Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/35f43b-087c-490b-9c03-1857e4268fbf/1/SffW5PPEwf34KtOYlEgxltYoxO4.roa
File:                     SffW5PPEwf34KtOYlEgxltYoxO4.roa (raw, json)
Hash identifier:          5Cf3ap8BomYstOHda1C4GqYNDrgS9PHXziig2AfG2+c=
Subject key identifier:   49:F7:D6:E4:F3:C4:C1:FD:F8:2A:D3:98:94:48:31:96:D6:28:C4:EE
Certificate issuer:       /CN=e8b65f1d5e970e6082d2cfd6f99ef9c8174a1440
Certificate serial:       018CC64B4A2643C055B2609FE020531851B5
Authority key identifier: E8:B6:5F:1D:5E:97:0E:60:82:D2:CF:D6:F9:9E:F9:C8:17:4A:14:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LZfHV6XDmCC0s_W-Z75yBdKFEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/35f43b-087c-490b-9c03-1857e4268fbf/1/SffW5PPEwf34KtOYlEgxltYoxO4.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204731
IP address blocks:        185.241.224.0/22 maxlen: 23
                          2a0c:b381::/32 maxlen: 40
                          2a0c:b380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/35f43b-087c-490b-9c03-1857e4268fbf/1/6LZfHV6XDmCC0s_W-Z75yBdKFEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/35f43b-087c-490b-9c03-1857e4268fbf/1/6LZfHV6XDmCC0s_W-Z75yBdKFEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LZfHV6XDmCC0s_W-Z75yBdKFEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:03:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4a:26:43:c0:55:b2:60:9f:e0:20:53:18:51:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b65f1d5e970e6082d2cfd6f99ef9c8174a1440
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49f7d6e4f3c4c1fdf82ad39894483196d628c4ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:eb:9f:3a:6d:47:cf:ee:a3:81:de:81:2b:e1:
                    37:8d:36:67:ce:7d:cf:d2:0b:b7:db:49:bd:c4:c0:
                    6e:c6:0a:33:06:d2:37:33:a1:21:43:6a:79:1c:27:
                    73:3a:b1:05:c5:c7:0b:00:93:4c:5b:4c:a2:bd:ba:
                    43:69:56:cd:43:57:56:bf:d7:89:43:85:c3:94:49:
                    02:09:7a:3d:b4:8a:71:08:b8:68:ca:49:e3:89:99:
                    1a:f5:fe:96:55:b7:e8:2b:bd:08:e7:68:c2:2e:5d:
                    fb:a9:57:d0:83:dd:90:89:9e:4c:cb:ce:6f:32:75:
                    b3:b7:94:95:2f:04:b4:17:a8:99:14:e5:9b:41:94:
                    cd:81:63:6e:a9:bf:f3:9d:46:87:48:26:3c:95:6d:
                    2d:bc:03:0f:5a:13:7a:e4:ef:20:dd:90:e2:82:34:
                    6c:e6:f1:d7:52:7c:5b:52:3e:7d:e4:3b:92:0e:28:
                    60:4a:cb:f5:e6:67:d5:7b:9f:dd:5f:67:41:86:a4:
                    c3:aa:b6:7f:46:d3:2d:41:17:09:e5:84:e1:4d:e8:
                    ce:9c:ef:ea:98:6f:04:18:81:fc:2d:3e:48:c5:52:
                    f8:41:c2:90:f3:43:41:cb:1f:82:60:37:d7:ba:16:
                    46:64:ce:e5:57:ff:3b:05:31:cf:ff:db:86:4b:05:
                    b4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:F7:D6:E4:F3:C4:C1:FD:F8:2A:D3:98:94:48:31:96:D6:28:C4:EE
            X509v3 Authority Key Identifier:
                keyid:E8:B6:5F:1D:5E:97:0E:60:82:D2:CF:D6:F9:9E:F9:C8:17:4A:14:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LZfHV6XDmCC0s_W-Z75yBdKFEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/35f43b-087c-490b-9c03-1857e4268fbf/1/SffW5PPEwf34KtOYlEgxltYoxO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/35f43b-087c-490b-9c03-1857e4268fbf/1/6LZfHV6XDmCC0s_W-Z75yBdKFEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.224.0/22
                IPv6:
                  2a0c:b380::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:6a:4f:4a:5d:89:30:b6:32:3c:e7:f4:20:ba:71:6d:93:26:
         89:c6:de:46:98:e0:b3:d6:37:3b:86:a3:ff:e3:19:97:75:b3:
         5b:89:1a:29:d4:21:dc:85:7c:22:10:89:7b:cb:08:5e:7b:b1:
         92:4d:f2:f4:43:6b:54:4b:22:92:db:24:aa:a4:4a:48:6f:b8:
         db:6f:21:d1:f0:32:4d:ad:05:b1:9b:7d:4a:96:c3:f9:0c:c7:
         52:45:cd:31:ef:0d:23:02:52:6a:f8:82:ef:f1:9a:f5:ed:d8:
         1d:e6:6f:6d:ef:2f:7d:4d:c4:ee:a9:4b:e6:ba:36:92:83:04:
         73:f7:e4:11:52:a7:15:e9:0f:f1:b5:27:69:37:85:a0:67:7d:
         58:20:ae:3b:da:09:d5:01:b9:6f:b4:b4:d5:87:05:d7:f7:97:
         d0:e2:99:5c:6b:36:de:b5:55:7e:17:53:bc:ef:d0:a0:d2:16:
         52:45:6f:75:c9:16:cd:57:76:53:2d:3a:25:fb:56:66:63:1b:
         9b:60:51:ad:43:5c:13:1d:4b:87:dd:7a:a6:a3:4c:15:2c:0f:
         e1:f1:e0:01:8d:4a:3c:2d:1a:5c:68:5f:08:88:dc:3e:15:19:
         dd:f6:18:7d:e3:f0:9f:de:c7:0b:57:26:ee:a1:50:59:5d:aa:
         57:3f:32:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS0omQ8BVsmCf4CBTGFG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjY1ZjFkNWU5NzBlNjA4MmQyY2ZkNmY5OWVmOWM4MTc0
YTE0NDAwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWY3ZDZlNGYzYzRjMWZkZjgyYWQzOTg5NDQ4MzE5NmQ2MjhjNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuufOm1Hz+6jgd6BK+E3jTZnzn3P
0gu320m9xMBuxgozBtI3M6EhQ2p5HCdzOrEFxccLAJNMW0yivbpDaVbNQ1dWv9eJ
Q4XDlEkCCXo9tIpxCLhoyknjiZka9f6WVbfoK70I52jCLl37qVfQg92QiZ5My85v
MnWzt5SVLwS0F6iZFOWbQZTNgWNuqb/znUaHSCY8lW0tvAMPWhN65O8g3ZDigjRs
5vHXUnxbUj595DuSDihgSsv15mfVe5/dX2dBhqTDqrZ/RtMtQRcJ5YThTejOnO/q
mG8EGIH8LT5IxVL4QcKQ80NByx+CYDfXuhZGZM7lV/87BTHP/9uGSwW0rQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEn31uTzxMH9+CrTmJRIMZbWKMTuMB8GA1UdIwQY
MBaAFOi2Xx1elw5ggtLP1vme+cgXShRAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxaZkhWNlhEbUNDMHNfVy1aNzV5QmRLRkVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zNWY0M2ItMDg3Yy00OTBiLTljMDMt
MTg1N2U0MjY4ZmJmLzEvU2ZmVzVQUEV3ZjM0S3RPWWxFZ3hsdFlveE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zNWY0M2ItMDg3Yy00OTBiLTljMDMtMTg1N2U0MjY4ZmJm
LzEvNkxaZkhWNlhEbUNDMHNfVy1aNzV5QmRLRkVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufHgMA0E
AgACMAcDBQMqDLOAMA0GCSqGSIb3DQEBCwUAA4IBAQCwak9KXYkwtjI85/QgunFt
kyaJxt5GmOCz1jc7hqP/4xmXdbNbiRop1CHchXwiEIl7ywhee7GSTfL0Q2tUSyKS
2ySqpEpIb7jbbyHR8DJNrQWxm31KlsP5DMdSRc0x7w0jAlJq+ILv8Zr17dgd5m9t
7y99TcTuqUvmujaSgwRz9+QRUqcV6Q/xtSdpN4WgZ31YIK472gnVAblvtLTVhwXX
95fQ4plcazbetVV+F1O879Cg0hZSRW91yRbNV3ZTLTol+1ZmYxubYFGtQ1wTHUuH
3Xqmo0wVLA/h8eABjUo8LRpcaF8IiNw+FRnd9hh94/Cf3scLVybuoVBZXapXPzJQ
-----END CERTIFICATE-----