Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/954465-edcd-4636-855f-b9dccab6df2e/1/sTQX2j9_L-RKxKJ-gpSAUcHW26c.roa
File:                     sTQX2j9_L-RKxKJ-gpSAUcHW26c.roa (raw, json)
Hash identifier:          SMZ74eYXgCBYRpcaMVOmXChoRcbWwRauRrg3+g+Vya0=
Subject key identifier:   B1:34:17:DA:3F:7F:2F:E4:4A:C4:A2:7E:82:94:80:51:C1:D6:DB:A7
Certificate issuer:       /CN=499f5d2b7dbf52449b01253b0f827f401a8a7c81
Certificate serial:       0194236A13DB0A1D020A922DB7463E046322
Authority key identifier: 49:9F:5D:2B:7D:BF:52:44:9B:01:25:3B:0F:82:7F:40:1A:8A:7C:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SZ9dK32_UkSbASU7D4J_QBqKfIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/954465-edcd-4636-855f-b9dccab6df2e/1/sTQX2j9_L-RKxKJ-gpSAUcHW26c.roa
Signing time:             Wed 01 Jan 2025 19:49:01 +0000
ROA not before:           Wed 01 Jan 2025 19:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49072
IP address blocks:        77.246.210.0/24 maxlen: 24
                          91.240.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/954465-edcd-4636-855f-b9dccab6df2e/1/SZ9dK32_UkSbASU7D4J_QBqKfIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/954465-edcd-4636-855f-b9dccab6df2e/1/SZ9dK32_UkSbASU7D4J_QBqKfIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SZ9dK32_UkSbASU7D4J_QBqKfIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:13:db:0a:1d:02:0a:92:2d:b7:46:3e:04:63:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=499f5d2b7dbf52449b01253b0f827f401a8a7c81
        Validity
            Not Before: Jan  1 19:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b13417da3f7f2fe44ac4a27e82948051c1d6dba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:44:25:aa:e3:fa:37:7e:12:5e:8b:6e:0f:7b:
                    43:e2:39:3f:91:60:b9:aa:30:b5:8a:0d:7d:3a:35:
                    21:7a:a7:56:0a:1d:52:49:8d:f8:b0:93:74:20:57:
                    7b:b3:2f:2f:7a:b5:7d:40:30:6f:70:e0:60:ec:29:
                    44:08:de:0f:de:65:b0:fc:bf:28:b3:d5:90:5f:43:
                    7f:8b:a3:3a:d2:e6:65:d5:90:3a:ac:7d:3a:4a:8b:
                    fe:af:c2:a0:89:66:7a:6c:be:38:29:55:a1:03:f1:
                    64:59:b0:d6:94:d8:c0:dd:2a:07:cd:2f:f2:0b:8a:
                    bd:68:3c:81:42:11:56:55:a9:72:da:a0:02:bf:43:
                    4d:9b:c4:74:e9:b8:4b:7e:79:42:d8:50:9a:ea:3a:
                    fa:3a:5f:cb:2a:e2:30:b8:65:c3:2a:ca:c1:a4:36:
                    37:8b:4f:10:9a:84:fa:ff:7a:cb:74:17:0c:13:6f:
                    19:4a:e3:fa:dd:5f:10:f9:c4:a9:6e:ca:9f:f1:89:
                    97:d1:90:08:12:6c:60:7c:f6:7f:c6:56:f1:a2:b2:
                    1b:e0:6e:ec:fd:09:4a:ce:21:29:14:56:0d:47:89:
                    f4:91:03:c4:a9:9e:cb:2f:c0:27:69:43:9a:35:6d:
                    5d:fe:43:83:48:6f:cd:30:03:31:5f:f2:b2:06:64:
                    bf:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:34:17:DA:3F:7F:2F:E4:4A:C4:A2:7E:82:94:80:51:C1:D6:DB:A7
            X509v3 Authority Key Identifier:
                keyid:49:9F:5D:2B:7D:BF:52:44:9B:01:25:3B:0F:82:7F:40:1A:8A:7C:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SZ9dK32_UkSbASU7D4J_QBqKfIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/954465-edcd-4636-855f-b9dccab6df2e/1/sTQX2j9_L-RKxKJ-gpSAUcHW26c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/954465-edcd-4636-855f-b9dccab6df2e/1/SZ9dK32_UkSbASU7D4J_QBqKfIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.210.0/24
                  91.240.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:16:2b:ee:70:87:67:f5:ee:57:63:06:a5:03:a1:39:d1:db:
         ec:a2:d6:ff:7b:a3:6d:52:1b:98:00:05:df:85:3f:52:08:72:
         38:df:87:bc:c0:1a:d8:c2:a5:82:1d:2b:6c:b9:c2:c6:00:2a:
         60:05:80:fe:33:81:9d:bc:43:c0:ca:56:a4:17:5c:66:56:73:
         6e:16:ad:7e:ae:64:04:e9:dd:c4:06:61:aa:f3:1f:68:b3:5d:
         7b:c9:78:1e:b9:25:f4:e9:78:ed:b7:8b:f8:fa:db:52:67:c3:
         24:61:d0:28:ac:c2:9f:e5:ca:6f:8a:42:4d:9d:3e:d7:87:ca:
         91:6f:b1:24:33:4c:65:2d:74:92:b5:ca:6d:da:ec:9a:c4:3c:
         1a:ce:ea:5d:28:66:86:c1:d1:5d:b9:c8:ae:27:1f:0d:74:f5:
         7c:d1:e2:5f:85:f2:23:f0:95:76:9a:72:1b:2f:cb:77:a2:1c:
         d3:64:d6:19:0c:78:f7:4f:b6:a1:64:3d:0a:5b:fb:42:17:0c:
         e8:87:52:45:49:bd:d8:82:3e:b2:1c:04:6c:fd:2a:7e:c7:e0:
         40:f7:74:d2:fb:34:bc:69:51:77:b0:3b:9d:d6:be:1f:98:76:
         7b:7c:8d:ce:6f:ab:87:8e:8e:fd:47:1e:b1:66:89:bf:6e:30:
         6c:06:02:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjahPbCh0CCpItt0Y+BGMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5OWY1ZDJiN2RiZjUyNDQ5YjAxMjUzYjBmODI3ZjQwMWE4
YTdjODEwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTM0MTdkYTNmN2YyZmU0NGFjNGEyN2U4Mjk0ODA1MWMxZDZkYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EQlquP6N34SXotuD3tD4jk/kWC5
qjC1ig19OjUheqdWCh1SSY34sJN0IFd7sy8verV9QDBvcOBg7ClECN4P3mWw/L8o
s9WQX0N/i6M60uZl1ZA6rH06Sov+r8KgiWZ6bL44KVWhA/FkWbDWlNjA3SoHzS/y
C4q9aDyBQhFWValy2qACv0NNm8R06bhLfnlC2FCa6jr6Ol/LKuIwuGXDKsrBpDY3
i08QmoT6/3rLdBcME28ZSuP63V8Q+cSpbsqf8YmX0ZAIEmxgfPZ/xlbxorIb4G7s
/QlKziEpFFYNR4n0kQPEqZ7LL8AnaUOaNW1d/kODSG/NMAMxX/KyBmS/XQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLE0F9o/fy/kSsSifoKUgFHB1tunMB8GA1UdIwQY
MBaAFEmfXSt9v1JEmwElOw+Cf0AainyBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1o5ZEszMl9Va1NiQVNVN0Q0Sl9RQnFLZklFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85NTQ0NjUtZWRjZC00NjM2LTg1NWYt
YjlkY2NhYjZkZjJlLzEvc1RRWDJqOV9MLVJLeEtKLWdwU0FVY0hXMjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85NTQ0NjUtZWRjZC00NjM2LTg1NWYtYjlkY2NhYjZkZjJl
LzEvU1o5ZEszMl9Va1NiQVNVN0Q0Sl9RQnFLZklFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATfbSAwQA
W/BFMA0GCSqGSIb3DQEBCwUAA4IBAQCUFivucIdn9e5XYwalA6E50dvsotb/e6Nt
UhuYAAXfhT9SCHI434e8wBrYwqWCHStsucLGACpgBYD+M4GdvEPAylakF1xmVnNu
Fq1+rmQE6d3EBmGq8x9os117yXgeuSX06Xjtt4v4+ttSZ8MkYdAorMKf5cpvikJN
nT7Xh8qRb7EkM0xlLXSStcpt2uyaxDwazupdKGaGwdFduciuJx8NdPV80eJfhfIj
8JV2mnIbL8t3ohzTZNYZDHj3T7ahZD0KW/tCFwzoh1JFSb3Ygj6yHARs/Sp+x+BA
93TS+zS8aVF3sDud1r4fmHZ7fI3Ob6uHjo79Rx6xZom/bjBsBgIJ
-----END CERTIFICATE-----