Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/SThJy4i0DCRyZHRvrmQHc6udp2U.roa
File:                     SThJy4i0DCRyZHRvrmQHc6udp2U.roa (raw, json)
Hash identifier:          vNQyTdE1eXgzuUU41KolAdhG9QMoX1oJ5tt8B+GX4n0=
Subject key identifier:   49:38:49:CB:88:B4:0C:24:72:64:74:6F:AE:64:07:73:AB:9D:A7:65
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01947F8CE256EDAAF8280EB90D3C7BE28636
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/SThJy4i0DCRyZHRvrmQHc6udp2U.roa
Signing time:             Sun 19 Jan 2025 17:12:06 +0000
ROA not before:           Sun 19 Jan 2025 17:12:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        2.57.242.0/24 maxlen: 24
                          89.39.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7f:8c:e2:56:ed:aa:f8:28:0e:b9:0d:3c:7b:e2:86:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 19 17:12:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=493849cb88b40c247264746fae640773ab9da765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:05:e3:9c:6e:04:e3:69:4e:91:b8:0a:74:53:
                    41:0b:a9:78:c0:62:57:f7:d8:70:24:50:b5:cb:4c:
                    eb:52:87:87:23:b2:6a:3f:b9:58:d0:d0:98:1d:3f:
                    5c:c9:a9:a9:96:f9:cf:aa:1e:9e:7c:51:40:3a:a6:
                    55:f9:8d:59:8c:d7:e7:55:0b:42:15:c9:7c:a6:44:
                    b8:63:4d:15:3c:1a:5a:9c:03:04:ab:1d:cb:7c:34:
                    df:c7:39:3f:67:ac:c8:1c:a1:72:19:5e:3d:12:81:
                    f9:0a:45:12:91:44:25:61:8b:f8:f7:44:81:66:e0:
                    af:be:3f:5d:be:90:1f:1e:60:1c:1f:3a:0b:83:c6:
                    1d:f5:80:de:5e:51:2d:ee:bb:89:20:9c:a4:da:4f:
                    dc:4b:05:df:d5:9a:a8:8e:25:af:d0:bf:58:23:8a:
                    c2:39:c0:97:c6:a0:16:76:8a:7a:9b:18:ed:1c:de:
                    74:dc:60:70:12:39:41:c5:66:dd:66:c3:e0:ba:85:
                    57:8b:03:3a:be:eb:b5:5b:70:87:c1:96:9b:e6:63:
                    d7:65:01:bf:9a:1d:58:72:08:f3:66:cc:62:89:98:
                    5f:3d:e9:99:ad:65:2f:43:34:51:24:e2:6e:e6:19:
                    08:1c:a8:02:3c:d8:4d:04:82:b9:83:af:31:09:3f:
                    a5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:38:49:CB:88:B4:0C:24:72:64:74:6F:AE:64:07:73:AB:9D:A7:65
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/SThJy4i0DCRyZHRvrmQHc6udp2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.242.0/24
                  89.39.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:44:19:2c:a9:28:a6:20:c0:a7:51:dd:4e:32:3f:63:3f:30:
         83:47:c7:03:a3:63:90:1c:f6:8c:06:8d:41:2b:97:9f:a5:53:
         6a:b9:ae:f5:95:5f:e3:be:2f:61:96:bd:9e:e6:f1:ce:e6:53:
         7a:59:a4:29:96:cc:65:32:39:3e:1a:cd:f1:0f:90:39:f5:b3:
         ca:1b:4c:58:56:f4:45:db:73:04:c5:0c:82:0e:db:95:fe:54:
         3e:91:2d:cf:58:90:04:0b:ea:52:5c:09:7d:31:df:86:c2:d3:
         04:45:49:e6:1f:b6:9f:f7:97:db:85:2c:02:14:fc:c7:3c:24:
         ce:8f:9e:cd:f8:3b:08:c6:9d:0a:bd:d1:ac:2f:c4:dc:03:e5:
         68:64:1d:6a:75:07:ef:d7:4b:25:e5:98:43:57:d5:56:fa:ca:
         fe:7c:5c:e4:a9:98:16:9a:07:e3:f9:03:9b:99:ab:92:78:6d:
         bf:17:25:f8:e3:39:3f:bb:2f:13:48:9c:24:f2:c1:5d:69:92:
         11:50:56:13:78:d3:38:fc:77:21:8f:30:74:6d:07:8d:0b:e6:
         27:1f:0b:f9:20:16:e5:7d:88:bc:1a:e8:c0:be:b2:aa:12:07:
         c6:03:a9:f5:f7:e8:56:0a:bd:72:18:d5:5f:9d:40:a1:ec:f4:
         8d:e4:4d:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZR/jOJW7ar4KA65DTx74oY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTE5MTcxMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM4NDljYjg4YjQwYzI0NzI2NDc0NmZhZTY0MDc3M2FiOWRhNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgXjnG4E42lOkbgKdFNBC6l4wGJX
99hwJFC1y0zrUoeHI7JqP7lY0NCYHT9cyamplvnPqh6efFFAOqZV+Y1ZjNfnVQtC
Fcl8pkS4Y00VPBpanAMEqx3LfDTfxzk/Z6zIHKFyGV49EoH5CkUSkUQlYYv490SB
ZuCvvj9dvpAfHmAcHzoLg8Yd9YDeXlEt7ruJIJyk2k/cSwXf1ZqojiWv0L9YI4rC
OcCXxqAWdop6mxjtHN503GBwEjlBxWbdZsPguoVXiwM6vuu1W3CHwZab5mPXZQG/
mh1YcgjzZsxiiZhfPemZrWUvQzRRJOJu5hkIHKgCPNhNBIK5g68xCT+lHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEk4ScuItAwkcmR0b65kB3OrnadlMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvU1RoSnk0aTBEQ1J5WkhSdnJtUUhjNnVkcDJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjnyAwQA
WSd4MA0GCSqGSIb3DQEBCwUAA4IBAQASRBksqSimIMCnUd1OMj9jPzCDR8cDo2OQ
HPaMBo1BK5efpVNqua71lV/jvi9hlr2e5vHO5lN6WaQplsxlMjk+Gs3xD5A59bPK
G0xYVvRF23MExQyCDtuV/lQ+kS3PWJAEC+pSXAl9Md+GwtMERUnmH7af95fbhSwC
FPzHPCTOj57N+DsIxp0KvdGsL8TcA+VoZB1qdQfv10sl5ZhDV9VW+sr+fFzkqZgW
mgfj+QObmauSeG2/FyX44zk/uy8TSJwk8sFdaZIRUFYTeNM4/HchjzB0bQeNC+Yn
Hwv5IBblfYi8GujAvrKqEgfGA6n19+hWCr1yGNVfnUCh7PSN5E1g
-----END CERTIFICATE-----