Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/SF3VU5SVWzi0_2Xar-2YOdcK-gc.roa
File:                     SF3VU5SVWzi0_2Xar-2YOdcK-gc.roa (raw, json)
Hash identifier:          AuIY2iLIo2qAdBJbw78kdAZId1WsZdROE7KvRyYurC8=
Subject key identifier:   48:5D:D5:53:94:95:5B:38:B4:FF:65:DA:AF:ED:98:39:D7:0A:FA:07
Certificate issuer:       /CN=9b89b8cf47f7c485d628d0a359a16a815cd004ab
Certificate serial:       0194282386772AB4790AFD65B7176E1EBCD0
Authority key identifier: 9B:89:B8:CF:47:F7:C4:85:D6:28:D0:A3:59:A1:6A:81:5C:D0:04:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4m4z0f3xIXWKNCjWaFqgVzQBKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/SF3VU5SVWzi0_2Xar-2YOdcK-gc.roa
Signing time:             Thu 02 Jan 2025 17:50:04 +0000
ROA not before:           Thu 02 Jan 2025 17:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209635
IP address blocks:        185.185.78.0/23 maxlen: 23
                          185.185.79.0/24 maxlen: 24
                          2a0f:a0c0:fffe::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/m4m4z0f3xIXWKNCjWaFqgVzQBKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/m4m4z0f3xIXWKNCjWaFqgVzQBKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m4m4z0f3xIXWKNCjWaFqgVzQBKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:86:77:2a:b4:79:0a:fd:65:b7:17:6e:1e:bc:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b89b8cf47f7c485d628d0a359a16a815cd004ab
        Validity
            Not Before: Jan  2 17:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=485dd55394955b38b4ff65daafed9839d70afa07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d3:8c:58:c2:82:4f:9e:d5:8c:6f:1c:2d:51:
                    c0:08:0e:18:06:e0:3b:1b:d3:fb:e7:39:0e:99:75:
                    57:14:a0:27:33:bb:7b:8e:ad:be:36:7d:63:39:8a:
                    40:db:c1:61:53:66:c8:d9:e1:b8:78:15:64:eb:34:
                    03:72:c0:3b:6a:c0:05:d9:a0:ff:4c:fb:ee:35:df:
                    d4:dd:03:bd:33:0d:b8:f2:60:e3:a6:72:7b:24:c1:
                    88:67:02:55:73:26:db:60:b0:de:1d:b4:84:06:6f:
                    cd:63:66:e7:0f:0b:3f:79:46:ce:92:61:ba:9a:8b:
                    30:5e:d2:b9:4a:55:8d:c4:68:42:22:1b:6d:92:8e:
                    84:e3:0b:89:6e:21:f4:8a:db:eb:cb:ab:b5:a1:20:
                    df:ba:3b:2b:97:2b:cc:82:fb:5c:d4:c5:d7:33:53:
                    de:34:b9:45:7e:0a:14:29:d5:88:9f:24:2b:3f:26:
                    d0:70:97:1b:5a:be:1a:e4:48:d1:ef:57:ab:0b:61:
                    be:1d:85:b6:61:21:d8:6a:6e:66:cd:3f:22:a4:f6:
                    8a:dc:ef:db:88:c1:63:96:39:e5:44:c8:44:0a:ef:
                    2c:e3:a3:03:8e:a0:d2:08:12:1a:2f:e4:c5:2b:d6:
                    60:e5:87:f5:3b:02:39:a6:fa:b1:02:8a:bd:a9:16:
                    e6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:5D:D5:53:94:95:5B:38:B4:FF:65:DA:AF:ED:98:39:D7:0A:FA:07
            X509v3 Authority Key Identifier:
                keyid:9B:89:B8:CF:47:F7:C4:85:D6:28:D0:A3:59:A1:6A:81:5C:D0:04:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4m4z0f3xIXWKNCjWaFqgVzQBKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/SF3VU5SVWzi0_2Xar-2YOdcK-gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/m4m4z0f3xIXWKNCjWaFqgVzQBKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.78.0/23
                IPv6:
                  2a0f:a0c0:fffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         3d:e1:22:d6:91:bf:16:cd:7c:21:d1:bd:57:4b:af:c6:f7:6c:
         3b:e2:08:cb:09:8d:55:6b:9b:ab:4f:93:81:34:3c:64:fb:99:
         46:20:25:d7:c0:07:9f:48:bc:8c:d3:4b:03:25:4e:a6:45:ae:
         b6:04:d8:b2:18:a4:96:19:4a:7c:19:f4:19:ab:a7:14:81:06:
         04:70:e1:a2:6f:3b:ed:72:a0:5d:2d:36:e5:c5:9b:42:00:7f:
         aa:1e:f6:94:b6:cc:8d:5b:02:03:ad:97:10:b2:38:5f:d9:20:
         89:8c:6d:7a:ec:2a:68:3e:48:c6:b9:62:af:f9:a0:1a:46:9e:
         64:1f:1c:3d:37:9a:ae:f9:09:9d:64:50:b8:66:9e:26:06:6c:
         fe:24:36:7e:fa:1f:4f:31:d9:8e:22:9e:61:5d:96:a5:0d:de:
         49:c3:5e:42:b9:f8:31:7c:6c:55:f0:69:32:07:d3:34:60:65:
         e3:f2:bb:89:52:17:5f:18:07:62:7b:ac:1b:65:78:a8:f0:14:
         5d:fd:0c:99:8b:dc:ca:21:74:0e:97:62:e6:5f:3b:71:c4:91:
         7b:8f:25:c9:40:42:5f:0b:26:e7:af:44:ef:2f:85:50:88:78:
         c7:f0:67:bc:0e:98:28:7e:6f:f5:77:89:bf:f4:ba:11:50:3b:
         94:42:a4:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoI4Z3KrR5Cv1ltxduHrzQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODliOGNmNDdmN2M0ODVkNjI4ZDBhMzU5YTE2YTgxNWNk
MDA0YWIwHhcNMjUwMTAyMTc1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODVkZDU1Mzk0OTU1YjM4YjRmZjY1ZGFhZmVkOTgzOWQ3MGFmYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NOMWMKCT57VjG8cLVHACA4YBuA7
G9P75zkOmXVXFKAnM7t7jq2+Nn1jOYpA28FhU2bI2eG4eBVk6zQDcsA7asAF2aD/
TPvuNd/U3QO9Mw248mDjpnJ7JMGIZwJVcybbYLDeHbSEBm/NY2bnDws/eUbOkmG6
moswXtK5SlWNxGhCIhttko6E4wuJbiH0itvry6u1oSDfujsrlyvMgvtc1MXXM1Pe
NLlFfgoUKdWInyQrPybQcJcbWr4a5EjR71erC2G+HYW2YSHYam5mzT8ipPaK3O/b
iMFjljnlRMhECu8s46MDjqDSCBIaL+TFK9Zg5Yf1OwI5pvqxAoq9qRbmSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEhd1VOUlVs4tP9l2q/tmDnXCvoHMB8GA1UdIwQY
MBaAFJuJuM9H98SF1ijQo1mhaoFc0ASrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRtNHowZjN4SVhXS05DaldhRnFnVnpRQktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS83NTdmYzUtODAyOS00ODI4LTg1NDct
NjJlMjYwMzEzZTRjLzEvU0YzVlU1U1ZXemkwXzJYYXItMllPZGNLLWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS83NTdmYzUtODAyOS00ODI4LTg1NDctNjJlMjYwMzEzZTRj
LzEvbTRtNHowZjN4SVhXS05DaldhRnFnVnpRQktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBublOMA8E
AgACMAkDBwEqD6DA//4wDQYJKoZIhvcNAQELBQADggEBAD3hItaRvxbNfCHRvVdL
r8b3bDviCMsJjVVrm6tPk4E0PGT7mUYgJdfAB59IvIzTSwMlTqZFrrYE2LIYpJYZ
SnwZ9BmrpxSBBgRw4aJvO+1yoF0tNuXFm0IAf6oe9pS2zI1bAgOtlxCyOF/ZIImM
bXrsKmg+SMa5Yq/5oBpGnmQfHD03mq75CZ1kULhmniYGbP4kNn76H08x2Y4inmFd
lqUN3knDXkK5+DF8bFXwaTIH0zRgZePyu4lSF18YB2J7rBtleKjwFF39DJmL3Moh
dA6XYuZfO3HEkXuPJclAQl8LJuevRO8vhVCIeMfwZ7wOmCh+b/V3ib/0uhFQO5RC
pNU=
-----END CERTIFICATE-----