Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/SZTXUoyd1SjaEwUQFCtPsAiW11c.roa
File:                     SZTXUoyd1SjaEwUQFCtPsAiW11c.roa (raw, json)
Hash identifier:          bgZ+d545U7Jj8A7BOeoIsTmI30I6z5oSN3fAy0/a9AU=
Subject key identifier:   49:94:D7:52:8C:9D:D5:28:DA:13:05:10:14:2B:4F:B0:08:96:D7:57
Certificate issuer:       /CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
Certificate serial:       018CC79509CFEB33133CE505F1D4D863799A
Authority key identifier: A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/SZTXUoyd1SjaEwUQFCtPsAiW11c.roa
Signing time:             Tue 02 Jan 2024 00:31:22 +0000
ROA not before:           Tue 02 Jan 2024 00:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59419
IP address blocks:        185.141.84.0/22 maxlen: 24
                          2a0b:aa00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:09:cf:eb:33:13:3c:e5:05:f1:d4:d8:63:79:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0e049d00ba8421e4c45a948492945c78fd9e16d
        Validity
            Not Before: Jan  2 00:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4994d7528c9dd528da130510142b4fb00896d757
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:34:ba:21:77:5e:8e:36:c2:d0:89:c0:ca:8e:
                    c1:85:ee:fc:c1:da:91:1f:80:9f:48:6e:61:d1:8b:
                    58:e8:4e:61:0c:79:6e:05:fb:52:68:65:45:1d:43:
                    16:75:24:95:19:6d:5d:44:f3:cf:93:06:b5:3d:e1:
                    53:23:7c:6e:65:e5:70:f5:e1:c0:76:d1:2a:e8:f5:
                    72:63:4e:25:0d:ed:c7:82:60:24:45:74:f5:ce:67:
                    92:5a:ef:51:fa:d3:8d:fa:3b:09:49:4e:fe:00:2f:
                    2a:82:14:ab:13:4d:e6:cd:44:4c:ff:61:a0:72:35:
                    89:92:08:2e:01:af:aa:02:ee:d4:46:ae:37:47:b5:
                    69:f8:b1:a6:52:ca:bd:50:64:2d:e2:b8:ab:cf:89:
                    c5:2e:16:30:30:5e:41:1b:23:ce:82:c3:11:24:d8:
                    ba:ff:e0:cb:df:a4:83:4f:ad:dc:db:3b:6d:88:e9:
                    d0:91:cb:f3:60:c5:ab:00:83:4d:71:c3:48:e8:a7:
                    f7:83:2c:0f:cf:98:e2:8f:38:b3:e7:70:de:7f:84:
                    b0:3c:3c:c3:6d:bd:0a:8d:90:88:93:c6:a8:2b:24:
                    f9:67:9d:9e:e8:f8:41:93:a8:0c:41:cc:02:a6:77:
                    27:b5:ce:d7:74:24:cd:c1:9a:cb:8d:6f:15:dd:ab:
                    6d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:94:D7:52:8C:9D:D5:28:DA:13:05:10:14:2B:4F:B0:08:96:D7:57
            X509v3 Authority Key Identifier:
                keyid:A0:E0:49:D0:0B:A8:42:1E:4C:45:A9:48:49:29:45:C7:8F:D9:E1:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOBJ0AuoQh5MRalISSlFx4_Z4W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/SZTXUoyd1SjaEwUQFCtPsAiW11c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/4560e9-7173-429c-b6f1-5f4a15cb9054/1/oOBJ0AuoQh5MRalISSlFx4_Z4W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.84.0/22
                IPv6:
                  2a0b:aa00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:76:5f:cc:90:e1:17:46:df:78:76:69:f1:0f:1d:86:ad:0d:
         9e:47:2d:94:cd:4a:71:91:89:5f:93:7d:df:eb:e0:0e:32:73:
         33:70:bf:f0:3f:da:5d:39:8a:78:b2:08:0d:21:e7:95:2a:e1:
         10:ec:82:29:bf:a0:96:aa:38:84:fd:d8:20:1d:36:2b:e5:28:
         a7:c0:df:14:b9:59:d5:7e:98:33:45:9f:bf:d9:30:29:9f:47:
         11:42:c3:54:21:3d:fe:b0:17:88:44:b9:3f:0e:51:bc:cf:9f:
         23:f1:83:f2:43:ca:34:20:a5:a8:d9:85:f4:95:78:1b:e5:f8:
         aa:6b:e5:32:84:d0:8b:9b:9d:87:7e:c7:50:1b:bf:03:06:c6:
         9f:bd:4d:42:49:a6:bd:2c:33:20:ea:54:80:23:a6:56:8b:73:
         1c:88:7c:05:fd:f8:03:ae:b8:cd:00:9f:c4:de:6f:79:90:c0:
         a5:75:9d:a4:10:be:2c:9d:af:22:0d:f4:fc:d2:62:60:46:de:
         7f:59:09:43:d8:36:c8:e2:b9:e0:90:cd:81:77:02:9d:b1:d6:
         a3:61:69:6b:95:76:1a:b7:49:e6:66:26:f3:2a:69:9c:07:1f:
         ee:52:44:f4:a6:a2:19:f7:ac:72:29:49:50:02:98:c0:d7:48:
         1b:a4:49:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlQnP6zMTPOUF8dTYY3maMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTA0OWQwMGJhODQyMWU0YzQ1YTk0ODQ5Mjk0NWM3OGZk
OWUxNmQwHhcNMjQwMTAyMDAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk0ZDc1MjhjOWRkNTI4ZGExMzA1MTAxNDJiNGZiMDA4OTZkNzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDS6IXdejjbC0InAyo7Bhe78wdqR
H4CfSG5h0YtY6E5hDHluBftSaGVFHUMWdSSVGW1dRPPPkwa1PeFTI3xuZeVw9eHA
dtEq6PVyY04lDe3HgmAkRXT1zmeSWu9R+tON+jsJSU7+AC8qghSrE03mzURM/2Gg
cjWJkgguAa+qAu7URq43R7Vp+LGmUsq9UGQt4rirz4nFLhYwMF5BGyPOgsMRJNi6
/+DL36SDT63c2zttiOnQkcvzYMWrAINNccNI6Kf3gywPz5jijziz53Def4SwPDzD
bb0KjZCIk8aoKyT5Z52e6PhBk6gMQcwCpncntc7XdCTNwZrLjW8V3attIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEmU11KMndUo2hMFEBQrT7AIltdXMB8GA1UdIwQY
MBaAFKDgSdALqEIeTEWpSEkpRceP2eFtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEt
NWY0YTE1Y2I5MDU0LzEvU1pUWFVveWQxU2phRXdVUUZDdFBzQWlXMTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80NTYwZTktNzE3My00MjljLWI2ZjEtNWY0YTE1Y2I5MDU0
LzEvb09CSjBBdW9RaDVNUmFsSVNTbEZ4NF9aNFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY1UMA0E
AgACMAcDBQMqC6oAMA0GCSqGSIb3DQEBCwUAA4IBAQC2dl/MkOEXRt94dmnxDx2G
rQ2eRy2UzUpxkYlfk33f6+AOMnMzcL/wP9pdOYp4sggNIeeVKuEQ7IIpv6CWqjiE
/dggHTYr5SinwN8UuVnVfpgzRZ+/2TApn0cRQsNUIT3+sBeIRLk/DlG8z58j8YPy
Q8o0IKWo2YX0lXgb5fiqa+UyhNCLm52HfsdQG78DBsafvU1CSaa9LDMg6lSAI6ZW
i3MciHwF/fgDrrjNAJ/E3m95kMCldZ2kEL4sna8iDfT80mJgRt5/WQlD2DbI4rng
kM2BdwKdsdajYWlrlXYat0nmZibzKmmcBx/uUkT0pqIZ96xyKUlQApjA10gbpElP
-----END CERTIFICATE-----