Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/Sbf_XS2_PTdkgRN73ERJ5kpCiBk.roa
File:                     Sbf_XS2_PTdkgRN73ERJ5kpCiBk.roa (raw, json)
Hash identifier:          nnyt7doHD3rvbRLG4Y7ikSpWhPPEEDnQ/LAOOsa6brA=
Subject key identifier:   49:B7:FF:5D:2D:BF:3D:37:64:81:13:7B:DC:44:49:E6:4A:42:88:19
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       018CC26D328FD3D6963375192D4CFA3907C1
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/Sbf_XS2_PTdkgRN73ERJ5kpCiBk.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203061
IP address blocks:        193.84.183.0/24 maxlen: 24
                          185.145.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:32:8f:d3:d6:96:33:75:19:2d:4c:fa:39:07:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49b7ff5d2dbf3d376481137bdc4449e64a428819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:37:b4:2d:79:17:45:59:25:00:51:ca:ab:19:
                    8e:b8:28:a6:41:d7:2d:36:ac:91:e2:41:f1:1e:66:
                    cf:c1:c7:4b:f0:f4:74:f8:45:0e:1b:1d:3f:42:2a:
                    e0:da:1b:32:da:a0:8c:36:20:80:ad:3a:17:d0:a0:
                    47:28:0e:80:a5:54:d2:16:c6:c6:81:23:ac:2e:53:
                    e0:df:4d:0f:dd:08:51:03:22:c4:99:5a:29:5d:72:
                    52:66:7a:4a:ab:8c:64:84:de:05:e1:cd:45:f3:78:
                    bd:ec:94:70:23:23:11:e1:4a:5b:93:ae:34:7b:2f:
                    b3:97:9c:78:94:99:bc:63:13:6c:c0:f6:de:a6:29:
                    9b:30:88:c6:b5:13:cf:34:02:ca:58:31:52:5f:86:
                    cf:4b:ee:91:d6:e8:ea:0e:90:96:53:86:26:3b:88:
                    6a:94:7b:6c:a8:de:67:ce:48:51:66:5e:9a:3b:16:
                    5f:da:02:b7:c0:3f:d5:20:fa:ed:db:32:67:67:fc:
                    bd:41:3a:db:8d:bd:71:96:31:26:95:f9:0d:0a:f9:
                    27:3c:54:4a:67:39:8e:a3:ee:55:1c:84:cb:25:ba:
                    76:bf:4a:05:23:df:1f:0c:26:1b:ba:be:e5:67:b4:
                    be:e5:ef:a4:53:a2:da:ed:da:21:47:75:9c:d8:f6:
                    52:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B7:FF:5D:2D:BF:3D:37:64:81:13:7B:DC:44:49:E6:4A:42:88:19
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/Sbf_XS2_PTdkgRN73ERJ5kpCiBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.216.0/22
                  193.84.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:58:e3:2f:2d:da:28:3b:e2:7d:b9:64:63:74:c2:a8:25:c5:
         c4:5d:06:51:76:5a:14:3d:64:1e:47:43:1d:12:5c:8c:da:74:
         59:61:60:69:df:d9:66:53:c3:95:7b:db:2c:2a:7b:c3:09:11:
         de:4f:5f:04:bb:0e:3a:3c:29:61:20:8f:f5:80:a5:4f:20:43:
         f6:0b:99:15:3a:da:38:fc:0b:48:90:23:25:96:f8:90:ed:2f:
         be:6a:0d:fb:0e:81:0a:bc:dc:58:cc:19:c6:07:1d:de:59:d4:
         ea:57:0f:f7:9c:09:38:f5:43:64:40:ef:1f:e3:87:a1:3e:fe:
         c6:4c:a1:e4:64:54:e4:0e:f6:ec:dc:d6:b2:5d:da:fa:84:19:
         6e:c1:54:2f:27:bf:f7:8a:5f:a6:86:69:cc:63:27:2c:56:3a:
         9a:5d:a6:b7:df:5a:bc:6a:f2:07:ea:d6:44:32:bc:39:f0:05:
         27:f0:3d:28:f9:75:d0:45:73:fc:a0:ee:c5:a7:bc:51:14:e3:
         7d:9d:b0:5e:da:bd:11:e9:05:aa:af:5d:15:91:5e:de:1a:8d:
         bd:c5:f8:f5:f8:a0:92:64:68:ef:77:d6:36:72:33:98:3f:bb:
         b1:b8:93:23:ed:3c:55:3c:a8:d9:74:48:0f:0c:8d:e9:d6:88:
         8b:01:e2:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbTKP09aWM3UZLUz6OQfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWI3ZmY1ZDJkYmYzZDM3NjQ4MTEzN2JkYzQ0NDllNjRhNDI4ODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTe0LXkXRVklAFHKqxmOuCimQdct
NqyR4kHxHmbPwcdL8PR0+EUOGx0/Qirg2hsy2qCMNiCArToX0KBHKA6ApVTSFsbG
gSOsLlPg300P3QhRAyLEmVopXXJSZnpKq4xkhN4F4c1F83i97JRwIyMR4Upbk640
ey+zl5x4lJm8YxNswPbepimbMIjGtRPPNALKWDFSX4bPS+6R1ujqDpCWU4YmO4hq
lHtsqN5nzkhRZl6aOxZf2gK3wD/VIPrt2zJnZ/y9QTrbjb1xljEmlfkNCvknPFRK
ZzmOo+5VHITLJbp2v0oFI98fDCYbur7lZ7S+5e+kU6La7dohR3Wc2PZSHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEm3/10tvz03ZIETe9xESeZKQogZMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvU2JmX1hTMl9QVGRrZ1JONzNFUko1a3BDaUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZHYAwQA
wVS3MA0GCSqGSIb3DQEBCwUAA4IBAQBFWOMvLdooO+J9uWRjdMKoJcXEXQZRdloU
PWQeR0MdElyM2nRZYWBp39lmU8OVe9ssKnvDCRHeT18Euw46PClhII/1gKVPIEP2
C5kVOto4/AtIkCMllviQ7S++ag37DoEKvNxYzBnGBx3eWdTqVw/3nAk49UNkQO8f
44ehPv7GTKHkZFTkDvbs3NayXdr6hBluwVQvJ7/3il+mhmnMYycsVjqaXaa331q8
avIH6tZEMrw58AUn8D0o+XXQRXP8oO7Fp7xRFON9nbBe2r0R6QWqr10VkV7eGo29
xfj1+KCSZGjvd9Y2cjOYP7uxuJMj7TxVPKjZdEgPDI3p1oiLAeJX
-----END CERTIFICATE-----