Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c7935-2eda-43ac-8d0f-799525be7215/1/SfqCW2zcMqdHiHp8v7CsNEABRVc.roa
File:                     SfqCW2zcMqdHiHp8v7CsNEABRVc.roa (raw, json)
Hash identifier:          M5J4uQzHT9NDMhpjgfv+16GjS5oe6pXaIjcHhba76Yg=
Subject key identifier:   49:FA:82:5B:6C:DC:32:A7:47:88:7A:7C:BF:B0:AC:34:40:01:45:57
Certificate issuer:       /CN=3014b8c7f509e10051b0cd29fd8d69f285508d87
Certificate serial:       018CC6B78978AAA648367CDA0534BC1D7CC7
Authority key identifier: 30:14:B8:C7:F5:09:E1:00:51:B0:CD:29:FD:8D:69:F2:85:50:8D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MBS4x_UJ4QBRsM0p_Y1p8oVQjYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c7935-2eda-43ac-8d0f-799525be7215/1/SfqCW2zcMqdHiHp8v7CsNEABRVc.roa
Signing time:             Mon 01 Jan 2024 20:29:26 +0000
ROA not before:           Mon 01 Jan 2024 20:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42547
IP address blocks:        193.106.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c7935-2eda-43ac-8d0f-799525be7215/1/MBS4x_UJ4QBRsM0p_Y1p8oVQjYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c7935-2eda-43ac-8d0f-799525be7215/1/MBS4x_UJ4QBRsM0p_Y1p8oVQjYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MBS4x_UJ4QBRsM0p_Y1p8oVQjYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:24:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:89:78:aa:a6:48:36:7c:da:05:34:bc:1d:7c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3014b8c7f509e10051b0cd29fd8d69f285508d87
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49fa825b6cdc32a747887a7cbfb0ac3440014557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:29:87:ed:6c:a4:3b:b4:6a:67:8b:03:0e:4a:
                    21:15:e0:c8:04:ff:4a:e4:b6:69:01:50:e1:5c:c1:
                    a5:dd:91:c0:07:a7:a5:02:2f:28:e0:bf:f0:8a:20:
                    16:86:a7:cd:68:1f:fd:f4:a8:7d:e8:a9:48:67:50:
                    9a:0d:22:e4:33:0b:7b:1f:10:f5:71:40:93:07:31:
                    07:0f:62:c2:bb:04:17:45:58:7a:ed:63:48:03:dc:
                    af:a2:3f:10:c6:d6:ae:b7:1e:d2:6d:73:cd:6c:9b:
                    80:3b:46:b0:5f:c1:a5:c8:92:29:09:48:34:fe:35:
                    00:de:81:79:b6:ba:35:bb:86:a0:d3:bf:80:6c:ef:
                    c8:1a:93:ce:e8:6c:b6:e9:05:0c:45:33:e7:a2:ea:
                    de:ef:79:46:69:4b:65:b7:32:bc:b1:31:80:cb:21:
                    ba:c3:1a:a1:6c:5c:a8:ee:97:28:03:22:99:38:7f:
                    2a:ce:dc:b6:0a:b2:a3:97:62:1d:05:fe:c3:57:f6:
                    26:f3:42:00:4f:9b:d4:2b:bf:4b:e0:5e:ff:96:12:
                    fc:18:9e:c2:41:56:ad:f8:65:4e:8d:91:e4:50:d7:
                    fa:6f:d4:74:50:5f:c9:c9:a1:ba:6e:38:00:48:04:
                    99:af:10:a3:d5:60:5c:5d:67:92:cf:e6:4d:01:d8:
                    cf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FA:82:5B:6C:DC:32:A7:47:88:7A:7C:BF:B0:AC:34:40:01:45:57
            X509v3 Authority Key Identifier:
                keyid:30:14:B8:C7:F5:09:E1:00:51:B0:CD:29:FD:8D:69:F2:85:50:8D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MBS4x_UJ4QBRsM0p_Y1p8oVQjYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c7935-2eda-43ac-8d0f-799525be7215/1/SfqCW2zcMqdHiHp8v7CsNEABRVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c7935-2eda-43ac-8d0f-799525be7215/1/MBS4x_UJ4QBRsM0p_Y1p8oVQjYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:91:04:1e:0e:99:b9:32:e5:c6:6d:57:6e:14:fb:7d:35:22:
         7a:2c:e5:3f:bc:8b:de:6e:8e:06:56:26:12:ae:41:87:b9:ea:
         8c:70:94:db:ba:75:37:d0:f0:b3:74:13:92:a4:c2:60:7c:7c:
         16:bb:88:92:1e:63:6b:ac:33:f1:f7:49:23:74:f9:3d:e4:eb:
         41:5e:e6:9c:e9:74:1a:7a:08:f3:78:3b:5f:10:ee:f9:aa:f0:
         dd:4d:57:8d:3f:d5:68:8b:46:25:5a:82:2b:bb:c8:ef:8f:f5:
         f6:72:6b:69:1c:26:63:99:30:61:a6:4b:ff:c4:91:31:92:79:
         44:7f:37:4c:fd:70:a5:6f:d1:1e:9c:60:35:e1:cd:5a:58:a2:
         df:34:d2:a2:03:76:83:fb:e5:57:56:ff:0e:59:9d:b0:f0:4e:
         4e:4f:6f:b4:2d:2f:25:3f:e4:56:a7:b2:cc:b0:1a:8a:74:0b:
         02:85:8f:18:a6:be:a4:33:3b:4f:b8:c2:85:34:70:7e:c0:c2:
         7c:bb:c9:01:dc:6d:b1:e4:72:0f:51:e2:a7:91:29:db:aa:37:
         4a:8c:be:53:5e:4e:74:63:33:f8:4c:ae:1f:48:a6:b9:fc:be:
         f8:84:17:64:50:7d:fe:e0:1c:6d:a0:28:45:61:11:da:33:59:
         71:28:ea:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4l4qqZINnzaBTS8HXzHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMTRiOGM3ZjUwOWUxMDA1MWIwY2QyOWZkOGQ2OWYyODU1
MDhkODcwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZhODI1YjZjZGMzMmE3NDc4ODdhN2NiZmIwYWMzNDQwMDE0NTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuimH7WykO7RqZ4sDDkohFeDIBP9K
5LZpAVDhXMGl3ZHAB6elAi8o4L/wiiAWhqfNaB/99Kh96KlIZ1CaDSLkMwt7HxD1
cUCTBzEHD2LCuwQXRVh67WNIA9yvoj8Qxtautx7SbXPNbJuAO0awX8GlyJIpCUg0
/jUA3oF5tro1u4ag07+AbO/IGpPO6Gy26QUMRTPnoure73lGaUtltzK8sTGAyyG6
wxqhbFyo7pcoAyKZOH8qzty2CrKjl2IdBf7DV/Ym80IAT5vUK79L4F7/lhL8GJ7C
QVat+GVOjZHkUNf6b9R0UF/JyaG6bjgASASZrxCj1WBcXWeSz+ZNAdjPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEn6glts3DKnR4h6fL+wrDRAAUVXMB8GA1UdIwQY
MBaAFDAUuMf1CeEAUbDNKf2NafKFUI2HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUJTNHhfVUo0UUJSc00wcF9ZMXA4b1ZRalljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84Yzc5MzUtMmVkYS00M2FjLThkMGYt
Nzk5NTI1YmU3MjE1LzEvU2ZxQ1cyemNNcWRIaUhwOHY3Q3NORUFCUlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84Yzc5MzUtMmVkYS00M2FjLThkMGYtNzk5NTI1YmU3MjE1
LzEvTUJTNHhfVUo0UUJSc00wcF9ZMXA4b1ZRalljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWpkMA0G
CSqGSIb3DQEBCwUAA4IBAQBlkQQeDpm5MuXGbVduFPt9NSJ6LOU/vIvebo4GViYS
rkGHueqMcJTbunU30PCzdBOSpMJgfHwWu4iSHmNrrDPx90kjdPk95OtBXuac6XQa
egjzeDtfEO75qvDdTVeNP9Voi0YlWoIru8jvj/X2cmtpHCZjmTBhpkv/xJExknlE
fzdM/XClb9EenGA14c1aWKLfNNKiA3aD++VXVv8OWZ2w8E5OT2+0LS8lP+RWp7LM
sBqKdAsChY8Ypr6kMztPuMKFNHB+wMJ8u8kB3G2x5HIPUeKnkSnbqjdKjL5TXk50
YzP4TK4fSKa5/L74hBdkUH3+4BxtoChFYRHaM1lxKOob
-----END CERTIFICATE-----