Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/SsfpjCqWon-84JRVjqSSx794E_8.roa
File:                     SsfpjCqWon-84JRVjqSSx794E_8.roa (raw, json)
Hash identifier:          bZxOl1K6MiS79d4hSzmuqJSsUKG3JD2jqOC3SdesR+g=
Subject key identifier:   4A:C7:E9:8C:2A:96:A2:7F:BC:E0:94:55:8E:A4:92:C7:BF:78:13:FF
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       018CC7257EFC15F02FE23B36182A1A2A9A5F
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/SsfpjCqWon-84JRVjqSSx794E_8.roa
Signing time:             Mon 01 Jan 2024 22:29:32 +0000
ROA not before:           Mon 01 Jan 2024 22:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.167.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:7e:fc:15:f0:2f:e2:3b:36:18:2a:1a:2a:9a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Jan  1 22:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ac7e98c2a96a27fbce094558ea492c7bf7813ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4a:ac:26:52:1d:bb:5f:71:08:c0:19:ee:e4:
                    13:c5:d8:cd:86:97:38:25:6c:46:31:8e:3e:7b:05:
                    57:ed:69:70:0b:fc:44:c2:df:e7:b9:14:90:c8:ed:
                    97:f7:0e:1a:58:b2:48:68:ee:d1:53:e8:09:fe:c3:
                    41:e7:aa:55:e8:bf:86:39:59:72:a1:2a:30:37:ba:
                    8b:27:40:11:50:0d:32:da:85:c3:3f:62:71:74:09:
                    f9:e6:e1:82:5a:9e:5e:db:02:ee:69:6b:a6:ad:f9:
                    59:81:9a:50:f7:4b:64:8e:9e:97:43:fe:97:07:12:
                    3a:7b:3e:b9:b5:f3:2e:94:8b:a2:34:8d:ad:a7:01:
                    c9:45:c8:21:ce:f6:68:1d:f4:9e:e0:85:c6:17:f4:
                    52:6e:94:d1:08:07:8a:11:bd:68:7a:1d:f4:48:77:
                    3c:7a:4d:31:54:39:1b:fa:6f:2a:d0:88:10:05:52:
                    28:c9:1e:7d:b5:f6:4d:da:a0:93:3a:ca:a5:35:65:
                    04:c3:ad:f1:af:70:17:91:d0:36:7a:38:ac:45:1e:
                    3b:e4:2b:e2:e5:a4:bb:3d:03:6d:52:2d:b0:89:96:
                    96:f1:49:ea:8a:93:52:26:48:c6:22:cc:2e:e0:c2:
                    93:bf:66:0c:a4:be:45:5f:f4:87:38:49:bf:5c:d9:
                    94:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C7:E9:8C:2A:96:A2:7F:BC:E0:94:55:8E:A4:92:C7:BF:78:13:FF
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/SsfpjCqWon-84JRVjqSSx794E_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:2a:e1:c4:62:e4:d6:db:ac:01:65:a3:d8:6b:20:78:05:db:
         c0:ad:47:5d:41:1b:4f:a6:22:b6:cc:8d:39:61:8d:82:ab:dc:
         59:64:0b:7c:5e:dd:1f:19:75:51:d1:91:a7:a5:87:73:12:a1:
         0a:cf:90:cb:b4:f2:19:04:f8:08:af:fa:d3:69:f6:b6:a2:04:
         e3:51:18:1c:74:80:d6:fb:e3:72:0a:b7:76:9e:a1:05:2b:e2:
         df:32:50:5e:48:eb:b1:09:02:ca:05:92:77:a6:39:8f:c6:ac:
         12:b2:7a:6f:5e:02:af:2e:e4:f2:05:1c:cb:46:96:e5:1a:64:
         cc:bf:b7:2b:d4:0c:71:4a:7f:fa:c0:4f:7b:c8:22:8f:dd:6b:
         90:b3:eb:ef:3a:2d:39:e6:1a:9b:80:12:3b:5a:80:bd:1e:d4:
         99:60:dc:3d:f1:10:53:ab:b3:69:c6:a1:f8:dd:9b:bb:19:1e:
         73:2a:4a:b7:1a:03:54:b2:50:e0:f6:35:7b:c3:76:28:c7:4d:
         00:8c:a2:0b:0e:1b:ec:8b:0d:71:99:aa:e3:48:7c:ee:69:a8:
         23:19:c2:2b:6f:87:00:3e:de:6d:30:48:07:79:0d:bd:1d:aa:
         c2:2c:fe:f1:c9:e8:49:ca:a8:56:7f:cf:71:28:df:76:aa:00:
         69:f7:67:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJX78FfAv4js2GCoaKppfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjQwMTAxMjIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWM3ZTk4YzJhOTZhMjdmYmNlMDk0NTU4ZWE0OTJjN2JmNzgxM2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UqsJlIdu19xCMAZ7uQTxdjNhpc4
JWxGMY4+ewVX7WlwC/xEwt/nuRSQyO2X9w4aWLJIaO7RU+gJ/sNB56pV6L+GOVly
oSowN7qLJ0ARUA0y2oXDP2JxdAn55uGCWp5e2wLuaWumrflZgZpQ90tkjp6XQ/6X
BxI6ez65tfMulIuiNI2tpwHJRcghzvZoHfSe4IXGF/RSbpTRCAeKEb1oeh30SHc8
ek0xVDkb+m8q0IgQBVIoyR59tfZN2qCTOsqlNWUEw63xr3AXkdA2ejisRR475Cvi
5aS7PQNtUi2wiZaW8UnqipNSJkjGIswu4MKTv2YMpL5FX/SHOEm/XNmUMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErH6YwqlqJ/vOCUVY6kkse/eBP/MB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvU3NmcGpDcVdvbi04NEpSVmpxU1N4Nzk0RV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafqMA0G
CSqGSIb3DQEBCwUAA4IBAQAqKuHEYuTW26wBZaPYayB4BdvArUddQRtPpiK2zI05
YY2Cq9xZZAt8Xt0fGXVR0ZGnpYdzEqEKz5DLtPIZBPgIr/rTafa2ogTjURgcdIDW
++NyCrd2nqEFK+LfMlBeSOuxCQLKBZJ3pjmPxqwSsnpvXgKvLuTyBRzLRpblGmTM
v7cr1AxxSn/6wE97yCKP3WuQs+vvOi055hqbgBI7WoC9HtSZYNw98RBTq7NpxqH4
3Zu7GR5zKkq3GgNUslDg9jV7w3Yox00AjKILDhvsiw1xmarjSHzuaagjGcIrb4cA
Pt5tMEgHeQ29HarCLP7xyehJyqhWf89xKN92qgBp92dO
-----END CERTIFICATE-----