Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/S6SgkEKXXupg9NGyg85ew2MKuNo.roa
File:                     S6SgkEKXXupg9NGyg85ew2MKuNo.roa (raw, json)
Hash identifier:          Ccy6wkPiSmvGfzLUcrIC/arlCjWDtB/tLTVQ150opBk=
Subject key identifier:   4B:A4:A0:90:42:97:5E:EA:60:F4:D1:B2:83:CE:5E:C3:63:0A:B8:DA
Certificate issuer:       /CN=c4990ec20111f42fb62f39a81c7392a921955bf2
Certificate serial:       01941FFA7000807F5088424245F39D5AE840
Authority key identifier: C4:99:0E:C2:01:11:F4:2F:B6:2F:39:A8:1C:73:92:A9:21:95:5B:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJkOwgER9C-2LzmoHHOSqSGVW_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/S6SgkEKXXupg9NGyg85ew2MKuNo.roa
Signing time:             Wed 01 Jan 2025 03:48:13 +0000
ROA not before:           Wed 01 Jan 2025 03:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199585
IP address blocks:        45.158.108.0/22 maxlen: 22
                          81.162.208.0/21 maxlen: 21
                          194.93.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/xJkOwgER9C-2LzmoHHOSqSGVW_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/xJkOwgER9C-2LzmoHHOSqSGVW_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJkOwgER9C-2LzmoHHOSqSGVW_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:70:00:80:7f:50:88:42:42:45:f3:9d:5a:e8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4990ec20111f42fb62f39a81c7392a921955bf2
        Validity
            Not Before: Jan  1 03:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ba4a09042975eea60f4d1b283ce5ec3630ab8da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:99:d1:89:9b:08:18:28:41:74:32:25:60:a4:
                    b9:af:84:5b:29:c6:6c:ba:9b:d0:93:6b:0e:b3:48:
                    79:2e:89:af:1a:7e:73:d2:30:bd:9b:fe:53:0a:42:
                    d9:91:84:d2:b5:c3:c7:83:2b:1b:fc:b5:7a:eb:07:
                    18:3f:96:3b:ee:41:fa:8c:c8:48:9c:67:b4:ab:31:
                    8b:ec:80:86:8e:d3:52:01:5a:a7:bf:9b:fd:79:b7:
                    31:3f:5b:b6:b9:9c:f5:9a:ef:8a:b6:bb:b1:74:6b:
                    0b:f4:fa:cc:93:63:0b:55:c7:bd:da:14:e5:6c:93:
                    5e:47:11:d9:60:c6:2d:3b:12:e5:d1:d9:e6:7c:88:
                    5b:db:ec:02:4c:8b:a6:d9:39:f2:b4:69:d1:27:5b:
                    c7:81:f5:ca:e9:70:55:8b:3e:0f:cc:38:c0:6c:8b:
                    d3:b3:69:a9:2e:4c:b9:4e:47:b9:84:9a:68:12:6a:
                    89:48:5c:43:a3:ef:cb:06:78:16:64:ea:df:3a:35:
                    9b:51:b6:1f:96:2f:4b:26:af:e1:8d:85:15:a0:9d:
                    73:c4:9a:28:41:72:36:7c:94:71:c2:a7:39:fc:7f:
                    a0:92:b8:ff:30:7b:e0:72:39:cb:c2:3b:fd:e5:80:
                    a6:2f:29:08:12:be:a2:16:19:32:1e:0e:8b:b4:73:
                    73:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A4:A0:90:42:97:5E:EA:60:F4:D1:B2:83:CE:5E:C3:63:0A:B8:DA
            X509v3 Authority Key Identifier:
                keyid:C4:99:0E:C2:01:11:F4:2F:B6:2F:39:A8:1C:73:92:A9:21:95:5B:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJkOwgER9C-2LzmoHHOSqSGVW_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/S6SgkEKXXupg9NGyg85ew2MKuNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9c7ce4-2cd4-4854-8840-b0fe9221efb7/1/xJkOwgER9C-2LzmoHHOSqSGVW_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.108.0/22
                  81.162.208.0/21
                  194.93.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:64:c2:5c:08:90:a9:2f:19:60:37:b9:d4:3c:e7:71:0e:a8:
         55:ff:8f:42:5f:05:78:75:83:5e:58:53:ea:84:e8:fb:3c:82:
         0c:ef:13:cf:6e:d2:d9:7c:21:c0:99:0f:f4:99:b5:52:08:52:
         cd:56:34:d5:35:92:98:79:bf:af:20:73:a1:9d:39:be:d6:0d:
         5f:e8:9f:72:c0:86:df:1e:65:54:a0:db:db:aa:6c:4e:64:f8:
         c3:9c:6c:eb:8a:f4:f1:45:d3:14:cf:f4:6f:cb:d9:4f:2a:d2:
         42:a1:aa:36:c2:bd:7c:ea:e1:b7:c3:13:97:45:79:4c:63:c8:
         2e:3f:74:b7:53:2b:27:9a:2a:1a:d8:69:c2:db:62:7f:12:dd:
         7e:e0:66:15:9a:74:a7:2b:c8:ca:6b:b7:8d:35:8f:37:da:d0:
         d6:dc:d6:6a:65:98:75:74:fd:b7:f8:f9:7c:9b:d7:a1:9b:a5:
         e8:d3:9e:59:d9:4c:88:91:ce:64:6a:e9:e2:cf:ba:b6:e0:4f:
         14:f7:98:09:60:e5:cb:2f:90:6b:75:23:0a:84:75:91:30:d8:
         d6:0c:bb:f2:0f:14:24:1a:86:9a:80:b6:79:b9:f4:53:09:82:
         55:2b:c6:3b:14:ce:f6:1f:0e:2c:99:47:c2:af:9f:a4:02:e8:
         c8:27:04:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQf+nAAgH9QiEJCRfOdWuhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OTkwZWMyMDExMWY0MmZiNjJmMzlhODFjNzM5MmE5MjE5
NTViZjIwHhcNMjUwMTAxMDM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmE0YTA5MDQyOTc1ZWVhNjBmNGQxYjI4M2NlNWVjMzYzMGFiOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZnRiZsIGChBdDIlYKS5r4RbKcZs
upvQk2sOs0h5LomvGn5z0jC9m/5TCkLZkYTStcPHgysb/LV66wcYP5Y77kH6jMhI
nGe0qzGL7ICGjtNSAVqnv5v9ebcxP1u2uZz1mu+KtruxdGsL9PrMk2MLVce92hTl
bJNeRxHZYMYtOxLl0dnmfIhb2+wCTIum2TnytGnRJ1vHgfXK6XBViz4PzDjAbIvT
s2mpLky5Tke5hJpoEmqJSFxDo+/LBngWZOrfOjWbUbYfli9LJq/hjYUVoJ1zxJoo
QXI2fJRxwqc5/H+gkrj/MHvgcjnLwjv95YCmLykIEr6iFhkyHg6LtHNz5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEukoJBCl17qYPTRsoPOXsNjCrjaMB8GA1UdIwQY
MBaAFMSZDsIBEfQvti85qBxzkqkhlVvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEprT3dnRVI5Qy0yTHptb0hIT1NxU0dWV19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS85YzdjZTQtMmNkNC00ODU0LTg4NDAt
YjBmZTkyMjFlZmI3LzEvUzZTZ2tFS1hYdXBnOU5HeWc4NWV3Mk1LdU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS85YzdjZTQtMmNkNC00ODU0LTg4NDAtYjBmZTkyMjFlZmI3
LzEveEprT3dnRVI5Qy0yTHptb0hIT1NxU0dWV19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZ5sAwQD
UaLQAwQAwl1jMA0GCSqGSIb3DQEBCwUAA4IBAQCHZMJcCJCpLxlgN7nUPOdxDqhV
/49CXwV4dYNeWFPqhOj7PIIM7xPPbtLZfCHAmQ/0mbVSCFLNVjTVNZKYeb+vIHOh
nTm+1g1f6J9ywIbfHmVUoNvbqmxOZPjDnGzrivTxRdMUz/Rvy9lPKtJCoao2wr18
6uG3wxOXRXlMY8guP3S3Uysnmioa2GnC22J/Et1+4GYVmnSnK8jKa7eNNY832tDW
3NZqZZh1dP23+Pl8m9ehm6Xo055Z2UyIkc5kauniz7q24E8U95gJYOXLL5BrdSMK
hHWRMNjWDLvyDxQkGoaagLZ5ufRTCYJVK8Y7FM72Hw4smUfCr5+kAujIJwSI
-----END CERTIFICATE-----