Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/sVCQlL9zy4ci5k4im_qh1UgQSao.roa
File:                     sVCQlL9zy4ci5k4im_qh1UgQSao.roa (raw, json)
Hash identifier:          tXiv/i4AXQDYnVQqrjLO82vwz0zcYS5lORUFrc1ytqg=
Subject key identifier:   B1:50:90:94:BF:73:CB:87:22:E6:4E:22:9B:FA:A1:D5:48:10:49:AA
Certificate issuer:       /CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
Certificate serial:       0194221F87A2C8EC532E78266472A32436D1
Authority key identifier: A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/sVCQlL9zy4ci5k4im_qh1UgQSao.roa
Signing time:             Wed 01 Jan 2025 13:47:59 +0000
ROA not before:           Wed 01 Jan 2025 13:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198369
IP address blocks:        81.19.132.0/24 maxlen: 32
                          81.19.134.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:87:a2:c8:ec:53:2e:78:26:64:72:a3:24:36:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ce9640a3ef2fea19374ad8f99f423d7aa7c76b
        Validity
            Not Before: Jan  1 13:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1509094bf73cb8722e64e229bfaa1d5481049aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c6:d9:40:95:b3:2a:17:cb:5f:56:1f:6d:7e:
                    9c:27:6b:39:b2:aa:5a:94:19:91:3e:b9:d4:94:27:
                    d1:d2:5f:86:fd:18:36:2d:37:77:12:5b:9b:d3:93:
                    36:02:81:e8:9d:ae:ea:8a:00:14:87:b0:b0:4b:64:
                    a6:d5:da:5d:87:29:85:52:8e:a8:59:b9:6b:35:1c:
                    d5:7b:2b:70:be:c2:fd:c3:6d:b7:5a:0d:e6:d6:7b:
                    9e:55:cd:c1:7c:10:01:67:f0:eb:49:e0:d6:bf:3e:
                    f1:67:1c:a4:62:ac:ee:2f:b6:3e:6a:30:6b:57:b6:
                    91:79:74:fe:eb:15:d7:e1:bc:c3:46:5a:62:b5:da:
                    b3:de:a2:28:c6:07:0a:8a:18:00:84:b0:de:73:67:
                    7f:3e:f3:d3:31:35:1a:df:cd:2a:cb:61:ed:2d:0f:
                    1a:05:97:81:f0:10:69:13:f6:3b:48:13:7e:a8:5b:
                    6e:62:f0:0c:a7:c6:db:bc:e3:c7:d6:fb:32:5c:f2:
                    5a:f0:be:66:7f:6a:e1:1f:ab:1a:e8:70:2a:41:23:
                    81:81:24:ea:bc:87:06:b2:7f:64:74:0b:27:27:a7:
                    fd:2b:7f:1a:68:98:39:19:55:0b:e4:87:b5:ba:c0:
                    6c:50:32:29:a0:22:0a:7d:5a:d4:04:89:b8:a4:1c:
                    69:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:50:90:94:BF:73:CB:87:22:E6:4E:22:9B:FA:A1:D5:48:10:49:AA
            X509v3 Authority Key Identifier:
                keyid:A4:CE:96:40:A3:EF:2F:EA:19:37:4A:D8:F9:9F:42:3D:7A:A7:C7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/sVCQlL9zy4ci5k4im_qh1UgQSao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f8a5d1-260a-46a4-a8e4-283fe54a6f2f/1/pM6WQKPvL-oZN0rY-Z9CPXqnx2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.19.132.0/24
                  81.19.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:41:c3:8c:97:9c:5f:43:5c:7b:0c:41:44:1f:4c:97:c7:be:
         61:6d:78:29:db:15:6d:a6:84:e0:0f:06:88:33:39:bc:de:24:
         9e:49:22:96:63:e4:1e:09:e3:93:fd:89:7e:0e:94:0f:1c:d7:
         88:49:ef:33:3d:50:7f:b7:47:2f:2b:77:5f:04:99:0d:5f:ba:
         03:13:06:6c:e4:55:eb:ed:24:63:2e:d6:dc:ee:1d:63:5d:3a:
         8d:22:52:f5:dd:25:95:e9:a3:86:a2:05:f7:5e:1d:82:34:21:
         f3:5d:46:81:c1:2d:66:4a:65:1b:47:1b:b4:22:fe:56:9a:2a:
         23:b0:70:2d:d8:a4:d5:d3:65:d5:15:9f:7b:45:54:cd:a9:9a:
         b7:ea:de:ad:95:e4:97:9b:55:c5:f0:67:70:86:68:78:de:27:
         0a:a7:f7:3f:82:2d:b6:5e:c1:34:29:b4:ba:d4:f0:80:65:a2:
         04:03:bd:aa:14:b5:20:37:b0:a2:a3:f0:c5:ec:3d:29:06:bf:
         08:21:42:f2:a5:67:f9:ce:35:93:cf:ac:bf:1d:d2:05:92:2c:
         5b:1c:34:42:7b:29:fd:47:73:5e:52:97:8f:ec:c1:57:ff:8d:
         28:6f:e4:05:48:0d:24:82:82:4f:5f:a4:bb:9b:38:63:ab:34:
         e8:8a:2e:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH4eiyOxTLngmZHKjJDbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2U5NjQwYTNlZjJmZWExOTM3NGFkOGY5OWY0MjNkN2Fh
N2M3NmIwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTUwOTA5NGJmNzNjYjg3MjJlNjRlMjI5YmZhYTFkNTQ4MTA0OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMbZQJWzKhfLX1YfbX6cJ2s5sqpa
lBmRPrnUlCfR0l+G/Rg2LTd3Elub05M2AoHona7qigAUh7CwS2Sm1dpdhymFUo6o
WblrNRzVeytwvsL9w223Wg3m1nueVc3BfBABZ/DrSeDWvz7xZxykYqzuL7Y+ajBr
V7aReXT+6xXX4bzDRlpitdqz3qIoxgcKihgAhLDec2d/PvPTMTUa380qy2HtLQ8a
BZeB8BBpE/Y7SBN+qFtuYvAMp8bbvOPH1vsyXPJa8L5mf2rhH6sa6HAqQSOBgSTq
vIcGsn9kdAsnJ6f9K38aaJg5GVUL5Ie1usBsUDIpoCIKfVrUBIm4pBxpIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLFQkJS/c8uHIuZOIpv6odVIEEmqMB8GA1UdIwQY
MBaAFKTOlkCj7y/qGTdK2PmfQj16p8drMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQt
MjgzZmU1NGE2ZjJmLzEvc1ZDUWxMOXp5NGNpNWs0aW1fcWgxVWdRU2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mOGE1ZDEtMjYwYS00NmE0LWE4ZTQtMjgzZmU1NGE2ZjJm
LzEvcE02V1FLUHZMLW9aTjByWS1aOUNQWHFueDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUROEAwQA
UROGMA0GCSqGSIb3DQEBCwUAA4IBAQBxQcOMl5xfQ1x7DEFEH0yXx75hbXgp2xVt
poTgDwaIMzm83iSeSSKWY+QeCeOT/Yl+DpQPHNeISe8zPVB/t0cvK3dfBJkNX7oD
EwZs5FXr7SRjLtbc7h1jXTqNIlL13SWV6aOGogX3Xh2CNCHzXUaBwS1mSmUbRxu0
Iv5WmiojsHAt2KTV02XVFZ97RVTNqZq36t6tleSXm1XF8Gdwhmh43icKp/c/gi22
XsE0KbS61PCAZaIEA72qFLUgN7Cio/DF7D0pBr8IIULypWf5zjWTz6y/HdIFkixb
HDRCeyn9R3NeUpeP7MFX/40ob+QFSA0kgoJPX6S7mzhjqzToii7n
-----END CERTIFICATE-----