Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/41c79d-592b-44ad-8693-f2e058957bc9/1/N8Zb-biw1wfAFupdAUtBfponPn8.roa
File:                     N8Zb-biw1wfAFupdAUtBfponPn8.roa (raw, json)
Hash identifier:          aaRGvbS7ju/5DtoBePVQOBOjZ3nLCHaJt11/70+oSfw=
Subject key identifier:   37:C6:5B:F9:B8:B0:D7:07:C0:16:EA:5D:01:4B:41:7E:9A:27:3E:7F
Certificate issuer:       /CN=48afa1174b0eeea28e7031f017a93ebe5de428e4
Certificate serial:       018CC493814D31B97F113858D90244500045
Authority key identifier: 48:AF:A1:17:4B:0E:EE:A2:8E:70:31:F0:17:A9:3E:BE:5D:E4:28:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SK-hF0sO7qKOcDHwF6k-vl3kKOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/41c79d-592b-44ad-8693-f2e058957bc9/1/N8Zb-biw1wfAFupdAUtBfponPn8.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200981
IP address blocks:        148.64.57.0/24 maxlen: 24
                          148.64.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/41c79d-592b-44ad-8693-f2e058957bc9/1/SK-hF0sO7qKOcDHwF6k-vl3kKOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/41c79d-592b-44ad-8693-f2e058957bc9/1/SK-hF0sO7qKOcDHwF6k-vl3kKOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SK-hF0sO7qKOcDHwF6k-vl3kKOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:81:4d:31:b9:7f:11:38:58:d9:02:44:50:00:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48afa1174b0eeea28e7031f017a93ebe5de428e4
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37c65bf9b8b0d707c016ea5d014b417e9a273e7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3c:2b:0e:95:e4:14:ff:46:82:11:24:53:7d:
                    0e:fa:7a:eb:1e:f1:61:cc:71:f2:0b:a1:c7:22:63:
                    e6:18:ac:64:ae:25:61:2c:ac:31:46:61:1c:09:5a:
                    c0:7a:5c:ed:7e:8f:1c:58:05:68:ca:40:23:2e:14:
                    04:db:94:6a:c8:74:08:6e:ae:3d:43:a6:be:c1:23:
                    1a:00:a7:ae:77:d5:0c:44:bd:76:f8:6f:56:e8:ad:
                    b5:69:43:a6:c9:58:f0:11:7a:59:8f:cb:ca:8a:64:
                    ee:55:09:d9:14:60:f1:30:a5:0e:e7:64:e0:be:1c:
                    fd:bc:92:6a:e1:e0:e5:1f:f7:57:76:e5:8c:4b:53:
                    76:75:f5:88:53:86:f9:8d:6a:30:d1:12:7e:f6:92:
                    18:6b:a3:d7:20:32:ce:92:e5:ad:7e:2e:53:12:1a:
                    32:fe:62:8d:96:8d:7a:66:34:40:e3:16:91:39:f1:
                    08:93:e4:5d:c6:52:cf:11:e6:ba:1b:7e:43:20:7d:
                    72:c0:dd:dc:0f:81:4d:5f:dc:5c:ce:ac:bf:e7:88:
                    d5:9a:61:96:e8:d0:68:3b:a9:4a:2e:a0:57:83:ea:
                    ce:b1:4b:c1:bd:3b:38:20:ac:ca:a4:90:31:97:63:
                    62:4a:fc:c7:6c:4e:ff:ca:d4:5c:31:35:e3:03:51:
                    7d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C6:5B:F9:B8:B0:D7:07:C0:16:EA:5D:01:4B:41:7E:9A:27:3E:7F
            X509v3 Authority Key Identifier:
                keyid:48:AF:A1:17:4B:0E:EE:A2:8E:70:31:F0:17:A9:3E:BE:5D:E4:28:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SK-hF0sO7qKOcDHwF6k-vl3kKOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/41c79d-592b-44ad-8693-f2e058957bc9/1/N8Zb-biw1wfAFupdAUtBfponPn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/41c79d-592b-44ad-8693-f2e058957bc9/1/SK-hF0sO7qKOcDHwF6k-vl3kKOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.64.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:e6:06:92:b3:06:97:a0:d7:10:72:98:d5:1f:9c:57:7d:1f:
         2d:b8:02:40:07:49:b7:75:54:8d:8c:a0:2d:87:04:c8:d9:10:
         a2:a8:dc:3f:68:5a:71:a9:6e:a6:ca:4f:6c:09:d6:c1:a1:10:
         7e:9e:96:5a:3b:0b:d9:58:61:a0:80:4d:97:1a:21:b9:7d:b2:
         76:bd:57:1a:53:93:85:8b:2e:b1:a3:f3:08:f9:dd:fa:bb:60:
         2b:c7:77:c7:3d:5d:60:27:26:b3:68:20:5c:4f:b9:d8:80:bd:
         60:54:0f:d5:cf:82:61:94:32:61:96:23:82:20:52:92:0d:a4:
         09:5c:4e:71:6b:57:ec:c4:89:b7:bd:38:1a:92:1c:b9:31:31:
         86:3a:75:72:8b:12:99:ba:de:60:24:d3:44:7e:27:ef:31:e4:
         7c:43:b1:19:36:48:09:66:7d:d5:2c:e0:06:4e:20:a5:54:67:
         a2:83:37:12:d0:de:51:ba:65:f2:b8:18:63:8f:9b:6b:98:85:
         09:77:a4:9c:58:35:31:8c:59:2f:52:7c:47:1a:fd:b3:a0:2d:
         ae:78:74:79:94:d2:5b:41:ea:e8:b8:84:a4:00:22:e6:27:2b:
         13:70:ec:90:3c:2a:ff:ce:93:c5:b4:31:38:1e:00:3e:f6:86:
         47:c1:ad:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4FNMbl/EThY2QJEUABFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YWZhMTE3NGIwZWVlYTI4ZTcwMzFmMDE3YTkzZWJlNWRl
NDI4ZTQwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2M2NWJmOWI4YjBkNzA3YzAxNmVhNWQwMTRiNDE3ZTlhMjczZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDwrDpXkFP9GghEkU30O+nrrHvFh
zHHyC6HHImPmGKxkriVhLKwxRmEcCVrAelztfo8cWAVoykAjLhQE25RqyHQIbq49
Q6a+wSMaAKeud9UMRL12+G9W6K21aUOmyVjwEXpZj8vKimTuVQnZFGDxMKUO52Tg
vhz9vJJq4eDlH/dXduWMS1N2dfWIU4b5jWow0RJ+9pIYa6PXIDLOkuWtfi5TEhoy
/mKNlo16ZjRA4xaROfEIk+RdxlLPEea6G35DIH1ywN3cD4FNX9xczqy/54jVmmGW
6NBoO6lKLqBXg+rOsUvBvTs4IKzKpJAxl2NiSvzHbE7/ytRcMTXjA1F9AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfGW/m4sNcHwBbqXQFLQX6aJz5/MB8GA1UdIwQY
MBaAFEivoRdLDu6ijnAx8BepPr5d5CjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0staEYwc083cUtPY0RId0Y2ay12bDNrS09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy80MWM3OWQtNTkyYi00NGFkLTg2OTMt
ZjJlMDU4OTU3YmM5LzEvTjhaYi1iaXcxd2ZBRnVwZEFVdEJmcG9uUG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy80MWM3OWQtNTkyYi00NGFkLTg2OTMtZjJlMDU4OTU3YmM5
LzEvU0staEYwc083cUtPY0RId0Y2ay12bDNrS09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBlEA4MA0G
CSqGSIb3DQEBCwUAA4IBAQBJ5gaSswaXoNcQcpjVH5xXfR8tuAJAB0m3dVSNjKAt
hwTI2RCiqNw/aFpxqW6myk9sCdbBoRB+npZaOwvZWGGggE2XGiG5fbJ2vVcaU5OF
iy6xo/MI+d36u2Arx3fHPV1gJyazaCBcT7nYgL1gVA/Vz4JhlDJhliOCIFKSDaQJ
XE5xa1fsxIm3vTgakhy5MTGGOnVyixKZut5gJNNEfifvMeR8Q7EZNkgJZn3VLOAG
TiClVGeigzcS0N5RumXyuBhjj5trmIUJd6ScWDUxjFkvUnxHGv2zoC2ueHR5lNJb
QerouISkACLmJysTcOyQPCr/zpPFtDE4HgA+9oZHwa3W
-----END CERTIFICATE-----