Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/sMfyarJxsPXbx1K7f3ed-c6ZkHc.roa
File:                     sMfyarJxsPXbx1K7f3ed-c6ZkHc.roa (raw, json)
Hash identifier:          QZvxFDM9IBp1mlJCkqCssOQkKDFvliXkVTRvP9Qe3cs=
Subject key identifier:   B0:C7:F2:6A:B2:71:B0:F5:DB:C7:52:BB:7F:77:9D:F9:CE:99:90:77
Certificate issuer:       /CN=b244d27188fe526bd72636738195d1eb7f606335
Certificate serial:       018CCA29CFCDFD16BCC1802AA99C7A597ED5
Authority key identifier: B2:44:D2:71:88:FE:52:6B:D7:26:36:73:81:95:D1:EB:7F:60:63:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/sMfyarJxsPXbx1K7f3ed-c6ZkHc.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25522
IP address blocks:        194.153.124.0/22 maxlen: 22
                          194.153.120.0/22 maxlen: 22
                          2001:67c:704::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:cf:cd:fd:16:bc:c1:80:2a:a9:9c:7a:59:7e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b244d27188fe526bd72636738195d1eb7f606335
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0c7f26ab271b0f5dbc752bb7f779df9ce999077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ac:25:d5:34:46:e6:87:52:f3:c3:b1:ce:52:
                    f8:05:8f:14:6f:99:69:79:47:14:ee:67:30:00:a2:
                    82:91:fd:db:e2:29:32:4a:df:67:30:55:aa:39:4a:
                    1b:75:46:30:dd:1d:33:89:5c:3b:aa:55:85:37:35:
                    63:f6:15:d9:39:1f:17:bc:ce:4b:50:37:b7:84:f3:
                    a8:41:78:70:bf:6e:f8:05:70:90:d6:87:28:b6:4a:
                    9b:1b:ae:22:97:26:0c:01:cb:9d:35:17:d1:dc:b2:
                    32:a8:9c:1e:28:95:7c:07:6d:41:0f:75:41:c4:fb:
                    45:d3:4b:ba:cd:b5:b3:93:54:2d:be:83:f9:ea:e5:
                    8d:10:1b:31:b4:84:0e:33:58:b8:0d:89:98:3b:7d:
                    cd:0c:be:95:df:78:c3:ed:68:39:bf:1f:d6:c7:42:
                    8b:86:4e:8d:ce:92:a1:0e:b6:b4:b1:9e:6a:3a:24:
                    32:cc:37:7a:82:98:7a:98:e4:d8:69:cb:76:66:90:
                    fc:77:69:5f:64:33:69:d1:e2:76:73:b4:c3:74:7a:
                    87:bf:9f:44:5a:93:e5:f6:bf:a5:80:4f:04:ad:ed:
                    04:77:7b:8f:87:fc:7c:74:cb:dd:ae:a2:76:ae:1e:
                    e5:24:cd:70:55:8b:6f:78:e3:03:9c:e2:27:bf:39:
                    1f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C7:F2:6A:B2:71:B0:F5:DB:C7:52:BB:7F:77:9D:F9:CE:99:90:77
            X509v3 Authority Key Identifier:
                keyid:B2:44:D2:71:88:FE:52:6B:D7:26:36:73:81:95:D1:EB:7F:60:63:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/sMfyarJxsPXbx1K7f3ed-c6ZkHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.120.0/21
                IPv6:
                  2001:67c:704::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:8d:20:eb:dd:00:05:f8:94:87:8e:b0:90:35:ba:d9:5c:8e:
         6d:c3:d0:3b:ba:d2:3d:cc:76:54:bc:fc:76:86:32:f7:b1:f1:
         21:83:0a:c2:cc:23:13:37:bc:cc:58:84:d7:94:44:4f:cd:5d:
         f7:ba:7b:8a:d7:2e:a8:96:97:34:17:5f:6d:0a:d0:1d:52:45:
         97:c7:82:73:a6:f2:9b:ae:6a:91:06:09:3e:84:a1:ad:28:90:
         86:7f:ee:c8:09:3b:ed:be:44:7f:a9:1a:44:f2:77:c4:9f:11:
         94:01:28:78:f2:71:db:dc:34:09:d3:39:53:cf:f6:14:40:ab:
         58:b4:28:a8:c1:86:6d:3e:4e:0e:28:d8:b5:57:9a:08:25:61:
         10:54:5e:92:83:81:a5:df:bd:1a:ad:6e:e4:74:98:4c:dd:ae:
         d3:34:2d:43:a5:fe:14:89:65:5b:e7:e1:11:75:bf:28:3d:bd:
         04:da:e4:8c:ca:d0:96:da:4e:c9:38:64:88:e8:0a:d4:d8:c4:
         1e:eb:3a:94:f6:ed:2c:13:1e:53:12:36:61:98:5c:55:7e:4c:
         b4:f4:b7:88:73:be:99:50:1a:f5:81:c8:1a:97:fc:e2:7b:f8:
         0c:37:ee:7a:99:57:9d:94:5c:09:43:43:a0:c3:bc:30:ac:da:
         5d:6e:c1:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKc/N/Ra8wYAqqZx6WX7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNDRkMjcxODhmZTUyNmJkNzI2MzY3MzgxOTVkMWViN2Y2
MDYzMzUwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM3ZjI2YWIyNzFiMGY1ZGJjNzUyYmI3Zjc3OWRmOWNlOTk5MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqwl1TRG5odS88OxzlL4BY8Ub5lp
eUcU7mcwAKKCkf3b4ikySt9nMFWqOUobdUYw3R0ziVw7qlWFNzVj9hXZOR8XvM5L
UDe3hPOoQXhwv274BXCQ1ocotkqbG64ilyYMAcudNRfR3LIyqJweKJV8B21BD3VB
xPtF00u6zbWzk1QtvoP56uWNEBsxtIQOM1i4DYmYO33NDL6V33jD7Wg5vx/Wx0KL
hk6NzpKhDra0sZ5qOiQyzDd6gph6mOTYact2ZpD8d2lfZDNp0eJ2c7TDdHqHv59E
WpPl9r+lgE8Ere0Ed3uPh/x8dMvdrqJ2rh7lJM1wVYtveOMDnOInvzkfZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLDH8mqycbD128dSu393nfnOmZB3MB8GA1UdIwQY
MBaAFLJE0nGI/lJr1yY2c4GV0et/YGM1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2tUU2NZai1VbXZYSmpaemdaWFI2MzlnWXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yYTcyN2ItYTc0NS00MzM5LTkyNWEt
NGQwMGQ2MDMyYWZlLzEvc01meWFySnhzUFhieDFLN2YzZWQtYzZaa0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yYTcyN2ItYTc0NS00MzM5LTkyNWEtNGQwMGQ2MDMyYWZl
LzEvc2tUU2NZai1VbXZYSmpaemdaWFI2MzlnWXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwpl4MA8E
AgACMAkDBwAgAQZ8BwQwDQYJKoZIhvcNAQELBQADggEBACWNIOvdAAX4lIeOsJA1
utlcjm3D0Du60j3MdlS8/HaGMvex8SGDCsLMIxM3vMxYhNeURE/NXfe6e4rXLqiW
lzQXX20K0B1SRZfHgnOm8puuapEGCT6Eoa0okIZ/7sgJO+2+RH+pGkTyd8SfEZQB
KHjycdvcNAnTOVPP9hRAq1i0KKjBhm0+Tg4o2LVXmgglYRBUXpKDgaXfvRqtbuR0
mEzdrtM0LUOl/hSJZVvn4RF1vyg9vQTa5IzK0JbaTsk4ZIjoCtTYxB7rOpT27SwT
HlMSNmGYXFV+TLT0t4hzvplQGvWByBqX/OJ7+Aw37nqZV52UXAlDQ6DDvDCs2l1u
wds=
-----END CERTIFICATE-----