Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/sb7x3fktr2wDwxxOSBgIz5UgQus.roa
File:                     sb7x3fktr2wDwxxOSBgIz5UgQus.roa (raw, json)
Hash identifier:          cu2qKdWDk5+i7SpkQ9U+cll7ksxkx6v3+MFlFukaWlE=
Subject key identifier:   B1:BE:F1:DD:F9:2D:AF:6C:03:C3:1C:4E:48:18:08:CF:95:20:42:EB
Certificate issuer:       /CN=b35a20a86939c8de8aedc305243b0fd4ad8654d0
Certificate serial:       018CC794AD890F16E4C571E8E3ADFCE98956
Authority key identifier: B3:5A:20:A8:69:39:C8:DE:8A:ED:C3:05:24:3B:0F:D4:AD:86:54:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s1ogqGk5yN6K7cMFJDsP1K2GVNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/sb7x3fktr2wDwxxOSBgIz5UgQus.roa
Signing time:             Tue 02 Jan 2024 00:30:58 +0000
ROA not before:           Tue 02 Jan 2024 00:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210558
IP address blocks:        194.26.192.0/24 maxlen: 24
                          2.58.56.0/24 maxlen: 24
                          2a12:a800:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/s1ogqGk5yN6K7cMFJDsP1K2GVNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/s1ogqGk5yN6K7cMFJDsP1K2GVNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s1ogqGk5yN6K7cMFJDsP1K2GVNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ad:89:0f:16:e4:c5:71:e8:e3:ad:fc:e9:89:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b35a20a86939c8de8aedc305243b0fd4ad8654d0
        Validity
            Not Before: Jan  2 00:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1bef1ddf92daf6c03c31c4e481808cf952042eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:76:9a:37:17:14:eb:db:a9:67:7a:e1:72:88:
                    64:9b:32:39:77:12:ca:56:be:5a:31:75:04:d1:5c:
                    3c:73:cb:5e:2b:f0:96:20:29:64:94:66:c6:51:e6:
                    02:a7:16:00:f9:e2:ba:1d:04:db:49:5e:48:58:15:
                    12:ab:7e:a6:6b:49:a3:73:05:3d:5f:3e:9c:48:9a:
                    59:31:75:dd:3e:66:c1:44:fc:57:0f:5d:43:8d:7f:
                    60:68:bd:51:0f:46:b9:e4:26:b6:f8:94:4c:fa:d6:
                    96:c8:06:54:77:81:54:36:b4:df:88:07:0a:4f:af:
                    95:6d:bd:c7:2a:39:85:82:2a:b0:28:7f:a1:49:4e:
                    1c:23:70:fe:43:49:75:6d:b5:5f:17:0e:ab:ef:e0:
                    d7:63:f2:b1:92:2b:b4:4d:fe:6f:39:1c:35:6c:7c:
                    f3:19:69:6d:8a:1f:8d:e4:ae:a1:85:d8:6b:f0:98:
                    25:e2:40:95:e0:52:e6:63:6f:60:50:b1:7e:45:75:
                    de:c3:04:af:7b:aa:6d:13:0e:e3:9f:8c:01:b9:6b:
                    b2:30:f7:ec:ee:92:08:43:3f:f2:dc:6b:33:32:38:
                    d9:23:d7:59:c1:6c:3d:f1:86:d5:1a:5f:c5:ae:c3:
                    0f:28:81:97:91:75:dc:6a:0c:f8:ea:e3:bc:58:07:
                    c5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:BE:F1:DD:F9:2D:AF:6C:03:C3:1C:4E:48:18:08:CF:95:20:42:EB
            X509v3 Authority Key Identifier:
                keyid:B3:5A:20:A8:69:39:C8:DE:8A:ED:C3:05:24:3B:0F:D4:AD:86:54:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ogqGk5yN6K7cMFJDsP1K2GVNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/sb7x3fktr2wDwxxOSBgIz5UgQus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/162186-50d1-4761-aaf0-a542589799bc/1/s1ogqGk5yN6K7cMFJDsP1K2GVNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.56.0/24
                  194.26.192.0/24
                IPv6:
                  2a12:a800:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:b6:1e:56:a4:ab:c6:c1:dd:73:50:0b:10:28:74:79:7d:a9:
         96:df:65:82:42:48:96:6f:50:6f:c1:b5:c6:d4:a9:63:2b:00:
         d4:33:12:06:e7:91:cd:d3:d4:9a:ac:a2:78:7a:33:c0:23:2b:
         f2:a6:f8:12:c9:87:94:a9:f8:6b:fc:6c:31:67:f8:cc:b7:f7:
         d8:ae:7e:04:5a:c4:63:6c:90:b5:13:7e:ec:65:ec:82:e2:7c:
         4b:dd:e1:e0:5a:83:49:32:55:e7:47:65:b0:1c:df:94:45:37:
         ef:9d:5d:02:8e:42:ca:4c:cf:5e:3d:b6:4c:eb:84:33:fa:4d:
         c0:bf:93:52:e9:fa:1f:ef:90:01:ee:f0:2d:ac:0c:1f:cb:93:
         2b:9b:20:99:b9:0d:50:b4:ff:37:8b:c1:d4:d6:f0:a0:53:b1:
         78:57:66:e7:5f:df:05:d8:3b:3e:e4:a7:16:b3:a9:6e:b1:fa:
         13:98:51:f9:54:bd:17:93:10:00:62:a0:50:bb:00:88:8b:d6:
         86:b5:49:37:37:5e:e6:7b:a7:76:aa:16:2c:4b:10:72:f3:22:
         71:46:21:51:0d:df:3d:28:ee:4a:65:9b:84:1b:f1:f3:28:5b:
         8c:ce:b9:a6:11:56:c7:4f:46:ef:a5:38:74:09:8e:6c:01:44:
         a9:c0:ef:85
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHlK2JDxbkxXHo46386YlWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNWEyMGE4NjkzOWM4ZGU4YWVkYzMwNTI0M2IwZmQ0YWQ4
NjU0ZDAwHhcNMjQwMTAyMDAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWJlZjFkZGY5MmRhZjZjMDNjMzFjNGU0ODE4MDhjZjk1MjA0MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXaaNxcU69upZ3rhcohkmzI5dxLK
Vr5aMXUE0Vw8c8teK/CWIClklGbGUeYCpxYA+eK6HQTbSV5IWBUSq36ma0mjcwU9
Xz6cSJpZMXXdPmbBRPxXD11DjX9gaL1RD0a55Ca2+JRM+taWyAZUd4FUNrTfiAcK
T6+Vbb3HKjmFgiqwKH+hSU4cI3D+Q0l1bbVfFw6r7+DXY/Kxkiu0Tf5vORw1bHzz
GWltih+N5K6hhdhr8Jgl4kCV4FLmY29gULF+RXXewwSve6ptEw7jn4wBuWuyMPfs
7pIIQz/y3GszMjjZI9dZwWw98YbVGl/FrsMPKIGXkXXcagz46uO8WAfFRQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLG+8d35La9sA8McTkgYCM+VIELrMB8GA1UdIwQY
MBaAFLNaIKhpOcjeiu3DBSQ7D9SthlTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFvZ3FHazV5TjZLN2NNRkpEc1AxSzJHVk5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8xNjIxODYtNTBkMS00NzYxLWFhZjAt
YTU0MjU4OTc5OWJjLzEvc2I3eDNma3RyMndEd3h4T1NCZ0l6NVVnUXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8xNjIxODYtNTBkMS00NzYxLWFhZjAtYTU0MjU4OTc5OWJj
LzEvczFvZ3FHazV5TjZLN2NNRkpEc1AxSzJHVk5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAAjo4AwQA
whrAMA8EAgACMAkDBwAqEqgAAAEwDQYJKoZIhvcNAQELBQADggEBABG2Hlakq8bB
3XNQCxAodHl9qZbfZYJCSJZvUG/BtcbUqWMrANQzEgbnkc3T1Jqsonh6M8AjK/Km
+BLJh5Sp+Gv8bDFn+My399iufgRaxGNskLUTfuxl7ILifEvd4eBag0kyVedHZbAc
35RFN++dXQKOQspMz149tkzrhDP6TcC/k1Lp+h/vkAHu8C2sDB/LkyubIJm5DVC0
/zeLwdTW8KBTsXhXZudf3wXYOz7kpxazqW6x+hOYUflUvReTEABioFC7AIiL1oa1
STc3XuZ7p3aqFixLEHLzInFGIVEN3z0o7kplm4Qb8fMoW4zOuaYRVsdPRu+lOHQJ
jmwBRKnA74U=
-----END CERTIFICATE-----