Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/SdCBxo8Zj3RergHVYE1F3iql6bA.roa
File:                     SdCBxo8Zj3RergHVYE1F3iql6bA.roa (raw, json)
Hash identifier:          x7S/aNYbRfDipay30sF6Iu5/45QF62yXqk38/ggX/GA=
Subject key identifier:   49:D0:81:C6:8F:19:8F:74:5E:AE:01:D5:60:4D:45:DE:2A:A5:E9:B0
Certificate issuer:       /CN=2858d2f131715cbaf3cdd920645924f53508e067
Certificate serial:       018CC94AC1D0952387D041BB61EBD2CB48AE
Authority key identifier: 28:58:D2:F1:31:71:5C:BA:F3:CD:D9:20:64:59:24:F5:35:08:E0:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/SdCBxo8Zj3RergHVYE1F3iql6bA.roa
Signing time:             Tue 02 Jan 2024 08:29:28 +0000
ROA not before:           Tue 02 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52221
IP address blocks:        194.117.224.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c1:d0:95:23:87:d0:41:bb:61:eb:d2:cb:48:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2858d2f131715cbaf3cdd920645924f53508e067
        Validity
            Not Before: Jan  2 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49d081c68f198f745eae01d5604d45de2aa5e9b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a4:d3:be:f2:64:40:19:ed:b5:d5:2c:5c:bf:
                    8e:4f:55:e5:7b:f0:7b:03:f9:1b:f1:01:86:76:6e:
                    1e:7c:37:7a:9d:41:df:58:20:01:ef:b5:e4:02:a1:
                    63:4a:b7:cd:07:56:b1:a9:1d:b1:b2:6d:6c:be:24:
                    12:b1:e8:34:f8:12:a1:78:57:38:db:02:9d:50:fb:
                    05:0e:dd:51:91:f5:ac:8b:2d:e5:ff:c7:5f:5b:fc:
                    fb:7a:4c:6a:28:3e:6e:bb:9f:2f:23:2d:10:b3:14:
                    93:ee:9b:d4:12:5b:b8:40:41:9e:1f:9c:aa:c6:e8:
                    25:08:ff:26:f7:3f:57:9c:67:cf:16:46:02:c7:5a:
                    f8:9c:95:3b:f3:b2:08:f5:ef:46:de:e5:4a:af:89:
                    f8:10:5a:6b:33:a8:47:ee:16:47:d8:a8:35:83:bf:
                    46:ca:cd:33:ee:47:60:4d:e8:21:d1:d9:6a:af:b6:
                    63:e7:ae:cf:51:d4:81:c0:44:51:94:f8:6a:8a:97:
                    a6:d1:d6:88:f8:58:7b:16:06:b4:f6:68:c5:ad:d0:
                    21:20:30:72:fa:0e:1a:29:a3:f7:24:7a:b7:60:9a:
                    40:52:0d:15:6b:5b:b9:4f:47:ed:01:78:37:bf:d2:
                    d7:6a:d8:e3:bc:89:ce:fb:b5:ac:58:6e:ff:a7:fc:
                    c1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D0:81:C6:8F:19:8F:74:5E:AE:01:D5:60:4D:45:DE:2A:A5:E9:B0
            X509v3 Authority Key Identifier:
                keyid:28:58:D2:F1:31:71:5C:BA:F3:CD:D9:20:64:59:24:F5:35:08:E0:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/SdCBxo8Zj3RergHVYE1F3iql6bA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:4b:3e:8f:be:c1:00:b2:74:ac:d7:29:85:e8:35:95:a3:4c:
         68:76:8a:fc:9e:7d:05:f8:c6:62:bd:6e:77:5b:1b:02:d4:da:
         48:6b:1f:3d:07:6a:08:c5:d8:51:58:3b:8b:c2:e8:ad:80:c7:
         16:19:59:47:23:fb:84:b3:6d:0e:af:c2:f7:1d:37:98:c7:91:
         ad:db:76:35:a2:70:30:7b:e9:73:1a:57:f1:b9:92:65:07:08:
         4d:aa:af:95:f3:e4:9a:06:6e:ca:58:84:f1:cc:97:a3:4a:bd:
         3f:f4:c0:15:0b:53:85:5d:7d:97:70:e0:d5:51:ad:fa:aa:f5:
         c0:42:bf:44:b0:cd:e5:e8:80:76:16:13:f0:ce:f4:42:75:47:
         41:e5:33:6c:02:36:4e:6b:f2:93:fe:0b:1d:26:48:47:1a:38:
         f5:a2:84:60:28:80:4c:4f:4f:5c:6a:6d:ae:39:5f:fb:1f:05:
         ca:f4:ed:5f:b9:cc:a4:1e:2a:83:af:33:0a:d2:a0:ce:30:2e:
         85:dc:f9:4f:4c:c0:3f:bc:cb:61:5e:f6:a4:bf:e7:e0:1a:7a:
         3f:37:9a:a8:f3:2d:d4:64:ae:c1:81:9b:86:fe:1c:12:18:7f:
         70:02:17:c0:a7:e1:ba:49:09:88:c0:1c:3b:bb:fd:96:e2:6a:
         d7:1e:e8:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsHQlSOH0EG7YevSy0iuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NThkMmYxMzE3MTVjYmFmM2NkZDkyMDY0NTkyNGY1MzUw
OGUwNjcwHhcNMjQwMTAyMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQwODFjNjhmMTk4Zjc0NWVhZTAxZDU2MDRkNDVkZTJhYTVlOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6TTvvJkQBnttdUsXL+OT1Xle/B7
A/kb8QGGdm4efDd6nUHfWCAB77XkAqFjSrfNB1axqR2xsm1sviQSseg0+BKheFc4
2wKdUPsFDt1RkfWsiy3l/8dfW/z7ekxqKD5uu58vIy0QsxST7pvUElu4QEGeH5yq
xuglCP8m9z9XnGfPFkYCx1r4nJU787II9e9G3uVKr4n4EFprM6hH7hZH2Kg1g79G
ys0z7kdgTegh0dlqr7Zj567PUdSBwERRlPhqipem0daI+Fh7Fga09mjFrdAhIDBy
+g4aKaP3JHq3YJpAUg0Va1u5T0ftAXg3v9LXatjjvInO+7WsWG7/p/zBcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnQgcaPGY90Xq4B1WBNRd4qpemwMB8GA1UdIwQY
MBaAFChY0vExcVy6883ZIGRZJPU1COBnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0ZqUzhURnhYTHJ6emRrZ1pGa2s5VFVJNEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83NWRiYzQtYWUyMi00OTcxLTllZjUt
YTNmMzU1YmVlZWRkLzEvU2RDQnhvOFpqM1JlcmdIVllFMUYzaXFsNmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83NWRiYzQtYWUyMi00OTcxLTllZjUtYTNmMzU1YmVlZWRk
LzEvS0ZqUzhURnhYTHJ6emRrZ1pGa2s5VFVJNEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnXgMA0G
CSqGSIb3DQEBCwUAA4IBAQAdSz6PvsEAsnSs1ymF6DWVo0xodor8nn0F+MZivW53
WxsC1NpIax89B2oIxdhRWDuLwuitgMcWGVlHI/uEs20Or8L3HTeYx5Gt23Y1onAw
e+lzGlfxuZJlBwhNqq+V8+SaBm7KWITxzJejSr0/9MAVC1OFXX2XcODVUa36qvXA
Qr9EsM3l6IB2FhPwzvRCdUdB5TNsAjZOa/KT/gsdJkhHGjj1ooRgKIBMT09cam2u
OV/7HwXK9O1fucykHiqDrzMK0qDOMC6F3PlPTMA/vMthXvakv+fgGno/N5qo8y3U
ZK7BgZuG/hwSGH9wAhfAp+G6SQmIwBw7u/2W4mrXHuil
-----END CERTIFICATE-----