Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/SBxAIWFNuQGrCTAH53EhdnL2yps.roa
File:                     SBxAIWFNuQGrCTAH53EhdnL2yps.roa (raw, json)
Hash identifier:          iy20UXGCUBS93Bj86SsCQ9ZfK3kFCwdnihkcjNjnF+o=
Subject key identifier:   48:1C:40:21:61:4D:B9:01:AB:09:30:07:E7:71:21:76:72:F6:CA:9B
Certificate issuer:       /CN=7a938a935f8baf9cd933906416590d782e7287c7
Certificate serial:       019425215CCF291283AF0793A98C668D8E15
Authority key identifier: 7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/SBxAIWFNuQGrCTAH53EhdnL2yps.roa
Signing time:             Thu 02 Jan 2025 03:48:50 +0000
ROA not before:           Thu 02 Jan 2025 03:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        145.243.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:5c:cf:29:12:83:af:07:93:a9:8c:66:8d:8e:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a938a935f8baf9cd933906416590d782e7287c7
        Validity
            Not Before: Jan  2 03:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=481c4021614db901ab093007e771217672f6ca9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:13:dc:5f:e8:00:fc:e3:65:28:41:e8:c2:d7:
                    9b:5a:a4:6b:43:52:84:00:55:16:3d:5c:89:14:df:
                    2f:19:68:83:b9:03:8c:a6:66:cb:0d:44:b1:4d:15:
                    44:69:5e:c0:68:dc:b8:4c:f1:54:d0:9b:a5:54:aa:
                    2c:1e:8e:21:aa:68:ba:ee:09:be:ef:54:02:c1:4d:
                    d6:96:e9:d4:ad:e4:7a:78:a5:0f:9b:9a:7e:b4:13:
                    24:85:4e:c8:15:a9:ec:0b:5b:0e:29:d3:b4:6d:91:
                    bd:bb:f9:cc:27:2b:03:f3:26:39:2a:68:1f:44:66:
                    c2:2a:0e:83:c1:12:d4:a1:ca:2a:a2:6a:d9:ac:15:
                    07:26:2b:dd:0d:b9:c1:a2:97:b3:31:2f:c0:56:29:
                    0a:4d:a6:c9:34:13:e2:62:60:a8:d4:2f:1e:c2:2c:
                    37:3b:f5:68:31:9b:e0:6f:a2:39:f5:aa:11:b6:3f:
                    7b:66:59:88:93:eb:df:ad:8d:ac:04:84:1b:06:01:
                    bb:e4:1f:db:47:e1:e0:ce:4d:48:45:a2:1f:e0:5a:
                    c3:79:4a:b1:f3:be:9e:97:50:5f:a2:52:48:74:3e:
                    e3:4e:88:7d:62:03:bb:a3:73:1d:d2:52:1d:87:2d:
                    3b:93:25:15:04:c8:c4:44:64:dd:4a:1d:3c:6d:5c:
                    53:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:1C:40:21:61:4D:B9:01:AB:09:30:07:E7:71:21:76:72:F6:CA:9B
            X509v3 Authority Key Identifier:
                keyid:7A:93:8A:93:5F:8B:AF:9C:D9:33:90:64:16:59:0D:78:2E:72:87:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/epOKk1-Lr5zZM5BkFlkNeC5yh8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/SBxAIWFNuQGrCTAH53EhdnL2yps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ff0bfc-26fe-4412-a232-31999f3add36/1/epOKk1-Lr5zZM5BkFlkNeC5yh8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.243.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:4c:87:b5:dd:c2:35:21:85:1c:b8:e7:14:af:1c:0d:67:32:
         15:ba:56:44:ba:03:e9:36:45:35:5e:dc:a2:9c:d9:e7:a2:66:
         e1:8d:8e:f2:f0:9e:20:58:fc:59:88:7d:e0:d1:f6:92:c2:5a:
         83:62:62:b3:35:88:07:a3:35:bd:f9:77:9b:7f:9d:9c:1d:cd:
         dc:be:81:9d:18:07:f1:72:fc:3f:a5:53:11:c0:a9:87:47:5f:
         66:af:9f:70:16:3f:94:b1:0b:d3:63:c2:25:fe:9d:f2:2c:31:
         3b:ac:62:98:53:f0:18:45:d1:fc:b6:b1:b9:52:4b:6b:c1:0d:
         f5:96:4b:43:dd:2f:3d:fa:ce:08:07:f6:2a:dd:00:46:ff:2d:
         9b:02:9b:1b:b9:6b:a2:8a:07:f8:42:74:b0:e6:3a:e2:bc:17:
         d1:46:9d:8c:f5:f6:37:58:63:d6:eb:d8:25:ba:ec:9f:d2:6c:
         45:d2:f5:86:fa:02:85:2b:53:64:43:73:28:35:54:49:62:89:
         be:56:9d:f8:11:45:a6:72:2b:bd:40:14:ec:f0:36:a6:06:eb:
         54:4a:2a:6c:91:77:67:a3:5b:89:5f:f8:86:0c:39:e9:d6:c1:
         e3:da:bc:30:88:0e:ef:6c:c3:cf:1d:1d:95:49:1f:48:51:14:
         ab:4d:b7:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVzPKRKDrweTqYxmjY4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOTM4YTkzNWY4YmFmOWNkOTMzOTA2NDE2NTkwZDc4MmU3
Mjg3YzcwHhcNMjUwMTAyMDM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODFjNDAyMTYxNGRiOTAxYWIwOTMwMDdlNzcxMjE3NjcyZjZjYTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRPcX+gA/ONlKEHowtebWqRrQ1KE
AFUWPVyJFN8vGWiDuQOMpmbLDUSxTRVEaV7AaNy4TPFU0JulVKosHo4hqmi67gm+
71QCwU3WlunUreR6eKUPm5p+tBMkhU7IFansC1sOKdO0bZG9u/nMJysD8yY5Kmgf
RGbCKg6DwRLUocoqomrZrBUHJivdDbnBopezMS/AVikKTabJNBPiYmCo1C8ewiw3
O/VoMZvgb6I59aoRtj97ZlmIk+vfrY2sBIQbBgG75B/bR+Hgzk1IRaIf4FrDeUqx
876el1BfolJIdD7jToh9YgO7o3Md0lIdhy07kyUVBMjERGTdSh08bVxThQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgcQCFhTbkBqwkwB+dxIXZy9sqbMB8GA1UdIwQY
MBaAFHqTipNfi6+c2TOQZBZZDXgucofHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzIt
MzE5OTlmM2FkZDM2LzEvU0J4QUlXRk51UUdyQ1RBSDUzRWhkbkwyeXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZjBiZmMtMjZmZS00NDEyLWEyMzItMzE5OTlmM2FkZDM2
LzEvZXBPS2sxLUxyNXpaTTVCa0Zsa05lQzV5aDhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkfPYMA0G
CSqGSIb3DQEBCwUAA4IBAQCcTIe13cI1IYUcuOcUrxwNZzIVulZEugPpNkU1Xtyi
nNnnombhjY7y8J4gWPxZiH3g0faSwlqDYmKzNYgHozW9+Xebf52cHc3cvoGdGAfx
cvw/pVMRwKmHR19mr59wFj+UsQvTY8Il/p3yLDE7rGKYU/AYRdH8trG5UktrwQ31
lktD3S89+s4IB/Yq3QBG/y2bApsbuWuiigf4QnSw5jrivBfRRp2M9fY3WGPW69gl
uuyf0mxF0vWG+gKFK1NkQ3MoNVRJYom+Vp34EUWmciu9QBTs8DamButUSipskXdn
o1uJX/iGDDnp1sHj2rwwiA7vbMPPHR2VSR9IURSrTbe5
-----END CERTIFICATE-----