Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/SxgKNPaYJVhAK36SOSTuyxJmYzI.roa
File:                     SxgKNPaYJVhAK36SOSTuyxJmYzI.roa (raw, json)
Hash identifier:          iBEUhnRScZ+rajzC9bqU9rcXbnYIQMvrpQOY+tW8FQc=
Subject key identifier:   4B:18:0A:34:F6:98:25:58:40:2B:7E:92:39:24:EE:CB:12:66:63:32
Certificate issuer:       /CN=a1655282be419d21222b506fb7a368c3fe5db23d
Certificate serial:       019420D63C754F0137D9093D136C9E5E338C
Authority key identifier: A1:65:52:82:BE:41:9D:21:22:2B:50:6F:B7:A3:68:C3:FE:5D:B2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWVSgr5BnSEiK1Bvt6Now_5dsj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/SxgKNPaYJVhAK36SOSTuyxJmYzI.roa
Signing time:             Wed 01 Jan 2025 07:48:18 +0000
ROA not before:           Wed 01 Jan 2025 07:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29329
IP address blocks:        93.157.120.0/21 maxlen: 32
                          109.197.8.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/oWVSgr5BnSEiK1Bvt6Now_5dsj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/oWVSgr5BnSEiK1Bvt6Now_5dsj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWVSgr5BnSEiK1Bvt6Now_5dsj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:3c:75:4f:01:37:d9:09:3d:13:6c:9e:5e:33:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1655282be419d21222b506fb7a368c3fe5db23d
        Validity
            Not Before: Jan  1 07:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b180a34f6982558402b7e923924eecb12666332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:96:81:8a:ca:74:c8:82:5c:96:a1:91:1c:d4:
                    68:d1:ae:78:5b:ba:a7:9a:83:62:77:af:e0:c6:56:
                    ca:04:26:bd:01:b2:3f:a8:6e:c9:44:3c:8a:a5:3f:
                    53:61:d2:a8:46:9c:86:84:49:de:3f:52:10:66:97:
                    c5:a0:7f:4c:50:5f:54:78:ca:56:23:f5:d0:ff:a6:
                    48:71:68:fe:a3:2d:63:93:05:53:df:99:ff:ad:4b:
                    af:32:dc:f0:64:b6:df:b3:26:80:67:05:85:8b:f5:
                    41:db:c4:36:a2:86:60:76:5f:34:fe:7f:62:6a:cc:
                    56:14:3f:89:34:e7:4d:ca:78:95:53:8f:32:f2:1e:
                    8b:c8:67:db:40:16:5d:91:07:e3:0b:b1:86:3c:66:
                    71:b5:46:8c:99:36:b9:b1:8b:2d:d8:b5:07:19:1e:
                    70:47:a6:1c:82:80:13:0c:6a:e5:60:ff:72:7d:0b:
                    a9:68:ea:91:38:51:da:6e:06:5a:ae:0a:24:6f:f8:
                    1a:c8:c9:25:4e:63:75:f1:2d:e7:e8:bb:b0:ac:16:
                    d1:da:d0:58:41:7d:85:5d:32:42:db:62:c1:11:52:
                    75:12:69:b0:e6:3f:ed:ad:d1:cb:72:3b:36:01:46:
                    34:04:8e:ca:e7:8f:85:4b:4a:31:91:78:22:d9:a3:
                    aa:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:18:0A:34:F6:98:25:58:40:2B:7E:92:39:24:EE:CB:12:66:63:32
            X509v3 Authority Key Identifier:
                keyid:A1:65:52:82:BE:41:9D:21:22:2B:50:6F:B7:A3:68:C3:FE:5D:B2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWVSgr5BnSEiK1Bvt6Now_5dsj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/SxgKNPaYJVhAK36SOSTuyxJmYzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/oWVSgr5BnSEiK1Bvt6Now_5dsj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.120.0/21
                  109.197.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:30:80:47:a8:f5:5e:78:87:c6:0b:37:1e:32:6a:2a:0e:7b:
         c6:88:30:4c:42:13:2b:af:6f:cd:91:83:e5:84:a8:46:50:96:
         5c:f7:66:6d:e8:49:8d:01:06:03:24:5c:f4:c4:72:0d:94:94:
         c5:ae:2e:64:e4:48:d0:1e:26:11:a3:27:73:7f:7d:6a:08:e5:
         a4:87:ea:f2:3c:88:d6:d3:50:40:3c:f8:67:e2:95:e6:ba:3f:
         1f:db:77:13:d5:69:f5:e2:b5:a7:5e:4b:fc:93:eb:cc:e4:ad:
         61:0d:42:51:1c:f1:b6:f4:2d:45:08:3e:25:8b:65:97:75:29:
         a6:d2:cd:2c:66:be:ae:c9:6f:d7:79:16:2f:71:d7:d3:89:ae:
         e5:05:6c:dd:3c:e8:b0:fa:41:78:0f:03:0d:da:cc:19:1d:37:
         23:6b:31:f3:50:c9:3b:b7:de:b8:a8:e5:53:b7:36:1f:b4:bc:
         5b:3f:5c:6d:4e:9e:ea:fa:83:9f:b7:1b:68:53:36:04:f8:eb:
         31:79:bb:07:c1:61:2f:bb:d4:52:24:3e:d9:27:2f:3b:15:8c:
         b2:71:48:c1:65:36:af:cd:23:ca:05:3a:de:09:fd:8d:24:a6:
         56:8a:3b:99:6d:ed:b4:46:97:24:42:70:c2:47:2b:ae:4b:c6:
         5b:d1:54:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1jx1TwE32Qk9E2yeXjOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjU1MjgyYmU0MTlkMjEyMjJiNTA2ZmI3YTM2OGMzZmU1
ZGIyM2QwHhcNMjUwMTAxMDc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE4MGEzNGY2OTgyNTU4NDAyYjdlOTIzOTI0ZWVjYjEyNjY2MzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJaBisp0yIJclqGRHNRo0a54W7qn
moNid6/gxlbKBCa9AbI/qG7JRDyKpT9TYdKoRpyGhEneP1IQZpfFoH9MUF9UeMpW
I/XQ/6ZIcWj+oy1jkwVT35n/rUuvMtzwZLbfsyaAZwWFi/VB28Q2ooZgdl80/n9i
asxWFD+JNOdNyniVU48y8h6LyGfbQBZdkQfjC7GGPGZxtUaMmTa5sYst2LUHGR5w
R6YcgoATDGrlYP9yfQupaOqROFHabgZargokb/gayMklTmN18S3n6LuwrBbR2tBY
QX2FXTJC22LBEVJ1Emmw5j/trdHLcjs2AUY0BI7K54+FS0oxkXgi2aOqfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEsYCjT2mCVYQCt+kjkk7ssSZmMyMB8GA1UdIwQY
MBaAFKFlUoK+QZ0hIitQb7ejaMP+XbI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dWU2dyNUJuU0VpSzFCdnQ2Tm93XzVkc2owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS84MDYyYTktN2Y0Ny00NGVhLWFiYjct
OTFkYmM5ZjBlOGRiLzEvU3hnS05QYVlKVmhBSzM2U09TVHV5eEptWXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS84MDYyYTktN2Y0Ny00NGVhLWFiYjctOTFkYmM5ZjBlOGRi
LzEvb1dWU2dyNUJuU0VpSzFCdnQ2Tm93XzVkc2owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXZ14AwQD
bcUIMA0GCSqGSIb3DQEBCwUAA4IBAQADMIBHqPVeeIfGCzceMmoqDnvGiDBMQhMr
r2/NkYPlhKhGUJZc92Zt6EmNAQYDJFz0xHINlJTFri5k5EjQHiYRoydzf31qCOWk
h+ryPIjW01BAPPhn4pXmuj8f23cT1Wn14rWnXkv8k+vM5K1hDUJRHPG29C1FCD4l
i2WXdSmm0s0sZr6uyW/XeRYvcdfTia7lBWzdPOiw+kF4DwMN2swZHTcjazHzUMk7
t964qOVTtzYftLxbP1xtTp7q+oOftxtoUzYE+OsxebsHwWEvu9RSJD7ZJy87FYyy
cUjBZTavzSPKBTreCf2NJKZWijuZbe20RpckQnDCRyuuS8Zb0VSc
-----END CERTIFICATE-----