Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/SMFHgAd465jvbKDW6YZwTehlmXs.roa
File:                     SMFHgAd465jvbKDW6YZwTehlmXs.roa (raw, json)
Hash identifier:          mo74I69JinqweIsRPNZbaqL0YDRPxBEE9SrCUOt17NI=
Subject key identifier:   48:C1:47:80:07:78:EB:98:EF:6C:A0:D6:E9:86:70:4D:E8:65:99:7B
Certificate issuer:       /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial:       019420680C4545E45E1E8C430A22679CBA3E
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/SMFHgAd465jvbKDW6YZwTehlmXs.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215446
IP address blocks:        188.93.192.0/22 maxlen: 24
                          2a0e:5f07::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0c:45:45:e4:5e:1e:8c:43:0a:22:67:9c:ba:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48c147800778eb98ef6ca0d6e986704de865997b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:57:8e:cf:63:75:d5:6a:d8:0a:75:c7:4c:52:
                    ef:cd:2e:fc:34:4a:92:c5:a1:9e:75:7c:ec:72:72:
                    e0:5c:50:75:e3:0a:9c:1c:55:64:5c:24:e3:a8:94:
                    24:d4:6a:58:d6:ac:d2:3e:0f:9f:93:d4:b8:9c:27:
                    b7:bc:1a:a5:dd:1e:e8:8e:81:10:ce:93:28:d8:f1:
                    d8:3e:10:ab:43:21:5b:46:c7:72:60:8f:71:95:1e:
                    5e:68:b2:25:5f:ba:2d:e8:f8:42:ac:a8:58:b3:00:
                    f4:60:55:5f:4d:01:e7:e5:97:08:f5:07:98:38:9e:
                    cb:67:ef:27:aa:8b:ea:4c:5e:d6:31:d2:a8:f6:a9:
                    72:72:8d:54:29:73:1c:9a:9e:6b:0e:80:b3:08:c3:
                    eb:22:0b:f5:c2:20:43:75:a4:29:34:09:f6:27:ae:
                    41:22:03:27:b1:f0:b8:c1:ce:9a:7b:72:18:23:90:
                    0e:d1:1f:47:2c:fa:6a:0b:9e:10:5b:2c:ff:ff:54:
                    88:0b:b9:3c:52:96:92:11:b4:1a:e8:51:b6:01:79:
                    2a:9e:4d:41:c1:91:d1:13:d2:e5:8e:f2:4e:64:12:
                    8d:e6:9e:b5:95:6a:44:c4:b9:09:1b:ee:df:45:e4:
                    3f:f4:9f:b1:6e:b6:49:cc:7a:88:a9:01:22:49:21:
                    71:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C1:47:80:07:78:EB:98:EF:6C:A0:D6:E9:86:70:4D:E8:65:99:7B
            X509v3 Authority Key Identifier:
                keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/SMFHgAd465jvbKDW6YZwTehlmXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.192.0/22
                IPv6:
                  2a0e:5f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:6c:bc:c6:4d:7f:a3:40:52:09:2c:06:21:0f:2a:e5:26:e8:
         08:a8:11:0d:3c:bf:c9:53:a3:4a:44:c0:1d:31:1c:97:0f:a4:
         9a:99:e2:5b:71:f7:2d:d4:17:8f:be:4e:6d:23:d4:0b:fa:57:
         25:9b:7b:27:5b:7d:59:59:0b:82:27:94:e6:05:82:97:7d:27:
         56:06:24:69:dc:e5:20:51:d2:fc:d2:07:e9:07:b9:ce:35:bc:
         db:a1:bb:50:06:f9:99:e6:f7:7b:e9:08:35:5a:eb:9f:3d:c7:
         1c:d9:2b:8e:16:3f:83:17:17:c9:24:6f:8d:95:50:48:d0:00:
         d8:98:e7:e4:67:df:bd:29:3f:8a:de:07:fa:80:05:ca:46:55:
         b8:5c:00:4a:85:db:b0:5d:bc:99:bb:65:e8:1d:e5:d8:ff:cc:
         2d:40:8b:60:82:0b:e0:2c:27:25:15:af:a9:76:c3:c5:f9:0a:
         cd:b6:38:a2:ef:0c:71:15:a9:4a:84:1d:ed:c7:d4:66:f6:14:
         bf:1c:c6:d8:be:10:7e:53:e4:1d:6c:27:25:98:40:e7:9e:46:
         e0:91:d6:a8:18:bc:c1:ee:4e:5c:0d:f5:e3:99:c6:66:fe:2b:
         20:71:9f:61:a7:b1:f2:74:6a:ef:db:fd:d2:62:15:ac:c0:93:
         c3:8c:1f:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaAxFReReHoxDCiJnnLo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGMxNDc4MDA3NzhlYjk4ZWY2Y2EwZDZlOTg2NzA0ZGU4NjU5OTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVeOz2N11WrYCnXHTFLvzS78NEqS
xaGedXzscnLgXFB14wqcHFVkXCTjqJQk1GpY1qzSPg+fk9S4nCe3vBql3R7ojoEQ
zpMo2PHYPhCrQyFbRsdyYI9xlR5eaLIlX7ot6PhCrKhYswD0YFVfTQHn5ZcI9QeY
OJ7LZ+8nqovqTF7WMdKo9qlyco1UKXMcmp5rDoCzCMPrIgv1wiBDdaQpNAn2J65B
IgMnsfC4wc6ae3IYI5AO0R9HLPpqC54QWyz//1SIC7k8UpaSEbQa6FG2AXkqnk1B
wZHRE9LljvJOZBKN5p61lWpExLkJG+7fReQ/9J+xbrZJzHqIqQEiSSFx4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEjBR4AHeOuY72yg1umGcE3oZZl7MB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvU01GSGdBZDQ2NWp2YktEVzZZWndUZWhsbVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCvF3AMA0E
AgACMAcDBQAqDl8HMA0GCSqGSIb3DQEBCwUAA4IBAQBcbLzGTX+jQFIJLAYhDyrl
JugIqBENPL/JU6NKRMAdMRyXD6SameJbcfct1BePvk5tI9QL+lclm3snW31ZWQuC
J5TmBYKXfSdWBiRp3OUgUdL80gfpB7nONbzbobtQBvmZ5vd76Qg1WuufPccc2SuO
Fj+DFxfJJG+NlVBI0ADYmOfkZ9+9KT+K3gf6gAXKRlW4XABKhduwXbyZu2XoHeXY
/8wtQItgggvgLCclFa+pdsPF+QrNtjii7wxxFalKhB3tx9Rm9hS/HMbYvhB+U+Qd
bCclmEDnnkbgkdaoGLzB7k5cDfXjmcZm/isgcZ9hp7HydGrv2/3SYhWswJPDjB+A
-----END CERTIFICATE-----