Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/SAR-i__y05eafLBhPtZ8CUPZ1Rw.roa
File:                     SAR-i__y05eafLBhPtZ8CUPZ1Rw.roa (raw, json)
Hash identifier:          kUf2JW7WdN59FA+69R/YfspDcccIvGrB5LCXH/oR5Bc=
Subject key identifier:   48:04:7E:8B:FF:F2:D3:97:9A:7C:B0:61:3E:D6:7C:09:43:D9:D5:1C
Certificate issuer:       /CN=6821c8ff0437f7edd829166fde03446f86109d80
Certificate serial:       01930C20E0E4591A8F27BCDAC9FF33CF1641
Authority key identifier: 68:21:C8:FF:04:37:F7:ED:D8:29:16:6F:DE:03:44:6F:86:10:9D:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/SAR-i__y05eafLBhPtZ8CUPZ1Rw.roa
Signing time:             Fri 08 Nov 2024 14:15:01 +0000
ROA not before:           Fri 08 Nov 2024 14:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49168
IP address blocks:        91.221.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0c:20:e0:e4:59:1a:8f:27:bc:da:c9:ff:33:cf:16:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6821c8ff0437f7edd829166fde03446f86109d80
        Validity
            Not Before: Nov  8 14:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48047e8bfff2d3979a7cb0613ed67c0943d9d51c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e0:f7:99:4d:8d:bd:06:4c:45:cb:49:a5:b6:
                    14:1e:7b:4b:dd:e0:ec:2d:f1:7e:31:be:e8:e6:07:
                    8e:3e:61:82:23:26:34:03:9c:14:b7:f6:f2:34:fc:
                    13:d0:ec:f2:c1:bd:e0:08:1a:99:bf:23:2f:02:7e:
                    5d:84:f5:47:33:8e:30:6c:42:ab:0c:01:5a:6c:19:
                    7f:dd:c5:27:26:fe:6c:0c:37:17:5b:6b:1e:07:e9:
                    f2:07:8f:51:62:7c:eb:21:ee:fb:33:bf:3e:34:a5:
                    e3:e5:77:14:a3:1e:d3:5f:1e:ce:4d:9b:56:94:45:
                    0f:33:56:16:78:20:d4:c3:a4:2b:bd:cf:62:e8:f6:
                    c9:a6:84:3d:79:e3:d8:bc:3e:0a:f0:61:c0:03:61:
                    8e:d9:2c:c8:6a:a3:f4:fa:d8:17:44:99:74:ee:fa:
                    95:1e:12:af:dc:66:45:d4:2e:91:be:7e:2e:03:7a:
                    1e:ae:e1:e0:ce:69:d9:c8:7c:c0:58:15:6f:21:44:
                    bc:20:5a:60:36:c0:2b:fa:bf:c8:46:06:7c:af:b2:
                    68:22:36:c1:43:fe:74:f0:a0:8b:3e:53:a3:f8:bf:
                    f4:b1:73:f1:32:a4:6a:88:ab:c5:a4:be:13:fc:86:
                    21:4a:90:e2:93:8a:33:dc:86:f4:7a:14:bb:fc:86:
                    c6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:04:7E:8B:FF:F2:D3:97:9A:7C:B0:61:3E:D6:7C:09:43:D9:D5:1C
            X509v3 Authority Key Identifier:
                keyid:68:21:C8:FF:04:37:F7:ED:D8:29:16:6F:DE:03:44:6F:86:10:9D:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aCHI_wQ39-3YKRZv3gNEb4YQnYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/SAR-i__y05eafLBhPtZ8CUPZ1Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/13b144-be16-4922-a983-25ae9293f6b4/1/aCHI_wQ39-3YKRZv3gNEb4YQnYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d0:28:86:51:ee:a7:f6:a0:c7:e9:b9:29:70:3a:9d:96:f1:65:
         c9:26:15:ca:3f:fa:d3:53:cf:de:12:e6:13:70:50:37:04:82:
         f9:33:6f:7b:b6:7f:46:47:81:12:5d:3b:c3:c7:ea:0a:16:c8:
         3b:f1:8c:ab:d5:6b:64:cf:70:09:73:eb:3e:ea:6f:98:7f:54:
         14:f3:93:b4:c4:75:a1:2d:67:67:fb:7a:72:a9:e2:7a:54:ab:
         77:50:57:58:2e:03:58:3e:db:0b:d1:4b:1e:99:2b:c4:a7:82:
         d1:33:1a:ab:78:31:c8:34:5a:20:85:ec:a5:ca:5d:c0:0d:1b:
         28:b7:c6:30:16:48:e8:1f:ae:f2:74:48:3d:9a:ff:e4:ff:2e:
         1a:b3:42:39:7b:a1:30:ca:2b:9f:4c:63:4e:29:e4:83:81:c6:
         55:ac:6d:65:78:3c:89:b7:ec:16:c4:9a:8f:6f:c5:ea:60:2b:
         c8:3a:c4:cd:26:8a:19:15:53:10:fd:93:30:d3:4e:b3:34:d9:
         79:c2:97:33:42:d1:31:e1:48:bc:37:7f:46:db:ce:40:e4:35:
         d9:1e:b9:7a:c7:c5:eb:a1:3d:94:e5:59:50:0c:71:10:1d:6d:
         60:76:19:32:0d:2c:b9:6c:68:66:0b:4a:0c:59:1e:aa:1c:01:
         e6:27:d2:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMMIODkWRqPJ7zayf8zzxZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MjFjOGZmMDQzN2Y3ZWRkODI5MTY2ZmRlMDM0NDZmODYx
MDlkODAwHhcNMjQxMTA4MTQxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODA0N2U4YmZmZjJkMzk3OWE3Y2IwNjEzZWQ2N2MwOTQzZDlkNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeD3mU2NvQZMRctJpbYUHntL3eDs
LfF+Mb7o5geOPmGCIyY0A5wUt/byNPwT0Ozywb3gCBqZvyMvAn5dhPVHM44wbEKr
DAFabBl/3cUnJv5sDDcXW2seB+nyB49RYnzrIe77M78+NKXj5XcUox7TXx7OTZtW
lEUPM1YWeCDUw6Qrvc9i6PbJpoQ9eePYvD4K8GHAA2GO2SzIaqP0+tgXRJl07vqV
HhKv3GZF1C6Rvn4uA3oeruHgzmnZyHzAWBVvIUS8IFpgNsAr+r/IRgZ8r7JoIjbB
Q/508KCLPlOj+L/0sXPxMqRqiKvFpL4T/IYhSpDik4oz3Ib0ehS7/IbGQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgEfov/8tOXmnywYT7WfAlD2dUcMB8GA1UdIwQY
MBaAFGghyP8EN/ft2CkWb94DRG+GEJ2AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUNISV93UTM5LTNZS1JadjNnTkViNFlRbllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xM2IxNDQtYmUxNi00OTIyLWE5ODMt
MjVhZTkyOTNmNmI0LzEvU0FSLWlfX3kwNWVhZkxCaFB0WjhDVVBaMVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xM2IxNDQtYmUxNi00OTIyLWE5ODMtMjVhZTkyOTNmNmI0
LzEvYUNISV93UTM5LTNZS1JadjNnTkViNFlRbllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW91KMA0G
CSqGSIb3DQEBCwUAA4IBAQDQKIZR7qf2oMfpuSlwOp2W8WXJJhXKP/rTU8/eEuYT
cFA3BIL5M297tn9GR4ESXTvDx+oKFsg78Yyr1Wtkz3AJc+s+6m+Yf1QU85O0xHWh
LWdn+3pyqeJ6VKt3UFdYLgNYPtsL0UsemSvEp4LRMxqreDHINFogheylyl3ADRso
t8YwFkjoH67ydEg9mv/k/y4as0I5e6EwyiufTGNOKeSDgcZVrG1leDyJt+wWxJqP
b8XqYCvIOsTNJooZFVMQ/ZMw006zNNl5wpczQtEx4Ui8N39G285A5DXZHrl6x8Xr
oT2U5VlQDHEQHW1gdhkyDSy5bGhmC0oMWR6qHAHmJ9Jr
-----END CERTIFICATE-----