Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/SHMK1zjc2x_2KfkNxx7TDSZ_iwY.roa
File:                     SHMK1zjc2x_2KfkNxx7TDSZ_iwY.roa (raw, json)
Hash identifier:          gfMmEHsmC6I+UfHzgGDhfFiipTZn3OsIQnum5FQ2sOM=
Subject key identifier:   48:73:0A:D7:38:DC:DB:1F:F6:29:F9:0D:C7:1E:D3:0D:26:7F:8B:06
Certificate issuer:       /CN=7bbf58975b81e8f9f9c15e4d8b899190cec00687
Certificate serial:       018CC8DCD47EC0F4B9DF92BDBF8C73611CF7
Authority key identifier: 7B:BF:58:97:5B:81:E8:F9:F9:C1:5E:4D:8B:89:91:90:CE:C0:06:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/SHMK1zjc2x_2KfkNxx7TDSZ_iwY.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199181
IP address blocks:        194.31.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d4:7e:c0:f4:b9:df:92:bd:bf:8c:73:61:1c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbf58975b81e8f9f9c15e4d8b899190cec00687
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48730ad738dcdb1ff629f90dc71ed30d267f8b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:98:95:7e:60:19:87:7f:b3:a8:62:c8:d8:d7:
                    88:45:23:03:68:9c:43:45:b0:ce:02:2d:ed:76:a2:
                    09:24:bd:ec:41:2f:af:2b:3f:e2:78:9f:a1:74:36:
                    c9:7e:53:f4:d0:d7:92:eb:3d:a4:1d:71:a9:3b:ed:
                    ae:78:9e:2c:a8:4b:b1:e0:2f:e7:fe:36:90:d8:3b:
                    af:aa:78:af:de:75:92:04:b0:03:fe:35:32:32:ce:
                    6c:09:7a:ef:99:96:4c:ab:8c:3c:e9:6e:fd:53:79:
                    2e:23:b7:af:1f:ee:97:ae:b2:cf:2b:af:7b:73:0f:
                    00:02:20:48:30:88:69:37:f3:45:da:c0:c6:25:81:
                    40:c5:e9:d6:8e:e0:78:cb:0c:54:88:27:ea:93:f5:
                    09:32:25:4a:91:af:cb:b1:42:bb:e1:0e:bb:1b:17:
                    4f:5e:ea:0e:a7:41:c0:78:0e:9c:28:d7:02:b4:a7:
                    25:17:21:9b:87:e8:e5:63:da:e1:b1:ef:ee:21:b8:
                    d8:db:0b:ad:44:56:e0:3c:76:23:ee:c7:8e:0f:2f:
                    4a:1e:9a:d1:9a:5f:3e:5b:6c:1e:f1:3d:b1:fc:2a:
                    6b:39:43:35:7e:8a:1c:7c:7a:83:8e:f4:e3:32:7b:
                    1a:1f:4e:3f:1b:45:be:f1:1b:f1:6d:57:b5:f6:d9:
                    71:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:73:0A:D7:38:DC:DB:1F:F6:29:F9:0D:C7:1E:D3:0D:26:7F:8B:06
            X509v3 Authority Key Identifier:
                keyid:7B:BF:58:97:5B:81:E8:F9:F9:C1:5E:4D:8B:89:91:90:CE:C0:06:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/SHMK1zjc2x_2KfkNxx7TDSZ_iwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f6:7f:29:4f:92:9f:a5:84:ba:d9:46:f6:2b:6f:36:d8:d7:
         cf:8b:8c:98:a3:74:65:eb:65:bc:dd:c9:7b:82:b4:24:f7:8a:
         40:54:c2:8c:ba:92:fe:f9:89:f5:47:33:b1:21:cb:ae:c6:b0:
         16:97:a3:e0:0b:f7:65:a2:4f:38:ea:2f:3e:a0:6c:93:50:97:
         c1:2e:7d:fb:26:7e:5a:ce:92:54:44:06:67:13:37:a9:df:95:
         2e:27:45:d6:2e:9d:7f:f7:74:37:96:3d:68:eb:0a:44:d9:c4:
         21:48:6d:18:03:a5:55:56:c3:76:db:e5:83:19:7f:0a:3e:18:
         f4:44:24:dd:76:df:1e:a4:d9:28:fa:42:74:22:ce:9b:36:22:
         84:37:93:fb:31:9c:f9:89:d2:e2:aa:8d:0c:76:7d:b9:b9:9d:
         3f:68:2b:54:e4:fb:8c:2b:ba:f6:1e:a1:6e:fe:c4:0a:2e:e1:
         18:36:48:c6:88:34:91:db:51:cf:8a:c0:a3:00:34:da:fc:c3:
         dc:f7:3b:06:14:00:e5:40:58:4b:4e:ea:f5:4a:8b:70:1a:6f:
         c5:94:85:b6:6f:96:59:b7:cb:92:74:63:24:0f:96:57:97:a1:
         d2:45:35:b4:39:a0:a3:ee:48:1f:1c:73:9e:b3:35:5e:2f:c8:
         fd:1b:5a:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NR+wPS535K9v4xzYRz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmY1ODk3NWI4MWU4ZjlmOWMxNWU0ZDhiODk5MTkwY2Vj
MDA2ODcwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODczMGFkNzM4ZGNkYjFmZjYyOWY5MGRjNzFlZDMwZDI2N2Y4YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJiVfmAZh3+zqGLI2NeIRSMDaJxD
RbDOAi3tdqIJJL3sQS+vKz/ieJ+hdDbJflP00NeS6z2kHXGpO+2ueJ4sqEux4C/n
/jaQ2Duvqniv3nWSBLAD/jUyMs5sCXrvmZZMq4w86W79U3kuI7evH+6XrrLPK697
cw8AAiBIMIhpN/NF2sDGJYFAxenWjuB4ywxUiCfqk/UJMiVKka/LsUK74Q67GxdP
XuoOp0HAeA6cKNcCtKclFyGbh+jlY9rhse/uIbjY2wutRFbgPHYj7seODy9KHprR
ml8+W2we8T2x/CprOUM1foocfHqDjvTjMnsaH04/G0W+8RvxbVe19tlxSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhzCtc43Nsf9in5Dcce0w0mf4sGMB8GA1UdIwQY
MBaAFHu/WJdbgej5+cFeTYuJkZDOwAaHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTc5WWwxdUI2UG41d1Y1Tmk0bVJrTTdBQm9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wZWE5Y2EtYWM5Ny00M2YwLTg1Nzct
MWM3MGQxZTdiNzgyLzEvU0hNSzF6amMyeF8yS2ZrTnh4N1REU1pfaXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wZWE5Y2EtYWM5Ny00M2YwLTg1NzctMWM3MGQxZTdiNzgy
LzEvZTc5WWwxdUI2UG41d1Y1Tmk0bVJrTTdBQm9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh/9MA0G
CSqGSIb3DQEBCwUAA4IBAQAv9n8pT5KfpYS62Ub2K2822NfPi4yYo3Rl62W83cl7
grQk94pAVMKMupL++Yn1RzOxIcuuxrAWl6PgC/dlok846i8+oGyTUJfBLn37Jn5a
zpJURAZnEzep35UuJ0XWLp1/93Q3lj1o6wpE2cQhSG0YA6VVVsN22+WDGX8KPhj0
RCTddt8epNko+kJ0Is6bNiKEN5P7MZz5idLiqo0Mdn25uZ0/aCtU5PuMK7r2HqFu
/sQKLuEYNkjGiDSR21HPisCjADTa/MPc9zsGFADlQFhLTur1SotwGm/FlIW2b5ZZ
t8uSdGMkD5ZXl6HSRTW0OaCj7kgfHHOeszVeL8j9G1qs
-----END CERTIFICATE-----