Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/2ede8e-f7f5-4045-9341-940dfb961630/1/SXk6nszUZtPxtX7FdNOWHTmdC6U.roa
File:                     SXk6nszUZtPxtX7FdNOWHTmdC6U.roa (raw, json)
Hash identifier:          4gWpwE5zogqmqD4h4u6Ulawt/c/nyyPJSAUFtSJKvUU=
Subject key identifier:   49:79:3A:9E:CC:D4:66:D3:F1:B5:7E:C5:74:D3:96:1D:39:9D:0B:A5
Certificate issuer:       /CN=798b85b51e33df0c694dbd77bc8c2ba3eab4d519
Certificate serial:       018CC5DC09089741B940B2DCD139A9544284
Authority key identifier: 79:8B:85:B5:1E:33:DF:0C:69:4D:BD:77:BC:8C:2B:A3:EA:B4:D5:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eYuFtR4z3wxpTb13vIwro-q01Rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/2ede8e-f7f5-4045-9341-940dfb961630/1/SXk6nszUZtPxtX7FdNOWHTmdC6U.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209646
IP address blocks:        185.63.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/2ede8e-f7f5-4045-9341-940dfb961630/1/eYuFtR4z3wxpTb13vIwro-q01Rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/2ede8e-f7f5-4045-9341-940dfb961630/1/eYuFtR4z3wxpTb13vIwro-q01Rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eYuFtR4z3wxpTb13vIwro-q01Rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:09:08:97:41:b9:40:b2:dc:d1:39:a9:54:42:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798b85b51e33df0c694dbd77bc8c2ba3eab4d519
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49793a9eccd466d3f1b57ec574d3961d399d0ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7d:37:8b:82:d4:40:7d:33:62:89:e7:e5:f0:
                    a9:5a:4b:b2:04:11:c4:52:e6:78:08:99:8f:40:53:
                    39:d4:7c:56:a8:ad:fa:37:4d:64:d4:ed:9d:ba:ba:
                    3e:c8:2e:7a:25:ce:12:e7:7c:99:ed:2e:46:17:ca:
                    9d:68:2d:3c:d0:2d:4d:7b:9d:d6:3b:97:eb:8b:47:
                    fe:1f:f9:1e:26:03:99:89:81:bf:b0:74:0c:75:3a:
                    92:27:55:65:16:0c:bc:09:01:18:37:74:fc:da:bc:
                    dc:23:fb:a9:ea:8b:d2:ed:74:f5:d6:ed:61:15:06:
                    97:22:ca:52:b3:77:83:00:fb:82:78:df:12:d3:a9:
                    70:dc:d7:32:2e:8f:b2:35:b9:ad:50:b5:ea:95:c2:
                    e5:c6:78:a3:1c:52:a1:f4:3f:4e:5d:8a:13:55:48:
                    59:a7:6f:9e:ea:cc:18:a5:5d:80:12:02:51:10:d2:
                    f9:2d:aa:16:fc:39:5a:aa:c8:23:c1:f0:8b:44:9f:
                    47:3d:4f:f7:33:6c:ca:0b:95:fa:af:26:ad:81:0d:
                    79:97:4d:38:ef:5a:cd:45:32:d9:c6:27:d3:76:af:
                    a2:1f:d4:7b:b6:b8:8c:3f:3b:7e:31:00:0a:0b:dc:
                    a4:58:de:f1:50:ae:c6:db:21:b5:db:f2:9e:b7:b8:
                    94:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:79:3A:9E:CC:D4:66:D3:F1:B5:7E:C5:74:D3:96:1D:39:9D:0B:A5
            X509v3 Authority Key Identifier:
                keyid:79:8B:85:B5:1E:33:DF:0C:69:4D:BD:77:BC:8C:2B:A3:EA:B4:D5:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eYuFtR4z3wxpTb13vIwro-q01Rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/2ede8e-f7f5-4045-9341-940dfb961630/1/SXk6nszUZtPxtX7FdNOWHTmdC6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/2ede8e-f7f5-4045-9341-940dfb961630/1/eYuFtR4z3wxpTb13vIwro-q01Rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4f:ae:c3:8d:23:e5:15:aa:89:98:ac:71:d8:a6:d3:4e:c0:
         ea:23:91:2d:12:e3:5d:77:31:47:2f:a8:a8:aa:bb:b4:ca:55:
         e0:c9:7f:4d:72:bb:88:6c:0a:20:f4:7a:8f:e8:5f:b3:47:19:
         a9:bc:54:89:42:d6:5a:1f:24:a7:37:14:57:6a:de:e1:4e:2f:
         96:28:27:f6:19:55:d9:a9:d7:a6:16:34:2a:d8:34:7f:6f:00:
         3f:c4:f6:6e:f6:5b:91:69:fd:2b:25:d1:2f:cf:04:19:0f:c3:
         e6:0a:eb:5e:d0:44:16:c1:87:97:99:78:2e:56:60:fc:e9:f7:
         f7:11:76:38:3f:22:11:5f:a8:19:37:0e:f0:c6:f9:c4:30:c2:
         4e:9c:87:2f:54:d4:3c:8c:c9:01:07:70:68:34:35:43:a7:06:
         17:00:c4:3f:5d:3c:48:a9:55:e7:77:c2:95:36:0e:26:27:fa:
         3a:ac:de:67:a0:ad:a4:e7:33:d8:7f:b4:a5:d6:d5:c1:17:b5:
         2d:92:c7:a0:75:04:30:53:db:4c:de:48:fb:62:0c:af:4e:9e:
         22:40:47:45:ab:7c:35:bf:8a:5e:03:0f:eb:ae:7b:11:d1:92:
         5a:f2:de:94:03:23:b3:8c:89:c4:92:0f:ce:85:4b:fc:7e:cd:
         c6:a4:bb:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AkIl0G5QLLc0TmpVEKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGI4NWI1MWUzM2RmMGM2OTRkYmQ3N2JjOGMyYmEzZWFi
NGQ1MTkwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc5M2E5ZWNjZDQ2NmQzZjFiNTdlYzU3NGQzOTYxZDM5OWQwYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmX03i4LUQH0zYonn5fCpWkuyBBHE
UuZ4CJmPQFM51HxWqK36N01k1O2duro+yC56Jc4S53yZ7S5GF8qdaC080C1Ne53W
O5fri0f+H/keJgOZiYG/sHQMdTqSJ1VlFgy8CQEYN3T82rzcI/up6ovS7XT11u1h
FQaXIspSs3eDAPuCeN8S06lw3NcyLo+yNbmtULXqlcLlxnijHFKh9D9OXYoTVUhZ
p2+e6swYpV2AEgJRENL5LaoW/DlaqsgjwfCLRJ9HPU/3M2zKC5X6ryatgQ15l004
71rNRTLZxifTdq+iH9R7triMPzt+MQAKC9ykWN7xUK7G2yG12/Ket7iUHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEl5Op7M1GbT8bV+xXTTlh05nQulMB8GA1UdIwQY
MBaAFHmLhbUeM98MaU29d7yMK6PqtNUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVl1RnRSNHozd3hwVGIxM3ZJd3JvLXEwMVJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8yZWRlOGUtZjdmNS00MDQ1LTkzNDEt
OTQwZGZiOTYxNjMwLzEvU1hrNm5zelVadFB4dFg3RmROT1dIVG1kQzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8yZWRlOGUtZjdmNS00MDQ1LTkzNDEtOTQwZGZiOTYxNjMw
LzEvZVl1RnRSNHozd3hwVGIxM3ZJd3JvLXEwMVJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBHT67DjSPlFaqJmKxx2KbTTsDqI5EtEuNddzFHL6io
qru0ylXgyX9NcruIbAog9HqP6F+zRxmpvFSJQtZaHySnNxRXat7hTi+WKCf2GVXZ
qdemFjQq2DR/bwA/xPZu9luRaf0rJdEvzwQZD8PmCute0EQWwYeXmXguVmD86ff3
EXY4PyIRX6gZNw7wxvnEMMJOnIcvVNQ8jMkBB3BoNDVDpwYXAMQ/XTxIqVXnd8KV
Ng4mJ/o6rN5noK2k5zPYf7Sl1tXBF7UtksegdQQwU9tM3kj7YgyvTp4iQEdFq3w1
v4peAw/rrnsR0ZJa8t6UAyOzjInEkg/OhUv8fs3GpLsa
-----END CERTIFICATE-----