Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/9220da-0fd5-4a22-a11b-e1332e7f06fc/1/soSBsLQYC7V6yaNpfJM8sFC7fR4.roa
File:                     soSBsLQYC7V6yaNpfJM8sFC7fR4.roa (raw, json)
Hash identifier:          nF8wYjzOXAcieN8jO0uTIHBAl7NBBBuHSNIF4hRr2/A=
Subject key identifier:   B2:84:81:B0:B4:18:0B:B5:7A:C9:A3:69:7C:93:3C:B0:50:BB:7D:1E
Certificate issuer:       /CN=b2d9401eca6c8a9306d10092bbe0c2e19500e97f
Certificate serial:       019422FBBA272672E03350A50093E43E8046
Authority key identifier: B2:D9:40:1E:CA:6C:8A:93:06:D1:00:92:BB:E0:C2:E1:95:00:E9:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/stlAHspsipMG0QCSu-DC4ZUA6X8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/9220da-0fd5-4a22-a11b-e1332e7f06fc/1/soSBsLQYC7V6yaNpfJM8sFC7fR4.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43427
IP address blocks:        193.228.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/9220da-0fd5-4a22-a11b-e1332e7f06fc/1/stlAHspsipMG0QCSu-DC4ZUA6X8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/9220da-0fd5-4a22-a11b-e1332e7f06fc/1/stlAHspsipMG0QCSu-DC4ZUA6X8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/stlAHspsipMG0QCSu-DC4ZUA6X8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ba:27:26:72:e0:33:50:a5:00:93:e4:3e:80:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2d9401eca6c8a9306d10092bbe0c2e19500e97f
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b28481b0b4180bb57ac9a3697c933cb050bb7d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:93:65:0d:aa:05:fd:f5:2c:a6:56:50:a6:d5:
                    c4:6c:e5:2c:d5:46:52:e1:cf:81:a4:ca:dc:53:9c:
                    54:7a:ce:9e:4f:85:0f:c7:d8:d1:ea:95:8e:c1:74:
                    ce:12:67:14:20:37:ee:ec:df:35:c9:21:35:27:4d:
                    a1:2d:ef:d3:0c:8e:c3:f1:27:e6:98:05:16:c4:8f:
                    ca:86:75:a6:16:ea:24:ef:e0:18:90:6d:5a:be:28:
                    8f:61:55:2c:b8:90:2c:88:d4:01:ac:07:ed:8e:5a:
                    b5:2f:d1:00:95:94:2e:3e:47:31:26:83:c7:06:2f:
                    34:70:41:0d:4d:f5:d0:b5:a2:8d:3f:d1:70:20:08:
                    b3:5e:a8:8c:79:4b:23:47:68:5e:a0:72:06:da:5a:
                    fc:c5:57:51:27:51:26:bf:e9:08:8e:6b:20:25:42:
                    df:2e:10:8b:94:62:59:da:41:a1:1c:1b:50:09:31:
                    ab:90:b5:32:68:d6:c4:23:0c:ab:f9:17:1b:d6:28:
                    e3:8f:71:3d:51:2d:ca:ae:3c:38:83:92:a5:09:9b:
                    96:d1:dc:0f:b0:8d:89:86:63:b7:72:f5:fa:9e:4c:
                    6c:61:a4:ef:79:ff:d1:4a:76:ae:7f:bf:68:4f:54:
                    a4:2f:db:37:fc:d3:3b:f9:42:22:c8:b3:e7:ae:b0:
                    aa:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:84:81:B0:B4:18:0B:B5:7A:C9:A3:69:7C:93:3C:B0:50:BB:7D:1E
            X509v3 Authority Key Identifier:
                keyid:B2:D9:40:1E:CA:6C:8A:93:06:D1:00:92:BB:E0:C2:E1:95:00:E9:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/stlAHspsipMG0QCSu-DC4ZUA6X8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9220da-0fd5-4a22-a11b-e1332e7f06fc/1/soSBsLQYC7V6yaNpfJM8sFC7fR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9220da-0fd5-4a22-a11b-e1332e7f06fc/1/stlAHspsipMG0QCSu-DC4ZUA6X8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:f7:fb:53:fd:31:47:b4:52:15:73:23:e8:45:18:29:22:d1:
         e4:94:c1:af:b1:40:f7:6f:6c:ec:33:d1:ea:ef:80:72:84:b9:
         f3:69:47:0f:4f:56:38:d3:7d:e0:88:7f:89:6b:ae:06:57:18:
         81:21:c7:2e:ca:40:5c:85:7f:40:4c:48:11:22:25:c2:39:2c:
         86:a7:dc:ec:63:f2:f0:91:5c:6e:c2:9e:1c:f4:71:a6:1c:16:
         30:86:52:41:ac:db:c3:70:5f:e7:53:f0:10:66:c1:cf:00:ec:
         df:af:0f:a9:c9:6f:60:1b:cf:d3:f7:bc:86:04:40:d7:cb:1a:
         e7:68:11:d8:19:5a:0f:12:76:91:e2:f6:ee:11:9b:f0:f6:f4:
         24:6c:2a:69:ee:a9:38:5a:d9:b6:07:6e:ec:4f:d3:01:58:5d:
         eb:e5:69:fd:70:b8:fe:56:4a:79:15:29:c1:bc:cf:a9:a7:db:
         b9:ee:9e:85:74:6c:f4:10:7d:7c:c3:d5:4b:e8:c1:5e:e3:a6:
         d5:12:c1:1a:8b:3c:02:3d:f1:c2:e1:f1:f5:71:a7:a5:c7:e5:
         2d:eb:48:d1:cf:23:bf:6a:86:23:51:de:46:bc:ad:a1:08:5d:
         56:cc:a5:f2:2b:21:ed:2c:27:11:91:58:65:9a:1d:17:aa:a6:
         96:21:1c:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7onJnLgM1ClAJPkPoBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZDk0MDFlY2E2YzhhOTMwNmQxMDA5MmJiZTBjMmUxOTUw
MGU5N2YwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjg0ODFiMGI0MTgwYmI1N2FjOWEzNjk3YzkzM2NiMDUwYmI3ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipNlDaoF/fUsplZQptXEbOUs1UZS
4c+BpMrcU5xUes6eT4UPx9jR6pWOwXTOEmcUIDfu7N81ySE1J02hLe/TDI7D8Sfm
mAUWxI/KhnWmFuok7+AYkG1aviiPYVUsuJAsiNQBrAftjlq1L9EAlZQuPkcxJoPH
Bi80cEENTfXQtaKNP9FwIAizXqiMeUsjR2heoHIG2lr8xVdRJ1Emv+kIjmsgJULf
LhCLlGJZ2kGhHBtQCTGrkLUyaNbEIwyr+Rcb1ijjj3E9US3Krjw4g5KlCZuW0dwP
sI2JhmO3cvX6nkxsYaTvef/RSnauf79oT1SkL9s3/NM7+UIiyLPnrrCqXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKEgbC0GAu1esmjaXyTPLBQu30eMB8GA1UdIwQY
MBaAFLLZQB7KbIqTBtEAkrvgwuGVAOl/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3RsQUhzcHNpcE1HMFFDU3UtREM0WlVBNlg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85MjIwZGEtMGZkNS00YTIyLWExMWIt
ZTEzMzJlN2YwNmZjLzEvc29TQnNMUVlDN1Y2eWFOcGZKTThzRkM3ZlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85MjIwZGEtMGZkNS00YTIyLWExMWItZTEzMzJlN2YwNmZj
LzEvc3RsQUhzcHNpcE1HMFFDU3UtREM0WlVBNlg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweSXMA0G
CSqGSIb3DQEBCwUAA4IBAQBH9/tT/TFHtFIVcyPoRRgpItHklMGvsUD3b2zsM9Hq
74ByhLnzaUcPT1Y4033giH+Ja64GVxiBIccuykBchX9ATEgRIiXCOSyGp9zsY/Lw
kVxuwp4c9HGmHBYwhlJBrNvDcF/nU/AQZsHPAOzfrw+pyW9gG8/T97yGBEDXyxrn
aBHYGVoPEnaR4vbuEZvw9vQkbCpp7qk4Wtm2B27sT9MBWF3r5Wn9cLj+Vkp5FSnB
vM+pp9u57p6FdGz0EH18w9VL6MFe46bVEsEaizwCPfHC4fH1caelx+Ut60jRzyO/
aoYjUd5GvK2hCF1WzKXyKyHtLCcRkVhlmh0XqqaWIRwf
-----END CERTIFICATE-----