Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/S5dYTF5Nmq4xSyUCjdVjDofstD4.roa
File:                     S5dYTF5Nmq4xSyUCjdVjDofstD4.roa (raw, json)
Hash identifier:          azl+FMSvQPoVvsyJH/kZKgyyvOrgtiVIs6qf1gqhXng=
Subject key identifier:   4B:97:58:4C:5E:4D:9A:AE:31:4B:25:02:8D:D5:63:0E:87:EC:B4:3E
Certificate issuer:       /CN=1bdba013655b9bb0caa285d75c142c1ee30f8854
Certificate serial:       018CC94E1860D77744C73AFDF73BE9E02BE7
Authority key identifier: 1B:DB:A0:13:65:5B:9B:B0:CA:A2:85:D7:5C:14:2C:1E:E3:0F:88:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/S5dYTF5Nmq4xSyUCjdVjDofstD4.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51580
IP address blocks:        193.176.238.0/24 maxlen: 24
                          193.176.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:18:60:d7:77:44:c7:3a:fd:f7:3b:e9:e0:2b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bdba013655b9bb0caa285d75c142c1ee30f8854
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b97584c5e4d9aae314b25028dd5630e87ecb43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:91:22:29:16:27:7b:b1:bd:d8:68:ca:a2:18:
                    71:6f:0c:bf:9a:df:cd:4a:62:39:7c:ba:15:2f:e9:
                    ff:01:c2:53:f7:aa:83:20:35:9b:5e:0b:fe:33:c9:
                    52:51:c7:b0:58:82:c9:1a:12:5f:65:ab:6e:b1:82:
                    e6:04:bf:aa:cb:57:03:1e:27:04:93:46:4a:40:00:
                    6b:83:ed:ce:78:79:a0:13:8b:c7:d5:3c:0a:40:37:
                    6c:d1:e5:8d:fc:26:42:fb:c4:1f:46:d7:83:3e:74:
                    39:89:ae:c6:20:c5:05:b5:7b:92:a5:65:af:4e:a2:
                    c2:d8:c0:e0:d0:12:32:3d:ef:6c:99:fb:66:ea:cc:
                    a5:0a:02:13:87:0b:86:22:bd:3a:1a:a5:71:7b:79:
                    20:e6:0b:2e:fb:6f:bd:72:41:cf:96:f0:53:c8:57:
                    93:07:91:4b:90:5f:d2:4b:e5:df:b0:d7:b0:0a:de:
                    cf:40:eb:71:f9:92:55:ba:e0:a5:51:6c:ee:69:01:
                    4e:07:a8:7d:6b:75:b6:a7:aa:9a:c4:94:33:c9:70:
                    b6:bc:be:4d:64:44:c2:6b:45:1b:2a:83:7c:c8:8e:
                    73:c0:71:38:80:c4:0e:9d:83:72:30:46:22:c1:9f:
                    eb:2c:a3:ec:98:7a:0a:ee:59:12:5b:00:66:b1:ce:
                    8d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:97:58:4C:5E:4D:9A:AE:31:4B:25:02:8D:D5:63:0E:87:EC:B4:3E
            X509v3 Authority Key Identifier:
                keyid:1B:DB:A0:13:65:5B:9B:B0:CA:A2:85:D7:5C:14:2C:1E:E3:0F:88:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/S5dYTF5Nmq4xSyUCjdVjDofstD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/6a2946-f0a4-4e85-930e-d4edf16e0978/1/G9ugE2Vbm7DKooXXXBQsHuMPiFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.238.0/24
                  193.176.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:5f:f4:6c:80:bc:d1:80:c1:51:aa:3a:a1:ed:a9:01:67:fc:
         88:bd:a8:40:d7:61:fe:93:1a:4d:c2:f6:2e:b0:7e:0e:7d:97:
         55:f8:d4:c0:eb:50:8a:2d:65:ac:c3:e5:1e:3d:af:56:93:ed:
         4f:fd:77:fc:24:b4:c2:d9:0d:ba:95:8c:5f:9e:7c:58:a1:a9:
         c0:44:56:86:ac:2f:71:8c:60:1a:bd:93:1a:a5:d6:55:26:63:
         e2:04:19:78:1a:03:be:8c:43:44:c7:9f:2e:9e:a1:e4:bf:bc:
         34:0c:95:e5:a3:06:9e:1c:84:6c:a5:81:d2:7c:f2:32:5f:76:
         88:34:e4:6d:bd:2e:ca:92:5c:2f:49:3a:a3:ba:f6:97:cf:e2:
         78:6d:18:c2:67:2b:d4:09:51:d8:84:da:f6:f3:20:3c:58:2d:
         09:d6:09:33:2d:3b:ba:94:7f:93:cd:26:9d:5b:de:64:1b:78:
         d2:d4:83:ac:80:e1:90:55:ea:2f:c8:dd:c5:eb:86:a5:91:b6:
         cc:31:8e:55:42:8f:0a:e8:43:d2:2a:8e:88:4f:b6:1f:5b:29:
         d3:84:36:4f:1c:cf:97:21:44:b2:26:65:8a:c7:1a:55:e4:5e:
         0c:4c:33:fb:16:98:b1:64:68:57:8e:69:77:c3:cd:6d:fb:96:
         85:bf:97:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJThhg13dExzr99zvp4CvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZGJhMDEzNjU1YjliYjBjYWEyODVkNzVjMTQyYzFlZTMw
Zjg4NTQwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjk3NTg0YzVlNGQ5YWFlMzE0YjI1MDI4ZGQ1NjMwZTg3ZWNiNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZEiKRYne7G92GjKohhxbwy/mt/N
SmI5fLoVL+n/AcJT96qDIDWbXgv+M8lSUcewWILJGhJfZatusYLmBL+qy1cDHicE
k0ZKQABrg+3OeHmgE4vH1TwKQDds0eWN/CZC+8QfRteDPnQ5ia7GIMUFtXuSpWWv
TqLC2MDg0BIyPe9smftm6sylCgIThwuGIr06GqVxe3kg5gsu+2+9ckHPlvBTyFeT
B5FLkF/SS+XfsNewCt7PQOtx+ZJVuuClUWzuaQFOB6h9a3W2p6qaxJQzyXC2vL5N
ZETCa0UbKoN8yI5zwHE4gMQOnYNyMEYiwZ/rLKPsmHoK7lkSWwBmsc6NUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEuXWExeTZquMUslAo3VYw6H7LQ+MB8GA1UdIwQY
MBaAFBvboBNlW5uwyqKF11wULB7jD4hUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzl1Z0UyVmJtN0RLb29YWFhCUXNIdU1QaUZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi82YTI5NDYtZjBhNC00ZTg1LTkzMGUt
ZDRlZGYxNmUwOTc4LzEvUzVkWVRGNU5tcTR4U3lVQ2pkVmpEb2ZzdEQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi82YTI5NDYtZjBhNC00ZTg1LTkzMGUtZDRlZGYxNmUwOTc4
LzEvRzl1Z0UyVmJtN0RLb29YWFhCUXNIdU1QaUZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbDuAwQA
wbD2MA0GCSqGSIb3DQEBCwUAA4IBAQADX/RsgLzRgMFRqjqh7akBZ/yIvahA12H+
kxpNwvYusH4OfZdV+NTA61CKLWWsw+UePa9Wk+1P/Xf8JLTC2Q26lYxfnnxYoanA
RFaGrC9xjGAavZMapdZVJmPiBBl4GgO+jENEx58unqHkv7w0DJXlowaeHIRspYHS
fPIyX3aINORtvS7KklwvSTqjuvaXz+J4bRjCZyvUCVHYhNr28yA8WC0J1gkzLTu6
lH+TzSadW95kG3jS1IOsgOGQVeovyN3F64alkbbMMY5VQo8K6EPSKo6IT7YfWynT
hDZPHM+XIUSyJmWKxxpV5F4MTDP7FpixZGhXjml3w81t+5aFv5c5
-----END CERTIFICATE-----