Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/SIC0s5X4QRAhaXJuAwj3jiPYfWY.roa
File:                     SIC0s5X4QRAhaXJuAwj3jiPYfWY.roa (raw, json)
Hash identifier:          AgXoXR4yFbVhZPXQENx3vX7yblvwaEg7Xb1CWrHceM4=
Subject key identifier:   48:80:B4:B3:95:F8:41:10:21:69:72:6E:03:08:F7:8E:23:D8:7D:66
Certificate issuer:       /CN=c4eb34dda2f8094968494892063351ee0f10e91a
Certificate serial:       018F057C1403F626177006227154DB0F9443
Authority key identifier: C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/SIC0s5X4QRAhaXJuAwj3jiPYfWY.roa
Signing time:             Mon 22 Apr 2024 11:06:08 +0000
ROA not before:           Mon 22 Apr 2024 11:06:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        193.151.162.0/24 maxlen: 24
                          193.151.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:7c:14:03:f6:26:17:70:06:22:71:54:db:0f:94:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4eb34dda2f8094968494892063351ee0f10e91a
        Validity
            Not Before: Apr 22 11:06:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4880b4b395f841102169726e0308f78e23d87d66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:45:f4:57:81:bb:27:21:36:2a:fb:83:dc:42:
                    c2:6b:73:c2:e7:d1:d3:cb:9f:1c:86:a0:56:98:91:
                    5f:3b:f4:df:f2:fe:40:0e:2f:c5:f3:87:0a:ec:9d:
                    98:94:a9:1c:4d:ca:20:ef:82:77:8b:84:2a:a3:bd:
                    4f:4d:a6:a3:b6:fc:08:fb:41:b3:9f:5e:5f:22:95:
                    f5:e3:b5:b5:ed:68:35:0a:6b:2b:c4:69:3a:10:81:
                    be:02:08:d5:8b:ae:db:36:31:ed:fc:9b:70:2c:83:
                    d2:d9:1f:38:3d:1c:1d:44:80:95:3c:13:42:d5:08:
                    03:9f:a4:b4:2c:0d:c3:7d:7e:db:71:8d:fb:36:91:
                    47:1a:a1:92:88:68:27:24:f3:c1:0e:7b:5d:bf:a1:
                    1b:cf:26:da:2f:0b:11:c9:b9:e3:2b:c7:51:d9:50:
                    3c:f3:ae:8a:96:aa:72:8c:19:d3:ac:78:e0:e0:5e:
                    2a:c9:98:27:91:73:22:02:a5:1a:88:51:e3:c1:b4:
                    38:8b:85:67:3b:ef:82:bf:ea:ae:15:da:57:78:2e:
                    25:f4:d2:cc:9b:15:c1:69:57:17:90:5e:a0:6f:96:
                    5f:ae:9e:06:d4:42:7f:2e:04:b1:ea:84:fa:be:4a:
                    7b:50:00:11:fe:09:c8:30:18:e7:42:4c:23:76:01:
                    5d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:80:B4:B3:95:F8:41:10:21:69:72:6E:03:08:F7:8E:23:D8:7D:66
            X509v3 Authority Key Identifier:
                keyid:C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/SIC0s5X4QRAhaXJuAwj3jiPYfWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:59:08:ad:e0:ac:31:82:5a:0a:9c:76:4c:91:df:e1:4f:2b:
         08:28:16:dd:5f:06:a4:61:d0:82:f9:2a:12:f1:03:f0:ce:a2:
         4e:cc:51:f4:d1:35:2c:c1:e3:72:89:0c:a1:6a:aa:37:4d:42:
         d1:01:1c:f0:48:29:0b:46:94:c2:f8:77:89:7e:09:6d:df:b6:
         ca:c9:8b:0a:26:73:91:ca:dd:bf:c0:35:56:0b:56:ad:c7:ab:
         35:e1:85:9e:25:f2:64:d9:3c:ea:cc:d9:67:88:30:4a:4a:5c:
         47:f1:e8:67:c5:52:82:37:19:0f:61:c2:9d:da:6f:32:d8:42:
         c3:60:33:97:95:28:dc:09:c3:98:57:05:68:0d:c3:10:27:26:
         d0:1f:32:20:05:4f:e9:73:51:d9:53:5f:cb:dc:e8:4d:c0:3c:
         fc:ec:e9:0e:5f:cd:9b:24:0f:82:08:f0:f9:8c:55:dd:23:37:
         4a:3c:d6:12:73:b1:09:a9:0b:26:0f:02:65:d2:a0:78:c2:a0:
         c2:f2:bb:9c:cd:c0:83:28:15:b5:58:d3:b1:c3:06:6a:35:40:
         60:f5:29:83:29:8d:52:21:28:d0:60:08:8c:84:c0:0e:30:df:
         83:71:d8:3b:88:29:a5:8e:b7:55:93:bf:a2:d2:7a:0b:8c:41:
         4b:c6:65:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8FfBQD9iYXcAYicVTbD5RDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWIzNGRkYTJmODA5NDk2ODQ5NDg5MjA2MzM1MWVlMGYx
MGU5MWEwHhcNMjQwNDIyMTEwNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODgwYjRiMzk1Zjg0MTEwMjE2OTcyNmUwMzA4Zjc4ZTIzZDg3ZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0X0V4G7JyE2KvuD3ELCa3PC59HT
y58chqBWmJFfO/Tf8v5ADi/F84cK7J2YlKkcTcog74J3i4Qqo71PTaajtvwI+0Gz
n15fIpX147W17Wg1CmsrxGk6EIG+AgjVi67bNjHt/JtwLIPS2R84PRwdRICVPBNC
1QgDn6S0LA3DfX7bcY37NpFHGqGSiGgnJPPBDntdv6EbzybaLwsRybnjK8dR2VA8
866KlqpyjBnTrHjg4F4qyZgnkXMiAqUaiFHjwbQ4i4VnO++Cv+quFdpXeC4l9NLM
mxXBaVcXkF6gb5Zfrp4G1EJ/LgSx6oT6vkp7UAAR/gnIMBjnQkwjdgFdnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiAtLOV+EEQIWlybgMI944j2H1mMB8GA1UdIwQY
MBaAFMTrNN2i+AlJaElIkgYzUe4PEOkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEt
YTM0N2I1NmYzYjlhLzEvU0lDMHM1WDRRUkFoYVhKdUF3ajNqaVBZZldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEtYTM0N2I1NmYzYjlh
LzEveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwZeiMA0G
CSqGSIb3DQEBCwUAA4IBAQB9WQit4KwxgloKnHZMkd/hTysIKBbdXwakYdCC+SoS
8QPwzqJOzFH00TUsweNyiQyhaqo3TULRARzwSCkLRpTC+HeJfglt37bKyYsKJnOR
yt2/wDVWC1atx6s14YWeJfJk2TzqzNlniDBKSlxH8ehnxVKCNxkPYcKd2m8y2ELD
YDOXlSjcCcOYVwVoDcMQJybQHzIgBU/pc1HZU1/L3OhNwDz87OkOX82bJA+CCPD5
jFXdIzdKPNYSc7EJqQsmDwJl0qB4wqDC8ruczcCDKBW1WNOxwwZqNUBg9SmDKY1S
ISjQYAiMhMAOMN+Dcdg7iCmljrdVk7+i0noLjEFLxmUT
-----END CERTIFICATE-----