Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/SCMmIcP6ytZEwBjOpISI6_ZEryg.roa
File:                     SCMmIcP6ytZEwBjOpISI6_ZEryg.roa (raw, json)
Hash identifier:          bb0dnhANBxmIG7AOmW9ckEWXZyAL4czFwd4d39TfcnQ=
Subject key identifier:   48:23:26:21:C3:FA:CA:D6:44:C0:18:CE:A4:84:88:EB:F6:44:AF:28
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       019423699C363AC19656402CA43B53757C9D
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/SCMmIcP6ytZEwBjOpISI6_ZEryg.roa
Signing time:             Wed 01 Jan 2025 19:48:31 +0000
ROA not before:           Wed 01 Jan 2025 19:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49948
IP address blocks:        86.104.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:9c:36:3a:c1:96:56:40:2c:a4:3b:53:75:7c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48232621c3facad644c018cea48488ebf644af28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:92:a6:17:f3:77:40:9f:b9:97:fe:1e:b6:20:
                    f3:da:6c:b8:15:fe:10:bf:92:50:dc:73:2a:62:1b:
                    49:d0:99:8f:94:36:1a:7f:6b:94:9a:bd:a1:c7:36:
                    e9:76:f1:eb:c6:cb:ec:fa:9e:af:04:d6:1a:ce:c9:
                    90:2f:2f:2a:7a:2f:b5:03:62:bc:54:a6:37:d0:44:
                    0b:f9:4e:6e:45:ab:b1:e8:35:b8:99:1e:5b:ca:e6:
                    64:9b:be:5b:a8:04:33:d8:8f:be:20:63:03:c5:f7:
                    e4:c5:f3:14:5a:0a:b9:3d:9c:ea:f7:6f:f9:4e:28:
                    1b:d9:34:39:0b:3c:f4:67:67:97:1a:45:70:5c:07:
                    94:7b:03:7a:8e:a0:be:6a:67:49:87:7b:c5:bc:70:
                    88:f1:00:a1:12:59:62:15:ee:5c:31:4a:8a:72:50:
                    ad:ba:31:b9:c3:ea:4c:73:a6:13:61:b4:69:2c:de:
                    17:b9:b8:05:8d:00:8c:fc:e3:b2:c3:77:87:70:47:
                    73:bf:dc:8f:ca:84:af:b3:8b:1a:fe:ed:4a:e5:65:
                    0b:f1:54:b5:16:52:e7:b5:69:f0:b9:f7:90:a3:13:
                    87:66:4e:f0:6e:6e:44:ba:ab:f5:f4:ee:36:77:5e:
                    6a:74:de:f9:8e:ba:1e:68:51:b2:8d:5f:39:17:94:
                    b3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:23:26:21:C3:FA:CA:D6:44:C0:18:CE:A4:84:88:EB:F6:44:AF:28
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/SCMmIcP6ytZEwBjOpISI6_ZEryg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:58:6d:53:d6:71:8f:19:77:dd:a5:e0:ce:ac:ff:92:47:ae:
         f2:e2:8f:7f:4a:c1:42:02:46:82:28:ac:2c:93:db:99:6c:64:
         c7:75:c8:3a:a4:5c:10:e7:8d:8b:b0:f5:f3:63:af:0e:df:92:
         2e:f1:d6:1e:9b:e6:52:d4:fe:69:85:ef:38:b8:5e:83:8a:c9:
         b3:2c:3c:71:7a:72:be:72:7a:88:7d:7a:ef:88:09:98:54:e8:
         78:cb:77:9f:f6:72:61:a2:b1:14:2f:fe:e3:1d:9e:77:aa:7a:
         93:23:36:de:ba:0b:4b:48:bb:5e:3d:ca:f9:de:b7:c4:46:63:
         ee:90:9c:54:1f:a0:2b:8c:60:e5:4d:76:44:f4:ee:a6:c4:99:
         13:fe:97:58:9a:45:58:3c:59:20:9a:bb:74:36:41:b8:41:d4:
         1a:f8:b0:f8:a1:46:df:91:4e:cf:e0:62:18:85:33:9b:ea:3e:
         2b:06:28:13:f6:4b:95:46:2d:47:36:cc:fd:04:9e:76:72:18:
         2e:fb:b8:03:93:69:01:f2:ff:43:d9:c4:d8:cc:92:8c:9b:99:
         5d:68:c4:02:0c:37:6c:07:cf:32:f7:d5:d3:c4:a4:95:f4:13:
         a3:7f:a0:2b:46:d7:19:a2:e5:eb:53:0d:90:45:64:0e:a3:52:
         ea:ad:4a:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaZw2OsGWVkAspDtTdXydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODIzMjYyMWMzZmFjYWQ2NDRjMDE4Y2VhNDg0ODhlYmY2NDRhZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpKmF/N3QJ+5l/4etiDz2my4Ff4Q
v5JQ3HMqYhtJ0JmPlDYaf2uUmr2hxzbpdvHrxsvs+p6vBNYazsmQLy8qei+1A2K8
VKY30EQL+U5uRaux6DW4mR5byuZkm75bqAQz2I++IGMDxffkxfMUWgq5PZzq92/5
Tigb2TQ5Czz0Z2eXGkVwXAeUewN6jqC+amdJh3vFvHCI8QChElliFe5cMUqKclCt
ujG5w+pMc6YTYbRpLN4XubgFjQCM/OOyw3eHcEdzv9yPyoSvs4sa/u1K5WUL8VS1
FlLntWnwufeQoxOHZk7wbm5Euqv19O42d15qdN75jroeaFGyjV85F5SzzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEgjJiHD+srWRMAYzqSEiOv2RK8oMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1NDTW1JY1A2eXRaRXdCak9wSVNJNl9aRXJ5Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWaOYw
DQYJKoZIhvcNAQELBQADggEBAExYbVPWcY8Zd92l4M6s/5JHrvLij39KwUICRoIo
rCyT25lsZMd1yDqkXBDnjYuw9fNjrw7fki7x1h6b5lLU/mmF7zi4XoOKybMsPHF6
cr5yeoh9eu+ICZhU6HjLd5/2cmGisRQv/uMdnneqepMjNt66C0tIu149yvnet8RG
Y+6QnFQfoCuMYOVNdkT07qbEmRP+l1iaRVg8WSCau3Q2QbhB1Br4sPihRt+RTs/g
YhiFM5vqPisGKBP2S5VGLUc2zP0EnnZyGC77uAOTaQHy/0PZxNjMkoybmV1oxAIM
N2wHzzL31dPEpJX0E6N/oCtG1xmi5etTDZBFZA6jUuqtSps=
-----END CERTIFICATE-----