Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/7a1aee-671b-4f39-b4dd-212a9f310622/1/SJo9bbtOiJizy-E-1R7ARjzy0go.roa
File:                     SJo9bbtOiJizy-E-1R7ARjzy0go.roa (raw, json)
Hash identifier:          N0blavvteQ7KpRANvuQMrdlRUvdcOQG6W4OA7HGtMsw=
Subject key identifier:   48:9A:3D:6D:BB:4E:88:98:B3:CB:E1:3E:D5:1E:C0:46:3C:F2:D2:0A
Certificate issuer:       /CN=7dc555352323dbcc287b87e0d6a4814a63abbd46
Certificate serial:       0192C3D5BA745133DFECD3FBB97A3819B1FD
Authority key identifier: 7D:C5:55:35:23:23:DB:CC:28:7B:87:E0:D6:A4:81:4A:63:AB:BD:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcVVNSMj28woe4fg1qSBSmOrvUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/7a1aee-671b-4f39-b4dd-212a9f310622/1/SJo9bbtOiJizy-E-1R7ARjzy0go.roa
Signing time:             Fri 25 Oct 2024 13:20:16 +0000
ROA not before:           Fri 25 Oct 2024 13:20:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47264
IP address blocks:        185.203.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/7a1aee-671b-4f39-b4dd-212a9f310622/1/fcVVNSMj28woe4fg1qSBSmOrvUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/7a1aee-671b-4f39-b4dd-212a9f310622/1/fcVVNSMj28woe4fg1qSBSmOrvUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fcVVNSMj28woe4fg1qSBSmOrvUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:d5:ba:74:51:33:df:ec:d3:fb:b9:7a:38:19:b1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc555352323dbcc287b87e0d6a4814a63abbd46
        Validity
            Not Before: Oct 25 13:20:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=489a3d6dbb4e8898b3cbe13ed51ec0463cf2d20a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0f:ac:43:b4:66:24:8a:93:e1:b9:4d:21:40:
                    24:50:4c:43:a5:d5:9e:0c:b2:57:02:b9:46:1c:50:
                    e4:6c:fb:37:ae:63:09:da:33:2c:45:ec:44:ef:67:
                    10:e7:c0:1f:a8:64:da:68:f6:6e:dc:40:85:23:87:
                    cc:29:e5:8f:f2:19:e7:2e:ae:aa:95:eb:98:80:d4:
                    9b:0a:a0:0f:aa:d4:07:a7:6d:f4:a4:ae:d4:8e:ce:
                    87:57:f4:bf:f9:2a:c5:78:95:74:ec:d0:1e:7e:5d:
                    16:38:90:ff:70:e6:31:d2:5e:cd:f7:10:7a:76:05:
                    87:ff:ae:eb:b1:77:a1:06:ad:db:7e:41:37:4f:47:
                    e6:15:22:1b:4a:7e:40:a5:de:51:22:14:f2:42:8d:
                    84:ee:a6:ad:9c:0b:1d:95:36:4a:44:db:6a:30:6e:
                    c8:d9:cf:c1:9e:34:56:e8:5d:99:a1:25:34:bd:2a:
                    75:49:c1:df:3a:6c:b4:9a:40:ca:be:ce:b4:e0:27:
                    c0:65:5d:ce:e1:d6:41:35:7b:86:f2:54:7a:19:98:
                    e5:7f:5f:91:73:6d:56:8f:e2:cb:b7:2c:01:02:42:
                    5b:cc:63:50:10:d8:cd:61:fc:0b:b0:9b:1f:be:9e:
                    d4:16:dc:62:71:59:a9:82:a1:30:a3:8d:12:be:c9:
                    11:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:9A:3D:6D:BB:4E:88:98:B3:CB:E1:3E:D5:1E:C0:46:3C:F2:D2:0A
            X509v3 Authority Key Identifier:
                keyid:7D:C5:55:35:23:23:DB:CC:28:7B:87:E0:D6:A4:81:4A:63:AB:BD:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcVVNSMj28woe4fg1qSBSmOrvUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/7a1aee-671b-4f39-b4dd-212a9f310622/1/SJo9bbtOiJizy-E-1R7ARjzy0go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/7a1aee-671b-4f39-b4dd-212a9f310622/1/fcVVNSMj28woe4fg1qSBSmOrvUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:77:c2:6d:17:63:97:5e:60:b7:bd:fb:ac:de:82:85:13:42:
         c2:3c:e7:84:42:84:c9:6f:e5:47:d9:fa:09:e5:da:eb:81:dc:
         9c:ce:5a:e5:1c:31:70:4a:d2:b2:2e:d6:5d:e1:cd:49:5e:b8:
         2c:0d:3b:b4:5e:58:06:7f:76:7c:d2:8f:88:31:06:0c:9f:30:
         de:f6:fa:8e:28:f4:43:00:44:c9:e9:c2:db:0b:53:ea:55:07:
         a0:3a:ad:69:1d:e0:37:5d:d8:1d:3c:41:09:6c:af:5e:04:a9:
         30:31:93:2d:b3:7e:7c:e0:2d:db:ca:fb:9d:aa:31:c9:cc:7d:
         76:66:22:65:69:a5:8b:05:2c:7f:2e:4c:be:4b:b7:4f:81:05:
         50:6a:dd:63:0d:ca:d1:f7:06:9a:ef:45:6e:4c:d6:83:55:81:
         6e:5d:42:9f:4d:59:27:8d:e5:fb:5d:51:ca:0e:7a:14:ef:52:
         8b:2d:11:26:f0:7a:8f:bd:ae:70:46:f3:86:c8:96:32:2f:01:
         46:87:72:c8:5e:9e:76:dc:16:aa:06:24:bc:13:f9:1e:7a:18:
         cc:20:52:43:4b:68:ea:f1:64:a5:2b:44:be:31:e6:51:70:36:
         f1:f9:b0:39:b8:54:b7:89:23:41:26:d9:0a:eb:d4:84:71:fa:
         80:59:79:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLD1bp0UTPf7NP7uXo4GbH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzU1NTM1MjMyM2RiY2MyODdiODdlMGQ2YTQ4MTRhNjNh
YmJkNDYwHhcNMjQxMDI1MTMyMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODlhM2Q2ZGJiNGU4ODk4YjNjYmUxM2VkNTFlYzA0NjNjZjJkMjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArg+sQ7RmJIqT4blNIUAkUExDpdWe
DLJXArlGHFDkbPs3rmMJ2jMsRexE72cQ58AfqGTaaPZu3ECFI4fMKeWP8hnnLq6q
leuYgNSbCqAPqtQHp230pK7Ujs6HV/S/+SrFeJV07NAefl0WOJD/cOYx0l7N9xB6
dgWH/67rsXehBq3bfkE3T0fmFSIbSn5Apd5RIhTyQo2E7qatnAsdlTZKRNtqMG7I
2c/BnjRW6F2ZoSU0vSp1ScHfOmy0mkDKvs604CfAZV3O4dZBNXuG8lR6GZjlf1+R
c21Wj+LLtywBAkJbzGNQENjNYfwLsJsfvp7UFtxicVmpgqEwo40SvskRvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiaPW27ToiYs8vhPtUewEY88tIKMB8GA1UdIwQY
MBaAFH3FVTUjI9vMKHuH4NakgUpjq71GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNWVk5TTWoyOHdvZTRmZzFxU0JTbU9ydlVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi83YTFhZWUtNjcxYi00ZjM5LWI0ZGQt
MjEyYTlmMzEwNjIyLzEvU0pvOWJidE9pSml6eS1FLTFSN0FSanp5MGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi83YTFhZWUtNjcxYi00ZjM5LWI0ZGQtMjEyYTlmMzEwNjIy
LzEvZmNWVk5TTWoyOHdvZTRmZzFxU0JTbU9ydlVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuctAMA0G
CSqGSIb3DQEBCwUAA4IBAQAId8JtF2OXXmC3vfus3oKFE0LCPOeEQoTJb+VH2foJ
5drrgdyczlrlHDFwStKyLtZd4c1JXrgsDTu0XlgGf3Z80o+IMQYMnzDe9vqOKPRD
AETJ6cLbC1PqVQegOq1pHeA3XdgdPEEJbK9eBKkwMZMts3584C3byvudqjHJzH12
ZiJlaaWLBSx/Lky+S7dPgQVQat1jDcrR9waa70VuTNaDVYFuXUKfTVknjeX7XVHK
DnoU71KLLREm8HqPva5wRvOGyJYyLwFGh3LIXp523BaqBiS8E/keehjMIFJDS2jq
8WSlK0S+MeZRcDbx+bA5uFS3iSNBJtkK69SEcfqAWXkC
-----END CERTIFICATE-----