Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sfAornT-182997IYXnv2PcPBzm0.roa
File:                     sfAornT-182997IYXnv2PcPBzm0.roa (raw, json)
Hash identifier:          sdQthLq59FtIxlY3dR7lUjfN1KD3ZuM8CiUcmbAV4zM=
Subject key identifier:   B1:F0:28:AE:74:FE:D7:CD:BD:F7:B2:18:5E:7B:F6:3D:C3:C1:CE:6D
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0196381BD65A078BF075CF9169F65056C561
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sfAornT-182997IYXnv2PcPBzm0.roa
Signing time:             Tue 15 Apr 2025 06:21:10 +0000
ROA not before:           Tue 15 Apr 2025 06:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        202.71.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:1b:d6:5a:07:8b:f0:75:cf:91:69:f6:50:56:c5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 15 06:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1f028ae74fed7cdbdf7b2185e7bf63dc3c1ce6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b2:de:e1:a7:d2:b9:f7:7f:95:e9:58:bf:bf:
                    e1:8b:bf:cd:05:93:b7:86:1e:d7:9d:10:6c:ac:b8:
                    d2:b8:51:21:73:e2:5c:ef:99:26:27:26:3e:04:a6:
                    25:3c:c9:97:cd:19:6c:fc:72:e9:bc:15:1a:b4:e7:
                    8a:0d:b9:be:67:6c:22:7a:ef:af:5d:2b:77:51:82:
                    b1:ea:5d:78:44:c4:d3:86:b5:9a:52:f1:8e:13:7f:
                    43:71:26:b2:1a:64:41:eb:b1:b3:71:aa:cd:10:68:
                    e5:01:e7:2a:29:5a:96:51:1e:d5:77:94:b5:1e:7d:
                    cc:11:c1:4b:7f:d6:5c:57:5d:68:55:5e:05:1d:19:
                    c2:5e:72:88:06:be:cd:1a:01:33:92:09:92:c9:22:
                    14:8f:4d:31:e2:12:88:8f:bb:33:ed:d2:fa:ce:b2:
                    7e:3f:ce:7c:0b:18:06:ed:e7:42:67:f8:69:30:ae:
                    08:a9:67:e9:7c:77:f2:fb:0f:d3:98:a1:56:64:14:
                    24:22:d6:b2:e8:34:7b:d2:68:9e:92:4d:2a:61:33:
                    aa:d3:1c:66:a5:a3:fc:9b:2f:5c:d0:a6:d7:11:ee:
                    e5:2d:00:31:5b:e9:5b:8e:a7:3d:f8:2b:0d:a9:80:
                    9b:9a:8b:fd:1b:5b:cb:f9:9f:10:a7:76:c5:f3:1b:
                    1c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F0:28:AE:74:FE:D7:CD:BD:F7:B2:18:5E:7B:F6:3D:C3:C1:CE:6D
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/sfAornT-182997IYXnv2PcPBzm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.71.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:3f:15:3b:8d:26:af:b2:3a:bf:69:25:0d:fe:6d:22:01:9d:
         ce:a1:cf:69:34:da:c8:5c:ad:66:f4:d5:fb:bd:24:08:b8:22:
         ba:ad:97:69:ea:7b:ea:83:90:31:f3:d9:40:fd:1d:90:9f:90:
         27:40:72:ab:94:54:06:d0:c4:7a:af:df:7f:4d:4c:4c:d1:5e:
         c8:dc:e0:58:bd:4e:46:77:3e:66:ee:45:c6:98:92:6e:6b:64:
         91:3d:40:2d:39:55:c1:47:c6:f9:95:4c:b1:3b:8f:1b:4b:90:
         57:a9:a2:b0:38:ff:32:1e:e8:4e:f8:7c:ae:c4:4d:b8:bf:08:
         e5:4d:1e:ae:30:27:e0:04:21:70:38:c6:aa:c3:2e:1f:1c:dd:
         d1:19:2f:58:81:b7:63:8e:e2:e0:a0:f4:aa:3e:bd:d0:82:68:
         f4:21:99:06:26:6b:68:86:cd:6f:04:28:8a:b3:43:ee:bb:79:
         33:58:78:be:eb:f5:c7:56:22:80:b0:07:6c:65:62:d0:f0:3e:
         82:ec:84:5c:c6:67:a4:a3:66:8e:7a:7c:7f:f0:36:9d:0c:00:
         7b:54:95:60:b2:df:b1:2f:99:2b:be:10:4c:0b:3a:a5:b8:26:
         47:58:6e:a6:f1:21:c3:ea:5a:79:7b:37:85:a6:39:d7:85:ef:
         5a:3e:17:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY4G9ZaB4vwdc+RafZQVsVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNDE1MDYyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWYwMjhhZTc0ZmVkN2NkYmRmN2IyMTg1ZTdiZjYzZGMzYzFjZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrLe4afSufd/lelYv7/hi7/NBZO3
hh7XnRBsrLjSuFEhc+Jc75kmJyY+BKYlPMmXzRls/HLpvBUatOeKDbm+Z2wieu+v
XSt3UYKx6l14RMTThrWaUvGOE39DcSayGmRB67GzcarNEGjlAecqKVqWUR7Vd5S1
Hn3MEcFLf9ZcV11oVV4FHRnCXnKIBr7NGgEzkgmSySIUj00x4hKIj7sz7dL6zrJ+
P858CxgG7edCZ/hpMK4IqWfpfHfy+w/TmKFWZBQkItay6DR70miekk0qYTOq0xxm
paP8my9c0KbXEe7lLQAxW+lbjqc9+CsNqYCbmov9G1vL+Z8Qp3bF8xscgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHwKK50/tfNvfeyGF579j3Dwc5tMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvc2ZBb3JuVC0xODI5OTdJWVhudjJQY1BCem0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAykcMMA0G
CSqGSIb3DQEBCwUAA4IBAQA6PxU7jSavsjq/aSUN/m0iAZ3Ooc9pNNrIXK1m9NX7
vSQIuCK6rZdp6nvqg5Ax89lA/R2Qn5AnQHKrlFQG0MR6r99/TUxM0V7I3OBYvU5G
dz5m7kXGmJJua2SRPUAtOVXBR8b5lUyxO48bS5BXqaKwOP8yHuhO+HyuxE24vwjl
TR6uMCfgBCFwOMaqwy4fHN3RGS9YgbdjjuLgoPSqPr3Qgmj0IZkGJmtohs1vBCiK
s0Puu3kzWHi+6/XHViKAsAdsZWLQ8D6C7IRcxmeko2aOenx/8DadDAB7VJVgst+x
L5krvhBMCzqluCZHWG6m8SHD6lp5ezeFpjnXhe9aPhdX
-----END CERTIFICATE-----