Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SR-cFAcblp7jRN3R0O8GU0JmkWU.roa
File:                     SR-cFAcblp7jRN3R0O8GU0JmkWU.roa (raw, json)
Hash identifier:          B1MU8f4xcBJseYFcmKyAFL1zgg9Da0vWim5RcZW16iY=
Subject key identifier:   49:1F:9C:14:07:1B:96:9E:E3:44:DD:D1:D0:EF:06:53:42:66:91:65
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019734CD49260B878FA2724E85A86C9455BE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SR-cFAcblp7jRN3R0O8GU0JmkWU.roa
Signing time:             Tue 03 Jun 2025 07:59:18 +0000
ROA not before:           Tue 03 Jun 2025 07:59:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64289
IP address blocks:        89.213.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:34:cd:49:26:0b:87:8f:a2:72:4e:85:a8:6c:94:55:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  3 07:59:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=491f9c14071b969ee344ddd1d0ef065342669165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:38:13:6d:ae:5c:0d:67:62:9e:18:4a:bb:12:
                    5b:43:7c:bd:f3:e6:03:1b:a3:d0:f6:1a:d8:e3:f6:
                    d9:47:61:7e:e8:26:ba:38:4c:ed:61:a6:43:1e:72:
                    5a:1e:61:f6:ed:05:53:55:41:b4:be:c5:bc:f5:00:
                    9e:c2:6b:80:1b:86:a7:31:ca:eb:e7:ee:42:78:95:
                    b7:34:0a:93:d3:be:d1:97:96:13:2a:6c:9a:70:fb:
                    9b:1d:1b:4e:36:95:ca:2c:66:d7:8e:57:88:46:7f:
                    dc:6c:c7:d4:d9:24:a6:3b:c9:cc:31:f9:b9:4d:83:
                    b7:25:c2:93:b8:38:cd:79:3d:a5:4b:cb:d3:1d:d9:
                    b5:12:fc:c7:fc:d8:30:f0:87:a6:f6:60:92:41:53:
                    0e:c6:18:bd:31:94:11:6b:40:20:44:fd:8d:0d:32:
                    34:90:c8:f6:0e:23:89:9c:1c:07:8e:85:cc:0e:7e:
                    76:d7:f1:07:d3:37:2e:b2:2b:6f:52:53:13:23:b8:
                    60:2b:a1:3c:9c:88:3d:d8:e8:ed:08:eb:97:89:b2:
                    6c:cf:4c:be:3d:dc:c1:9a:b8:a3:0b:a0:e5:e5:07:
                    af:43:bf:ba:8d:06:b7:ba:d1:37:75:49:6f:68:27:
                    a1:1a:f6:a7:01:a7:76:e5:3b:74:7c:23:05:5f:2b:
                    0c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:1F:9C:14:07:1B:96:9E:E3:44:DD:D1:D0:EF:06:53:42:66:91:65
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SR-cFAcblp7jRN3R0O8GU0JmkWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a1:25:ae:f9:74:8a:df:c9:f5:db:a5:c3:d9:69:06:f0:17:
         be:39:ed:e5:4d:db:6d:f9:cb:87:84:c9:7d:c1:fe:d2:b0:a2:
         22:a3:91:98:62:19:f2:ad:54:4d:89:4a:6e:08:cf:28:02:12:
         dd:f0:67:09:35:3e:a3:c6:0e:2c:6c:89:04:a1:5f:fd:4f:5d:
         68:7c:11:4c:ad:ee:4f:19:b1:48:eb:1b:34:e3:ea:07:56:82:
         98:10:58:b9:e8:39:f4:a8:33:7b:a0:33:1b:cb:f9:9b:07:39:
         ca:4e:34:24:65:c3:79:fa:30:c8:03:65:bd:4a:88:55:1b:3f:
         61:ac:03:cf:26:bf:7b:da:cf:1a:1e:e1:74:f8:c3:6f:28:b2:
         d7:76:3e:db:29:25:b9:e0:2e:5e:b3:9a:9f:0d:20:52:9b:c2:
         fc:4d:35:d9:52:34:e2:54:a5:74:42:69:b2:43:37:d0:a0:a5:
         68:28:ba:84:01:8a:54:04:cd:9c:c8:9c:1e:bb:28:fc:a8:f4:
         d6:85:ea:93:19:fa:df:67:48:91:c6:fb:16:e8:33:7a:54:bb:
         13:6a:d8:7c:2e:44:a5:40:92:76:3e:66:d3:c8:04:25:ea:42:
         93:f5:9b:91:15:66:d3:74:83:e0:94:0f:35:7a:44:dd:0d:fa:
         05:94:7d:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc0zUkmC4ePonJOhahslFW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNjAzMDc1OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTFmOWMxNDA3MWI5NjllZTM0NGRkZDFkMGVmMDY1MzQyNjY5MTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDgTba5cDWdinhhKuxJbQ3y98+YD
G6PQ9hrY4/bZR2F+6Ca6OEztYaZDHnJaHmH27QVTVUG0vsW89QCewmuAG4anMcrr
5+5CeJW3NAqT077Rl5YTKmyacPubHRtONpXKLGbXjleIRn/cbMfU2SSmO8nMMfm5
TYO3JcKTuDjNeT2lS8vTHdm1EvzH/Ngw8Iem9mCSQVMOxhi9MZQRa0AgRP2NDTI0
kMj2DiOJnBwHjoXMDn521/EH0zcusitvUlMTI7hgK6E8nIg92OjtCOuXibJsz0y+
PdzBmrijC6Dl5QevQ7+6jQa3utE3dUlvaCehGvanAad25Tt0fCMFXysMSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkfnBQHG5ae40Td0dDvBlNCZpFlMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU1ItY0ZBY2JscDdqUk4zUjBPOEdVMEpta1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdV0MA0G
CSqGSIb3DQEBCwUAA4IBAQAnoSWu+XSK38n126XD2WkG8Be+Oe3lTdtt+cuHhMl9
wf7SsKIio5GYYhnyrVRNiUpuCM8oAhLd8GcJNT6jxg4sbIkEoV/9T11ofBFMre5P
GbFI6xs04+oHVoKYEFi56Dn0qDN7oDMby/mbBznKTjQkZcN5+jDIA2W9SohVGz9h
rAPPJr972s8aHuF0+MNvKLLXdj7bKSW54C5es5qfDSBSm8L8TTXZUjTiVKV0Qmmy
QzfQoKVoKLqEAYpUBM2cyJweuyj8qPTWheqTGfrfZ0iRxvsW6DN6VLsTath8LkSl
QJJ2PmbTyAQl6kKT9ZuRFWbTdIPglA81ekTdDfoFlH3M
-----END CERTIFICATE-----