Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/SVGBCBxItJUc9k0LF1RtAgijhxI.roa
File:                     SVGBCBxItJUc9k0LF1RtAgijhxI.roa (raw, json)
Hash identifier:          3zSyEzOxhauUK/4edflU1cHaEcdspulIKMfElueBKxk=
Subject key identifier:   49:51:81:08:1C:48:B4:95:1C:F6:4D:0B:17:54:6D:02:08:A3:87:12
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BFA29AE7BDB98BEA0B63495C11654
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/SVGBCBxItJUc9k0LF1RtAgijhxI.roa
Signing time:             Thu 02 Jan 2025 09:49:58 +0000
ROA not before:           Thu 02 Jan 2025 09:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209168
IP address blocks:        178.16.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:fa:29:ae:7b:db:98:be:a0:b6:34:95:c1:16:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=495181081c48b4951cf64d0b17546d0208a38712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:48:cc:77:31:8b:fb:d9:da:64:56:21:11:9d:
                    31:ef:51:14:31:91:63:f8:a4:64:dd:8e:22:d9:d4:
                    98:23:65:d5:94:96:72:ed:8d:20:45:4c:04:d4:d6:
                    aa:9d:48:6d:75:85:a9:54:60:50:a5:05:a7:2c:76:
                    15:9f:55:fc:3a:77:6c:b7:9d:97:f2:f9:3e:a7:56:
                    d6:6f:1b:5c:32:1d:a2:42:a1:db:f4:9a:39:f7:d5:
                    aa:9f:3f:62:50:91:14:5f:6a:28:85:0b:03:c9:2a:
                    e7:71:a6:4a:3a:b7:d4:04:40:1f:b1:c7:ad:a0:03:
                    b6:e3:71:bc:ee:b4:0e:f0:1c:7e:3c:4f:b0:05:ac:
                    e5:0e:e1:e2:ff:6c:b3:db:c1:78:7d:99:5a:e2:58:
                    3f:5c:54:a1:f1:b7:32:7b:20:5b:d2:22:3d:c8:80:
                    c3:84:94:d0:c9:34:4b:86:e5:3b:69:0b:64:be:ff:
                    46:6b:53:79:20:93:e2:10:cc:75:42:0a:20:2d:93:
                    95:90:ba:6f:d7:e0:c9:74:0f:cf:68:66:72:61:5b:
                    f0:78:4d:db:b0:9d:a3:f6:50:6a:b3:f3:f3:48:d2:
                    f2:a9:b5:22:f9:6d:bb:fb:57:e9:a1:17:cb:5c:dc:
                    09:92:44:80:4d:19:c8:91:f5:fe:0e:d1:68:90:f1:
                    a0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:51:81:08:1C:48:B4:95:1C:F6:4D:0B:17:54:6D:02:08:A3:87:12
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/SVGBCBxItJUc9k0LF1RtAgijhxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:65:c1:6c:73:71:40:e8:77:62:2a:8e:e3:20:79:00:33:52:
         c1:86:fd:80:07:77:38:08:3e:ce:18:63:a2:fd:a2:b4:35:84:
         c8:39:7e:cd:74:2a:04:cd:94:83:3b:cf:ff:34:57:55:ed:65:
         09:72:34:56:aa:ee:f1:98:39:f1:9b:4b:57:6b:67:a5:dd:0f:
         db:fa:99:60:fb:db:a5:41:f6:1b:72:dc:3c:71:25:df:9f:4d:
         96:02:53:dc:15:9a:cb:da:49:10:56:54:5d:b7:2b:c4:89:fa:
         4e:f6:d3:74:86:71:85:b4:18:00:2b:68:b5:5f:5f:a6:18:4f:
         b6:4b:50:83:05:ee:8d:4b:6d:c6:91:89:48:db:30:95:d8:e6:
         2d:36:dd:ee:1d:e7:e4:43:b3:44:67:07:72:3c:2e:4a:0f:1d:
         f9:80:98:44:2e:f6:bb:94:fd:34:5a:c0:fa:4f:f2:e1:86:da:
         32:4a:dc:34:6c:95:b3:2c:0a:f8:d5:2c:e5:b6:91:bb:25:c2:
         93:e8:27:c4:12:e8:09:ef:29:a2:ed:73:d4:53:d4:f5:98:c7:
         75:bd:5f:71:b4:59:c9:dc:58:28:e9:ff:88:0d:a4:d9:e3:ca:
         b0:28:04:fb:85:45:00:d9:8f:f8:1d:b3:1f:4f:b6:16:d2:ca:
         19:e9:ef:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/oprnvbmL6gtjSVwRZUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTUxODEwODFjNDhiNDk1MWNmNjRkMGIxNzU0NmQwMjA4YTM4NzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UjMdzGL+9naZFYhEZ0x71EUMZFj
+KRk3Y4i2dSYI2XVlJZy7Y0gRUwE1NaqnUhtdYWpVGBQpQWnLHYVn1X8Ondst52X
8vk+p1bWbxtcMh2iQqHb9Jo599Wqnz9iUJEUX2oohQsDySrncaZKOrfUBEAfscet
oAO243G87rQO8Bx+PE+wBazlDuHi/2yz28F4fZla4lg/XFSh8bcyeyBb0iI9yIDD
hJTQyTRLhuU7aQtkvv9Ga1N5IJPiEMx1QgogLZOVkLpv1+DJdA/PaGZyYVvweE3b
sJ2j9lBqs/PzSNLyqbUi+W27+1fpoRfLXNwJkkSATRnIkfX+DtFokPGgNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElRgQgcSLSVHPZNCxdUbQIIo4cSMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvU1ZHQkNCeEl0SlVjOWswTEYxUnRBZ2lqaHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshB7MA0G
CSqGSIb3DQEBCwUAA4IBAQBwZcFsc3FA6HdiKo7jIHkAM1LBhv2AB3c4CD7OGGOi
/aK0NYTIOX7NdCoEzZSDO8//NFdV7WUJcjRWqu7xmDnxm0tXa2el3Q/b+plg+9ul
QfYbctw8cSXfn02WAlPcFZrL2kkQVlRdtyvEifpO9tN0hnGFtBgAK2i1X1+mGE+2
S1CDBe6NS23GkYlI2zCV2OYtNt3uHefkQ7NEZwdyPC5KDx35gJhELva7lP00WsD6
T/LhhtoyStw0bJWzLAr41SzltpG7JcKT6CfEEugJ7ymi7XPUU9T1mMd1vV9xtFnJ
3Fgo6f+IDaTZ48qwKAT7hUUA2Y/4HbMfT7YW0soZ6e/C
-----END CERTIFICATE-----