Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/sguRLoeWyytYSUNdSCQfoHPwkL0.roa
File:                     sguRLoeWyytYSUNdSCQfoHPwkL0.roa (raw, json)
Hash identifier:          ipjLZOjUQ4BQnvEOPVMsWMd4gWLlK5VE02q72xwD6zI=
Subject key identifier:   B2:0B:91:2E:87:96:CB:2B:58:49:43:5D:48:24:1F:A0:73:F0:90:BD
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       019423D6A7C57E4A835137882C4F9992BEF2
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/sguRLoeWyytYSUNdSCQfoHPwkL0.roa
Signing time:             Wed 01 Jan 2025 21:47:37 +0000
ROA not before:           Wed 01 Jan 2025 21:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        194.34.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a7:c5:7e:4a:83:51:37:88:2c:4f:99:92:be:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 21:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b20b912e8796cb2b5849435d48241fa073f090bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ac:d7:2f:c3:35:01:06:a0:ec:fe:6f:44:85:
                    49:55:7e:d9:5b:d1:e6:78:55:93:9d:d8:f4:ed:9a:
                    fa:87:c7:55:c7:12:3f:01:d0:ff:f6:c6:a2:16:8a:
                    a7:d5:66:e0:92:6e:c3:5d:3b:2e:4b:70:8a:7e:5b:
                    ce:33:3e:64:e9:0c:0c:50:b9:df:4a:d3:37:c2:04:
                    6d:e5:9e:58:54:00:88:66:b0:69:0b:a4:16:02:69:
                    6b:6e:a1:2f:46:23:33:c4:82:51:75:74:5e:3c:22:
                    a8:21:ab:7c:d5:63:45:5b:57:02:4e:bf:8c:9d:ab:
                    b5:1f:de:fd:45:f2:69:54:44:fd:7d:7b:74:1e:6d:
                    cc:89:fc:e8:91:73:fa:a3:15:85:80:7c:d3:35:10:
                    e7:1a:32:db:48:e3:9d:74:84:bb:6d:c6:2f:85:97:
                    c7:99:1e:dd:61:64:02:5f:a8:92:f5:46:5e:64:30:
                    07:00:ed:4f:75:bb:d0:93:7f:81:4d:a2:17:89:b1:
                    cd:06:72:58:50:7a:da:44:a3:99:10:27:54:d1:c8:
                    55:05:fa:6a:1a:81:a4:6c:0d:35:b0:3c:4a:7b:b8:
                    c3:51:d1:be:ed:fd:e5:f3:1d:c0:44:a0:6b:9f:7d:
                    38:e9:8f:50:f6:c2:b7:23:89:8b:d7:ec:8c:18:3c:
                    54:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0B:91:2E:87:96:CB:2B:58:49:43:5D:48:24:1F:A0:73:F0:90:BD
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/sguRLoeWyytYSUNdSCQfoHPwkL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:24:96:3d:ef:e4:eb:9b:be:80:01:35:84:bd:d7:77:d5:46:
         36:47:d0:83:68:3d:9b:39:bb:01:b5:2f:5e:9c:35:45:78:d8:
         4a:04:a1:cc:a2:4c:fb:4c:fa:ea:b2:62:ec:4b:15:5b:84:07:
         c0:aa:61:68:61:4a:42:bf:e0:b0:a8:63:64:1b:9b:a9:ae:9d:
         3e:12:d6:0c:4c:54:aa:21:54:ed:44:97:66:0c:69:a4:bb:94:
         0c:f7:27:44:5b:1a:aa:22:c5:d4:ff:b5:57:7c:8d:24:89:6f:
         b3:4c:1d:4f:50:05:b0:40:e8:b5:14:6b:5c:f2:6a:f1:0f:e8:
         72:f3:54:e3:b2:89:b5:d1:01:b9:cc:47:c4:24:24:27:30:28:
         b1:0c:65:90:d2:f0:c6:ef:d6:a9:f4:35:28:54:c7:14:b7:88:
         e5:2c:7a:1f:d5:7d:8b:53:21:1e:fc:40:a1:d7:e7:63:98:aa:
         e9:d4:ed:96:c4:4b:71:39:1e:97:23:7c:c0:2a:e5:67:3a:78:
         07:11:7d:66:ea:64:e2:01:d5:c2:83:8d:ab:79:53:e6:25:54:
         2f:fd:63:a8:83:38:e5:1c:e9:62:93:6e:8f:a5:60:9e:ff:ff:
         67:6c:68:a0:d1:ed:4b:c0:14:85:6b:e3:aa:aa:78:1e:56:af:
         8b:48:df:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1qfFfkqDUTeILE+Zkr7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwMTAxMjE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBiOTEyZTg3OTZjYjJiNTg0OTQzNWQ0ODI0MWZhMDczZjA5MGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkazXL8M1AQag7P5vRIVJVX7ZW9Hm
eFWTndj07Zr6h8dVxxI/AdD/9saiFoqn1Wbgkm7DXTsuS3CKflvOMz5k6QwMULnf
StM3wgRt5Z5YVACIZrBpC6QWAmlrbqEvRiMzxIJRdXRePCKoIat81WNFW1cCTr+M
nau1H979RfJpVET9fXt0Hm3MifzokXP6oxWFgHzTNRDnGjLbSOOddIS7bcYvhZfH
mR7dYWQCX6iS9UZeZDAHAO1PdbvQk3+BTaIXibHNBnJYUHraRKOZECdU0chVBfpq
GoGkbA01sDxKe7jDUdG+7f3l8x3ARKBrn3046Y9Q9sK3I4mL1+yMGDxU/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLILkS6HlssrWElDXUgkH6Bz8JC9MB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvc2d1UkxvZVd5eXRZU1VOZFNDUWZvSFB3a0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiJpMA0G
CSqGSIb3DQEBCwUAA4IBAQBjJJY97+Trm76AATWEvdd31UY2R9CDaD2bObsBtS9e
nDVFeNhKBKHMokz7TPrqsmLsSxVbhAfAqmFoYUpCv+CwqGNkG5uprp0+EtYMTFSq
IVTtRJdmDGmku5QM9ydEWxqqIsXU/7VXfI0kiW+zTB1PUAWwQOi1FGtc8mrxD+hy
81Tjsom10QG5zEfEJCQnMCixDGWQ0vDG79ap9DUoVMcUt4jlLHof1X2LUyEe/ECh
1+djmKrp1O2WxEtxOR6XI3zAKuVnOngHEX1m6mTiAdXCg42reVPmJVQv/WOogzjl
HOlik26PpWCe//9nbGig0e1LwBSFa+OqqngeVq+LSN+z
-----END CERTIFICATE-----