Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/SiGDnp8oSt95ArckPVGAAWtJUNs.roa
File:                     SiGDnp8oSt95ArckPVGAAWtJUNs.roa (raw, json)
Hash identifier:          j9ZTEJfSb12eUtJGUY9GVfUETUmyTkhHBnRZ+wXplM8=
Subject key identifier:   4A:21:83:9E:9F:28:4A:DF:79:02:B7:24:3D:51:80:01:6B:49:50:DB
Certificate issuer:       /CN=dc327af32a98492757b200ea040db24ec3136592
Certificate serial:       0194258F4CB399A6B32ADF1AAD69FF068E80
Authority key identifier: DC:32:7A:F3:2A:98:49:27:57:B2:00:EA:04:0D:B2:4E:C3:13:65:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/SiGDnp8oSt95ArckPVGAAWtJUNs.roa
Signing time:             Thu 02 Jan 2025 05:48:55 +0000
ROA not before:           Thu 02 Jan 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.241.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4c:b3:99:a6:b3:2a:df:1a:ad:69:ff:06:8e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc327af32a98492757b200ea040db24ec3136592
        Validity
            Not Before: Jan  2 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a21839e9f284adf7902b7243d5180016b4950db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:80:77:4e:ab:4d:f2:59:b2:28:e3:7c:ba:
                    9d:18:61:07:92:98:4c:73:f4:6c:dc:18:1e:70:1c:
                    50:f0:e3:6e:fd:01:60:5f:73:2f:20:3e:e3:b5:e8:
                    9a:d6:aa:22:c4:71:6d:25:5d:e8:4c:92:db:6c:45:
                    83:16:b0:40:f0:47:66:9a:67:bf:a9:e5:ce:fe:73:
                    b4:8a:1c:44:81:ed:99:d8:92:b4:30:76:a7:09:56:
                    a0:d3:aa:14:3f:52:fd:73:9e:eb:a5:1b:d2:70:3b:
                    b5:10:79:72:cc:84:87:a2:60:35:9c:0f:6c:b8:25:
                    21:f1:7f:9c:6f:c4:c4:70:32:e4:c5:d1:13:eb:88:
                    68:ae:30:f6:3a:20:ba:35:68:67:5b:f3:8e:10:4f:
                    46:ae:d3:6a:50:b4:0a:8c:f2:1e:93:1a:7f:de:08:
                    48:35:0c:34:2d:03:18:d4:94:98:76:e8:e4:ac:be:
                    f8:18:0b:46:ab:2d:b9:60:0b:3a:53:14:ae:30:46:
                    6c:7a:2b:06:a7:ac:a9:23:c4:57:5d:8e:a6:8e:47:
                    99:14:37:34:c1:04:b1:46:85:f7:57:d1:fe:4d:1b:
                    eb:8b:05:24:87:91:b8:5e:4e:7e:73:23:b9:36:07:
                    64:e3:10:52:1c:00:20:20:cd:ba:08:a5:d2:27:68:
                    e0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:21:83:9E:9F:28:4A:DF:79:02:B7:24:3D:51:80:01:6B:49:50:DB
            X509v3 Authority Key Identifier:
                keyid:DC:32:7A:F3:2A:98:49:27:57:B2:00:EA:04:0D:B2:4E:C3:13:65:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DJ68yqYSSdXsgDqBA2yTsMTZZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/SiGDnp8oSt95ArckPVGAAWtJUNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a4f619-4e93-41d6-846c-16219e140fa7/1/3DJ68yqYSSdXsgDqBA2yTsMTZZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:27:ff:e4:a5:6b:a0:dd:68:5c:c4:66:9f:09:a4:85:4e:13:
         4a:fa:90:3d:c1:ad:d3:73:98:12:42:b7:83:66:6b:6f:c1:cc:
         29:82:ff:92:94:f8:44:ed:cf:e7:7d:14:63:83:47:46:87:e1:
         ab:b3:41:60:b3:12:91:46:b7:3e:04:2b:1b:ff:e7:a4:7d:03:
         ab:6a:80:e6:7e:02:a6:55:3a:a6:49:bd:47:09:ea:d1:ca:49:
         59:07:29:f7:f9:a8:c3:50:a1:ea:25:59:da:3b:9c:ba:5d:83:
         d7:b1:9b:ba:1d:eb:45:33:b5:11:0e:13:41:29:66:c4:1b:e3:
         9c:35:2b:12:30:97:f4:0f:7e:27:ce:69:81:0d:85:c9:33:5e:
         b1:37:9d:6b:48:bb:ac:85:f3:11:58:89:8a:c9:65:76:ef:67:
         76:28:51:6e:34:c0:48:07:ca:80:00:9f:e2:c4:0b:f2:28:12:
         ea:27:d3:78:dc:e8:4b:ca:9a:b9:9b:72:ad:40:fa:3c:5f:5b:
         1c:57:ec:31:0d:23:42:7a:be:f0:2e:13:f8:5b:1b:dc:ad:f0:
         a1:65:84:3f:bb:6f:40:76:ff:b8:e5:75:bf:c8:97:df:03:14:
         40:de:a2:20:06:ec:64:97:66:61:ec:c7:7b:35:6b:8f:d0:2a:
         a8:38:cf:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj0yzmaazKt8arWn/Bo6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzI3YWYzMmE5ODQ5Mjc1N2IyMDBlYTA0MGRiMjRlYzMx
MzY1OTIwHhcNMjUwMTAyMDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTIxODM5ZTlmMjg0YWRmNzkwMmI3MjQzZDUxODAwMTZiNDk1MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2mAd06rTfJZsijjfLqdGGEHkphM
c/Rs3BgecBxQ8ONu/QFgX3MvID7jteia1qoixHFtJV3oTJLbbEWDFrBA8Edmmme/
qeXO/nO0ihxEge2Z2JK0MHanCVag06oUP1L9c57rpRvScDu1EHlyzISHomA1nA9s
uCUh8X+cb8TEcDLkxdET64horjD2OiC6NWhnW/OOEE9GrtNqULQKjPIekxp/3ghI
NQw0LQMY1JSYdujkrL74GAtGqy25YAs6UxSuMEZseisGp6ypI8RXXY6mjkeZFDc0
wQSxRoX3V9H+TRvriwUkh5G4Xk5+cyO5Ngdk4xBSHAAgIM26CKXSJ2jgnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEohg56fKErfeQK3JD1RgAFrSVDbMB8GA1UdIwQY
MBaAFNwyevMqmEknV7IA6gQNsk7DE2WSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RKNjh5cVlTU2RYc2dEcUJBMnlUc01UWlpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hNGY2MTktNGU5My00MWQ2LTg0NmMt
MTYyMTllMTQwZmE3LzEvU2lHRG5wOG9TdDk1QXJja1BWR0FBV3RKVU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hNGY2MTktNGU5My00MWQ2LTg0NmMtMTYyMTllMTQwZmE3
LzEvM0RKNjh5cVlTU2RYc2dEcUJBMnlUc01UWlpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEIMA0G
CSqGSIb3DQEBCwUAA4IBAQA+J//kpWug3WhcxGafCaSFThNK+pA9wa3Tc5gSQreD
Zmtvwcwpgv+SlPhE7c/nfRRjg0dGh+Grs0FgsxKRRrc+BCsb/+ekfQOraoDmfgKm
VTqmSb1HCerRyklZByn3+ajDUKHqJVnaO5y6XYPXsZu6HetFM7URDhNBKWbEG+Oc
NSsSMJf0D34nzmmBDYXJM16xN51rSLushfMRWImKyWV272d2KFFuNMBIB8qAAJ/i
xAvyKBLqJ9N43OhLypq5m3KtQPo8X1scV+wxDSNCer7wLhP4WxvcrfChZYQ/u29A
dv+45XW/yJffAxRA3qIgBuxkl2Zh7Md7NWuP0CqoOM9A
-----END CERTIFICATE-----