Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/S8bkAVPKOZ-Wv8bcLyLv58IY5XI.roa
File:                     S8bkAVPKOZ-Wv8bcLyLv58IY5XI.roa (raw, json)
Hash identifier:          WjxXP1OmvNWD7wvgFTcDicv8zRYqIUNqNm/DyzGISFw=
Subject key identifier:   4B:C6:E4:01:53:CA:39:9F:96:BF:C6:DC:2F:22:EF:E7:C2:18:E5:72
Certificate issuer:       /CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
Certificate serial:       019426D9C6B64DFE2EA1DEB2080FA28AB03C
Authority key identifier: F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/S8bkAVPKOZ-Wv8bcLyLv58IY5XI.roa
Signing time:             Thu 02 Jan 2025 11:49:53 +0000
ROA not before:           Thu 02 Jan 2025 11:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198139
IP address blocks:        185.195.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c6:b6:4d:fe:2e:a1:de:b2:08:0f:a2:8a:b0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
        Validity
            Not Before: Jan  2 11:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bc6e40153ca399f96bfc6dc2f22efe7c218e572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:73:f2:43:33:ca:8a:bf:01:53:e2:bb:af:cf:
                    d3:dc:79:36:f5:6d:64:2d:b8:66:98:83:30:4d:cb:
                    46:77:43:c6:ae:e1:fb:8b:f1:0a:0e:72:20:ae:cb:
                    a4:1c:9e:9f:b6:d4:99:29:5f:f6:84:ba:07:b8:9e:
                    03:ef:90:01:42:e1:ad:02:13:0b:46:28:25:84:2a:
                    1e:43:72:cf:b2:e9:6e:db:d7:f5:d1:fa:da:69:3f:
                    dc:70:18:f2:18:60:b7:b3:5c:d8:be:5c:42:21:6c:
                    7b:06:79:8c:9c:ac:c2:be:52:01:45:16:0d:81:23:
                    b2:30:83:04:29:7e:1e:c2:59:b9:ab:99:81:23:29:
                    9b:d0:a3:3f:4a:9a:c3:fa:96:7c:42:31:a1:b1:5a:
                    5b:5c:a2:99:af:ca:81:4a:c4:e5:ab:b2:ba:42:06:
                    be:2d:2b:32:da:5e:8a:9b:15:f0:5c:d9:2b:c1:ed:
                    e7:26:c5:52:e8:7c:4f:aa:03:44:43:37:a5:81:87:
                    21:ce:c8:2b:45:db:79:8e:4a:3a:57:7d:c4:dd:c1:
                    f0:97:e9:80:c6:1d:fd:c3:6c:31:75:e2:1a:da:56:
                    dd:19:14:9e:07:12:1b:ff:98:11:b6:34:85:a5:0a:
                    ce:9b:23:ab:b0:c0:24:10:e0:c2:69:30:8d:53:15:
                    d5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C6:E4:01:53:CA:39:9F:96:BF:C6:DC:2F:22:EF:E7:C2:18:E5:72
            X509v3 Authority Key Identifier:
                keyid:F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/S8bkAVPKOZ-Wv8bcLyLv58IY5XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:17:0c:f7:f0:7e:54:e3:af:1c:7b:bf:d2:2e:46:ba:ff:36:
         c3:4b:07:dd:5d:d4:96:68:15:39:30:cc:f2:e4:b8:af:38:8a:
         5d:a6:8c:72:e7:d1:19:15:60:df:90:b0:84:ed:e2:7c:0c:84:
         83:e1:4d:79:b9:e4:c5:bb:8d:5c:cb:da:cd:db:ff:fe:15:6d:
         6e:f3:89:c9:bb:f9:6b:c9:be:52:68:d1:ef:15:6a:b6:c4:4d:
         8f:46:f8:8c:f9:b6:8e:31:34:63:58:fe:82:ef:82:3a:95:c1:
         75:35:6e:81:70:bd:2d:ac:2e:45:d3:f2:2e:59:05:b6:54:06:
         0a:a3:38:fe:b7:da:2b:ca:ef:95:a8:70:d1:ff:d2:88:9c:bd:
         55:2e:35:8b:1d:99:0f:40:1d:bf:90:ee:a3:a9:be:21:06:29:
         b6:93:ac:20:f0:9d:d0:e7:0b:2b:02:1a:0a:c5:c6:9f:6c:e9:
         ca:a4:34:bd:6f:f5:ce:12:d4:6e:07:6b:1c:e4:af:5d:5e:71:
         f1:35:66:fa:81:bd:c3:4d:79:31:ab:75:71:ba:9b:1c:83:39:
         87:f1:0c:5e:79:c4:8c:8e:6c:35:59:91:e6:3c:d0:ca:48:ff:
         42:b1:aa:f4:ce:db:25:ce:7c:4c:a2:03:0f:ed:7c:8c:cf:a5:
         bc:fa:6d:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ca2Tf4uod6yCA+iirA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZGUzNDZiNTgwNTMyN2JiYzlkZjVlNDliMTZjOTk3ZWEz
YTEyNTQwHhcNMjUwMTAyMTE0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmM2ZTQwMTUzY2EzOTlmOTZiZmM2ZGMyZjIyZWZlN2MyMThlNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nPyQzPKir8BU+K7r8/T3Hk29W1k
LbhmmIMwTctGd0PGruH7i/EKDnIgrsukHJ6fttSZKV/2hLoHuJ4D75ABQuGtAhML
RiglhCoeQ3LPsulu29f10fraaT/ccBjyGGC3s1zYvlxCIWx7BnmMnKzCvlIBRRYN
gSOyMIMEKX4ewlm5q5mBIymb0KM/SprD+pZ8QjGhsVpbXKKZr8qBSsTlq7K6Qga+
LSsy2l6KmxXwXNkrwe3nJsVS6HxPqgNEQzelgYchzsgrRdt5jko6V33E3cHwl+mA
xh39w2wxdeIa2lbdGRSeBxIb/5gRtjSFpQrOmyOrsMAkEODCaTCNUxXVwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvG5AFTyjmflr/G3C8i7+fCGOVyMB8GA1UdIwQY
MBaAFPbeNGtYBTJ7vJ315JsWyZfqOhJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUt
NzNhYjg1NjRiOWNhLzEvUzhia0FWUEtPWi1XdjhiY0x5THY1OElZNVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUtNzNhYjg1NjRiOWNh
LzEvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucOUMA0G
CSqGSIb3DQEBCwUAA4IBAQCdFwz38H5U468ce7/SLka6/zbDSwfdXdSWaBU5MMzy
5LivOIpdpoxy59EZFWDfkLCE7eJ8DISD4U15ueTFu41cy9rN2//+FW1u84nJu/lr
yb5SaNHvFWq2xE2PRviM+baOMTRjWP6C74I6lcF1NW6BcL0trC5F0/IuWQW2VAYK
ozj+t9oryu+VqHDR/9KInL1VLjWLHZkPQB2/kO6jqb4hBim2k6wg8J3Q5wsrAhoK
xcafbOnKpDS9b/XOEtRuB2sc5K9dXnHxNWb6gb3DTXkxq3VxupscgzmH8QxeecSM
jmw1WZHmPNDKSP9Csar0ztslznxMogMP7XyMz6W8+m1I
-----END CERTIFICATE-----