Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/SAShV7Cx-3cRFcPWPoHPU7seh9k.roa
File:                     SAShV7Cx-3cRFcPWPoHPU7seh9k.roa (raw, json)
Hash identifier:          lzRGc/kfVkESt27Rk5Rm2MTThTLX4bNiPJvrX6OzG4s=
Subject key identifier:   48:04:A1:57:B0:B1:FB:77:11:15:C3:D6:3E:81:CF:53:BB:1E:87:D9
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       0194228DCB54C71EF8B265DB8A87ADC6D25D
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/SAShV7Cx-3cRFcPWPoHPU7seh9k.roa
Signing time:             Wed 01 Jan 2025 15:48:25 +0000
ROA not before:           Wed 01 Jan 2025 15:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1271
IP address blocks:        192.166.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:cb:54:c7:1e:f8:b2:65:db:8a:87:ad:c6:d2:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  1 15:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4804a157b0b1fb771115c3d63e81cf53bb1e87d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8f:3e:ef:3a:e3:a5:27:45:b7:2b:ad:bc:29:
                    42:5c:61:61:7a:7f:25:bf:7c:61:89:62:4b:c7:46:
                    b2:6b:cc:d3:5f:99:74:7d:a3:99:ca:2e:75:75:1d:
                    49:82:9b:05:4b:f1:fb:4f:71:c5:55:14:6e:97:44:
                    ab:03:a7:34:a3:0b:81:79:e3:8a:c7:f7:b9:83:a4:
                    38:20:ae:17:90:63:c8:1d:98:8f:72:08:15:b2:ed:
                    1a:4f:a7:81:f1:a1:74:f4:d3:a9:ea:b6:a2:07:6f:
                    50:11:02:02:c4:cd:28:29:11:1a:27:dc:8a:b1:ec:
                    2d:ed:9c:55:07:f6:6b:51:53:18:29:9f:bf:65:14:
                    e9:ad:2f:57:ec:f6:59:c9:fb:36:46:ae:e3:7a:85:
                    9d:46:0f:57:be:09:a8:2e:6a:36:34:2c:8f:53:ec:
                    5f:51:13:10:cf:e6:e0:5c:08:1d:f7:2a:51:bf:f8:
                    80:30:e9:08:0e:25:71:45:8c:6f:eb:ce:b6:5c:74:
                    80:64:61:00:84:b9:2d:71:90:18:f9:ba:a6:89:80:
                    e4:06:c6:fa:f1:77:04:4b:af:0a:ad:db:ad:d7:85:
                    27:d3:33:1f:b6:4c:ef:09:d1:e1:40:af:b1:41:c9:
                    87:3e:b5:ef:8d:a5:88:6a:fa:38:50:6b:fb:cf:20:
                    f7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:04:A1:57:B0:B1:FB:77:11:15:C3:D6:3E:81:CF:53:BB:1E:87:D9
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/SAShV7Cx-3cRFcPWPoHPU7seh9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:c0:f4:ce:a2:fa:05:25:7f:53:5d:74:b8:c7:09:fd:13:08:
         25:b5:7e:9e:3e:ff:f4:bf:29:f1:59:f2:ce:63:d0:cf:21:25:
         17:92:3b:b9:16:f3:5c:9f:9a:c1:9a:56:09:de:b9:59:2e:ef:
         df:b3:0f:b6:34:43:ce:b4:1e:c8:91:14:42:14:8d:ec:e0:68:
         c9:82:5c:2b:c8:4f:50:37:f0:38:83:30:83:f2:35:4f:29:e9:
         30:67:a6:03:12:63:67:51:31:6b:90:50:22:9d:72:4c:db:d7:
         07:a2:a3:f2:e0:73:7b:5e:b3:1e:fe:76:b0:fd:55:cf:b9:b5:
         66:cc:d8:c2:4f:b6:87:6b:22:cf:77:40:66:64:97:34:fa:d9:
         33:82:42:23:d8:e0:40:f1:58:dc:10:5b:ee:76:3b:02:88:f5:
         6f:8b:da:64:62:e8:cd:7f:81:60:76:c2:da:75:6f:4f:35:79:
         8e:bd:04:7e:8c:bd:28:4e:61:ff:6b:2b:78:8e:cf:dc:bf:cb:
         18:d5:06:71:dc:f9:52:a9:b4:b7:b4:45:e9:8a:49:1c:36:c3:
         40:d1:f3:0f:a8:e8:e0:52:f1:1e:16:be:f4:da:25:02:9f:c2:
         b1:18:00:81:ea:3d:ad:4b:7c:9e:b8:1c:4e:e7:a6:d9:69:80:
         5b:fc:3c:56
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijctUxx74smXbioetxtJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjUwMTAxMTU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODA0YTE1N2IwYjFmYjc3MTExNWMzZDYzZTgxY2Y1M2JiMWU4N2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw48+7zrjpSdFtyutvClCXGFhen8l
v3xhiWJLx0aya8zTX5l0faOZyi51dR1JgpsFS/H7T3HFVRRul0SrA6c0owuBeeOK
x/e5g6Q4IK4XkGPIHZiPcggVsu0aT6eB8aF09NOp6raiB29QEQICxM0oKREaJ9yK
sewt7ZxVB/ZrUVMYKZ+/ZRTprS9X7PZZyfs2Rq7jeoWdRg9XvgmoLmo2NCyPU+xf
URMQz+bgXAgd9ypRv/iAMOkIDiVxRYxv6862XHSAZGEAhLktcZAY+bqmiYDkBsb6
8XcES68Krdut14Un0zMftkzvCdHhQK+xQcmHPrXvjaWIavo4UGv7zyD3mwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEgEoVewsft3ERXD1j6Bz1O7HofZMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL1NBU2hWN0N4LTNjUkZjUFdQb0hQVTdzZWg5ay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADApjAw
DQYJKoZIhvcNAQELBQADggEBAH3A9M6i+gUlf1NddLjHCf0TCCW1fp4+//S/KfFZ
8s5j0M8hJReSO7kW81yfmsGaVgneuVku79+zD7Y0Q860HsiRFEIUjezgaMmCXCvI
T1A38DiDMIPyNU8p6TBnpgMSY2dRMWuQUCKdckzb1weio/Lgc3tesx7+drD9Vc+5
tWbM2MJPtodrIs93QGZklzT62TOCQiPY4EDxWNwQW+52OwKI9W+L2mRi6M1/gWB2
wtp1b081eY69BH6MvShOYf9rK3iOz9y/yxjVBnHc+VKptLe0RemKSRw2w0DR8w+o
6OBS8R4WvvTaJQKfwrEYAIHqPa1LfJ64HE7nptlpgFv8PFY=
-----END CERTIFICATE-----