Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/db547e-f431-4d78-9f38-2c4c066fc291/1/SW0NmgN1MfeImMBLkTet_og-k3A.roa
File:                     SW0NmgN1MfeImMBLkTet_og-k3A.roa (raw, json)
Hash identifier:          NuBlZaeVdzU+Qx3vpR2cHPvzMF2hd3qV04JT0+dx0Ww=
Subject key identifier:   49:6D:0D:9A:03:75:31:F7:88:98:C0:4B:91:37:AD:FE:88:3E:93:70
Certificate issuer:       /CN=262762b73be226b171999412625acc7270244343
Certificate serial:       019422FB0B339917184DBB7B6FD2F1D2B1CC
Authority key identifier: 26:27:62:B7:3B:E2:26:B1:71:99:94:12:62:5A:CC:72:70:24:43:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JiditzviJrFxmZQSYlrMcnAkQ0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/db547e-f431-4d78-9f38-2c4c066fc291/1/SW0NmgN1MfeImMBLkTet_og-k3A.roa
Signing time:             Wed 01 Jan 2025 17:47:45 +0000
ROA not before:           Wed 01 Jan 2025 17:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214289
IP address blocks:        185.142.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/db547e-f431-4d78-9f38-2c4c066fc291/1/JiditzviJrFxmZQSYlrMcnAkQ0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/db547e-f431-4d78-9f38-2c4c066fc291/1/JiditzviJrFxmZQSYlrMcnAkQ0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JiditzviJrFxmZQSYlrMcnAkQ0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:0b:33:99:17:18:4d:bb:7b:6f:d2:f1:d2:b1:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=262762b73be226b171999412625acc7270244343
        Validity
            Not Before: Jan  1 17:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=496d0d9a037531f78898c04b9137adfe883e9370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a3:92:6c:76:c6:f4:21:46:e8:51:7c:7d:31:
                    89:c4:dd:10:b6:b2:45:9e:dd:d9:31:d2:74:c1:da:
                    a6:8a:46:de:01:6c:3e:b2:84:72:7d:82:91:a0:17:
                    bc:08:19:fe:92:02:7a:41:0b:35:d4:b6:c2:3c:b7:
                    96:c1:54:44:34:d1:ce:c8:5b:85:b7:3d:cb:22:ab:
                    cc:da:85:c0:f0:ab:ec:f9:5e:a9:3b:aa:8f:b1:b4:
                    ba:b4:d6:cf:50:e9:4a:28:87:f2:ff:70:46:01:ee:
                    53:97:71:f7:2b:56:32:7b:05:9a:a6:f8:cf:52:d7:
                    d9:39:cd:6f:b1:63:3b:9f:ee:8c:cd:8d:81:34:f9:
                    5f:7f:d8:c3:0f:aa:c8:b7:4c:77:51:b6:da:4d:00:
                    6a:33:90:89:d9:85:cf:79:96:f1:42:ae:ed:fe:d0:
                    9b:fc:eb:fd:f0:c8:85:b2:45:87:b9:e5:b9:3a:d5:
                    92:a8:22:ad:82:d6:de:41:ee:48:cd:11:fd:e8:42:
                    07:76:e0:1f:f3:1e:9f:bb:98:1d:ac:25:6e:f7:01:
                    2d:48:54:54:3b:e5:d3:bc:cd:d8:f2:3e:23:b8:77:
                    be:8e:d4:06:4e:5a:43:14:15:b6:f9:a8:e9:e0:56:
                    39:a4:c1:53:e9:54:80:3b:8d:0e:92:9f:a4:63:3f:
                    35:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6D:0D:9A:03:75:31:F7:88:98:C0:4B:91:37:AD:FE:88:3E:93:70
            X509v3 Authority Key Identifier:
                keyid:26:27:62:B7:3B:E2:26:B1:71:99:94:12:62:5A:CC:72:70:24:43:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JiditzviJrFxmZQSYlrMcnAkQ0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/db547e-f431-4d78-9f38-2c4c066fc291/1/SW0NmgN1MfeImMBLkTet_og-k3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/db547e-f431-4d78-9f38-2c4c066fc291/1/JiditzviJrFxmZQSYlrMcnAkQ0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4f:a4:9e:fa:1e:50:e3:54:7a:ac:72:51:57:4b:1a:0d:32:
         f6:26:bf:94:1f:da:79:a0:bf:69:ee:ce:92:6d:78:2b:28:47:
         61:d0:a8:1b:a1:78:96:6d:cb:3d:0b:70:10:c2:24:f4:3a:d7:
         f7:d4:f8:bc:c4:cd:25:97:0c:8a:e0:c5:74:26:97:ed:97:a8:
         cc:19:99:e5:0e:db:9b:74:62:5d:0c:dd:51:66:19:4d:05:7f:
         cd:fd:f1:99:c5:84:a9:46:c0:83:5e:f8:98:bb:93:0a:cf:ac:
         13:57:bc:14:a5:cf:88:75:7e:bf:8a:01:d3:10:01:96:f2:da:
         4f:66:1c:12:f5:ec:97:4d:f6:09:8d:2d:fb:37:11:0a:f7:0a:
         62:8d:c3:52:e3:1d:d3:9c:29:ef:6f:25:07:ab:58:d2:79:fd:
         9c:0b:63:e2:f5:46:ab:7e:97:53:b7:4e:61:60:5f:35:04:f6:
         f8:e2:1e:3e:58:59:85:a1:94:d8:99:e3:83:e8:49:52:74:82:
         24:4f:4c:27:ed:ab:22:8a:49:48:3b:15:f6:13:91:5f:79:47:
         98:fc:af:41:37:87:54:ca:cd:6f:0f:d5:b7:7d:25:00:fe:53:
         32:cb:58:57:11:35:41:e8:eb:15:0f:23:59:3d:4b:cf:91:d4:
         32:dd:af:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+wszmRcYTbt7b9Lx0rHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2Mjc2MmI3M2JlMjI2YjE3MTk5OTQxMjYyNWFjYzcyNzAy
NDQzNDMwHhcNMjUwMTAxMTc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZkMGQ5YTAzNzUzMWY3ODg5OGMwNGI5MTM3YWRmZTg4M2U5MzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaOSbHbG9CFG6FF8fTGJxN0QtrJF
nt3ZMdJ0wdqmikbeAWw+soRyfYKRoBe8CBn+kgJ6QQs11LbCPLeWwVRENNHOyFuF
tz3LIqvM2oXA8Kvs+V6pO6qPsbS6tNbPUOlKKIfy/3BGAe5Tl3H3K1YyewWapvjP
UtfZOc1vsWM7n+6MzY2BNPlff9jDD6rIt0x3UbbaTQBqM5CJ2YXPeZbxQq7t/tCb
/Ov98MiFskWHueW5OtWSqCKtgtbeQe5IzRH96EIHduAf8x6fu5gdrCVu9wEtSFRU
O+XTvM3Y8j4juHe+jtQGTlpDFBW2+ajp4FY5pMFT6VSAO40Okp+kYz81lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEltDZoDdTH3iJjAS5E3rf6IPpNwMB8GA1UdIwQY
MBaAFCYnYrc74iaxcZmUEmJazHJwJENDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmlkaXR6dmlKckZ4bVpRU1lsck1jbkFrUTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kYjU0N2UtZjQzMS00ZDc4LTlmMzgt
MmM0YzA2NmZjMjkxLzEvU1cwTm1nTjFNZmVJbU1CTGtUZXRfb2ctazNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kYjU0N2UtZjQzMS00ZDc4LTlmMzgtMmM0YzA2NmZjMjkx
LzEvSmlkaXR6dmlKckZ4bVpRU1lsck1jbkFrUTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY5xMA0G
CSqGSIb3DQEBCwUAA4IBAQAQT6Se+h5Q41R6rHJRV0saDTL2Jr+UH9p5oL9p7s6S
bXgrKEdh0KgboXiWbcs9C3AQwiT0Otf31Pi8xM0llwyK4MV0Jpftl6jMGZnlDtub
dGJdDN1RZhlNBX/N/fGZxYSpRsCDXviYu5MKz6wTV7wUpc+IdX6/igHTEAGW8tpP
ZhwS9eyXTfYJjS37NxEK9wpijcNS4x3TnCnvbyUHq1jSef2cC2Pi9UarfpdTt05h
YF81BPb44h4+WFmFoZTYmeOD6ElSdIIkT0wn7asiiklIOxX2E5FfeUeY/K9BN4dU
ys1vD9W3fSUA/lMyy1hXETVB6OsVDyNZPUvPkdQy3a8V
-----END CERTIFICATE-----