Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/SKVsL0dFPC8nQ8E0Sar1SVELQ-4.roa
File:                     SKVsL0dFPC8nQ8E0Sar1SVELQ-4.roa (raw, json)
Hash identifier:          Wd6r5Q9d5JNbBO/CAcgZ9Q9+GeT6Xu5kC1/o/UnS0tI=
Subject key identifier:   48:A5:6C:2F:47:45:3C:2F:27:43:C1:34:49:AA:F5:49:51:0B:43:EE
Certificate issuer:       /CN=2c3e1c03efa2f2d9fff9dbec3325bc6c37694250
Certificate serial:       0194F57D13E933855F8781AD35EBD4659264
Authority key identifier: 2C:3E:1C:03:EF:A2:F2:D9:FF:F9:DB:EC:33:25:BC:6C:37:69:42:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LD4cA--i8tn_-dvsMyW8bDdpQlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/SKVsL0dFPC8nQ8E0Sar1SVELQ-4.roa
Signing time:             Tue 11 Feb 2025 14:50:02 +0000
ROA not before:           Tue 11 Feb 2025 14:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49972
IP address blocks:        185.129.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/LD4cA--i8tn_-dvsMyW8bDdpQlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/LD4cA--i8tn_-dvsMyW8bDdpQlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LD4cA--i8tn_-dvsMyW8bDdpQlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:7d:13:e9:33:85:5f:87:81:ad:35:eb:d4:65:92:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3e1c03efa2f2d9fff9dbec3325bc6c37694250
        Validity
            Not Before: Feb 11 14:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48a56c2f47453c2f2743c13449aaf549510b43ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:95:be:85:bd:3b:3e:f6:5a:1b:d7:1f:32:e9:
                    0f:47:d6:12:5f:80:cc:6d:aa:48:0e:9c:3e:9b:e6:
                    2e:b9:d4:4e:2c:b8:47:d9:4c:76:cf:ed:68:4c:63:
                    63:42:8e:e7:2e:fe:a5:1e:6a:18:29:42:e8:f1:78:
                    53:49:f2:08:93:06:36:f5:f4:07:0e:b4:51:d3:2f:
                    61:77:40:96:3e:bc:80:60:6d:e6:da:12:ec:6a:95:
                    00:57:41:7d:29:56:60:df:af:77:fc:56:4e:f4:6b:
                    a7:5a:3a:f3:56:a1:5e:64:ee:d1:20:7a:ff:b9:db:
                    00:64:ce:33:78:41:27:d4:19:52:62:63:a7:1e:62:
                    d4:3a:24:30:77:4f:9a:0f:c1:9b:0a:59:f7:60:c4:
                    26:8f:c8:ee:fa:00:2e:67:39:a4:ba:76:f9:70:f3:
                    73:65:83:64:5d:48:ef:3a:00:a5:c6:d2:d0:46:c3:
                    77:23:97:4c:fe:de:b4:81:62:a7:d7:6a:6d:42:01:
                    19:0c:26:d4:d4:e2:0c:1a:42:b3:9d:bf:22:17:f7:
                    ee:8e:df:17:a1:94:a3:b8:3a:3c:fc:76:af:9e:c2:
                    d4:f3:9a:cb:2e:9f:2a:0c:5b:77:31:9e:84:da:ee:
                    ab:7e:68:d4:60:2a:11:e8:d4:51:4d:1b:bc:86:7d:
                    d4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A5:6C:2F:47:45:3C:2F:27:43:C1:34:49:AA:F5:49:51:0B:43:EE
            X509v3 Authority Key Identifier:
                keyid:2C:3E:1C:03:EF:A2:F2:D9:FF:F9:DB:EC:33:25:BC:6C:37:69:42:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LD4cA--i8tn_-dvsMyW8bDdpQlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/SKVsL0dFPC8nQ8E0Sar1SVELQ-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/LD4cA--i8tn_-dvsMyW8bDdpQlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:a5:b8:92:27:20:2e:33:2d:4a:db:6f:c6:8d:b0:bd:48:25:
         6a:92:4b:1d:b4:60:bc:09:ce:00:f8:3f:53:d6:e1:d5:26:79:
         82:28:e9:c7:d3:4d:83:97:71:ee:d7:c7:6a:17:87:4d:00:b9:
         6a:34:72:36:8e:62:64:b9:18:66:ef:56:07:91:c9:03:24:5d:
         10:5e:31:4a:80:e6:45:57:65:ae:fe:c2:ff:8a:0d:3c:12:d6:
         ab:db:11:f7:e7:23:ed:3b:a2:8a:46:54:65:35:ef:51:a9:24:
         63:d0:59:37:f5:b0:26:ed:ae:12:54:7b:7e:7c:32:77:aa:e1:
         34:72:e2:ea:4a:d4:2b:b5:a2:33:77:af:8c:50:f9:f2:f2:8b:
         1b:a5:f2:ea:be:0b:79:27:68:ea:2b:d0:02:ed:6f:68:5d:74:
         52:f5:8b:e4:61:2a:e8:5c:b8:f9:d7:5c:a5:8f:dc:58:06:fd:
         bf:1f:bd:11:df:56:6f:79:8e:0c:08:b1:4b:11:8e:4b:7f:5f:
         bb:1f:1a:3a:80:bf:af:d0:ee:c3:d8:e1:8d:9d:28:59:7b:d8:
         b5:45:c4:c2:4d:ad:12:6b:7a:29:49:17:53:4c:2d:e3:e7:f5:
         86:d6:ba:ee:1e:65:fc:51:49:b9:46:fb:c4:18:a0:e6:fd:91:
         c4:0b:67:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT1fRPpM4Vfh4GtNevUZZJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjM2UxYzAzZWZhMmYyZDlmZmY5ZGJlYzMzMjViYzZjMzc2
OTQyNTAwHhcNMjUwMjExMTQ1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE1NmMyZjQ3NDUzYzJmMjc0M2MxMzQ0OWFhZjU0OTUxMGI0M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJW+hb07PvZaG9cfMukPR9YSX4DM
bapIDpw+m+YuudROLLhH2Ux2z+1oTGNjQo7nLv6lHmoYKULo8XhTSfIIkwY29fQH
DrRR0y9hd0CWPryAYG3m2hLsapUAV0F9KVZg3693/FZO9GunWjrzVqFeZO7RIHr/
udsAZM4zeEEn1BlSYmOnHmLUOiQwd0+aD8GbCln3YMQmj8ju+gAuZzmkunb5cPNz
ZYNkXUjvOgClxtLQRsN3I5dM/t60gWKn12ptQgEZDCbU1OIMGkKznb8iF/fujt8X
oZSjuDo8/HavnsLU85rLLp8qDFt3MZ6E2u6rfmjUYCoR6NRRTRu8hn3UFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEilbC9HRTwvJ0PBNEmq9UlRC0PuMB8GA1UdIwQY
MBaAFCw+HAPvovLZ//nb7DMlvGw3aUJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEQ0Y0EtLWk4dG5fLWR2c015VzhiRGRwUWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kY2JkM2EtNzUyOC00OTllLWEzYmQt
YmYyODg3NWFiMjYxLzEvU0tWc0wwZEZQQzhuUThFMFNhcjFTVkVMUS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kY2JkM2EtNzUyOC00OTllLWEzYmQtYmYyODg3NWFiMjYx
LzEvTEQ0Y0EtLWk4dG5fLWR2c015VzhiRGRwUWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYGoMA0G
CSqGSIb3DQEBCwUAA4IBAQBypbiSJyAuMy1K22/GjbC9SCVqkksdtGC8Cc4A+D9T
1uHVJnmCKOnH002Dl3Hu18dqF4dNALlqNHI2jmJkuRhm71YHkckDJF0QXjFKgOZF
V2Wu/sL/ig08Etar2xH35yPtO6KKRlRlNe9RqSRj0Fk39bAm7a4SVHt+fDJ3quE0
cuLqStQrtaIzd6+MUPny8osbpfLqvgt5J2jqK9AC7W9oXXRS9YvkYSroXLj511yl
j9xYBv2/H70R31ZveY4MCLFLEY5Lf1+7Hxo6gL+v0O7D2OGNnShZe9i1RcTCTa0S
a3opSRdTTC3j5/WG1rruHmX8UUm5RvvEGKDm/ZHEC2dj
-----END CERTIFICATE-----