Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/sm6o9-wKEkqJWRlmpJRrK4tU7O4.roa
File:                     sm6o9-wKEkqJWRlmpJRrK4tU7O4.roa (raw, json)
Hash identifier:          J67o4BC977NPU+WUAlYoVCom6jn7snzVTMmmfs2coJc=
Subject key identifier:   B2:6E:A8:F7:EC:0A:12:4A:89:59:19:66:A4:94:6B:2B:8B:54:EC:EE
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018CCA2A41B8F5421A06F2A7475525520746
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/sm6o9-wKEkqJWRlmpJRrK4tU7O4.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        80.71.228.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:41:b8:f5:42:1a:06:f2:a7:47:55:25:52:07:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b26ea8f7ec0a124a89591966a4946b2b8b54ecee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9e:15:e3:3f:57:1d:c7:e1:2a:a7:96:f6:d4:
                    29:b3:5e:a6:b2:ed:af:ca:a2:7a:c5:3d:35:ae:4d:
                    ca:0f:f6:77:ed:19:cf:44:5a:37:7f:c4:5a:12:21:
                    32:79:52:0b:ed:f3:8b:0a:46:e0:a9:c6:16:d8:69:
                    08:17:e2:e8:1b:92:8b:94:50:7e:cd:0b:6d:98:2b:
                    d3:d2:a8:88:1f:e0:08:73:3d:25:ba:2c:16:16:de:
                    d6:fe:d8:d9:91:68:ff:a0:7d:fb:1c:02:05:3c:5c:
                    22:4e:d5:a6:c8:1f:9b:02:30:54:d4:e9:e7:d3:ad:
                    3b:5f:f9:a0:ce:a5:d5:94:34:1e:dc:38:0b:b4:5b:
                    70:35:1f:ac:49:18:fc:2d:c2:10:0a:99:12:3e:61:
                    07:cd:25:46:46:40:b8:04:31:c3:70:99:cd:17:06:
                    2e:0b:a8:fc:cb:dc:a3:88:7f:bb:4c:41:78:01:c9:
                    ed:25:1b:7b:2f:7e:76:c3:14:f3:be:81:9c:c3:f1:
                    af:6e:10:0f:38:97:30:96:98:5f:da:bb:c7:a5:dc:
                    60:cf:59:a5:69:1e:ba:b8:50:d8:13:ce:19:a3:a8:
                    1d:9b:42:a4:b3:78:b6:54:31:6b:df:65:b6:14:27:
                    0b:82:01:16:dc:1e:82:61:92:f1:8f:3e:0b:5e:fb:
                    eb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:6E:A8:F7:EC:0A:12:4A:89:59:19:66:A4:94:6B:2B:8B:54:EC:EE
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/sm6o9-wKEkqJWRlmpJRrK4tU7O4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:8a:15:76:20:d9:bd:2d:c0:38:ec:06:f9:8e:00:44:b6:68:
         36:fa:f5:6b:7a:80:5b:f1:05:fc:1a:85:9d:20:15:10:32:32:
         b7:60:d8:d4:93:fc:30:fe:b8:42:fa:c8:f9:32:ed:b6:9a:cc:
         c1:30:12:d5:4f:39:0e:b6:33:6f:91:de:c1:7e:00:21:89:e2:
         f7:ec:53:a4:82:55:af:21:98:84:d2:68:55:35:3e:72:c1:45:
         2f:2d:96:42:7d:34:c4:0b:aa:c2:40:00:42:9b:97:cb:1e:a3:
         b0:19:a0:ba:33:83:18:7c:76:12:17:82:ef:04:a0:7c:a5:26:
         b6:9a:7f:c3:ee:5f:9b:cf:22:4f:05:06:df:0c:e7:7f:69:95:
         f5:c9:1a:07:7c:54:32:1f:84:94:db:e2:d5:ac:92:95:dd:2e:
         b3:74:ec:7b:6d:3f:05:bc:b1:65:5a:b0:27:41:31:0f:c5:5c:
         9c:98:4a:83:7c:6b:c5:7a:28:42:50:9f:49:57:be:f5:f6:ec:
         fc:3c:88:e9:1e:6b:02:12:6b:bf:6a:e3:92:f5:79:67:3d:57:
         03:32:3a:2b:b9:3e:7f:84:24:6b:39:fc:09:79:79:c3:f1:9b:
         ee:a7:d5:48:26:e4:d5:78:bf:f8:b9:7f:2f:92:dd:28:10:5f:
         b1:cc:17:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkG49UIaBvKnR1UlUgdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjZlYThmN2VjMGExMjRhODk1OTE5NjZhNDk0NmIyYjhiNTRlY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnp4V4z9XHcfhKqeW9tQps16msu2v
yqJ6xT01rk3KD/Z37RnPRFo3f8RaEiEyeVIL7fOLCkbgqcYW2GkIF+LoG5KLlFB+
zQttmCvT0qiIH+AIcz0luiwWFt7W/tjZkWj/oH37HAIFPFwiTtWmyB+bAjBU1Onn
0607X/mgzqXVlDQe3DgLtFtwNR+sSRj8LcIQCpkSPmEHzSVGRkC4BDHDcJnNFwYu
C6j8y9yjiH+7TEF4AcntJRt7L352wxTzvoGcw/GvbhAPOJcwlphf2rvHpdxgz1ml
aR66uFDYE84Zo6gdm0Kks3i2VDFr32W2FCcLggEW3B6CYZLxjz4LXvvrTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJuqPfsChJKiVkZZqSUayuLVOzuMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvc202bzktd0tFa3FKV1JsbXBKUnJLNHRVN080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUEfkMA0G
CSqGSIb3DQEBCwUAA4IBAQB2ihV2INm9LcA47Ab5jgBEtmg2+vVreoBb8QX8GoWd
IBUQMjK3YNjUk/ww/rhC+sj5Mu22mszBMBLVTzkOtjNvkd7BfgAhieL37FOkglWv
IZiE0mhVNT5ywUUvLZZCfTTEC6rCQABCm5fLHqOwGaC6M4MYfHYSF4LvBKB8pSa2
mn/D7l+bzyJPBQbfDOd/aZX1yRoHfFQyH4SU2+LVrJKV3S6zdOx7bT8FvLFlWrAn
QTEPxVycmEqDfGvFeihCUJ9JV7719uz8PIjpHmsCEmu/auOS9XlnPVcDMjoruT5/
hCRrOfwJeXnD8Zvup9VIJuTVeL/4uX8vkt0oEF+xzBey
-----END CERTIFICATE-----