Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/SbzKQ5ZuE5d10qtGejfj2ks01LQ.roa
File:                     SbzKQ5ZuE5d10qtGejfj2ks01LQ.roa (raw, json)
Hash identifier:          /IE77xZq/Zb+dfD/xh2uWpfIP/F+pigOIyzvCZv26Bk=
Subject key identifier:   49:BC:CA:43:96:6E:13:97:75:D2:AB:46:7A:37:E3:DA:4B:34:D4:B4
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0196A273F5194E2D4CABBFF251831453ABBE
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/SbzKQ5ZuE5d10qtGejfj2ks01LQ.roa
Signing time:             Mon 05 May 2025 21:57:10 +0000
ROA not before:           Mon 05 May 2025 21:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        91.132.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 14:04:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a2:73:f5:19:4e:2d:4c:ab:bf:f2:51:83:14:53:ab:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: May  5 21:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49bcca43966e139775d2ab467a37e3da4b34d4b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:18:22:05:45:39:07:d6:c2:1e:59:5e:e1:
                    dc:3f:c3:6a:38:a4:66:a0:bc:cc:37:09:6b:bd:0b:
                    e8:96:a8:97:b4:95:81:4e:d8:6b:50:d2:7d:6b:67:
                    78:6e:77:fd:2a:ec:9a:5f:46:a3:a8:a7:79:da:d1:
                    52:85:12:ad:76:21:b1:da:77:e5:01:07:97:83:11:
                    27:11:47:d1:6a:9e:8b:d0:a3:88:2f:95:74:92:d6:
                    2a:12:9f:54:d6:20:f5:4d:c6:15:24:22:98:1c:54:
                    21:bb:90:87:1b:10:66:1d:6b:d0:12:bd:8e:61:f4:
                    d1:dc:d8:84:28:5c:21:fd:ba:e0:3e:6a:23:3f:95:
                    ab:9d:9b:dc:70:93:f8:c9:ad:3b:51:1f:e0:c0:68:
                    1d:63:c1:3a:4e:dc:db:3a:f1:c6:85:ad:fc:e7:a8:
                    8b:c8:d2:60:8b:ca:38:c6:3f:8f:ee:40:75:04:24:
                    c3:07:8d:ad:d3:30:05:f1:dc:e5:d5:01:f7:65:24:
                    f3:ad:d3:43:83:76:bc:3d:de:6d:71:11:e8:96:37:
                    22:60:86:14:af:9f:a5:1f:b4:6b:4d:ee:e2:d7:ab:
                    15:8a:8e:6b:9a:c4:c4:e1:6b:25:fd:38:2d:63:e7:
                    c5:49:ba:13:fb:f8:6c:5d:11:64:cc:72:67:0c:15:
                    1f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:BC:CA:43:96:6E:13:97:75:D2:AB:46:7A:37:E3:DA:4B:34:D4:B4
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/SbzKQ5ZuE5d10qtGejfj2ks01LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:5d:da:cb:4b:59:71:12:79:8d:2f:d4:fd:8f:f0:c5:8d:92:
         94:25:cf:33:05:66:f1:72:54:81:f8:28:0b:e5:08:2b:26:5c:
         18:55:cd:5c:a9:80:cc:3d:c3:4f:94:34:57:47:fe:86:92:a6:
         e4:ad:be:81:04:81:5c:9d:84:a7:fa:aa:8d:f1:46:06:e1:ea:
         d2:aa:83:77:17:b4:c0:9b:77:e8:5c:c0:9d:c8:c0:bb:22:a2:
         18:c2:ee:27:62:e6:f8:fc:c1:23:69:7a:bd:c3:31:ca:23:d1:
         60:56:8f:69:3d:67:df:42:7e:5a:2b:16:d2:55:e8:fa:30:52:
         a7:2c:d7:1e:e1:45:aa:43:97:cc:a4:bf:05:b6:55:4f:e6:54:
         2d:44:ac:54:8e:60:76:e8:9b:35:f1:86:28:90:fb:27:0a:1f:
         1e:a7:94:20:37:40:29:92:c4:33:b0:da:99:76:38:e3:73:10:
         28:5f:50:9d:9d:cc:59:4e:bb:ad:c2:cf:7e:8d:21:40:14:ae:
         41:a9:b8:db:0e:67:fd:66:3e:9b:a0:cf:e6:a9:48:f3:7c:bc:
         32:5e:58:12:99:ed:be:da:0e:21:b7:6b:9f:a8:85:42:f9:23:
         49:0f:8e:8e:88:0f:54:e8:5c:a6:98:66:7d:39:e7:5c:00:c5:
         dd:1b:93:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaic/UZTi1Mq7/yUYMUU6u+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwNTA1MjE1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWJjY2E0Mzk2NmUxMzk3NzVkMmFiNDY3YTM3ZTNkYTRiMzRkNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAQYIgVFOQfWwh5ZXuHcP8NqOKRm
oLzMNwlrvQvolqiXtJWBTthrUNJ9a2d4bnf9KuyaX0ajqKd52tFShRKtdiGx2nfl
AQeXgxEnEUfRap6L0KOIL5V0ktYqEp9U1iD1TcYVJCKYHFQhu5CHGxBmHWvQEr2O
YfTR3NiEKFwh/brgPmojP5WrnZvccJP4ya07UR/gwGgdY8E6TtzbOvHGha3856iL
yNJgi8o4xj+P7kB1BCTDB42t0zAF8dzl1QH3ZSTzrdNDg3a8Pd5tcRHoljciYIYU
r5+lH7RrTe7i16sVio5rmsTE4Wsl/TgtY+fFSboT+/hsXRFkzHJnDBUfnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEm8ykOWbhOXddKrRno349pLNNS0MB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvU2J6S1E1WnVFNWQxMHF0R2VqZmoya3MwMUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW4R8MA0G
CSqGSIb3DQEBCwUAA4IBAQBsXdrLS1lxEnmNL9T9j/DFjZKUJc8zBWbxclSB+CgL
5QgrJlwYVc1cqYDMPcNPlDRXR/6Gkqbkrb6BBIFcnYSn+qqN8UYG4erSqoN3F7TA
m3foXMCdyMC7IqIYwu4nYub4/MEjaXq9wzHKI9FgVo9pPWffQn5aKxbSVej6MFKn
LNce4UWqQ5fMpL8FtlVP5lQtRKxUjmB26Js18YYokPsnCh8ep5QgN0ApksQzsNqZ
djjjcxAoX1CdncxZTrutws9+jSFAFK5BqbjbDmf9Zj6boM/mqUjzfLwyXlgSme2+
2g4ht2ufqIVC+SNJD46OiA9U6FymmGZ9OedcAMXdG5P+
-----END CERTIFICATE-----