Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/c9e02c-ad51-4314-90fc-4a7cc75e3e6f/1/sdPecCSO0KixXu_CzDAp6RAcnGQ.roa
File:                     sdPecCSO0KixXu_CzDAp6RAcnGQ.roa (raw, json)
Hash identifier:          lK/qLvjn0531iisqXiHNH5vrvX6cngnheVb4lVEkcTA=
Subject key identifier:   B1:D3:DE:70:24:8E:D0:A8:B1:5E:EF:C2:CC:30:29:E9:10:1C:9C:64
Certificate issuer:       /CN=d7f66a41bca687b2758cfc7bb1c5f4b3469ed870
Certificate serial:       0194228D498EE9829C2055E4A8933086F78A
Authority key identifier: D7:F6:6A:41:BC:A6:87:B2:75:8C:FC:7B:B1:C5:F4:B3:46:9E:D8:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1_ZqQbymh7J1jPx7scX0s0ae2HA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/c9e02c-ad51-4314-90fc-4a7cc75e3e6f/1/sdPecCSO0KixXu_CzDAp6RAcnGQ.roa
Signing time:             Wed 01 Jan 2025 15:47:52 +0000
ROA not before:           Wed 01 Jan 2025 15:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213013
IP address blocks:        149.3.169.0/24 maxlen: 24
                          2a10:a800::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/c9e02c-ad51-4314-90fc-4a7cc75e3e6f/1/1_ZqQbymh7J1jPx7scX0s0ae2HA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/c9e02c-ad51-4314-90fc-4a7cc75e3e6f/1/1_ZqQbymh7J1jPx7scX0s0ae2HA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1_ZqQbymh7J1jPx7scX0s0ae2HA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 15:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:49:8e:e9:82:9c:20:55:e4:a8:93:30:86:f7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7f66a41bca687b2758cfc7bb1c5f4b3469ed870
        Validity
            Not Before: Jan  1 15:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1d3de70248ed0a8b15eefc2cc3029e9101c9c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:17:85:2a:37:e8:1d:7f:a7:31:43:ae:99:20:
                    c0:a3:73:a6:b9:c2:83:16:18:0e:66:62:7e:ac:6a:
                    40:62:fe:12:69:7a:1b:0b:57:a7:46:b3:70:da:25:
                    f1:e2:a8:33:14:38:1b:25:6a:d6:df:26:df:c3:a8:
                    d3:ed:bc:05:4a:03:28:51:8d:1c:46:97:7d:c2:2e:
                    51:37:c4:02:62:6c:63:a7:02:95:5d:59:b3:14:dd:
                    7a:5e:82:36:6b:0d:b8:fc:37:5d:b0:5e:9d:23:cd:
                    1a:90:9b:5c:69:2d:23:23:3c:a0:b5:1e:8c:56:ab:
                    51:b3:54:98:28:97:e5:4f:f8:24:20:0f:54:ea:16:
                    f6:62:b3:ba:d2:be:6f:6f:7e:3d:8b:4b:71:9e:09:
                    7c:a6:44:da:35:c5:23:37:b6:24:0f:41:f6:fe:a7:
                    2a:7d:a3:c9:09:2b:33:a4:84:50:73:ca:7b:bf:f1:
                    21:20:62:8e:36:c6:43:0b:35:28:88:4a:64:d8:04:
                    0f:33:39:c2:32:96:4d:cf:58:f1:6c:18:7b:83:60:
                    85:fb:26:93:11:1d:e5:1e:5c:e9:05:be:e2:89:ee:
                    bb:e5:12:69:27:e4:34:7c:7f:0c:3e:36:09:dc:83:
                    7a:aa:90:b7:0b:ef:d8:1e:8a:b9:45:cd:f1:0b:6d:
                    d6:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D3:DE:70:24:8E:D0:A8:B1:5E:EF:C2:CC:30:29:E9:10:1C:9C:64
            X509v3 Authority Key Identifier:
                keyid:D7:F6:6A:41:BC:A6:87:B2:75:8C:FC:7B:B1:C5:F4:B3:46:9E:D8:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1_ZqQbymh7J1jPx7scX0s0ae2HA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/c9e02c-ad51-4314-90fc-4a7cc75e3e6f/1/sdPecCSO0KixXu_CzDAp6RAcnGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/c9e02c-ad51-4314-90fc-4a7cc75e3e6f/1/1_ZqQbymh7J1jPx7scX0s0ae2HA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.3.169.0/24
                IPv6:
                  2a10:a800::/30

    Signature Algorithm: sha256WithRSAEncryption
         79:02:c0:b0:16:98:98:c5:1b:67:8b:fc:9e:f1:3f:ec:68:b9:
         ce:34:fb:fe:a6:9a:25:82:cf:49:e2:eb:3f:20:62:5c:03:a6:
         da:88:4e:9b:1d:7a:e5:36:8c:b2:71:1f:6b:83:31:3c:22:72:
         51:2b:84:bf:fd:d3:e5:96:9b:a6:69:cd:57:9c:87:65:2c:da:
         cb:17:8c:19:43:af:76:fa:35:e8:8d:d8:88:f8:b4:2c:95:bd:
         d7:29:6d:1c:69:ab:f2:a0:89:cc:42:c6:f8:0e:19:2c:de:30:
         15:3d:0a:5f:b7:af:c5:0c:c7:c1:1f:df:09:be:cd:89:d9:a9:
         20:d5:15:a4:6d:c2:ec:53:c5:7c:9f:f3:75:f2:a7:84:a6:f1:
         d9:67:b7:68:02:f8:65:a7:a8:74:8c:5a:fa:b8:36:24:a3:b3:
         8a:64:a3:b7:0c:f7:08:7d:58:17:a1:af:ba:0e:b2:65:10:db:
         ff:ce:34:1a:83:5d:0f:c2:a8:53:8b:39:dc:7d:c4:de:db:23:
         f8:6a:64:b7:cc:e2:fe:1a:5e:31:a0:58:84:fd:85:00:cd:63:
         e6:5f:bb:4a:3d:02:b8:80:a9:28:de:cc:f9:c6:13:ce:60:75:
         18:3c:19:fc:59:18:0d:87:90:f0:ac:38:aa:8d:ea:0f:66:01:
         20:c7:09:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijUmO6YKcIFXkqJMwhveKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ZjY2YTQxYmNhNjg3YjI3NThjZmM3YmIxYzVmNGIzNDY5
ZWQ4NzAwHhcNMjUwMTAxMTU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQzZGU3MDI0OGVkMGE4YjE1ZWVmYzJjYzMwMjllOTEwMWM5YzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApheFKjfoHX+nMUOumSDAo3OmucKD
FhgOZmJ+rGpAYv4SaXobC1enRrNw2iXx4qgzFDgbJWrW3ybfw6jT7bwFSgMoUY0c
Rpd9wi5RN8QCYmxjpwKVXVmzFN16XoI2aw24/DddsF6dI80akJtcaS0jIzygtR6M
VqtRs1SYKJflT/gkIA9U6hb2YrO60r5vb349i0txngl8pkTaNcUjN7YkD0H2/qcq
faPJCSszpIRQc8p7v/EhIGKONsZDCzUoiEpk2AQPMznCMpZNz1jxbBh7g2CF+yaT
ER3lHlzpBb7iie675RJpJ+Q0fH8MPjYJ3IN6qpC3C+/YHoq5Rc3xC23WKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLHT3nAkjtCosV7vwswwKekQHJxkMB8GA1UdIwQY
MBaAFNf2akG8poeydYz8e7HF9LNGnthwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMV9acVFieW1oN0oxalB4N3NjWDBzMGFlMkhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9jOWUwMmMtYWQ1MS00MzE0LTkwZmMt
NGE3Y2M3NWUzZTZmLzEvc2RQZWNDU08wS2l4WHVfQ3pEQXA2UkFjbkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9jOWUwMmMtYWQ1MS00MzE0LTkwZmMtNGE3Y2M3NWUzZTZm
LzEvMV9acVFieW1oN0oxalB4N3NjWDBzMGFlMkhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAlQOpMA0E
AgACMAcDBQIqEKgAMA0GCSqGSIb3DQEBCwUAA4IBAQB5AsCwFpiYxRtni/ye8T/s
aLnONPv+ppolgs9J4us/IGJcA6baiE6bHXrlNoyycR9rgzE8InJRK4S//dPllpum
ac1XnIdlLNrLF4wZQ692+jXojdiI+LQslb3XKW0caavyoInMQsb4Dhks3jAVPQpf
t6/FDMfBH98Jvs2J2akg1RWkbcLsU8V8n/N18qeEpvHZZ7doAvhlp6h0jFr6uDYk
o7OKZKO3DPcIfVgXoa+6DrJlENv/zjQag10PwqhTizncfcTe2yP4amS3zOL+Gl4x
oFiE/YUAzWPmX7tKPQK4gKko3sz5xhPOYHUYPBn8WRgNh5DwrDiqjeoPZgEgxwlU
-----END CERTIFICATE-----