Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Sa7HX1lopPTMgW0n1CGLVi7ujes.roa
File:                     Sa7HX1lopPTMgW0n1CGLVi7ujes.roa (raw, json)
Hash identifier:          f+DszG6+lmuM6xQETkYrjGx5AP9xTada5EJsvOv1cxU=
Subject key identifier:   49:AE:C7:5F:59:68:A4:F4:CC:81:6D:27:D4:21:8B:56:2E:EE:8D:EB
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       018E2EF30FD4008F2F9C72F96108AC5F92D1
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Sa7HX1lopPTMgW0n1CGLVi7ujes.roa
Signing time:             Mon 11 Mar 2024 19:17:45 +0000
ROA not before:           Mon 11 Mar 2024 19:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.191.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2e:f3:0f:d4:00:8f:2f:9c:72:f9:61:08:ac:5f:92:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Mar 11 19:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49aec75f5968a4f4cc816d27d4218b562eee8deb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:32:1b:56:e1:ae:82:58:7d:0e:58:b1:69:ec:
                    2a:2a:e0:d3:74:92:2d:c3:e9:47:d8:61:47:92:35:
                    41:78:d4:06:de:33:29:19:82:a2:05:79:b1:3a:39:
                    6c:17:7c:d9:87:31:6c:be:a0:ec:22:ef:99:2c:67:
                    51:fa:f2:90:b2:45:de:8c:69:e8:e3:b4:21:75:62:
                    1a:2f:3f:8c:68:51:d1:9c:54:25:c7:bc:df:d5:27:
                    17:8d:26:cb:a7:85:65:25:5c:e8:39:82:95:91:1d:
                    65:b0:d0:e8:7a:bb:6d:34:88:40:5a:45:82:75:8a:
                    a3:07:cb:56:23:45:6d:9a:e8:b4:c5:89:b5:5f:d5:
                    d2:40:5c:08:5c:d3:94:f1:db:2a:bc:ea:5d:39:10:
                    63:31:a2:60:e2:48:de:57:3b:33:8f:94:09:98:b6:
                    41:51:cb:05:ea:23:55:ec:d8:d4:17:24:59:a5:92:
                    12:a0:c4:ba:c0:a3:8e:c9:e7:8f:2d:61:81:db:ef:
                    56:5a:e2:f7:0b:87:a8:d7:60:ef:00:d3:5c:22:8b:
                    ae:93:9a:3a:03:2b:39:71:ac:e0:74:83:e5:23:5f:
                    1c:e3:ef:1c:d3:f3:c9:21:f3:69:13:07:20:f2:3e:
                    56:62:7b:1c:da:31:c4:30:55:fc:5a:80:a8:f9:28:
                    e3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:AE:C7:5F:59:68:A4:F4:CC:81:6D:27:D4:21:8B:56:2E:EE:8D:EB
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Sa7HX1lopPTMgW0n1CGLVi7ujes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:f7:e1:22:5c:fa:6a:8c:ee:5b:a1:61:f5:bf:03:d6:76:17:
         ef:9d:34:8a:e4:5f:e4:90:c7:78:4e:76:41:df:06:d7:29:10:
         10:f3:5e:11:11:f7:6f:da:2b:d9:fe:13:e7:7a:8d:71:b5:f0:
         99:ed:74:cc:14:b8:a5:35:cf:48:a2:26:79:0f:b4:84:d0:80:
         47:77:db:03:44:00:05:68:4d:aa:3b:78:2b:7e:38:0b:ba:d1:
         cd:8e:4e:1f:ed:f9:ae:a8:ac:be:d8:9f:5d:2b:73:7f:79:41:
         4f:1a:84:f0:4c:d3:36:14:25:8d:e3:e6:21:5a:7a:31:67:39:
         05:0a:c0:21:24:70:c9:d1:14:23:bd:71:19:28:dd:7c:55:ac:
         1b:e2:50:60:1f:bb:0f:d9:ba:18:1a:79:da:cc:86:1c:3a:c6:
         9b:ef:3c:16:a1:dc:60:2a:21:2c:88:0f:35:d3:2b:5a:e2:6f:
         a5:95:be:dd:5a:79:08:2c:0c:95:e6:ba:ef:57:c4:47:b8:3c:
         31:c7:6f:b4:78:5c:01:60:ba:8f:a7:9e:e0:38:2a:47:80:c1:
         9f:31:8b:dc:b3:c3:cf:8c:8d:ba:7e:24:67:03:79:89:12:79:
         68:40:93:72:d6:bc:6e:0f:33:41:79:f0:b6:56:0d:a0:12:f8:
         d2:33:87:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4u8w/UAI8vnHL5YQisX5LRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjQwMzExMTkxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWFlYzc1ZjU5NjhhNGY0Y2M4MTZkMjdkNDIxOGI1NjJlZWU4ZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDIbVuGuglh9DlixaewqKuDTdJIt
w+lH2GFHkjVBeNQG3jMpGYKiBXmxOjlsF3zZhzFsvqDsIu+ZLGdR+vKQskXejGno
47QhdWIaLz+MaFHRnFQlx7zf1ScXjSbLp4VlJVzoOYKVkR1lsNDoerttNIhAWkWC
dYqjB8tWI0Vtmui0xYm1X9XSQFwIXNOU8dsqvOpdORBjMaJg4kjeVzszj5QJmLZB
UcsF6iNV7NjUFyRZpZISoMS6wKOOyeePLWGB2+9WWuL3C4eo12DvANNcIouuk5o6
Ays5cazgdIPlI18c4+8c0/PJIfNpEwcg8j5WYnsc2jHEMFX8WoCo+SjjEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmux19ZaKT0zIFtJ9Qhi1Yu7o3rMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvU2E3SFgxbG9wUFRNZ1cwbjFDR0xWaTd1amVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub8UMA0G
CSqGSIb3DQEBCwUAA4IBAQAV9+EiXPpqjO5boWH1vwPWdhfvnTSK5F/kkMd4TnZB
3wbXKRAQ814REfdv2ivZ/hPneo1xtfCZ7XTMFLilNc9IoiZ5D7SE0IBHd9sDRAAF
aE2qO3grfjgLutHNjk4f7fmuqKy+2J9dK3N/eUFPGoTwTNM2FCWN4+YhWnoxZzkF
CsAhJHDJ0RQjvXEZKN18Vawb4lBgH7sP2boYGnnazIYcOsab7zwWodxgKiEsiA81
0yta4m+llb7dWnkILAyV5rrvV8RHuDwxx2+0eFwBYLqPp57gOCpHgMGfMYvcs8PP
jI26fiRnA3mJEnloQJNy1rxuDzNBefC2Vg2gEvjSM4fA
-----END CERTIFICATE-----