Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/6a6313-8546-4031-be9b-8b2ebe4e29ce/1/SXAeFXDw4dHJ3-DaomE4HkN_3Gc.roa
File:                     SXAeFXDw4dHJ3-DaomE4HkN_3Gc.roa (raw, json)
Hash identifier:          lJVbncYPDhixg0WD7efImjpmu2ZX+/oL59DYjyPSC2g=
Subject key identifier:   49:70:1E:15:70:F0:E1:D1:C9:DF:E0:DA:A2:61:38:1E:43:7F:DC:67
Certificate issuer:       /CN=1a879de1c75fbbd2c31d1d90814056f27d57d776
Certificate serial:       0191A2C3BD1BCE0FCA75290896A371C95690
Authority key identifier: 1A:87:9D:E1:C7:5F:BB:D2:C3:1D:1D:90:81:40:56:F2:7D:57:D7:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Goed4cdfu9LDHR2QgUBW8n1X13Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/6a6313-8546-4031-be9b-8b2ebe4e29ce/1/SXAeFXDw4dHJ3-DaomE4HkN_3Gc.roa
Signing time:             Fri 30 Aug 2024 10:10:22 +0000
ROA not before:           Fri 30 Aug 2024 10:10:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39010
IP address blocks:        185.142.40.0/24 maxlen: 24
                          185.142.42.0/24 maxlen: 24
                          185.142.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/6a6313-8546-4031-be9b-8b2ebe4e29ce/1/Goed4cdfu9LDHR2QgUBW8n1X13Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/6a6313-8546-4031-be9b-8b2ebe4e29ce/1/Goed4cdfu9LDHR2QgUBW8n1X13Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Goed4cdfu9LDHR2QgUBW8n1X13Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:c3:bd:1b:ce:0f:ca:75:29:08:96:a3:71:c9:56:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a879de1c75fbbd2c31d1d90814056f27d57d776
        Validity
            Not Before: Aug 30 10:10:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49701e1570f0e1d1c9dfe0daa261381e437fdc67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e4:9a:3e:6b:c0:2a:ef:64:6e:56:f7:1f:57:
                    fd:c8:9e:1d:0a:2f:34:89:ca:76:cd:ab:d6:2a:97:
                    b3:5e:6a:ea:97:87:c0:17:52:d2:c0:63:a7:58:5a:
                    da:c9:bb:13:4a:ae:a7:36:fd:6e:f1:b5:b4:f7:a6:
                    35:4b:20:48:21:85:95:5d:71:0b:a3:71:90:e9:74:
                    a8:51:8e:6a:71:95:bc:af:9b:30:85:76:4e:27:23:
                    85:03:bd:32:60:ea:5e:c2:6d:24:85:ad:32:cb:96:
                    a7:4e:cb:54:06:ac:54:2a:f4:2d:1f:b0:0c:54:6e:
                    a8:8f:d5:e6:85:d1:0a:e9:8a:6c:81:01:2a:21:32:
                    89:f2:69:e6:4a:e1:93:ac:6c:22:dd:e5:13:48:63:
                    51:6c:83:30:6a:fa:9f:23:75:6e:42:34:1c:4d:54:
                    ad:c0:2b:da:44:b7:05:97:bd:ed:3e:d7:60:aa:78:
                    b9:9f:da:65:1f:f4:89:0e:81:d9:4b:59:88:65:30:
                    23:7c:4c:cd:ce:fd:ff:0a:15:2f:51:70:5b:b0:c6:
                    99:15:be:b5:9c:db:f9:c6:20:db:14:63:7f:fc:d2:
                    1a:a8:2f:da:d6:b4:be:97:4f:1e:e9:b0:37:33:c7:
                    50:4d:fa:95:98:f2:ca:f8:f2:72:03:12:f7:95:1f:
                    49:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:70:1E:15:70:F0:E1:D1:C9:DF:E0:DA:A2:61:38:1E:43:7F:DC:67
            X509v3 Authority Key Identifier:
                keyid:1A:87:9D:E1:C7:5F:BB:D2:C3:1D:1D:90:81:40:56:F2:7D:57:D7:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Goed4cdfu9LDHR2QgUBW8n1X13Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6a6313-8546-4031-be9b-8b2ebe4e29ce/1/SXAeFXDw4dHJ3-DaomE4HkN_3Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/6a6313-8546-4031-be9b-8b2ebe4e29ce/1/Goed4cdfu9LDHR2QgUBW8n1X13Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.40.0/24
                  185.142.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:60:cf:e8:cb:70:14:83:ed:ae:45:06:97:45:f2:cf:ad:fa:
         c6:8c:c2:83:1e:81:12:c5:35:29:a0:8f:2c:51:f8:f5:9b:61:
         ff:28:8b:a0:c3:c6:1b:2b:b5:03:13:5d:1a:ad:ef:15:2f:28:
         dc:b3:fd:3e:e7:72:0b:e0:8e:23:c9:81:9c:52:89:ae:70:f1:
         8e:d3:e2:06:66:9e:53:c9:b2:97:f1:4f:0a:00:a0:bc:63:2d:
         49:0b:b6:a1:b2:b5:da:b9:35:f3:00:48:64:b7:ec:75:41:5d:
         52:33:01:83:3f:c7:a9:58:3d:3e:86:67:39:10:cd:ff:67:6a:
         cf:58:17:bf:c4:97:f5:62:ea:4d:49:95:d6:89:48:64:44:3a:
         cc:48:e2:67:0f:02:fc:2a:2e:28:52:0e:20:f0:12:93:79:2c:
         3d:8c:c3:2c:ec:37:2f:65:e2:6d:4c:7a:00:c9:70:14:2a:49:
         5a:26:93:3d:87:f9:89:f3:ae:ed:d5:c2:38:6a:8e:b5:b4:66:
         51:04:29:69:c3:85:08:bc:16:e6:3e:f5:dc:ee:e7:1f:6c:5a:
         e6:f6:cb:41:76:2d:b4:06:81:33:88:98:02:37:42:65:3b:60:
         98:6c:ac:d0:93:fb:99:7d:70:6f:8e:dd:d6:73:c5:36:a4:e1:
         fa:87:8f:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGiw70bzg/KdSkIlqNxyVaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhODc5ZGUxYzc1ZmJiZDJjMzFkMWQ5MDgxNDA1NmYyN2Q1
N2Q3NzYwHhcNMjQwODMwMTAxMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTcwMWUxNTcwZjBlMWQxYzlkZmUwZGFhMjYxMzgxZTQzN2ZkYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuSaPmvAKu9kblb3H1f9yJ4dCi80
icp2zavWKpezXmrql4fAF1LSwGOnWFraybsTSq6nNv1u8bW096Y1SyBIIYWVXXEL
o3GQ6XSoUY5qcZW8r5swhXZOJyOFA70yYOpewm0kha0yy5anTstUBqxUKvQtH7AM
VG6oj9XmhdEK6YpsgQEqITKJ8mnmSuGTrGwi3eUTSGNRbIMwavqfI3VuQjQcTVSt
wCvaRLcFl73tPtdgqni5n9plH/SJDoHZS1mIZTAjfEzNzv3/ChUvUXBbsMaZFb61
nNv5xiDbFGN//NIaqC/a1rS+l08e6bA3M8dQTfqVmPLK+PJyAxL3lR9JKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFElwHhVw8OHRyd/g2qJhOB5Df9xnMB8GA1UdIwQY
MBaAFBqHneHHX7vSwx0dkIFAVvJ9V9d2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR29lZDRjZGZ1OUxESFIyUWdVQlc4bjFYMTNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS82YTYzMTMtODU0Ni00MDMxLWJlOWIt
OGIyZWJlNGUyOWNlLzEvU1hBZUZYRHc0ZEhKMy1EYW9tRTRIa05fM0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS82YTYzMTMtODU0Ni00MDMxLWJlOWItOGIyZWJlNGUyOWNl
LzEvR29lZDRjZGZ1OUxESFIyUWdVQlc4bjFYMTNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuY4oAwQB
uY4qMA0GCSqGSIb3DQEBCwUAA4IBAQA9YM/oy3AUg+2uRQaXRfLPrfrGjMKDHoES
xTUpoI8sUfj1m2H/KIugw8YbK7UDE10are8VLyjcs/0+53IL4I4jyYGcUomucPGO
0+IGZp5TybKX8U8KAKC8Yy1JC7ahsrXauTXzAEhkt+x1QV1SMwGDP8epWD0+hmc5
EM3/Z2rPWBe/xJf1YupNSZXWiUhkRDrMSOJnDwL8Ki4oUg4g8BKTeSw9jMMs7Dcv
ZeJtTHoAyXAUKklaJpM9h/mJ867t1cI4ao61tGZRBClpw4UIvBbmPvXc7ucfbFrm
9stBdi20BoEziJgCN0JlO2CYbKzQk/uZfXBvjt3Wc8U2pOH6h4/6
-----END CERTIFICATE-----