Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/SMbCSoNpPj8EZajHVs9rZmq4c-o.roa
File:                     SMbCSoNpPj8EZajHVs9rZmq4c-o.roa (raw, json)
Hash identifier:          dm4AzwapBV15gTN0T5eVJhxLXeI0mHVdDUlvroY93XM=
Subject key identifier:   48:C6:C2:4A:83:69:3E:3F:04:65:A8:C7:56:CF:6B:66:6A:B8:73:EA
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC795342A3561C069588FC5AFF85D86BC
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/SMbCSoNpPj8EZajHVs9rZmq4c-o.roa
Signing time:             Tue 02 Jan 2024 00:31:33 +0000
ROA not before:           Tue 02 Jan 2024 00:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206152
IP address blocks:        193.233.163.0/24 maxlen: 24
                          193.233.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:34:2a:35:61:c0:69:58:8f:c5:af:f8:5d:86:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48c6c24a83693e3f0465a8c756cf6b666ab873ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ce:e4:d4:3b:a2:6f:fb:c3:99:8a:b0:7d:29:
                    9e:8b:52:b3:55:3a:54:66:5a:c7:33:fd:e2:b3:6d:
                    d9:e4:68:b1:e4:63:14:74:14:93:00:a2:fe:d7:e0:
                    fb:c1:cd:16:a0:45:0a:57:b5:dc:ed:08:32:0e:67:
                    b4:9c:e1:8a:18:14:f1:09:14:96:fb:10:fa:5b:c8:
                    e5:86:f6:de:9e:23:d5:27:af:c7:70:2e:b2:93:67:
                    ff:87:2d:f2:7e:25:05:fa:97:b5:2c:39:eb:7e:73:
                    5f:1d:18:b1:f5:67:c2:3c:f5:cd:86:b8:a3:dd:f2:
                    fe:a4:52:65:8a:5d:82:24:30:02:0c:98:0a:62:58:
                    7b:cf:8b:a6:83:c7:2b:52:f9:7b:57:7d:e2:cc:2f:
                    28:ae:09:9d:b8:0c:5d:8f:c1:82:00:32:a2:ab:bc:
                    73:a0:e6:2f:72:85:bf:5b:d6:0d:d6:c9:05:19:54:
                    8e:a7:d8:68:62:e5:77:5f:ee:af:ce:ac:19:27:a2:
                    22:e4:fd:9a:45:1e:d2:4f:06:0f:28:56:b8:ac:30:
                    cb:40:c7:8a:ef:3f:ae:94:b0:85:8a:fd:67:57:20:
                    3c:54:c2:65:4a:b0:ed:7f:af:4b:ba:2a:b8:cc:9b:
                    07:1e:69:1f:f0:14:3c:1f:17:34:68:4d:c0:12:16:
                    6f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C6:C2:4A:83:69:3E:3F:04:65:A8:C7:56:CF:6B:66:6A:B8:73:EA
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/SMbCSoNpPj8EZajHVs9rZmq4c-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:0b:01:bf:22:c4:e2:13:c1:db:18:76:9c:2a:6a:56:26:d1:
         bd:82:8e:ef:95:28:92:a2:ea:99:4c:bb:05:ef:cd:5b:64:09:
         8a:91:9b:c1:ed:9c:52:57:97:e0:92:19:30:c0:71:84:17:88:
         f0:ab:d1:bb:1f:bd:e4:fe:05:7d:89:90:4c:08:80:bf:e7:61:
         a2:2b:b7:dc:09:1f:44:34:28:1e:35:c6:8c:c3:3c:99:b0:f7:
         df:22:97:f6:e0:fd:4f:8f:f3:48:d8:c2:63:9d:8e:dc:f7:71:
         06:d5:ce:49:26:61:e1:1b:23:50:99:10:53:cc:17:55:ef:67:
         7c:d3:e8:ab:06:82:ac:58:8e:1f:07:2a:44:2e:4f:d6:af:27:
         51:6c:9a:b2:9c:08:61:19:db:f9:80:88:5b:19:88:12:86:0c:
         d5:8a:ec:90:6a:9a:a7:77:b6:71:6f:a0:71:43:56:3a:b4:51:
         ae:12:1f:25:76:eb:e6:28:45:3d:29:f8:7f:cd:aa:ef:b0:09:
         1c:77:db:b3:95:fb:22:8e:95:7c:41:8d:20:39:9c:d9:c5:00:
         a8:38:d1:6a:7b:ce:50:0d:ea:3f:70:2e:2e:69:8e:91:0f:dc:
         87:63:61:f0:63:e2:f9:92:b3:a1:37:0e:30:b1:99:c8:6d:97:
         9b:cc:d0:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTQqNWHAaViPxa/4XYa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGM2YzI0YTgzNjkzZTNmMDQ2NWE4Yzc1NmNmNmI2NjZhYjg3M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq87k1Duib/vDmYqwfSmei1KzVTpU
ZlrHM/3is23Z5Gix5GMUdBSTAKL+1+D7wc0WoEUKV7Xc7QgyDme0nOGKGBTxCRSW
+xD6W8jlhvbeniPVJ6/HcC6yk2f/hy3yfiUF+pe1LDnrfnNfHRix9WfCPPXNhrij
3fL+pFJlil2CJDACDJgKYlh7z4umg8crUvl7V33izC8orgmduAxdj8GCADKiq7xz
oOYvcoW/W9YN1skFGVSOp9hoYuV3X+6vzqwZJ6Ii5P2aRR7STwYPKFa4rDDLQMeK
7z+ulLCFiv1nVyA8VMJlSrDtf69Luiq4zJsHHmkf8BQ8Hxc0aE3AEhZvfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjGwkqDaT4/BGWox1bPa2ZquHPqMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvU01iQ1NvTnBQajhFWmFqSFZzOXJabXE0Yy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwemiMA0G
CSqGSIb3DQEBCwUAA4IBAQBOCwG/IsTiE8HbGHacKmpWJtG9go7vlSiSouqZTLsF
781bZAmKkZvB7ZxSV5fgkhkwwHGEF4jwq9G7H73k/gV9iZBMCIC/52GiK7fcCR9E
NCgeNcaMwzyZsPffIpf24P1Pj/NI2MJjnY7c93EG1c5JJmHhGyNQmRBTzBdV72d8
0+irBoKsWI4fBypELk/WrydRbJqynAhhGdv5gIhbGYgShgzViuyQapqnd7Zxb6Bx
Q1Y6tFGuEh8lduvmKEU9Kfh/zarvsAkcd9uzlfsijpV8QY0gOZzZxQCoONFqe85Q
Deo/cC4uaY6RD9yHY2HwY+L5krOhNw4wsZnIbZebzNAo
-----END CERTIFICATE-----