Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/sfW21Q_CSu_cgk1RkWzddCDs04I.roa
File:                     sfW21Q_CSu_cgk1RkWzddCDs04I.roa (raw, json)
Hash identifier:          0ZE7kA1N/3TGuygZs2hZ7Zgf/11AiblJZqdFriJkFUY=
Subject key identifier:   B1:F5:B6:D5:0F:C2:4A:EF:DC:82:4D:51:91:6C:DD:74:20:EC:D3:82
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC79447FE9F9165C81C07778A8F385739
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/sfW21Q_CSu_cgk1RkWzddCDs04I.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29470
IP address blocks:        139.45.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:47:fe:9f:91:65:c8:1c:07:77:8a:8f:38:57:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1f5b6d50fc24aefdc824d51916cdd7420ecd382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e0:f6:2f:5e:c4:21:dd:bb:7a:2b:a7:f8:35:
                    b1:80:88:9d:01:3a:22:83:43:47:12:97:cb:f6:c8:
                    94:50:f7:2e:9f:a6:49:d6:a7:b9:72:bf:db:a1:d2:
                    7c:d6:86:73:af:1a:f4:9a:4e:04:5c:d1:18:da:06:
                    a2:ab:23:42:4b:8a:8b:a0:1c:22:97:5d:ca:ff:db:
                    27:ee:70:df:7c:03:a9:86:1f:8b:15:32:3c:06:3b:
                    64:f6:06:69:4e:42:99:56:ed:27:28:65:e2:3b:d8:
                    f1:b4:0d:56:7d:3a:ed:6a:13:81:62:85:3e:32:b3:
                    53:63:71:55:b6:fe:c3:ae:51:46:e0:4f:28:22:3a:
                    09:05:71:93:89:c2:7c:3e:1a:c4:fe:d5:b1:0b:78:
                    51:88:a5:b2:a4:6d:ce:f1:ba:ab:99:5b:66:16:0f:
                    bb:03:5e:f1:37:0c:51:18:32:00:cb:e2:f0:a0:a7:
                    8f:fc:29:15:f9:84:e7:1e:5d:f2:da:79:cc:3f:33:
                    e0:b4:93:ce:fc:46:6c:19:64:d3:aa:42:bb:55:2d:
                    46:a8:54:5c:b3:f0:b9:54:83:27:78:5b:4c:cd:a6:
                    80:aa:e8:1f:97:8a:32:d5:51:c9:59:b4:3e:5c:45:
                    15:69:41:11:df:7a:b2:91:5b:f4:f9:2d:79:ec:da:
                    9b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F5:B6:D5:0F:C2:4A:EF:DC:82:4D:51:91:6C:DD:74:20:EC:D3:82
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/sfW21Q_CSu_cgk1RkWzddCDs04I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:c2:8d:3d:12:de:30:e7:d9:e1:1f:ca:a5:36:8b:9e:2e:2c:
         ff:aa:9f:2c:1c:cb:81:94:f5:57:a8:84:58:c8:4b:f5:c0:f4:
         72:7a:8e:d2:b0:2c:fb:01:05:69:d4:97:84:65:d1:dc:7d:a6:
         1b:a3:06:6d:19:9f:39:14:f4:ca:1b:52:db:96:98:6f:57:ad:
         8b:48:59:1d:93:0b:1a:fd:30:8e:06:8b:41:2f:e1:4c:82:09:
         11:f7:63:98:35:ac:e8:c1:e0:75:e7:f6:63:67:f6:6d:85:89:
         72:ce:2f:17:41:bc:eb:4e:3b:1d:23:11:60:43:78:fd:ca:55:
         7a:2b:2b:12:17:f8:1f:15:a6:33:79:3f:56:0d:b4:be:43:70:
         c5:f6:33:fe:7c:d1:9a:99:2f:76:bc:42:b4:0f:af:29:73:af:
         f8:51:87:43:5c:68:75:10:d9:85:6f:69:95:c1:20:11:93:06:
         bd:92:a6:57:5b:e0:77:f6:66:f8:b1:0f:3b:b9:06:9a:98:2b:
         6c:2a:49:19:62:ca:4f:c0:ab:84:30:39:c0:7e:86:13:43:fe:
         95:55:e8:02:b9:ca:d0:78:b8:c5:ac:e9:be:87:80:50:5d:de:
         81:c8:a7:26:53:dc:a0:c7:6b:63:7e:aa:57:f0:21:4d:9a:d3:
         1c:e3:bc:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEf+n5FlyBwHd4qPOFc5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY1YjZkNTBmYzI0YWVmZGM4MjRkNTE5MTZjZGQ3NDIwZWNkMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOD2L17EId27eiun+DWxgIidAToi
g0NHEpfL9siUUPcun6ZJ1qe5cr/bodJ81oZzrxr0mk4EXNEY2gaiqyNCS4qLoBwi
l13K/9sn7nDffAOphh+LFTI8Bjtk9gZpTkKZVu0nKGXiO9jxtA1WfTrtahOBYoU+
MrNTY3FVtv7DrlFG4E8oIjoJBXGTicJ8PhrE/tWxC3hRiKWypG3O8bqrmVtmFg+7
A17xNwxRGDIAy+LwoKeP/CkV+YTnHl3y2nnMPzPgtJPO/EZsGWTTqkK7VS1GqFRc
s/C5VIMneFtMzaaAqugfl4oy1VHJWbQ+XEUVaUER33qykVv0+S157NqbgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLH1ttUPwkrv3IJNUZFs3XQg7NOCMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvc2ZXMjFRX0NTdV9jZ2sxUmtXemRkQ0RzMDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDiy3YMA0G
CSqGSIb3DQEBCwUAA4IBAQA4wo09Et4w59nhH8qlNoueLiz/qp8sHMuBlPVXqIRY
yEv1wPRyeo7SsCz7AQVp1JeEZdHcfaYbowZtGZ85FPTKG1LblphvV62LSFkdkwsa
/TCOBotBL+FMggkR92OYNazoweB15/ZjZ/ZthYlyzi8XQbzrTjsdIxFgQ3j9ylV6
KysSF/gfFaYzeT9WDbS+Q3DF9jP+fNGamS92vEK0D68pc6/4UYdDXGh1ENmFb2mV
wSARkwa9kqZXW+B39mb4sQ87uQaamCtsKkkZYspPwKuEMDnAfoYTQ/6VVegCucrQ
eLjFrOm+h4BQXd6ByKcmU9ygx2tjfqpX8CFNmtMc47ws
-----END CERTIFICATE-----