Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/SBjJh9ehLbXDgufAMaJ2vCRwX_8.roa
File:                     SBjJh9ehLbXDgufAMaJ2vCRwX_8.roa (raw, json)
Hash identifier:          5dEy/rqyekS55kENLPpii79QVOvODoz2MyY9A2aV2/w=
Subject key identifier:   48:18:C9:87:D7:A1:2D:B5:C3:82:E7:C0:31:A2:76:BC:24:70:5F:FF
Certificate issuer:       /CN=cb66e766345573d7159d6794edaedb739a241f8f
Certificate serial:       018CC3495BF8FD4B4D4B0D30D8D2C34D6939
Authority key identifier: CB:66:E7:66:34:55:73:D7:15:9D:67:94:ED:AE:DB:73:9A:24:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/SBjJh9ehLbXDgufAMaJ2vCRwX_8.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48551
IP address blocks:        185.161.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5b:f8:fd:4b:4d:4b:0d:30:d8:d2:c3:4d:69:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb66e766345573d7159d6794edaedb739a241f8f
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4818c987d7a12db5c382e7c031a276bc24705fff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:81:98:0b:30:92:b3:56:55:ad:ac:30:6c:3c:
                    a4:96:09:89:15:87:54:44:3c:c8:de:b6:5d:3b:d3:
                    2f:b6:53:24:3a:ea:1d:33:fb:91:29:04:01:cf:8f:
                    34:fd:2e:0b:f1:26:53:36:08:aa:c3:40:b9:cb:64:
                    80:b7:5b:68:06:91:91:f6:9e:1d:77:94:56:88:d8:
                    cb:3e:78:d6:64:05:90:b8:d4:95:22:4b:d4:5a:ad:
                    ed:1a:19:3b:f0:a4:fe:53:9d:5b:5b:e6:30:9f:ef:
                    78:60:50:5a:4c:91:c0:0a:35:86:43:ce:84:93:1f:
                    7d:78:b2:19:1f:88:20:ec:fb:ab:18:29:42:e1:06:
                    f3:e7:80:e8:fb:99:8a:10:48:d9:98:d5:8d:1b:f6:
                    ab:94:df:59:f8:9b:c7:0c:d2:30:de:e6:3b:03:3f:
                    a8:07:30:f0:53:b3:44:5e:81:a1:23:56:2a:c7:33:
                    c6:86:a6:da:62:4b:ff:70:7a:fb:d4:d2:5e:9b:7f:
                    27:7b:72:13:de:03:01:c1:84:cb:b5:9f:fe:07:6c:
                    2d:cf:bd:a6:db:b0:a6:65:3b:ef:e5:ca:61:e7:12:
                    0e:5d:65:46:57:c9:cf:ac:4f:6a:a9:02:0f:21:cc:
                    0a:2c:d3:23:58:70:a0:90:65:7b:88:f9:27:96:1f:
                    d0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:18:C9:87:D7:A1:2D:B5:C3:82:E7:C0:31:A2:76:BC:24:70:5F:FF
            X509v3 Authority Key Identifier:
                keyid:CB:66:E7:66:34:55:73:D7:15:9D:67:94:ED:AE:DB:73:9A:24:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/SBjJh9ehLbXDgufAMaJ2vCRwX_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:02:4e:04:32:8b:be:ec:a3:f1:2d:df:e1:a3:f5:ec:d7:fc:
         18:4e:b0:fc:ba:10:3c:a9:fc:16:20:a9:19:bf:25:d9:a0:99:
         37:45:ff:79:1a:85:3c:f3:f0:3a:5b:cf:7e:8c:82:b3:2d:b2:
         73:23:13:7e:aa:2e:1e:18:ce:95:76:4e:36:3d:76:92:cf:b7:
         ff:57:42:0f:50:2d:38:43:e2:6b:da:a4:39:8c:fc:7e:16:59:
         37:41:4a:c9:92:cf:3e:14:ef:49:45:dc:1a:25:0e:02:1f:ac:
         eb:da:d0:06:95:35:eb:72:55:37:a2:c3:53:e3:ee:50:f2:c7:
         68:cc:d8:90:bd:6d:d2:82:86:21:36:98:86:1c:96:d6:a4:54:
         da:9f:15:14:1f:41:5f:69:a4:4a:3d:34:63:fe:ee:01:68:56:
         92:fe:85:27:b1:81:8b:90:62:79:a0:74:b7:ba:a2:98:d0:ab:
         29:3d:7a:27:e3:c1:55:7c:0e:40:bd:48:4c:06:37:51:0e:6a:
         8a:51:4a:7e:e7:6f:47:74:70:d2:76:2d:f3:61:9e:49:43:19:
         d6:fc:6b:7b:3f:6c:67:9e:4c:81:82:c3:c4:b7:64:5c:49:51:
         d8:72:29:0f:5f:de:4f:a1:64:c7:fd:4b:df:7f:c3:2c:da:ff:
         17:5a:56:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVv4/UtNSw0w2NLDTWk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjZlNzY2MzQ1NTczZDcxNTlkNjc5NGVkYWVkYjczOWEy
NDFmOGYwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODE4Yzk4N2Q3YTEyZGI1YzM4MmU3YzAzMWEyNzZiYzI0NzA1ZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYGYCzCSs1ZVrawwbDyklgmJFYdU
RDzI3rZdO9MvtlMkOuodM/uRKQQBz480/S4L8SZTNgiqw0C5y2SAt1toBpGR9p4d
d5RWiNjLPnjWZAWQuNSVIkvUWq3tGhk78KT+U51bW+Ywn+94YFBaTJHACjWGQ86E
kx99eLIZH4gg7PurGClC4Qbz54Do+5mKEEjZmNWNG/arlN9Z+JvHDNIw3uY7Az+o
BzDwU7NEXoGhI1YqxzPGhqbaYkv/cHr71NJem38ne3IT3gMBwYTLtZ/+B2wtz72m
27CmZTvv5cph5xIOXWVGV8nPrE9qqQIPIcwKLNMjWHCgkGV7iPknlh/Q8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgYyYfXoS21w4LnwDGidrwkcF//MB8GA1UdIwQY
MBaAFMtm52Y0VXPXFZ1nlO2u23OaJB+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJiblpqUlZjOWNWbldlVTdhN2JjNW9rSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80NTg5MGUtNmY3MS00ZDM2LTk4OGEt
NjViZjc5YjBhOTg5LzEvU0JqSmg5ZWhMYlhEZ3VmQU1hSjJ2Q1J3WF84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80NTg5MGUtNmY3MS00ZDM2LTk4OGEtNjViZjc5YjBhOTg5
LzEveTJiblpqUlZjOWNWbldlVTdhN2JjNW9rSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaF5MA0G
CSqGSIb3DQEBCwUAA4IBAQC0Ak4EMou+7KPxLd/ho/Xs1/wYTrD8uhA8qfwWIKkZ
vyXZoJk3Rf95GoU88/A6W89+jIKzLbJzIxN+qi4eGM6Vdk42PXaSz7f/V0IPUC04
Q+Jr2qQ5jPx+Flk3QUrJks8+FO9JRdwaJQ4CH6zr2tAGlTXrclU3osNT4+5Q8sdo
zNiQvW3SgoYhNpiGHJbWpFTanxUUH0FfaaRKPTRj/u4BaFaS/oUnsYGLkGJ5oHS3
uqKY0KspPXon48FVfA5AvUhMBjdRDmqKUUp+529HdHDSdi3zYZ5JQxnW/Gt7P2xn
nkyBgsPEt2RcSVHYcikPX95PoWTH/Uvff8Ms2v8XWlZK
-----END CERTIFICATE-----