Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SzHYtjT9TbVbYoP68ZqHZTixJgA.roa
File:                     SzHYtjT9TbVbYoP68ZqHZTixJgA.roa (raw, json)
Hash identifier:          F3s5nFGVJDqXMtfvt51LqfIQhgzZ1kJNDUqvx8tfxPs=
Subject key identifier:   4B:31:D8:B6:34:FD:4D:B5:5B:62:83:FA:F1:9A:87:65:38:B1:26:00
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E321B84FF8C127F2FAA59E39F9B98
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SzHYtjT9TbVbYoP68ZqHZTixJgA.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35575
IP address blocks:        194.15.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:32:1b:84:ff:8c:12:7f:2f:aa:59:e3:9f:9b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b31d8b634fd4db55b6283faf19a876538b12600
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8f:28:d1:51:81:d0:c6:29:76:ba:aa:48:0c:
                    2d:af:6e:fa:6d:52:7b:ee:26:b2:5a:25:c0:fc:da:
                    c9:d6:a4:89:8c:78:ba:26:1c:14:9d:98:12:bc:bf:
                    80:4b:d6:73:ca:65:8e:44:97:c6:e3:f1:6a:f5:97:
                    e3:80:9f:91:d5:3e:e0:b8:a0:79:b3:fb:0b:7a:7d:
                    9f:6b:bc:ee:f1:0d:8c:dc:c1:b0:79:bb:b2:3d:8f:
                    7e:53:c3:c6:3c:1b:ed:5b:eb:9d:31:1d:34:39:32:
                    ce:82:7e:04:74:fc:6b:68:47:e1:a9:4c:79:74:c8:
                    a2:e3:b9:21:93:56:e4:22:14:2b:ca:8d:b3:5d:05:
                    47:26:de:9f:0c:2f:fb:e8:86:d2:76:2a:ff:c2:a7:
                    49:be:ff:69:44:cc:4c:2e:5d:22:e9:5b:2d:73:95:
                    11:29:88:72:ae:c7:fa:16:37:ed:84:0b:01:0f:f1:
                    32:fb:cd:5e:86:34:dc:eb:7d:a9:11:cc:74:05:1f:
                    3e:1f:a6:53:84:6a:e2:bf:c3:c9:8c:56:83:9b:3c:
                    2e:f0:94:4c:ab:fc:09:78:43:ed:e8:63:40:c6:c7:
                    3a:ea:7b:2b:a6:58:94:26:20:95:96:40:86:5c:79:
                    cd:ae:8e:0c:eb:73:99:e4:fe:9c:1e:18:d9:80:b2:
                    13:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:31:D8:B6:34:FD:4D:B5:5B:62:83:FA:F1:9A:87:65:38:B1:26:00
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SzHYtjT9TbVbYoP68ZqHZTixJgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:94:be:86:9f:ba:58:dc:0e:07:da:7b:1d:38:ec:68:74:32:
         40:da:54:6c:51:d2:2a:c3:8f:a5:8c:df:9d:ff:59:99:80:24:
         98:b2:13:d0:61:89:a1:92:cd:0c:a3:11:53:7d:21:96:a4:ed:
         72:c1:dd:f6:07:28:7a:77:25:61:92:a9:b6:1c:7f:a2:2c:a8:
         52:3a:e9:a4:33:53:85:4c:c7:ba:2f:da:c5:ec:7c:a5:3e:e8:
         c4:20:0e:8a:c6:a5:c1:62:d1:90:01:9a:87:2d:7d:4a:c0:7e:
         b0:13:47:15:42:63:dd:b0:d2:4c:9f:7b:90:77:34:df:b8:fc:
         80:27:60:af:16:e9:0b:91:a8:da:c4:ef:01:b7:de:84:1c:c2:
         70:04:1e:96:70:a7:05:5f:f9:8b:36:26:21:c7:8e:0e:c4:34:
         89:5c:cc:31:ab:02:c8:63:b2:b4:2c:3b:de:45:68:37:24:3b:
         93:70:05:03:43:fe:f9:30:0b:f2:47:f5:c8:d5:ea:f2:3c:f4:
         f7:36:9c:67:e2:e0:37:e9:d9:71:ab:1a:db:0e:61:8b:25:e4:
         5a:d3:1a:b5:23:7a:d4:22:e8:aa:e0:3a:2a:cb:ee:88:80:47:
         36:7d:87:3e:0d:9c:d9:60:fa:d0:1e:d9:42:ef:98:a5:d3:9e:
         00:ef:54:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjIbhP+MEn8vqlnjn5uYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjMxZDhiNjM0ZmQ0ZGI1NWI2MjgzZmFmMTlhODc2NTM4YjEyNjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto8o0VGB0MYpdrqqSAwtr276bVJ7
7iayWiXA/NrJ1qSJjHi6JhwUnZgSvL+AS9ZzymWORJfG4/Fq9ZfjgJ+R1T7guKB5
s/sLen2fa7zu8Q2M3MGwebuyPY9+U8PGPBvtW+udMR00OTLOgn4EdPxraEfhqUx5
dMii47khk1bkIhQryo2zXQVHJt6fDC/76IbSdir/wqdJvv9pRMxMLl0i6Vstc5UR
KYhyrsf6FjfthAsBD/Ey+81ehjTc632pEcx0BR8+H6ZThGriv8PJjFaDmzwu8JRM
q/wJeEPt6GNAxsc66nsrpliUJiCVlkCGXHnNro4M63OZ5P6cHhjZgLITSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsx2LY0/U21W2KD+vGah2U4sSYAMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvU3pIWXRqVDlUYlZiWW9QNjhacUhaVGl4SmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg8lMA0G
CSqGSIb3DQEBCwUAA4IBAQA5lL6Gn7pY3A4H2nsdOOxodDJA2lRsUdIqw4+ljN+d
/1mZgCSYshPQYYmhks0MoxFTfSGWpO1ywd32Byh6dyVhkqm2HH+iLKhSOumkM1OF
TMe6L9rF7HylPujEIA6KxqXBYtGQAZqHLX1KwH6wE0cVQmPdsNJMn3uQdzTfuPyA
J2CvFukLkajaxO8Bt96EHMJwBB6WcKcFX/mLNiYhx44OxDSJXMwxqwLIY7K0LDve
RWg3JDuTcAUDQ/75MAvyR/XI1eryPPT3Npxn4uA36dlxqxrbDmGLJeRa0xq1I3rU
Iuiq4Doqy+6IgEc2fYc+DZzZYPrQHtlC75il054A71TQ
-----END CERTIFICATE-----