Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/SBmVAlodI7xnOy2vKS8iSbQ2L-c.roa
File:                     SBmVAlodI7xnOy2vKS8iSbQ2L-c.roa (raw, json)
Hash identifier:          Qjp3sgcgeheRs3EPb5cqh07Ww165sSq1F+/13L3R5T4=
Subject key identifier:   48:19:95:02:5A:1D:23:BC:67:3B:2D:AF:29:2F:22:49:B4:36:2F:E7
Certificate issuer:       /CN=049d4f66598668079353721c21935a00319f6759
Certificate serial:       019424B2745B745BBF522CEAAF7DA5E34948
Authority key identifier: 04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/SBmVAlodI7xnOy2vKS8iSbQ2L-c.roa
Signing time:             Thu 02 Jan 2025 01:47:42 +0000
ROA not before:           Thu 02 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50518
IP address blocks:        45.94.248.0/22 maxlen: 24
                          2a11:7400::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:74:5b:74:5b:bf:52:2c:ea:af:7d:a5:e3:49:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=049d4f66598668079353721c21935a00319f6759
        Validity
            Not Before: Jan  2 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=481995025a1d23bc673b2daf292f2249b4362fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cf:85:3c:1e:64:65:68:0c:c6:34:4d:41:37:
                    09:da:a4:48:bf:77:1d:e7:81:29:60:93:2d:dd:88:
                    0a:dd:b7:b5:42:23:0a:37:f0:42:8d:2e:4c:34:39:
                    a9:54:14:c1:18:7f:d2:6a:df:4a:27:83:ca:c5:ce:
                    3a:3d:d2:a7:99:17:21:73:6d:31:01:c7:4d:83:c8:
                    62:9a:16:02:d1:fe:a6:15:66:55:4e:c7:0e:2c:13:
                    f8:64:11:4a:f6:b2:9e:1d:2b:72:08:a2:27:07:8c:
                    e0:f7:c1:2c:e4:ca:09:8e:03:f4:47:ea:26:c4:49:
                    e7:fc:de:4b:e7:bb:76:99:eb:6e:9a:4d:b0:19:8a:
                    84:e4:4a:61:46:f4:be:44:31:41:54:d5:17:7d:c3:
                    8b:c3:7f:a7:fd:63:c0:1d:43:db:b9:b5:65:87:ab:
                    25:a4:52:e6:87:a4:43:93:e4:41:55:fa:76:ce:91:
                    d7:82:b6:7a:14:88:7b:2a:2d:a8:ee:09:6f:1f:e1:
                    39:48:5d:83:57:93:51:a5:eb:08:50:08:93:46:a6:
                    f7:a5:fd:1f:c5:d3:e5:e1:05:78:87:d2:76:d1:80:
                    75:61:d8:c3:a5:1c:f5:2e:a1:22:26:3f:58:ea:1c:
                    1f:10:24:84:88:d5:98:cf:e7:28:f0:dd:9f:76:13:
                    04:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:19:95:02:5A:1D:23:BC:67:3B:2D:AF:29:2F:22:49:B4:36:2F:E7
            X509v3 Authority Key Identifier:
                keyid:04:9D:4F:66:59:86:68:07:93:53:72:1C:21:93:5A:00:31:9F:67:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/SBmVAlodI7xnOy2vKS8iSbQ2L-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/f23fb6-3229-4e8b-936a-9279547eca55/1/BJ1PZlmGaAeTU3IcIZNaADGfZ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.248.0/22
                IPv6:
                  2a11:7400::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:77:c7:03:cf:07:30:87:f8:9b:e9:72:05:c1:f8:e4:9f:a9:
         56:41:63:58:8c:ad:ce:b3:92:3f:13:f1:53:e2:c9:cd:ca:98:
         db:92:60:0e:c7:23:d0:76:a7:e7:4e:42:87:e9:53:df:2e:29:
         48:12:bc:09:b5:df:40:b2:2b:3e:4d:06:1b:96:b9:e6:7b:49:
         fb:db:da:ac:ff:50:8c:c5:18:78:39:46:89:41:f6:a8:5f:d7:
         bd:3b:62:25:d4:67:aa:4f:95:d9:e0:3b:50:b2:5e:39:47:78:
         11:c1:bc:79:a9:40:db:8c:14:cb:49:b9:fa:ea:da:09:a7:60:
         9d:8d:2d:2b:3c:6c:f8:88:ba:3d:fd:f7:5d:3d:52:45:d9:e4:
         29:60:81:86:5f:b9:e2:85:3a:d4:f8:d2:a3:d3:58:d7:17:34:
         10:12:0a:58:5c:42:11:6d:ee:36:21:cf:49:55:20:a3:a5:33:
         91:23:74:93:a5:19:22:64:f5:73:37:10:10:dc:38:6e:9f:3e:
         35:33:c9:85:b9:d9:07:77:ff:cf:0d:00:b4:ba:9f:69:51:75:
         6e:9c:46:bb:9c:5a:e9:10:93:12:ae:ae:c7:a1:fa:1f:03:09:
         67:27:b1:e0:2c:71:96:2b:95:4d:30:ce:a1:e7:80:5d:6c:03:
         46:1b:7c:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQksnRbdFu/Uizqr32l40lIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OWQ0ZjY2NTk4NjY4MDc5MzUzNzIxYzIxOTM1YTAwMzE5
ZjY3NTkwHhcNMjUwMTAyMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODE5OTUwMjVhMWQyM2JjNjczYjJkYWYyOTJmMjI0OWI0MzYyZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8+FPB5kZWgMxjRNQTcJ2qRIv3cd
54EpYJMt3YgK3be1QiMKN/BCjS5MNDmpVBTBGH/Sat9KJ4PKxc46PdKnmRchc20x
AcdNg8himhYC0f6mFWZVTscOLBP4ZBFK9rKeHStyCKInB4zg98Es5MoJjgP0R+om
xEnn/N5L57t2metumk2wGYqE5EphRvS+RDFBVNUXfcOLw3+n/WPAHUPbubVlh6sl
pFLmh6RDk+RBVfp2zpHXgrZ6FIh7Ki2o7glvH+E5SF2DV5NRpesIUAiTRqb3pf0f
xdPl4QV4h9J20YB1YdjDpRz1LqEiJj9Y6hwfECSEiNWYz+co8N2fdhMEmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEgZlQJaHSO8ZzstrykvIkm0Ni/nMB8GA1UdIwQY
MBaAFASdT2ZZhmgHk1NyHCGTWgAxn2dZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEt
OTI3OTU0N2VjYTU1LzEvU0JtVkFsb2RJN3huT3kydktTOGlTYlEyTC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mMjNmYjYtMzIyOS00ZThiLTkzNmEtOTI3OTU0N2VjYTU1
LzEvQkoxUFpsbUdhQWVUVTNJY0laTmFBREdmWjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLV74MA0E
AgACMAcDBQMqEXQAMA0GCSqGSIb3DQEBCwUAA4IBAQADd8cDzwcwh/ib6XIFwfjk
n6lWQWNYjK3Os5I/E/FT4snNypjbkmAOxyPQdqfnTkKH6VPfLilIErwJtd9Asis+
TQYblrnme0n729qs/1CMxRh4OUaJQfaoX9e9O2Il1GeqT5XZ4DtQsl45R3gRwbx5
qUDbjBTLSbn66toJp2CdjS0rPGz4iLo9/fddPVJF2eQpYIGGX7nihTrU+NKj01jX
FzQQEgpYXEIRbe42Ic9JVSCjpTORI3STpRkiZPVzNxAQ3Dhunz41M8mFudkHd//P
DQC0up9pUXVunEa7nFrpEJMSrq7HofofAwlnJ7HgLHGWK5VNMM6h54BdbANGG3wJ
-----END CERTIFICATE-----