7B:38:05:1C:8B:92:49:81:48:9D:F5:E9:8B:31
            X509v3 Authority Key Identifier:
                keyid:40:A2:49:EA:DE:B2:A9:28:FE:0C:2E:75:C9:18:24:8B:5A:1A:28:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QKJJ6t6yqSj-DC51yRgki1oaKLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/sxEbMVXxezgFHIuSSYFInfXpizE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/ae5488-119d-40aa-ae40-8330e7e32e19/1/QKJJ6t6yqSj-DC51yRgki1oaKLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.11.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:b4:dc:7d:a1:46:ae:c4:ea:9c:c2:c8:0a:d0:7d:3d:5a:84:
         59:f0:6d:c5:f8:51:9b:cc:df:d7:79:96:fc:fe:61:a8:08:27:
         6e:fa:4e:50:52:26:8e:9e:12:9c:2a:e0:a9:db:cc:2b:44:da:
         a4:68:f3:21:a0:a5:aa:1d:b4:56:38:b5:60:f2:b4:44:2b:33:
         c5:ad:3a:78:a1:d7:29:b5:cf:13:f7:fb:ae:04:ad:4e:08:2e:
         e6:78:b4:a7:db:d5:7c:e4:de:24:bc:80:38:96:f4:15:94:e3:
         b7:5a:5c:16:84:ec:0a:c8:2e:f1:63:6a:f6:7e:b0:30:3f:0f:
         5a:d8:c1:27:2f:ba:12:b8:14:b4:ab:66:e8:e1:0b:a2:1f:24:
         f7:fd:d7:21:82:5d:a2:82:35:8a:37:5c:23:0a:b0:1e:e9:74:
         13:4e:5a:69:67:bc:9c:d0:cb:78:39:39:b0:a1:a0:9d:15:da:
         91:c5:c8:80:0b:ee:05:98:e5:3e:3f:f2:34:fe:62:8d:0d:9f:
         0d:77:91:30:90:5d:6f:95:d1:03:14:51:3f:f7:9a:f1:da:2d:
         c5:cd:94:17:55:8a:07:99:eb:5a:bd:48:1e:5c:62:f4:53:13:
         8f:70:8d:c5:97:10:c0:c4:59:e5:8b:d6:da:cb:83:e3:be:43:
         f4:09:2b:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+giJ3oo3zv2CYFI3NW7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYTI0OWVhZGViMmE5MjhmZTBjMmU3NWM5MTgyNDhiNWEx
YTI4YjkwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzExMWIzMTU1ZjE3YjM4MDUxYzhiOTI0OTgxNDg5ZGY1ZTk4YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc6DfW+ljOyQGO0EP6BJmTwIZYoi
BvFgLC33cdGpgzFg78qlT+u+U7y9A92irMujDS02E8zkD+dM5LbeZsAYuMLE2Hot
LIg8Urryi4mjQGIodYXXFDYlXYd9Q762pQChjMyspPPR4HLn/OQJAU1/4p6MAMjF
8p0PctvqErHSCYOHIEqzT0MblOIahZDc0Dw6RFOJi/Fve6TD6320UuNWc65YrZKq
HEiG17nTEQ9urDv9L7dUqWHKbotmpD3R7PwzVaE34vfYuERONloF0BpxIGq759Q1
i04R3hTjS6Ap0sfpm5z7PBWIRayJTmY8M0jUi969ASiQFtk+Hq9dOfMJ/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMRGzFV8Xs4BRyLkkmBSJ316YsxMB8GA1UdIwQY
MBaAFECiSeresqko/gwudckYJItaGii5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUtKSjZ0NnlxU2otREM1MXlSZ2tpMW9hS0xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hZTU0ODgtMTE5ZC00MGFhLWFlNDAt
ODMzMGU3ZTMyZTE5LzEvc3hFYk1WWHhlemdGSEl1U1NZRkluZlhwaXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hZTU0ODgtMTE5ZC00MGFhLWFlNDAtODMzMGU3ZTMyZTE5
LzEvUUtKSjZ0NnlxU2otREM1MXlSZ2tpMW9hS0xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVAv4MA0G
CSqGSIb3DQEBCwUAA4IBAQB6tNx9oUauxOqcwsgK0H09WoRZ8G3F+FGbzN/XeZb8
/mGoCCdu+k5QUiaOnhKcKuCp28wrRNqkaPMhoKWqHbRWOLVg8rREKzPFrTp4odcp
tc8T9/uuBK1OCC7meLSn29V85N4kvIA4lvQVlOO3WlwWhOwKyC7xY2r2frAwPw9a
2MEnL7oSuBS0q2bo4QuiHyT3/dchgl2igjWKN1wjCrAe6XQTTlppZ7yc0Mt4OTmw
oaCdFdqRxciAC+4FmOU+P/I0/mKNDZ8Nd5EwkF1vldEDFFE/95rx2i3FzZQXVYoH
metavUgeXGL0UxOPcI3FlxDAxFnli9bay4PjvkP0CSvO
-----END CERTIFICATE-----