Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/55be75-0e0a-413e-89cc-378a3e7bc083/1/Sin-PC97LkpWqIlpz6S0Fm0weuA.roa
File:                     Sin-PC97LkpWqIlpz6S0Fm0weuA.roa (raw, json)
Hash identifier:          rp24oUUo56kRvZQARdI61Z50aPptqDxKxcUiuu5+rgA=
Subject key identifier:   4A:29:FE:3C:2F:7B:2E:4A:56:A8:89:69:CF:A4:B4:16:6D:30:7A:E0
Certificate issuer:       /CN=e8fdfa71400ce370b75f73778048574e4627431b
Certificate serial:       01933F08C89B3B07598EEB89243392E1EBE6
Authority key identifier: E8:FD:FA:71:40:0C:E3:70:B7:5F:73:77:80:48:57:4E:46:27:43:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6P36cUAM43C3X3N3gEhXTkYnQxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/55be75-0e0a-413e-89cc-378a3e7bc083/1/Sin-PC97LkpWqIlpz6S0Fm0weuA.roa
Signing time:             Mon 18 Nov 2024 11:29:20 +0000
ROA not before:           Mon 18 Nov 2024 11:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43885
IP address blocks:        185.112.79.0/24 maxlen: 24
                          185.247.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/55be75-0e0a-413e-89cc-378a3e7bc083/1/6P36cUAM43C3X3N3gEhXTkYnQxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/55be75-0e0a-413e-89cc-378a3e7bc083/1/6P36cUAM43C3X3N3gEhXTkYnQxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6P36cUAM43C3X3N3gEhXTkYnQxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3f:08:c8:9b:3b:07:59:8e:eb:89:24:33:92:e1:eb:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8fdfa71400ce370b75f73778048574e4627431b
        Validity
            Not Before: Nov 18 11:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a29fe3c2f7b2e4a56a88969cfa4b4166d307ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d9:4a:ce:9c:82:90:4e:52:1d:8f:df:da:c1:
                    b7:71:52:d7:75:9d:67:a4:e9:3a:2c:43:18:dd:a8:
                    73:9a:d2:d6:f0:63:53:01:f0:3d:a7:1c:63:7a:24:
                    5f:a4:31:49:89:b2:df:b2:bb:8f:bf:e0:61:c1:8a:
                    9a:54:86:8d:7a:11:17:dd:50:59:4d:3f:26:aa:d2:
                    8d:09:6d:5a:3f:e3:cd:bc:59:16:52:3c:0d:76:f0:
                    8b:e0:d8:bf:5a:9d:d7:2c:13:e4:0c:47:59:18:75:
                    59:b3:37:2f:70:7a:b5:a8:7a:c4:44:16:36:52:4c:
                    a3:e8:80:a3:29:b4:64:8a:ac:0e:5e:b8:f0:b0:8c:
                    3d:a3:a7:9f:7a:bf:8b:ec:33:c7:6b:44:74:48:eb:
                    e8:65:44:97:9d:03:0d:40:9b:0d:ba:32:09:21:d1:
                    61:59:43:5e:8c:91:5b:d3:9d:2c:89:f7:3c:a7:a0:
                    a1:94:d9:45:86:17:30:7a:ed:94:32:50:6e:9c:92:
                    dc:90:1c:f8:cf:60:0e:73:01:03:36:3b:bb:a1:b8:
                    cf:7b:df:39:64:3a:70:11:41:60:bb:f5:45:5f:a6:
                    0e:2a:75:db:af:46:af:6f:38:0b:c2:bd:ac:bf:64:
                    06:26:6d:c0:a1:90:c6:e1:4a:3b:15:06:96:23:0c:
                    24:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:29:FE:3C:2F:7B:2E:4A:56:A8:89:69:CF:A4:B4:16:6D:30:7A:E0
            X509v3 Authority Key Identifier:
                keyid:E8:FD:FA:71:40:0C:E3:70:B7:5F:73:77:80:48:57:4E:46:27:43:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6P36cUAM43C3X3N3gEhXTkYnQxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/55be75-0e0a-413e-89cc-378a3e7bc083/1/Sin-PC97LkpWqIlpz6S0Fm0weuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/55be75-0e0a-413e-89cc-378a3e7bc083/1/6P36cUAM43C3X3N3gEhXTkYnQxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.79.0/24
                  185.247.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b2:d0:b7:f1:3a:7d:a9:23:fa:0f:20:a4:5d:70:73:af:9e:
         f6:01:1b:df:c6:4b:e6:69:f6:00:1f:55:d8:4e:76:37:0d:0b:
         44:38:50:b3:da:f3:42:1d:ef:92:28:b9:d9:78:03:06:e7:96:
         27:a2:4b:bf:69:e6:c3:b1:2b:79:f1:00:21:89:62:e6:7d:fb:
         af:d0:43:2a:e5:3c:86:1a:30:54:f8:92:f8:f4:8a:74:86:36:
         a0:fd:92:57:ba:ba:95:6c:ce:0a:aa:69:b0:39:9a:18:e2:71:
         c8:f4:94:3d:a7:40:ef:a5:fd:c0:e9:79:cb:0b:9b:98:9c:88:
         41:b6:3a:a0:d1:63:e6:32:0f:e6:81:c4:f8:0c:0f:cd:17:1a:
         0a:65:ea:27:79:c4:07:51:e3:b8:59:ae:a8:ba:19:85:cf:a5:
         3b:32:71:5e:f2:c5:31:3b:92:1d:de:9a:70:b3:9b:4f:c2:97:
         f4:a2:79:a5:4f:c9:0c:6f:8a:a0:43:30:9d:15:36:e8:e4:6f:
         dd:13:99:b9:0b:00:a8:c9:99:ad:68:3b:a7:c1:b3:74:df:6c:
         f5:10:30:d5:23:da:52:f4:01:0d:94:e0:cf:e2:9c:2b:7a:d5:
         f8:50:ef:87:c8:6f:8f:d9:1b:09:93:26:75:e6:d0:d3:f9:65:
         c7:71:1c:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZM/CMibOwdZjuuJJDOS4evmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZmRmYTcxNDAwY2UzNzBiNzVmNzM3NzgwNDg1NzRlNDYy
NzQzMWIwHhcNMjQxMTE4MTEyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI5ZmUzYzJmN2IyZTRhNTZhODg5NjljZmE0YjQxNjZkMzA3YWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutlKzpyCkE5SHY/f2sG3cVLXdZ1n
pOk6LEMY3ahzmtLW8GNTAfA9pxxjeiRfpDFJibLfsruPv+BhwYqaVIaNehEX3VBZ
TT8mqtKNCW1aP+PNvFkWUjwNdvCL4Ni/Wp3XLBPkDEdZGHVZszcvcHq1qHrERBY2
Ukyj6ICjKbRkiqwOXrjwsIw9o6efer+L7DPHa0R0SOvoZUSXnQMNQJsNujIJIdFh
WUNejJFb050sifc8p6ChlNlFhhcweu2UMlBunJLckBz4z2AOcwEDNju7objPe985
ZDpwEUFgu/VFX6YOKnXbr0avbzgLwr2sv2QGJm3AoZDG4Uo7FQaWIwwk1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEop/jwvey5KVqiJac+ktBZtMHrgMB8GA1UdIwQY
MBaAFOj9+nFADONwt19zd4BIV05GJ0MbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlAzNmNVQU00M0MzWDNOM2dFaFhUa1luUXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81NWJlNzUtMGUwYS00MTNlLTg5Y2Mt
Mzc4YTNlN2JjMDgzLzEvU2luLVBDOTdMa3BXcUlscHo2UzBGbTB3ZXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81NWJlNzUtMGUwYS00MTNlLTg5Y2MtMzc4YTNlN2JjMDgz
LzEvNlAzNmNVQU00M0MzWDNOM2dFaFhUa1luUXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXBPAwQA
ufd8MA0GCSqGSIb3DQEBCwUAA4IBAQB9stC38Tp9qSP6DyCkXXBzr572ARvfxkvm
afYAH1XYTnY3DQtEOFCz2vNCHe+SKLnZeAMG55Ynoku/aebDsSt58QAhiWLmffuv
0EMq5TyGGjBU+JL49Ip0hjag/ZJXurqVbM4KqmmwOZoY4nHI9JQ9p0Dvpf3A6XnL
C5uYnIhBtjqg0WPmMg/mgcT4DA/NFxoKZeonecQHUeO4Wa6ouhmFz6U7MnFe8sUx
O5Id3ppws5tPwpf0onmlT8kMb4qgQzCdFTbo5G/dE5m5CwCoyZmtaDunwbN032z1
EDDVI9pS9AENlODP4pwretX4UO+HyG+P2RsJkyZ15tDT+WXHcRxW
-----END CERTIFICATE-----