Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/SjpHcVasCrx_WiEIn_RC45lEh5I.roa
File:                     SjpHcVasCrx_WiEIn_RC45lEh5I.roa (raw, json)
Hash identifier:          F0HbPjlEqHzTfZIkI/cNNpl+hHmV1BsiyHcZGuWw5/w=
Subject key identifier:   4A:3A:47:71:56:AC:0A:BC:7F:5A:21:08:9F:F4:42:E3:99:44:87:92
Certificate issuer:       /CN=d674c4e1b00ce5bfb0d96d4c21efd058d3b5ca79
Certificate serial:       018CCA2A627E69C7DA02A11559F61113C00D
Authority key identifier: D6:74:C4:E1:B0:0C:E5:BF:B0:D9:6D:4C:21:EF:D0:58:D3:B5:CA:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nTE4bAM5b-w2W1MIe_QWNO1ynk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/SjpHcVasCrx_WiEIn_RC45lEh5I.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60855
IP address blocks:        193.17.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/1nTE4bAM5b-w2W1MIe_QWNO1ynk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/1nTE4bAM5b-w2W1MIe_QWNO1ynk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nTE4bAM5b-w2W1MIe_QWNO1ynk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:62:7e:69:c7:da:02:a1:15:59:f6:11:13:c0:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d674c4e1b00ce5bfb0d96d4c21efd058d3b5ca79
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a3a477156ac0abc7f5a21089ff442e399448792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fc:f6:1c:93:02:3b:ef:45:9a:d9:6f:87:e3:
                    6c:8f:39:6d:8c:60:1f:99:f3:af:51:f9:2d:bb:01:
                    7b:78:a1:96:5d:09:74:26:8c:87:2a:5f:94:9c:17:
                    30:9b:49:94:04:98:c1:7a:90:44:60:f6:cd:fe:ae:
                    7c:cd:5c:26:2a:e8:b6:da:ea:e7:b3:23:32:76:ce:
                    0a:f1:01:f3:87:11:77:bf:2d:32:09:f3:d1:41:ee:
                    ca:20:7a:ea:c7:2b:5f:cb:65:c8:41:9b:64:13:49:
                    6a:78:ad:f1:a4:d9:8f:4c:06:86:ee:50:86:e0:14:
                    cb:b2:14:9f:2c:d4:e9:2d:e0:88:d3:50:05:40:be:
                    01:0a:b8:8d:48:2d:f5:1b:c8:ca:72:00:dc:04:37:
                    1f:bc:4a:a8:8f:fb:3e:8c:ed:dd:b0:6f:95:b4:20:
                    f9:e0:01:5c:1d:32:bf:fe:f2:cb:d7:63:a1:44:42:
                    7f:6d:1e:13:cd:78:5c:16:2b:f3:d9:e2:69:5d:d1:
                    00:45:79:85:cb:fa:dd:e9:bb:f6:56:c9:6c:74:3f:
                    96:18:ce:d7:e5:17:aa:da:89:72:d3:f4:74:b2:93:
                    dc:f5:c8:4b:0b:3a:f5:a8:a1:5f:1d:e6:64:7a:03:
                    77:32:a8:c6:21:b3:03:70:d4:d0:89:8c:11:47:d5:
                    01:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3A:47:71:56:AC:0A:BC:7F:5A:21:08:9F:F4:42:E3:99:44:87:92
            X509v3 Authority Key Identifier:
                keyid:D6:74:C4:E1:B0:0C:E5:BF:B0:D9:6D:4C:21:EF:D0:58:D3:B5:CA:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nTE4bAM5b-w2W1MIe_QWNO1ynk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/SjpHcVasCrx_WiEIn_RC45lEh5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/1nTE4bAM5b-w2W1MIe_QWNO1ynk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:7b:90:70:1c:e9:65:0d:28:5a:e1:14:cf:28:20:d1:99:d8:
         41:3e:e7:ba:5b:b4:fa:c8:eb:77:7f:3b:95:5f:63:06:c5:be:
         c4:1b:79:d8:e1:53:5a:8c:d8:5a:7d:76:8a:5f:b3:47:77:ca:
         9a:0d:f9:93:29:7a:a5:db:07:0e:a1:22:4c:62:a5:f2:ca:ee:
         03:fa:fc:9f:83:f1:7c:ed:34:f7:a8:41:44:8d:de:1d:7f:86:
         3b:23:91:dd:97:7b:ee:9e:28:09:87:e0:0e:8a:a9:5c:b0:e6:
         07:fe:e0:79:89:a1:eb:40:db:64:26:06:80:83:74:94:90:91:
         d3:a7:1d:37:56:72:f9:f3:29:c4:15:06:be:1d:4d:4a:80:3e:
         e2:3c:f7:35:69:5b:a2:59:fc:87:f2:8f:f9:c3:6a:66:0e:15:
         11:46:fa:00:1b:03:9d:36:d4:d1:4f:3e:4d:55:bb:67:95:11:
         3f:fd:c6:5b:a9:33:9d:94:07:52:21:da:1f:2c:57:d6:55:28:
         44:a7:b5:84:bd:fc:fd:df:8e:12:0c:cc:74:73:93:8c:ee:42:
         4a:c3:f4:ad:e3:2f:9b:dc:aa:01:e0:54:01:1b:4a:4c:30:03:
         0c:4a:25:39:36:af:57:2f:67:03:e6:3c:e4:69:80:35:97:63:
         d3:38:14:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmJ+acfaAqEVWfYRE8ANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzRjNGUxYjAwY2U1YmZiMGQ5NmQ0YzIxZWZkMDU4ZDNi
NWNhNzkwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTNhNDc3MTU2YWMwYWJjN2Y1YTIxMDg5ZmY0NDJlMzk5NDQ4NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPz2HJMCO+9Fmtlvh+NsjzltjGAf
mfOvUfktuwF7eKGWXQl0JoyHKl+UnBcwm0mUBJjBepBEYPbN/q58zVwmKui22urn
syMyds4K8QHzhxF3vy0yCfPRQe7KIHrqxytfy2XIQZtkE0lqeK3xpNmPTAaG7lCG
4BTLshSfLNTpLeCI01AFQL4BCriNSC31G8jKcgDcBDcfvEqoj/s+jO3dsG+VtCD5
4AFcHTK//vLL12OhREJ/bR4TzXhcFivz2eJpXdEARXmFy/rd6bv2VslsdD+WGM7X
5Req2oly0/R0spPc9chLCzr1qKFfHeZkegN3MqjGIbMDcNTQiYwRR9UBywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEo6R3FWrAq8f1ohCJ/0QuOZRIeSMB8GA1UdIwQY
MBaAFNZ0xOGwDOW/sNltTCHv0FjTtcp5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5URTRiQU01Yi13MlcxTUllX1FXTk8xeW5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iYjIxZmMtYjI1Mi00YWIyLTk4Nzgt
YmE1NTcyZTc3NGVkLzEvU2pwSGNWYXNDcnhfV2lFSW5fUkM0NWxFaDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iYjIxZmMtYjI1Mi00YWIyLTk4NzgtYmE1NTcyZTc3NGVk
LzEvMW5URTRiQU01Yi13MlcxTUllX1FXTk8xeW5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRETMA0G
CSqGSIb3DQEBCwUAA4IBAQA6e5BwHOllDSha4RTPKCDRmdhBPue6W7T6yOt3fzuV
X2MGxb7EG3nY4VNajNhafXaKX7NHd8qaDfmTKXql2wcOoSJMYqXyyu4D+vyfg/F8
7TT3qEFEjd4df4Y7I5Hdl3vunigJh+AOiqlcsOYH/uB5iaHrQNtkJgaAg3SUkJHT
px03VnL58ynEFQa+HU1KgD7iPPc1aVuiWfyH8o/5w2pmDhURRvoAGwOdNtTRTz5N
VbtnlRE//cZbqTOdlAdSIdofLFfWVShEp7WEvfz9344SDMx0c5OM7kJKw/St4y+b
3KoB4FQBG0pMMAMMSiU5Nq9XL2cD5jzkaYA1l2PTOBRW
-----END CERTIFICATE-----