Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/4f4eff-af54-4db0-91cd-1369cef7a4ca/1/SIu5F_B6GCwYSv12DQjcqdH3REs.roa
File:                     SIu5F_B6GCwYSv12DQjcqdH3REs.roa (raw, json)
Hash identifier:          9oF9/SSihGo8Erl+kaljhQwsnwXiqC2Trk7FcDh57wM=
Subject key identifier:   48:8B:B9:17:F0:7A:18:2C:18:4A:FD:76:0D:08:DC:A9:D1:F7:44:4B
Certificate issuer:       /CN=bd68c1dad91a4101c7153c0f6d0156238ad746bb
Certificate serial:       018CC4245C69C0DFF39BB1235579DFBBFF16
Authority key identifier: BD:68:C1:DA:D9:1A:41:01:C7:15:3C:0F:6D:01:56:23:8A:D7:46:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWjB2tkaQQHHFTwPbQFWI4rXRrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/4f4eff-af54-4db0-91cd-1369cef7a4ca/1/SIu5F_B6GCwYSv12DQjcqdH3REs.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8937
IP address blocks:        192.109.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/4f4eff-af54-4db0-91cd-1369cef7a4ca/1/vWjB2tkaQQHHFTwPbQFWI4rXRrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/4f4eff-af54-4db0-91cd-1369cef7a4ca/1/vWjB2tkaQQHHFTwPbQFWI4rXRrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vWjB2tkaQQHHFTwPbQFWI4rXRrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5c:69:c0:df:f3:9b:b1:23:55:79:df:bb:ff:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd68c1dad91a4101c7153c0f6d0156238ad746bb
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=488bb917f07a182c184afd760d08dca9d1f7444b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ba:a0:23:71:83:e5:13:b9:c7:2b:b9:a7:99:
                    de:ff:9b:25:13:78:56:15:6b:e0:5c:2a:5f:20:23:
                    d7:a3:90:e6:95:13:09:5a:f7:2d:77:98:05:05:7a:
                    55:2a:f5:74:e3:b9:c5:ee:e8:7a:64:4b:84:23:ed:
                    d1:8e:ce:2e:98:7a:e7:33:6b:31:ad:45:f7:7f:9a:
                    ba:a0:32:5e:62:a2:fc:07:8a:0e:c7:3f:6b:6c:d8:
                    92:7a:40:6b:e7:04:aa:ae:8b:b5:a2:00:2b:ec:ca:
                    d5:46:f8:6f:2f:63:25:5b:4f:38:59:51:e1:ca:4f:
                    c4:00:b3:ad:ad:f5:c8:5f:51:be:50:29:ab:37:9b:
                    a6:b3:c9:87:d4:f1:74:f8:3d:3f:1a:11:cf:cc:14:
                    30:45:a9:59:66:d7:d7:9b:c5:f0:22:ea:b0:74:35:
                    55:fd:a3:79:7a:1d:d8:d1:d4:9a:5e:06:28:b7:e7:
                    2f:c7:9d:2b:84:5d:6c:5b:82:18:87:8e:b6:b6:56:
                    a1:b1:16:8d:24:39:93:31:32:72:c9:f9:ac:46:3c:
                    20:e0:7e:60:ee:2c:42:99:2a:85:f4:73:24:f4:1b:
                    3f:b9:a5:9a:29:9b:3f:eb:5c:a1:c6:70:60:d1:9b:
                    56:d0:d6:89:23:66:c3:10:85:9f:73:fd:fb:32:11:
                    67:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:8B:B9:17:F0:7A:18:2C:18:4A:FD:76:0D:08:DC:A9:D1:F7:44:4B
            X509v3 Authority Key Identifier:
                keyid:BD:68:C1:DA:D9:1A:41:01:C7:15:3C:0F:6D:01:56:23:8A:D7:46:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWjB2tkaQQHHFTwPbQFWI4rXRrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/4f4eff-af54-4db0-91cd-1369cef7a4ca/1/SIu5F_B6GCwYSv12DQjcqdH3REs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/4f4eff-af54-4db0-91cd-1369cef7a4ca/1/vWjB2tkaQQHHFTwPbQFWI4rXRrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:f9:70:3f:d9:3f:b5:37:c3:bd:71:ee:8c:81:20:e9:af:26:
         c3:90:b6:13:05:b0:d9:9c:44:f1:b4:3e:72:85:64:32:2c:13:
         6f:04:ab:e7:cf:9a:4a:c4:97:3d:81:f9:3b:ae:12:66:f7:5d:
         55:24:aa:ac:cc:73:75:26:6b:0d:69:e5:1d:87:e1:cd:f8:7a:
         11:fe:55:30:2d:c3:5b:3c:31:3f:5e:41:85:83:0f:17:cb:8f:
         39:d7:c9:fd:5d:3b:4b:a6:46:ac:7a:b5:e7:aa:87:d5:4d:72:
         20:01:91:3f:10:9f:4d:a2:66:3a:44:89:61:a2:41:f1:75:39:
         05:4d:f2:c6:56:fd:aa:06:38:1c:0c:64:68:f0:a9:19:af:4a:
         31:42:9f:4e:3c:66:6c:d7:16:1a:b5:26:77:bf:61:fa:d8:a8:
         d6:54:5c:af:f6:0a:91:cc:a6:08:5d:0a:5a:e4:9d:44:db:9b:
         82:92:3d:bb:71:d0:d7:57:0c:27:2b:cf:31:2a:54:c8:f9:96:
         e9:25:be:a4:c5:71:0b:80:4b:7a:9a:38:1c:fd:03:b3:82:56:
         ad:80:aa:ca:c0:a6:d3:7f:85:4e:23:5b:4d:bb:1c:7a:99:35:
         48:68:89:ee:b6:20:71:25:6c:88:d9:23:a1:ca:86:f1:e9:33:
         6c:f1:4c:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFxpwN/zm7EjVXnfu/8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNjhjMWRhZDkxYTQxMDFjNzE1M2MwZjZkMDE1NjIzOGFk
NzQ2YmIwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODhiYjkxN2YwN2ExODJjMTg0YWZkNzYwZDA4ZGNhOWQxZjc0NDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7qgI3GD5RO5xyu5p5ne/5slE3hW
FWvgXCpfICPXo5DmlRMJWvctd5gFBXpVKvV047nF7uh6ZEuEI+3Rjs4umHrnM2sx
rUX3f5q6oDJeYqL8B4oOxz9rbNiSekBr5wSqrou1ogAr7MrVRvhvL2MlW084WVHh
yk/EALOtrfXIX1G+UCmrN5ums8mH1PF0+D0/GhHPzBQwRalZZtfXm8XwIuqwdDVV
/aN5eh3Y0dSaXgYot+cvx50rhF1sW4IYh462tlahsRaNJDmTMTJyyfmsRjwg4H5g
7ixCmSqF9HMk9Bs/uaWaKZs/61yhxnBg0ZtW0NaJI2bDEIWfc/37MhFnTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiLuRfwehgsGEr9dg0I3KnR90RLMB8GA1UdIwQY
MBaAFL1owdrZGkEBxxU8D20BViOK10a7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldqQjJ0a2FRUUhIRlR3UGJRRldJNHJYUnJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi80ZjRlZmYtYWY1NC00ZGIwLTkxY2Qt
MTM2OWNlZjdhNGNhLzEvU0l1NUZfQjZHQ3dZU3YxMkRRamNxZEgzUkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi80ZjRlZmYtYWY1NC00ZGIwLTkxY2QtMTM2OWNlZjdhNGNh
LzEvdldqQjJ0a2FRUUhIRlR3UGJRRldJNHJYUnJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3HMA0G
CSqGSIb3DQEBCwUAA4IBAQBA+XA/2T+1N8O9ce6MgSDprybDkLYTBbDZnETxtD5y
hWQyLBNvBKvnz5pKxJc9gfk7rhJm911VJKqszHN1JmsNaeUdh+HN+HoR/lUwLcNb
PDE/XkGFgw8Xy48518n9XTtLpkaserXnqofVTXIgAZE/EJ9NomY6RIlhokHxdTkF
TfLGVv2qBjgcDGRo8KkZr0oxQp9OPGZs1xYatSZ3v2H62KjWVFyv9gqRzKYIXQpa
5J1E25uCkj27cdDXVwwnK88xKlTI+ZbpJb6kxXELgEt6mjgc/QOzglatgKrKwKbT
f4VOI1tNuxx6mTVIaInutiBxJWyI2SOhyobx6TNs8Uxw
-----END CERTIFICATE-----