Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/fe088b-2835-4e56-b460-b2835df80eb4/1/SCBfWMemYfF-8w25GIduY_jK7oU.roa
File:                     SCBfWMemYfF-8w25GIduY_jK7oU.roa (raw, json)
Hash identifier:          zAQceYIqn1ZbK7MWI6TAOUxcOt5DXksBFXRBJUTOh+k=
Subject key identifier:   48:20:5F:58:C7:A6:61:F1:7E:F3:0D:B9:18:87:6E:63:F8:CA:EE:85
Certificate issuer:       /CN=11d1b0c1ed4766fd3463d8a3933563202a2b7daf
Certificate serial:       0190306EA6A575BBC35B8C21B94009914CCE
Authority key identifier: 11:D1:B0:C1:ED:47:66:FD:34:63:D8:A3:93:35:63:20:2A:2B:7D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EdGwwe1HZv00Y9ijkzVjICorfa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/fe088b-2835-4e56-b460-b2835df80eb4/1/SCBfWMemYfF-8w25GIduY_jK7oU.roa
Signing time:             Wed 19 Jun 2024 12:17:56 +0000
ROA not before:           Wed 19 Jun 2024 12:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        91.205.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/fe088b-2835-4e56-b460-b2835df80eb4/1/EdGwwe1HZv00Y9ijkzVjICorfa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/fe088b-2835-4e56-b460-b2835df80eb4/1/EdGwwe1HZv00Y9ijkzVjICorfa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EdGwwe1HZv00Y9ijkzVjICorfa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:6e:a6:a5:75:bb:c3:5b:8c:21:b9:40:09:91:4c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11d1b0c1ed4766fd3463d8a3933563202a2b7daf
        Validity
            Not Before: Jun 19 12:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48205f58c7a661f17ef30db918876e63f8caee85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b7:71:af:41:fc:58:73:31:fc:0f:f4:f5:a2:
                    76:34:b2:a1:59:16:16:df:40:0f:5a:81:e2:dd:a3:
                    c7:79:a6:75:e3:19:4c:1c:c8:54:e7:82:b3:df:77:
                    0d:f0:a4:7a:ba:d4:87:5c:ad:d6:76:7f:39:1c:c3:
                    00:c8:c9:15:b0:09:3f:0e:46:df:f7:81:36:a1:e5:
                    a1:62:73:f1:87:53:9b:ef:48:a3:5f:54:77:62:55:
                    c5:03:d0:cd:4b:e0:68:f6:0f:4e:51:fb:28:6c:07:
                    ac:4c:0d:61:34:06:02:c6:37:b8:91:81:53:a2:6e:
                    60:49:84:ea:45:15:a7:b7:67:f6:57:38:57:d2:17:
                    39:ed:9b:88:5a:7d:fc:8a:2f:82:b5:76:f7:44:d8:
                    d9:4b:41:64:a0:1c:23:e6:65:44:9d:2b:ca:e6:64:
                    d0:de:0c:66:ad:e2:4f:39:de:32:fd:b9:7b:4d:91:
                    d3:df:ea:6a:14:80:51:33:df:7d:be:dd:54:52:da:
                    82:78:57:4b:9c:3d:23:9a:e7:d2:2a:b8:ec:95:60:
                    92:8f:7b:7b:d4:3b:f6:e3:b7:93:6a:32:44:d7:f3:
                    c2:c2:d2:34:24:6c:59:46:26:bd:a0:37:f9:03:5b:
                    ad:77:9d:9c:9e:d0:07:7e:da:2d:f6:40:09:3a:9e:
                    eb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:20:5F:58:C7:A6:61:F1:7E:F3:0D:B9:18:87:6E:63:F8:CA:EE:85
            X509v3 Authority Key Identifier:
                keyid:11:D1:B0:C1:ED:47:66:FD:34:63:D8:A3:93:35:63:20:2A:2B:7D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EdGwwe1HZv00Y9ijkzVjICorfa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/fe088b-2835-4e56-b460-b2835df80eb4/1/SCBfWMemYfF-8w25GIduY_jK7oU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/fe088b-2835-4e56-b460-b2835df80eb4/1/EdGwwe1HZv00Y9ijkzVjICorfa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:bf:f2:3f:4a:8e:7e:d8:55:60:8e:59:8a:19:cf:a8:ce:6e:
         5e:af:58:57:5f:10:44:97:e1:22:80:13:66:cd:f5:a0:8f:91:
         a9:0f:13:e2:7b:94:2c:10:9e:e0:19:0b:74:76:64:e5:5e:28:
         84:ee:09:ea:d3:f7:ce:16:23:ef:12:fc:d3:7c:13:1f:76:5a:
         4e:ff:7b:21:ee:46:12:7b:4f:05:d7:12:b4:75:5a:a6:58:ad:
         00:0e:12:84:1f:48:60:ce:ea:7a:dd:65:cf:40:38:79:f8:8e:
         8f:33:db:08:e4:9a:27:ad:21:08:d3:02:f5:86:b1:fa:e1:0b:
         3d:85:0f:48:6d:e2:b9:fe:10:7e:ce:48:b7:f2:fa:c2:53:06:
         c2:38:2d:32:d2:8f:d7:7b:09:d3:fb:ad:9a:20:fc:3f:a5:23:
         b6:4c:8b:58:95:9e:5d:af:fa:ff:2e:5c:e5:94:c1:c2:8c:a1:
         93:ab:a2:02:09:33:4f:46:05:5a:c7:03:7f:75:d1:13:e7:0e:
         7b:c3:19:20:3a:3a:d7:63:a1:a7:95:63:c0:f0:a9:c8:1a:79:
         53:d9:cb:ed:23:2e:ea:bd:f2:6a:81:e6:8f:8d:8a:4a:1e:71:
         3f:b5:ef:3f:c1:9b:18:22:51:82:13:9c:88:5f:86:4a:6e:11:
         c6:53:fe:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAwbqaldbvDW4whuUAJkUzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZDFiMGMxZWQ0NzY2ZmQzNDYzZDhhMzkzMzU2MzIwMmEy
YjdkYWYwHhcNMjQwNjE5MTIxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODIwNWY1OGM3YTY2MWYxN2VmMzBkYjkxODg3NmU2M2Y4Y2FlZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrdxr0H8WHMx/A/09aJ2NLKhWRYW
30APWoHi3aPHeaZ14xlMHMhU54Kz33cN8KR6utSHXK3Wdn85HMMAyMkVsAk/Dkbf
94E2oeWhYnPxh1Ob70ijX1R3YlXFA9DNS+Bo9g9OUfsobAesTA1hNAYCxje4kYFT
om5gSYTqRRWnt2f2VzhX0hc57ZuIWn38ii+CtXb3RNjZS0FkoBwj5mVEnSvK5mTQ
3gxmreJPOd4y/bl7TZHT3+pqFIBRM999vt1UUtqCeFdLnD0jmufSKrjslWCSj3t7
1Dv247eTajJE1/PCwtI0JGxZRia9oDf5A1utd52cntAHftot9kAJOp7r0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEggX1jHpmHxfvMNuRiHbmP4yu6FMB8GA1UdIwQY
MBaAFBHRsMHtR2b9NGPYo5M1YyAqK32vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWRHd3dlMUhadjAwWTlpamt6VmpJQ29yZmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9mZTA4OGItMjgzNS00ZTU2LWI0NjAt
YjI4MzVkZjgwZWI0LzEvU0NCZldNZW1ZZkYtOHcyNUdJZHVZX2pLN29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9mZTA4OGItMjgzNS00ZTU2LWI0NjAtYjI4MzVkZjgwZWI0
LzEvRWRHd3dlMUhadjAwWTlpamt6VmpJQ29yZmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW82cMA0G
CSqGSIb3DQEBCwUAA4IBAQAsv/I/So5+2FVgjlmKGc+ozm5er1hXXxBEl+EigBNm
zfWgj5GpDxPie5QsEJ7gGQt0dmTlXiiE7gnq0/fOFiPvEvzTfBMfdlpO/3sh7kYS
e08F1xK0dVqmWK0ADhKEH0hgzup63WXPQDh5+I6PM9sI5JonrSEI0wL1hrH64Qs9
hQ9IbeK5/hB+zki38vrCUwbCOC0y0o/XewnT+62aIPw/pSO2TItYlZ5dr/r/Llzl
lMHCjKGTq6ICCTNPRgVaxwN/ddET5w57wxkgOjrXY6GnlWPA8KnIGnlT2cvtIy7q
vfJqgeaPjYpKHnE/te8/wZsYIlGCE5yIX4ZKbhHGU/6z
-----END CERTIFICATE-----