Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/sKWAbqAA__OjcTRSqYb5uv2iH2g.roa
File:                     sKWAbqAA__OjcTRSqYb5uv2iH2g.roa (raw, json)
Hash identifier:          Qi3g/XMjZpErCZOt692v0V5M83CBTDycMOtYB7JuINo=
Subject key identifier:   B0:A5:80:6E:A0:00:FF:F3:A3:71:34:52:A9:86:F9:BA:FD:A2:1F:68
Certificate issuer:       /CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
Certificate serial:       019423692E0C6848A7269B54BED2BBD7F3DF
Authority key identifier: B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/sKWAbqAA__OjcTRSqYb5uv2iH2g.roa
Signing time:             Wed 01 Jan 2025 19:48:03 +0000
ROA not before:           Wed 01 Jan 2025 19:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44567
IP address blocks:        91.240.214.0/23 maxlen: 23
                          93.92.152.0/21 maxlen: 21
                          2a01:9c00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:2e:0c:68:48:a7:26:9b:54:be:d2:bb:d7:f3:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
        Validity
            Not Before: Jan  1 19:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0a5806ea000fff3a3713452a986f9bafda21f68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3f:84:52:34:c3:9d:38:b4:c1:39:12:d3:48:
                    f6:f7:43:cf:f5:37:3b:bd:23:e1:df:8b:55:ad:0f:
                    aa:33:c5:38:45:a0:50:c6:76:fb:77:f1:87:c4:94:
                    d3:9b:1f:3d:18:37:0c:3b:de:ba:71:b7:5c:b2:52:
                    9e:0a:da:fe:14:da:56:4a:b0:e5:cb:ee:78:4c:a0:
                    59:97:9b:23:b4:2f:26:ff:d8:11:d9:cb:e3:94:5e:
                    29:3d:bc:dd:69:60:a9:6b:5e:9d:02:a4:33:e0:a1:
                    fe:e7:e1:ea:03:67:8a:5f:bc:c2:0c:41:8e:9f:15:
                    4b:bd:9d:12:07:53:7f:83:fe:6e:cb:7c:43:58:8c:
                    16:92:b7:80:9b:07:35:ef:e7:a4:95:28:33:0e:05:
                    10:45:18:c3:13:17:df:6f:9b:75:69:19:f9:66:7a:
                    d4:d5:46:9a:ce:8e:e1:54:c0:a2:8b:0b:7b:95:67:
                    0b:f7:20:f2:cb:48:f8:ed:72:ee:e8:75:2d:3f:c4:
                    26:9e:1c:9b:79:6e:d9:89:91:24:0b:03:63:1f:d2:
                    76:10:9b:df:8f:ec:6e:e3:3c:cf:93:39:69:c8:77:
                    7e:bf:41:eb:7d:17:37:14:30:d9:2c:81:5f:ca:cc:
                    da:08:ef:36:a7:e5:97:76:d1:b7:17:61:87:9f:23:
                    da:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A5:80:6E:A0:00:FF:F3:A3:71:34:52:A9:86:F9:BA:FD:A2:1F:68
            X509v3 Authority Key Identifier:
                keyid:B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/sKWAbqAA__OjcTRSqYb5uv2iH2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.214.0/23
                  93.92.152.0/21
                IPv6:
                  2a01:9c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:81:9f:0b:a9:f1:70:ff:6c:2f:da:3d:f8:b4:16:7d:5c:22:
         7e:c9:3f:88:25:14:73:35:39:87:ac:7d:55:59:21:33:77:01:
         62:bc:5a:2e:bf:a5:88:c1:82:e3:fb:31:21:92:64:e0:be:de:
         02:d6:f7:ee:fc:49:5b:db:8a:ad:58:13:c0:27:d0:02:a9:a0:
         af:c5:b1:af:47:ac:00:f7:8d:4d:7a:f9:c0:a7:99:a0:8c:ac:
         ab:23:6b:56:5b:de:5d:49:46:47:93:78:a3:91:4c:90:c2:47:
         ea:de:9f:ad:4c:42:26:7f:f2:f8:c0:84:b7:24:ce:21:ed:99:
         bb:81:1b:0e:03:af:91:72:94:a6:33:bf:eb:18:2c:08:b5:58:
         20:5a:65:54:9b:36:65:43:d3:0d:04:b2:ed:96:f1:0c:df:1d:
         ec:bc:6a:ab:57:a1:49:5e:ad:82:a8:a8:ab:95:14:b0:33:0b:
         79:be:d2:94:21:b6:cf:a3:a3:ae:86:d3:43:55:6a:e1:f2:dd:
         9b:1a:07:75:1e:ef:18:f3:76:79:1c:d3:99:e3:53:34:c1:e6:
         01:0e:ad:50:7c:26:4d:b4:74:fe:18:3f:b1:43:4f:91:d2:f8:
         84:7e:73:19:18:ff:e2:47:a6:49:d3:3c:ca:02:02:4e:7d:c5:
         3f:e5:46:57
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQjaS4MaEinJptUvtK71/PfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDY2Mjk3YzVjZGJkMzZkODY4NDlkZGVhZTc5ODU5Nzlm
NDUwY2EwHhcNMjUwMTAxMTk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGE1ODA2ZWEwMDBmZmYzYTM3MTM0NTJhOTg2ZjliYWZkYTIxZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3j+EUjTDnTi0wTkS00j290PP9Tc7
vSPh34tVrQ+qM8U4RaBQxnb7d/GHxJTTmx89GDcMO966cbdcslKeCtr+FNpWSrDl
y+54TKBZl5sjtC8m/9gR2cvjlF4pPbzdaWCpa16dAqQz4KH+5+HqA2eKX7zCDEGO
nxVLvZ0SB1N/g/5uy3xDWIwWkreAmwc17+eklSgzDgUQRRjDExffb5t1aRn5ZnrU
1Uaazo7hVMCiiwt7lWcL9yDyy0j47XLu6HUtP8QmnhybeW7ZiZEkCwNjH9J2EJvf
j+xu4zzPkzlpyHd+v0HrfRc3FDDZLIFfyszaCO82p+WXdtG3F2GHnyPawwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLClgG6gAP/zo3E0UqmG+br9oh9oMB8GA1UdIwQY
MBaAFLPWYpfFzb022GhJ3ernmFl59FDKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2Yt
ZWIxZjg3MTVlZWMwLzEvc0tXQWJxQUFfX09qY1RSU3FZYjV1djJpSDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2YtZWIxZjg3MTVlZWMw
LzEvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW/DWAwQD
XVyYMA0EAgACMAcDBQAqAZwAMA0GCSqGSIb3DQEBCwUAA4IBAQCjgZ8LqfFw/2wv
2j34tBZ9XCJ+yT+IJRRzNTmHrH1VWSEzdwFivFouv6WIwYLj+zEhkmTgvt4C1vfu
/Elb24qtWBPAJ9ACqaCvxbGvR6wA941NevnAp5mgjKyrI2tWW95dSUZHk3ijkUyQ
wkfq3p+tTEImf/L4wIS3JM4h7Zm7gRsOA6+RcpSmM7/rGCwItVggWmVUmzZlQ9MN
BLLtlvEM3x3svGqrV6FJXq2CqKirlRSwMwt5vtKUIbbPo6OuhtNDVWrh8t2bGgd1
Hu8Y83Z5HNOZ41M0weYBDq1QfCZNtHT+GD+xQ0+R0viEfnMZGP/iR6ZJ0zzKAgJO
fcU/5UZX
-----END CERTIFICATE-----