Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/Sa6znDVDsQHD35VmHwqvXVonM38.roa
File:                     Sa6znDVDsQHD35VmHwqvXVonM38.roa (raw, json)
Hash identifier:          nRFoeEfFPyShSd728ksUwP896TgOnH/uXjf9ODWCe1k=
Subject key identifier:   49:AE:B3:9C:35:43:B1:01:C3:DF:95:66:1F:0A:AF:5D:5A:27:33:7F
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019424B3AF695B8A4FF69A1EE17ED73417E0
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/Sa6znDVDsQHD35VmHwqvXVonM38.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        185.147.124.0/24 maxlen: 24
                          185.147.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:af:69:5b:8a:4f:f6:9a:1e:e1:7e:d7:34:17:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49aeb39c3543b101c3df95661f0aaf5d5a27337f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:56:11:a3:a5:19:07:13:16:5b:49:8f:d7:1c:
                    6c:c0:d2:9d:70:ff:02:9b:fb:a5:c1:62:16:6b:ff:
                    e4:25:af:9e:50:d7:5a:4e:99:ef:29:2c:8a:e3:21:
                    bf:9f:bd:d5:6f:df:5b:5a:7f:c3:d2:9e:b8:cd:56:
                    a5:61:5e:5c:99:a6:d3:34:72:4f:8b:05:2d:76:94:
                    8d:26:14:af:b6:2b:dc:ea:d0:5e:37:c2:c8:c2:71:
                    38:3d:e5:eb:d7:8f:93:b2:35:fb:08:0b:ee:22:0f:
                    cb:2b:66:45:9e:8d:d4:19:c9:48:83:cd:69:f1:1e:
                    a8:ea:97:16:4c:ff:31:fa:25:34:34:49:e9:c2:c7:
                    c9:65:5d:12:e0:d6:c1:9f:f5:6a:bc:95:6f:31:2d:
                    e7:a6:d2:63:33:b0:b9:ed:a6:5c:a6:96:e4:ce:e4:
                    b0:c4:16:c2:65:bb:fd:97:82:81:4b:d7:ce:55:35:
                    7d:a0:53:14:33:6a:aa:f4:4f:2a:61:13:fc:b6:36:
                    29:77:06:54:fc:8e:56:1f:63:79:1d:53:24:ae:ae:
                    e3:4e:e0:0c:32:49:1b:ce:5e:af:46:15:e6:49:88:
                    21:77:87:df:39:4f:86:c6:73:83:81:9a:87:8b:23:
                    bc:02:bd:3b:21:b9:fb:09:bb:16:68:ac:4a:b8:9c:
                    91:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:AE:B3:9C:35:43:B1:01:C3:DF:95:66:1F:0A:AF:5D:5A:27:33:7F
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/Sa6znDVDsQHD35VmHwqvXVonM38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:78:a0:74:e3:6c:ee:31:aa:78:d5:a4:e2:46:eb:58:ea:10:
         2d:6e:ba:e3:92:bb:48:59:6d:ee:39:3f:7c:9d:97:63:f4:4f:
         1e:2c:d6:62:44:eb:e2:6b:d7:66:80:d9:48:1b:86:37:37:73:
         7d:65:d5:8a:0e:09:63:ba:0e:7d:90:ac:d8:75:cb:cd:01:99:
         63:f4:c8:35:0a:a3:ae:bf:d3:7d:c7:fa:1f:74:6e:09:d8:51:
         c6:36:6b:34:72:ab:7a:71:ce:e9:e3:1e:92:f5:f4:d6:fd:a2:
         2e:b7:a5:f7:85:7d:0f:ec:2c:36:1c:e3:cb:05:1a:00:4c:77:
         e2:85:ad:e9:ae:37:25:48:45:07:54:b3:75:13:b0:1b:5c:e5:
         f0:c4:ae:3e:d8:a5:3c:3b:a8:bd:ae:16:37:9c:72:c6:32:a5:
         ad:e8:bf:3c:69:92:e3:a4:af:88:62:ef:c5:55:21:95:6c:90:
         8c:95:66:ef:3e:c3:9c:49:99:d5:fb:74:9d:ce:3c:3a:81:71:
         a6:30:c8:10:93:fe:f5:d0:6f:94:7d:38:77:c9:13:c8:08:39:
         e3:39:03:40:f4:cf:92:27:bb:e6:c3:a8:80:89:fe:44:b6:17:
         ab:77:db:b6:0d:fb:97:23:0d:df:13:f3:6a:91:ec:b9:12:93:
         e5:c6:8a:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks69pW4pP9poe4X7XNBfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWFlYjM5YzM1NDNiMTAxYzNkZjk1NjYxZjBhYWY1ZDVhMjczMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVYRo6UZBxMWW0mP1xxswNKdcP8C
m/ulwWIWa//kJa+eUNdaTpnvKSyK4yG/n73Vb99bWn/D0p64zValYV5cmabTNHJP
iwUtdpSNJhSvtivc6tBeN8LIwnE4PeXr14+TsjX7CAvuIg/LK2ZFno3UGclIg81p
8R6o6pcWTP8x+iU0NEnpwsfJZV0S4NbBn/VqvJVvMS3nptJjM7C57aZcppbkzuSw
xBbCZbv9l4KBS9fOVTV9oFMUM2qq9E8qYRP8tjYpdwZU/I5WH2N5HVMkrq7jTuAM
Mkkbzl6vRhXmSYghd4ffOU+GxnODgZqHiyO8Ar07Ibn7CbsWaKxKuJyRfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmus5w1Q7EBw9+VZh8Kr11aJzN/MB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEvU2E2em5EVkRzUUhEMzVWbUh3cXZYVm9uTTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZN8MA0G
CSqGSIb3DQEBCwUAA4IBAQBKeKB042zuMap41aTiRutY6hAtbrrjkrtIWW3uOT98
nZdj9E8eLNZiROvia9dmgNlIG4Y3N3N9ZdWKDgljug59kKzYdcvNAZlj9Mg1CqOu
v9N9x/ofdG4J2FHGNms0cqt6cc7p4x6S9fTW/aIut6X3hX0P7Cw2HOPLBRoATHfi
ha3prjclSEUHVLN1E7AbXOXwxK4+2KU8O6i9rhY3nHLGMqWt6L88aZLjpK+IYu/F
VSGVbJCMlWbvPsOcSZnV+3Sdzjw6gXGmMMgQk/710G+UfTh3yRPICDnjOQNA9M+S
J7vmw6iAif5Etherd9u2DfuXIw3fE/Nqkey5EpPlxooz
-----END CERTIFICATE-----