Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/464194-53ad-4031-856b-4332c957a22f/1/SmhFolwIn3kTRgGOffk_ac06YNk.roa
File:                     SmhFolwIn3kTRgGOffk_ac06YNk.roa (raw, json)
Hash identifier:          TAXLQh72sSmLf9IV/AKqeAGXws+KnSPg76pj5FP6m4o=
Subject key identifier:   4A:68:45:A2:5C:08:9F:79:13:46:01:8E:7D:F9:3F:69:CD:3A:60:D9
Certificate issuer:       /CN=6b4b3e6a7c8783fc8a5719fbd9f37b32c8c7c5ca
Certificate serial:       018CC9BC661A362E96C6EB4230C91603BA0B
Authority key identifier: 6B:4B:3E:6A:7C:87:83:FC:8A:57:19:FB:D9:F3:7B:32:C8:C7:C5:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0s-anyHg_yKVxn72fN7MsjHxco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/464194-53ad-4031-856b-4332c957a22f/1/SmhFolwIn3kTRgGOffk_ac06YNk.roa
Signing time:             Tue 02 Jan 2024 10:33:36 +0000
ROA not before:           Tue 02 Jan 2024 10:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9255
IP address blocks:        194.124.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/464194-53ad-4031-856b-4332c957a22f/1/a0s-anyHg_yKVxn72fN7MsjHxco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/464194-53ad-4031-856b-4332c957a22f/1/a0s-anyHg_yKVxn72fN7MsjHxco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0s-anyHg_yKVxn72fN7MsjHxco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:66:1a:36:2e:96:c6:eb:42:30:c9:16:03:ba:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b4b3e6a7c8783fc8a5719fbd9f37b32c8c7c5ca
        Validity
            Not Before: Jan  2 10:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a6845a25c089f791346018e7df93f69cd3a60d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bf:b6:57:30:9d:8f:eb:d5:91:b5:6a:99:d8:
                    a9:d2:48:52:95:2a:7a:03:49:56:09:3d:eb:26:50:
                    58:af:21:bd:7e:71:ef:d6:9d:03:48:d6:93:ad:47:
                    ce:81:c1:36:29:79:31:9a:73:ec:0b:b9:db:7e:e0:
                    f7:2b:85:23:4a:12:c1:5c:8a:17:a8:10:15:af:65:
                    d1:58:9a:d9:12:e3:86:b9:05:d8:d1:a5:16:d0:f5:
                    f3:d0:1d:d8:e4:87:97:45:b5:96:4d:eb:12:97:09:
                    08:48:9e:f4:64:d7:e3:eb:11:82:b2:14:e3:d6:da:
                    38:c2:76:d9:9a:3f:f7:c4:fb:ce:74:a7:57:1d:90:
                    2a:6d:bb:32:90:ad:9b:75:de:28:07:c9:9f:6d:a1:
                    c0:d5:6f:34:ab:eb:6e:b7:bd:a8:42:c0:68:d7:37:
                    b4:f8:13:cf:ae:1d:90:cf:f9:67:56:5b:40:aa:37:
                    82:55:0a:27:b7:17:02:51:e8:5f:aa:85:5d:6a:2b:
                    f7:b8:e9:27:f5:0c:f3:7f:b4:ec:ba:e8:64:3a:cf:
                    93:52:96:06:2a:d5:15:7e:bf:14:c8:03:36:27:d7:
                    96:62:a8:c7:b1:bf:3d:0f:93:45:81:a2:4a:80:55:
                    ab:89:22:20:0d:8d:0e:10:21:e4:85:1b:c8:ca:e6:
                    4c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:68:45:A2:5C:08:9F:79:13:46:01:8E:7D:F9:3F:69:CD:3A:60:D9
            X509v3 Authority Key Identifier:
                keyid:6B:4B:3E:6A:7C:87:83:FC:8A:57:19:FB:D9:F3:7B:32:C8:C7:C5:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0s-anyHg_yKVxn72fN7MsjHxco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/464194-53ad-4031-856b-4332c957a22f/1/SmhFolwIn3kTRgGOffk_ac06YNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/464194-53ad-4031-856b-4332c957a22f/1/a0s-anyHg_yKVxn72fN7MsjHxco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a1:67:ac:4c:fd:c8:31:a9:18:5d:fc:cd:52:47:d8:2d:39:
         31:fc:49:77:04:a2:89:92:aa:46:82:6e:c3:3e:90:54:49:4b:
         ee:3b:17:a9:37:00:90:49:78:f8:44:de:a3:d4:d0:94:65:7c:
         1a:c6:3e:be:81:23:1f:bd:f5:d9:26:c2:2d:4e:6a:b8:d6:e2:
         34:c9:a7:c5:20:8a:70:43:d3:10:03:87:de:0c:7a:21:46:23:
         fc:fe:34:2f:f1:b7:42:29:69:f2:4e:fe:b4:03:c1:d1:aa:29:
         64:6c:df:f7:c6:1c:0c:25:52:30:47:50:00:65:d5:65:ea:13:
         ed:10:40:20:bc:d8:6b:7e:f2:10:a8:b6:da:81:13:35:de:1f:
         8e:66:4f:6e:dd:a6:42:16:72:98:2c:08:cb:b7:52:f2:e6:74:
         47:dc:7f:ea:84:cc:38:cc:71:92:54:6d:e0:2f:a7:72:97:ea:
         f5:c6:bd:6b:82:93:ec:26:d1:a2:d3:c3:e9:9b:26:02:9a:bf:
         b4:e8:5e:0d:f7:19:78:78:75:8b:0a:76:25:4a:30:c0:55:5d:
         c6:f5:5f:12:60:33:19:b4:04:af:15:3d:6e:b3:cb:2f:0b:32:
         25:ca:a7:40:fe:0e:c5:6e:2d:6d:0c:1b:07:75:1d:e9:84:11:
         ca:ce:82:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGYaNi6WxutCMMkWA7oLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNGIzZTZhN2M4NzgzZmM4YTU3MTlmYmQ5ZjM3YjMyYzhj
N2M1Y2EwHhcNMjQwMTAyMTAzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY4NDVhMjVjMDg5Zjc5MTM0NjAxOGU3ZGY5M2Y2OWNkM2E2MGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL+2VzCdj+vVkbVqmdip0khSlSp6
A0lWCT3rJlBYryG9fnHv1p0DSNaTrUfOgcE2KXkxmnPsC7nbfuD3K4UjShLBXIoX
qBAVr2XRWJrZEuOGuQXY0aUW0PXz0B3Y5IeXRbWWTesSlwkISJ70ZNfj6xGCshTj
1to4wnbZmj/3xPvOdKdXHZAqbbsykK2bdd4oB8mfbaHA1W80q+tut72oQsBo1ze0
+BPPrh2Qz/lnVltAqjeCVQontxcCUehfqoVdaiv3uOkn9Qzzf7TsuuhkOs+TUpYG
KtUVfr8UyAM2J9eWYqjHsb89D5NFgaJKgFWriSIgDY0OECHkhRvIyuZMXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpoRaJcCJ95E0YBjn35P2nNOmDZMB8GA1UdIwQY
MBaAFGtLPmp8h4P8ilcZ+9nzezLIx8XKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBzLWFueUhnX3lLVnhuNzJmTjdNc2pIeGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NjQxOTQtNTNhZC00MDMxLTg1NmIt
NDMzMmM5NTdhMjJmLzEvU21oRm9sd0luM2tUUmdHT2Zma19hYzA2WU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NjQxOTQtNTNhZC00MDMxLTg1NmItNDMzMmM5NTdhMjJm
LzEvYTBzLWFueUhnX3lLVnhuNzJmTjdNc2pIeGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwny8MA0G
CSqGSIb3DQEBCwUAA4IBAQAGoWesTP3IMakYXfzNUkfYLTkx/El3BKKJkqpGgm7D
PpBUSUvuOxepNwCQSXj4RN6j1NCUZXwaxj6+gSMfvfXZJsItTmq41uI0yafFIIpw
Q9MQA4feDHohRiP8/jQv8bdCKWnyTv60A8HRqilkbN/3xhwMJVIwR1AAZdVl6hPt
EEAgvNhrfvIQqLbagRM13h+OZk9u3aZCFnKYLAjLt1Ly5nRH3H/qhMw4zHGSVG3g
L6dyl+r1xr1rgpPsJtGi08PpmyYCmr+06F4N9xl4eHWLCnYlSjDAVV3G9V8SYDMZ
tASvFT1us8svCzIlyqdA/g7Fbi1tDBsHdR3phBHKzoIm
-----END CERTIFICATE-----