Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/4c3e19-a489-4e3a-a3a2-7e52e749c3ad/1/SRbcYTDvBK2K42GBZURfc-9owLk.roa
File:                     SRbcYTDvBK2K42GBZURfc-9owLk.roa (raw, json)
Hash identifier:          ou7G18aw8/QVFexo/f3lobAxj/5Hzi02IWmge/V7dxQ=
Subject key identifier:   49:16:DC:61:30:EF:04:AD:8A:E3:61:81:65:44:5F:73:EF:68:C0:B9
Certificate issuer:       /CN=b587bc12eb2de29a1026b8f56be8d469f2f58cf3
Certificate serial:       019422FB571652B97B387C15117AB8245CB5
Authority key identifier: B5:87:BC:12:EB:2D:E2:9A:10:26:B8:F5:6B:E8:D4:69:F2:F5:8C:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYe8Eust4poQJrj1a-jUafL1jPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/4c3e19-a489-4e3a-a3a2-7e52e749c3ad/1/SRbcYTDvBK2K42GBZURfc-9owLk.roa
Signing time:             Wed 01 Jan 2025 17:48:04 +0000
ROA not before:           Wed 01 Jan 2025 17:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31481
IP address blocks:        195.225.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/4c3e19-a489-4e3a-a3a2-7e52e749c3ad/1/tYe8Eust4poQJrj1a-jUafL1jPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/4c3e19-a489-4e3a-a3a2-7e52e749c3ad/1/tYe8Eust4poQJrj1a-jUafL1jPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYe8Eust4poQJrj1a-jUafL1jPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:57:16:52:b9:7b:38:7c:15:11:7a:b8:24:5c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b587bc12eb2de29a1026b8f56be8d469f2f58cf3
        Validity
            Not Before: Jan  1 17:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4916dc6130ef04ad8ae3618165445f73ef68c0b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:10:bf:57:1a:07:88:e0:ef:cc:79:ec:6b:d7:
                    87:d2:90:a7:bd:3d:5e:79:ab:18:39:9e:24:3a:af:
                    ec:76:0b:52:48:f2:72:26:7a:e5:a2:77:81:c2:0e:
                    9c:cf:8b:5d:86:89:5f:24:10:5e:e6:04:35:00:5b:
                    09:29:1a:2e:b0:0c:07:ef:77:5b:49:b1:b5:66:b7:
                    35:2d:d2:a8:c4:fc:a8:ea:fe:b4:eb:cf:5d:96:a5:
                    6c:26:40:44:20:80:83:56:c4:cb:72:41:70:7b:8a:
                    75:cd:bb:57:f7:1e:78:4e:84:66:f9:4e:ab:6d:19:
                    86:c4:b0:f6:db:0c:ee:8b:14:7b:f4:6d:73:a8:58:
                    30:7a:bb:c9:26:7a:05:2c:52:43:ea:62:ee:4f:e4:
                    47:60:80:ba:5f:43:b3:c9:e8:1a:bf:a1:4e:59:bc:
                    c8:9e:3a:da:33:62:4c:29:ff:29:43:bd:8a:06:44:
                    6b:47:6a:62:14:cf:49:36:a4:7c:5f:8d:5a:b9:8d:
                    fa:6b:3c:6a:60:05:ee:58:29:6e:59:b2:a6:cc:51:
                    36:47:bc:d7:9a:91:aa:a7:f3:21:6a:91:cd:cd:fb:
                    1b:64:43:ee:bc:95:66:44:c9:20:b3:61:9f:4a:3f:
                    01:eb:1f:f1:3d:f4:12:4d:3a:fa:17:71:82:fd:13:
                    01:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:16:DC:61:30:EF:04:AD:8A:E3:61:81:65:44:5F:73:EF:68:C0:B9
            X509v3 Authority Key Identifier:
                keyid:B5:87:BC:12:EB:2D:E2:9A:10:26:B8:F5:6B:E8:D4:69:F2:F5:8C:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYe8Eust4poQJrj1a-jUafL1jPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/4c3e19-a489-4e3a-a3a2-7e52e749c3ad/1/SRbcYTDvBK2K42GBZURfc-9owLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/4c3e19-a489-4e3a-a3a2-7e52e749c3ad/1/tYe8Eust4poQJrj1a-jUafL1jPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:45:43:8c:7a:46:93:66:73:5e:a6:df:e0:b8:9c:6b:22:47:
         95:04:0c:73:57:4d:55:8b:25:48:b9:0f:19:6e:8e:de:46:bf:
         f9:e3:76:fa:9d:80:89:9d:a5:31:0d:29:cf:0d:da:7b:ee:f8:
         84:e7:17:cd:d3:60:97:6c:32:9d:b1:34:77:b7:33:31:ec:be:
         98:42:fa:86:e6:d3:4a:d8:01:0f:bc:b7:47:eb:1c:71:6f:e3:
         55:4b:44:db:ce:e1:17:d4:d4:41:61:0b:0d:96:00:c8:e3:23:
         d9:4f:a3:5f:fe:d9:e5:11:6f:66:c0:0c:6d:d7:05:ea:ca:de:
         14:4b:63:5a:70:65:5c:74:4d:59:d3:40:47:aa:fd:4b:f2:0d:
         5c:87:74:f6:f4:e6:e8:0b:54:77:eb:de:5f:20:fe:4d:6d:c0:
         07:63:d0:d7:9b:f3:1b:a4:26:a6:d7:06:d7:61:45:d0:6d:fd:
         03:2c:55:d8:9d:0f:a0:fb:67:d3:ce:f7:f4:bf:d7:d5:86:5c:
         f4:8c:b9:53:fc:0f:42:a0:73:03:11:ba:8d:dc:a2:d3:dd:d9:
         a5:61:af:52:7e:fa:6a:a2:ce:b6:b3:b4:45:8e:da:1f:e6:7a:
         3c:3d:58:e3:3d:5d:46:78:85:7f:b1:83:95:c6:5a:2a:de:39:
         ae:58:6f:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1cWUrl7OHwVEXq4JFy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODdiYzEyZWIyZGUyOWExMDI2YjhmNTZiZThkNDY5ZjJm
NThjZjMwHhcNMjUwMTAxMTc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTE2ZGM2MTMwZWYwNGFkOGFlMzYxODE2NTQ0NWY3M2VmNjhjMGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBC/VxoHiODvzHnsa9eH0pCnvT1e
easYOZ4kOq/sdgtSSPJyJnrloneBwg6cz4tdholfJBBe5gQ1AFsJKRousAwH73db
SbG1Zrc1LdKoxPyo6v60689dlqVsJkBEIICDVsTLckFwe4p1zbtX9x54ToRm+U6r
bRmGxLD22wzuixR79G1zqFgwervJJnoFLFJD6mLuT+RHYIC6X0Ozyegav6FOWbzI
njraM2JMKf8pQ72KBkRrR2piFM9JNqR8X41auY36azxqYAXuWCluWbKmzFE2R7zX
mpGqp/MhapHNzfsbZEPuvJVmRMkgs2GfSj8B6x/xPfQSTTr6F3GC/RMBmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkW3GEw7wStiuNhgWVEX3PvaMC5MB8GA1UdIwQY
MBaAFLWHvBLrLeKaECa49Wvo1Gny9YzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFllOEV1c3Q0cG9RSnJqMWEtalVhZkwxalBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi80YzNlMTktYTQ4OS00ZTNhLWEzYTIt
N2U1MmU3NDljM2FkLzEvU1JiY1lURHZCSzJLNDJHQlpVUmZjLTlvd0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi80YzNlMTktYTQ4OS00ZTNhLWEzYTItN2U1MmU3NDljM2Fk
LzEvdFllOEV1c3Q0cG9RSnJqMWEtalVhZkwxalBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+GYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGRUOMekaTZnNept/guJxrIkeVBAxzV01ViyVIuQ8Z
bo7eRr/543b6nYCJnaUxDSnPDdp77viE5xfN02CXbDKdsTR3tzMx7L6YQvqG5tNK
2AEPvLdH6xxxb+NVS0TbzuEX1NRBYQsNlgDI4yPZT6Nf/tnlEW9mwAxt1wXqyt4U
S2NacGVcdE1Z00BHqv1L8g1ch3T29OboC1R3695fIP5NbcAHY9DXm/MbpCam1wbX
YUXQbf0DLFXYnQ+g+2fTzvf0v9fVhlz0jLlT/A9CoHMDEbqN3KLT3dmlYa9Sfvpq
os62s7RFjtof5no8PVjjPV1GeIV/sYOVxloq3jmuWG8r
-----END CERTIFICATE-----