Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/SoXV8K-5RRRRG3MNkK9ADRjUw68.roa
File:                     SoXV8K-5RRRRG3MNkK9ADRjUw68.roa (raw, json)
Hash identifier:          piFPFAv4NTkQWPfJcDD5swhwQm6lgH8QwyqXPK5Cnuo=
Subject key identifier:   4A:85:D5:F0:AF:B9:45:14:51:1B:73:0D:90:AF:40:0D:18:D4:C3:AF
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       019420D5EEB76E547A8EBD0310D3E76C3081
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/SoXV8K-5RRRRG3MNkK9ADRjUw68.roa
Signing time:             Wed 01 Jan 2025 07:47:58 +0000
ROA not before:           Wed 01 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14230
IP address blocks:        188.172.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ee:b7:6e:54:7a:8e:bd:03:10:d3:e7:6c:30:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a85d5f0afb94514511b730d90af400d18d4c3af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3c:56:6d:ce:8e:98:03:9c:f8:70:b2:81:f1:
                    29:67:a4:89:f8:a0:c8:68:0f:df:c4:40:db:36:70:
                    e9:13:5e:45:b9:26:af:1d:f8:d2:dd:e2:51:46:be:
                    fa:12:8d:cc:46:d3:b3:43:cb:2c:4f:c3:77:27:62:
                    bd:8b:5d:be:84:29:8f:09:1c:20:a3:1b:2f:d0:bd:
                    3c:10:96:23:70:89:b7:f6:c1:19:b1:dc:f0:a7:a3:
                    05:b7:9b:f8:5b:46:9b:b8:5f:6a:8d:98:43:9e:b6:
                    55:78:f1:55:4a:2b:c4:69:f3:f1:32:9b:d9:c0:c4:
                    29:27:cb:4b:2d:c6:7b:63:f9:70:80:0a:c7:f2:76:
                    2d:6f:e0:62:c4:5b:bd:c3:72:63:6f:2b:a9:76:51:
                    71:f0:3a:1f:70:2d:93:65:b5:9f:f9:e8:5b:40:45:
                    31:13:f1:8c:3c:24:ea:8c:9d:32:16:df:2d:77:9a:
                    dd:75:e4:b0:2d:94:51:72:de:a1:b9:c4:e3:66:07:
                    3c:b0:b5:fb:a7:8e:3e:91:52:cd:e0:ce:ab:7f:19:
                    89:21:d4:2b:5e:96:7f:21:d3:a5:18:11:96:65:33:
                    46:5c:3a:6a:50:bc:8a:83:8b:db:c6:31:8a:50:81:
                    c8:31:7b:4a:03:6a:80:dd:de:7d:96:05:4b:03:55:
                    98:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:85:D5:F0:AF:B9:45:14:51:1B:73:0D:90:AF:40:0D:18:D4:C3:AF
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/SoXV8K-5RRRRG3MNkK9ADRjUw68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.172.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:62:ff:ab:e0:3b:af:5c:06:2e:2b:43:9c:17:8b:ff:0c:4a:
         c5:f4:f0:41:76:f8:da:0d:8f:6f:9b:63:59:55:1d:67:60:e4:
         de:02:18:c7:58:18:29:50:fd:8e:d9:e0:16:13:75:47:e6:a2:
         a3:92:45:41:8f:39:42:de:5b:eb:32:ee:f8:86:32:ce:f8:83:
         24:3b:6c:09:08:2f:e3:7b:4e:4a:4e:a1:7e:99:e3:31:a2:81:
         6e:2b:23:70:af:ae:94:59:1d:6d:1b:95:3b:90:63:45:87:e6:
         a1:44:32:dc:b2:db:19:ce:47:54:c3:c2:cf:07:47:71:8a:b7:
         b6:f4:22:06:b5:bc:20:f7:55:9f:1e:83:b7:f4:c1:17:0d:05:
         de:b0:24:e6:05:be:e8:8e:45:2a:20:79:8f:c2:ec:67:d7:c5:
         4f:73:47:14:23:0b:7c:fb:88:a6:33:af:60:81:3d:2e:d4:fd:
         a9:32:f6:61:4f:b3:aa:6b:34:b9:ec:6d:87:b6:8e:95:f6:fd:
         df:c3:c6:01:8d:65:0f:08:f2:cb:18:48:9d:fd:1e:ae:77:60:
         94:6a:8b:41:76:2c:10:2a:80:a5:da:32:f5:3e:e6:65:86:a3:
         12:df:2f:0d:d7:b8:b8:f1:26:e9:43:57:d6:87:c9:33:4c:77:
         89:20:64:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1e63blR6jr0DENPnbDCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjUwMTAxMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTg1ZDVmMGFmYjk0NTE0NTExYjczMGQ5MGFmNDAwZDE4ZDRjM2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDxWbc6OmAOc+HCygfEpZ6SJ+KDI
aA/fxEDbNnDpE15FuSavHfjS3eJRRr76Eo3MRtOzQ8ssT8N3J2K9i12+hCmPCRwg
oxsv0L08EJYjcIm39sEZsdzwp6MFt5v4W0abuF9qjZhDnrZVePFVSivEafPxMpvZ
wMQpJ8tLLcZ7Y/lwgArH8nYtb+BixFu9w3JjbyupdlFx8DofcC2TZbWf+ehbQEUx
E/GMPCTqjJ0yFt8td5rddeSwLZRRct6hucTjZgc8sLX7p44+kVLN4M6rfxmJIdQr
XpZ/IdOlGBGWZTNGXDpqULyKg4vbxjGKUIHIMXtKA2qA3d59lgVLA1WYDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqF1fCvuUUUURtzDZCvQA0Y1MOvMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvU29YVjhLLTVSUlJSRzNNTmtLOUFEUmpVdzY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvKzqMA0G
CSqGSIb3DQEBCwUAA4IBAQBGYv+r4DuvXAYuK0OcF4v/DErF9PBBdvjaDY9vm2NZ
VR1nYOTeAhjHWBgpUP2O2eAWE3VH5qKjkkVBjzlC3lvrMu74hjLO+IMkO2wJCC/j
e05KTqF+meMxooFuKyNwr66UWR1tG5U7kGNFh+ahRDLcstsZzkdUw8LPB0dxire2
9CIGtbwg91WfHoO39MEXDQXesCTmBb7ojkUqIHmPwuxn18VPc0cUIwt8+4imM69g
gT0u1P2pMvZhT7OqazS57G2Hto6V9v3fw8YBjWUPCPLLGEid/R6ud2CUaotBdiwQ
KoCl2jL1PuZlhqMS3y8N17i48SbpQ1fWh8kzTHeJIGQJ
-----END CERTIFICATE-----