Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/ee0538-39c9-4450-9647-aba55e2424d2/1/Sb2fgxISW-k8wA_jVXd4LPL4sOw.roa
File:                     Sb2fgxISW-k8wA_jVXd4LPL4sOw.roa (raw, json)
Hash identifier:          LphNHUTsgnKV2YEr+uySGx/2aJwsuve38PTMVdLOS6w=
Subject key identifier:   49:BD:9F:83:12:12:5B:E9:3C:C0:0F:E3:55:77:78:2C:F2:F8:B0:EC
Certificate issuer:       /CN=93d4c4ad731e45ed320a2f38ab70b7a7bff7ea79
Certificate serial:       019420D5BB595E361B5AA07601431C9FC3C7
Authority key identifier: 93:D4:C4:AD:73:1E:45:ED:32:0A:2F:38:AB:70:B7:A7:BF:F7:EA:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9TErXMeRe0yCi84q3C3p7_36nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/ee0538-39c9-4450-9647-aba55e2424d2/1/Sb2fgxISW-k8wA_jVXd4LPL4sOw.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58281
IP address blocks:        185.30.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/ee0538-39c9-4450-9647-aba55e2424d2/1/k9TErXMeRe0yCi84q3C3p7_36nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/ee0538-39c9-4450-9647-aba55e2424d2/1/k9TErXMeRe0yCi84q3C3p7_36nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9TErXMeRe0yCi84q3C3p7_36nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bb:59:5e:36:1b:5a:a0:76:01:43:1c:9f:c3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93d4c4ad731e45ed320a2f38ab70b7a7bff7ea79
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49bd9f8312125be93cc00fe35577782cf2f8b0ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d6:8a:88:73:15:00:e6:7f:2f:3a:00:89:2a:
                    5f:3b:57:9c:70:ce:94:71:9d:58:6f:07:33:38:5b:
                    6a:08:f1:01:68:6b:00:31:41:49:22:40:7d:e8:d1:
                    8d:96:b6:7b:7b:38:f3:5d:0f:6e:41:21:95:3e:53:
                    eb:90:e1:c6:f3:9a:fa:ac:f3:5c:3b:29:8e:96:2c:
                    81:21:c7:5b:00:38:a5:31:16:e9:e3:ca:d1:d9:c3:
                    15:5b:69:ce:df:5b:bc:05:17:6f:0e:55:e6:18:6e:
                    bf:cc:bc:de:4a:c7:57:46:40:37:91:f8:9c:9a:b1:
                    90:97:48:6b:dc:48:31:63:b0:dc:8a:c0:49:8f:3f:
                    4c:01:b1:b3:9d:01:7c:8a:8f:8c:9c:f1:1f:fa:aa:
                    09:8d:14:87:e6:7e:4e:6d:d8:04:29:6f:cc:cb:e0:
                    77:78:8a:98:40:ea:24:09:1c:d4:67:44:79:5b:d8:
                    dd:3d:ab:48:f4:70:b5:63:68:c1:0b:40:dd:71:f1:
                    a2:94:70:b8:d4:2e:e0:d9:7d:a1:75:c7:66:db:f1:
                    6a:a1:28:ea:14:9a:a6:b3:89:97:c0:83:42:4f:b7:
                    fb:ad:ba:0b:47:24:04:6c:04:7b:e9:76:27:d1:2a:
                    03:03:9c:af:d5:be:58:2b:77:ac:99:aa:37:d9:b7:
                    7a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:BD:9F:83:12:12:5B:E9:3C:C0:0F:E3:55:77:78:2C:F2:F8:B0:EC
            X509v3 Authority Key Identifier:
                keyid:93:D4:C4:AD:73:1E:45:ED:32:0A:2F:38:AB:70:B7:A7:BF:F7:EA:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9TErXMeRe0yCi84q3C3p7_36nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/ee0538-39c9-4450-9647-aba55e2424d2/1/Sb2fgxISW-k8wA_jVXd4LPL4sOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/ee0538-39c9-4450-9647-aba55e2424d2/1/k9TErXMeRe0yCi84q3C3p7_36nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:95:ef:50:5d:07:91:d0:07:1a:5e:1d:62:36:40:62:3b:85:
         64:b6:9a:58:cc:52:95:48:dd:b0:83:aa:6c:13:ee:4d:5c:79:
         df:7e:58:14:b8:48:bb:a4:57:42:df:67:bd:6d:f7:a4:41:24:
         71:26:03:cb:62:89:20:66:02:b3:e3:c5:3d:4e:47:e9:30:5c:
         3d:26:8f:2e:b8:8e:52:e7:f1:9e:df:3e:8b:c0:0a:d5:a9:1b:
         d9:41:57:9d:a1:97:53:9e:88:55:e2:6f:40:eb:f0:9f:0a:33:
         72:50:d8:8e:d6:b3:5f:d2:01:40:bd:69:1e:f0:3a:2b:af:be:
         81:9f:6c:ae:89:11:66:e4:24:f6:33:c0:13:0e:4e:4b:d9:3a:
         85:b2:13:5e:02:6b:79:4d:9d:8b:17:ef:98:de:39:17:11:81:
         ba:0c:c5:4b:15:ce:13:c5:63:b9:aa:d6:06:7b:1e:a7:85:64:
         10:00:39:70:cd:74:cb:a6:49:09:51:67:27:e3:f8:83:7a:b6:
         57:79:d4:e6:39:3a:0c:a5:70:4d:47:5b:e9:ff:d5:81:2a:8d:
         e9:24:c0:0d:0f:5b:68:39:b6:71:b5:ad:1c:0e:78:79:38:1b:
         f8:ea:9f:83:a8:0c:77:ba:05:9a:a2:49:b6:41:80:d5:69:0b:
         b0:27:7e:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1btZXjYbWqB2AUMcn8PHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZDRjNGFkNzMxZTQ1ZWQzMjBhMmYzOGFiNzBiN2E3YmZm
N2VhNzkwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWJkOWY4MzEyMTI1YmU5M2NjMDBmZTM1NTc3NzgyY2YyZjhiMGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9aKiHMVAOZ/LzoAiSpfO1eccM6U
cZ1YbwczOFtqCPEBaGsAMUFJIkB96NGNlrZ7ezjzXQ9uQSGVPlPrkOHG85r6rPNc
OymOliyBIcdbADilMRbp48rR2cMVW2nO31u8BRdvDlXmGG6/zLzeSsdXRkA3kfic
mrGQl0hr3EgxY7DcisBJjz9MAbGznQF8io+MnPEf+qoJjRSH5n5ObdgEKW/My+B3
eIqYQOokCRzUZ0R5W9jdPatI9HC1Y2jBC0DdcfGilHC41C7g2X2hdcdm2/FqoSjq
FJqms4mXwINCT7f7rboLRyQEbAR76XYn0SoDA5yv1b5YK3esmao32bd6SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEm9n4MSElvpPMAP41V3eCzy+LDsMB8GA1UdIwQY
MBaAFJPUxK1zHkXtMgovOKtwt6e/9+p5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazlURXJYTWVSZTB5Q2k4NHEzQzNwN18zNm5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9lZTA1MzgtMzljOS00NDUwLTk2NDct
YWJhNTVlMjQyNGQyLzEvU2IyZmd4SVNXLWs4d0FfalZYZDRMUEw0c093LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9lZTA1MzgtMzljOS00NDUwLTk2NDctYWJhNTVlMjQyNGQy
LzEvazlURXJYTWVSZTB5Q2k4NHEzQzNwN18zNm5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR4kMA0G
CSqGSIb3DQEBCwUAA4IBAQB2le9QXQeR0AcaXh1iNkBiO4VktppYzFKVSN2wg6ps
E+5NXHnfflgUuEi7pFdC32e9bfekQSRxJgPLYokgZgKz48U9TkfpMFw9Jo8uuI5S
5/Ge3z6LwArVqRvZQVedoZdTnohV4m9A6/CfCjNyUNiO1rNf0gFAvWke8Dorr76B
n2yuiRFm5CT2M8ATDk5L2TqFshNeAmt5TZ2LF++Y3jkXEYG6DMVLFc4TxWO5qtYG
ex6nhWQQADlwzXTLpkkJUWcn4/iDerZXedTmOToMpXBNR1vp/9WBKo3pJMAND1to
ObZxta0cDnh5OBv46p+DqAx3ugWaokm2QYDVaQuwJ344
-----END CERTIFICATE-----