Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/df99a1-86b3-46ab-bce4-941692ecb6d6/1/SBI5TCpQwpD8Bm-TFxLfV7Knf_U.roa
File:                     SBI5TCpQwpD8Bm-TFxLfV7Knf_U.roa (raw, json)
Hash identifier:          Wg0e24aOv1pJm+I5K+IEPKsiFKW5jJSmpYQ62MwRVbA=
Subject key identifier:   48:12:39:4C:2A:50:C2:90:FC:06:6F:93:17:12:DF:57:B2:A7:7F:F5
Certificate issuer:       /CN=a7bac61750ea2fc833f029809fe563a1142c813e
Certificate serial:       018CC7953A012936C367A17A7C0E0826DFCF
Authority key identifier: A7:BA:C6:17:50:EA:2F:C8:33:F0:29:80:9F:E5:63:A1:14:2C:81:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p7rGF1DqL8gz8CmAn-VjoRQsgT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/df99a1-86b3-46ab-bce4-941692ecb6d6/1/SBI5TCpQwpD8Bm-TFxLfV7Knf_U.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43915
IP address blocks:        195.244.2.0/23 maxlen: 23
                          195.242.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/df99a1-86b3-46ab-bce4-941692ecb6d6/1/p7rGF1DqL8gz8CmAn-VjoRQsgT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/df99a1-86b3-46ab-bce4-941692ecb6d6/1/p7rGF1DqL8gz8CmAn-VjoRQsgT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p7rGF1DqL8gz8CmAn-VjoRQsgT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3a:01:29:36:c3:67:a1:7a:7c:0e:08:26:df:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7bac61750ea2fc833f029809fe563a1142c813e
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4812394c2a50c290fc066f931712df57b2a77ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6c:5e:90:1c:da:0f:3a:ac:4f:ae:f0:49:ca:
                    76:f9:37:b6:7e:f0:ec:6d:0a:6d:3c:41:73:f7:78:
                    a9:45:53:c7:78:39:46:e0:1b:c6:cb:ea:e2:67:88:
                    21:8d:e0:fe:14:6b:54:ba:76:b8:78:fa:66:20:3d:
                    e6:c7:0c:8f:6d:55:1c:4d:1d:96:81:9c:e6:78:64:
                    87:cb:30:8f:43:f6:27:1c:9b:d4:6c:27:d6:e9:e8:
                    d8:12:d3:b9:c5:8a:9b:d8:28:80:fa:d9:3b:72:5f:
                    63:6a:51:37:e2:86:89:93:5f:18:d3:e5:4b:d6:d7:
                    8c:be:a1:9e:27:20:63:f3:00:fe:10:af:a6:70:44:
                    0d:de:d6:d1:39:fc:fb:8a:68:71:81:be:d8:5c:e6:
                    60:40:cc:6e:5a:05:73:9d:81:5e:48:85:c0:ba:b8:
                    5c:fb:f5:fc:8b:1d:b6:54:77:c6:32:47:86:37:9f:
                    e8:98:f2:91:3a:e6:85:16:18:99:a6:89:ab:57:01:
                    2c:14:1a:59:98:6e:40:90:05:63:5f:35:6d:45:25:
                    d8:d0:7b:86:51:f7:bb:a2:50:29:37:cf:19:cf:a7:
                    f1:f0:c4:ad:5c:d1:cd:ec:f2:30:0c:c1:0b:ef:6f:
                    5c:3e:fa:7b:a5:cb:b3:0e:c9:e3:f7:8c:63:5d:59:
                    99:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:12:39:4C:2A:50:C2:90:FC:06:6F:93:17:12:DF:57:B2:A7:7F:F5
            X509v3 Authority Key Identifier:
                keyid:A7:BA:C6:17:50:EA:2F:C8:33:F0:29:80:9F:E5:63:A1:14:2C:81:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p7rGF1DqL8gz8CmAn-VjoRQsgT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df99a1-86b3-46ab-bce4-941692ecb6d6/1/SBI5TCpQwpD8Bm-TFxLfV7Knf_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df99a1-86b3-46ab-bce4-941692ecb6d6/1/p7rGF1DqL8gz8CmAn-VjoRQsgT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.148.0/23
                  195.244.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:c8:a7:af:b4:5c:09:35:11:31:d1:ee:b4:59:62:43:2a:e8:
         c8:20:fe:36:f2:e6:63:ba:cb:ab:ed:59:58:bb:bb:0d:2d:1d:
         cc:7b:ac:ab:54:00:9f:29:81:3e:e7:c8:d1:57:0b:42:6b:f8:
         14:6b:df:a7:ae:c1:11:37:4d:d8:16:fd:c6:26:d3:96:c6:a8:
         43:56:b4:02:b6:95:8f:20:19:78:f8:0a:2d:59:a3:68:2e:6d:
         e1:5d:20:44:06:14:35:2a:f4:e0:72:6b:6e:9c:64:93:5c:d2:
         5b:c4:de:c9:36:9b:b4:d3:15:04:90:82:08:a2:f2:5e:dd:5b:
         43:d1:50:fc:f9:8a:0e:a0:8e:a2:7b:4d:dc:05:6e:2e:c1:15:
         55:ac:42:b9:54:d3:44:d7:41:cc:89:1a:5a:61:7f:d5:20:b5:
         96:23:62:33:ef:ba:17:cb:ad:d9:5d:c1:90:e1:83:ef:d4:33:
         86:1f:bc:60:57:62:d5:b3:d7:af:a8:8d:6c:78:58:56:24:b6:
         39:c2:19:65:98:20:7a:4b:8d:95:25:ff:f0:8f:80:d4:8a:a7:
         c3:04:91:5a:08:c5:a7:cf:d0:02:4f:ad:0f:fa:d3:8f:71:f5:
         4b:0c:4d:b0:01:2a:65:6a:6e:27:99:b6:c6:bd:6d:1b:07:e4:
         a3:e7:be:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlToBKTbDZ6F6fA4IJt/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YmFjNjE3NTBlYTJmYzgzM2YwMjk4MDlmZTU2M2ExMTQy
YzgxM2UwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODEyMzk0YzJhNTBjMjkwZmMwNjZmOTMxNzEyZGY1N2IyYTc3ZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGxekBzaDzqsT67wScp2+Te2fvDs
bQptPEFz93ipRVPHeDlG4BvGy+riZ4ghjeD+FGtUuna4ePpmID3mxwyPbVUcTR2W
gZzmeGSHyzCPQ/YnHJvUbCfW6ejYEtO5xYqb2CiA+tk7cl9jalE34oaJk18Y0+VL
1teMvqGeJyBj8wD+EK+mcEQN3tbROfz7imhxgb7YXOZgQMxuWgVznYFeSIXAurhc
+/X8ix22VHfGMkeGN5/omPKROuaFFhiZpomrVwEsFBpZmG5AkAVjXzVtRSXY0HuG
Ufe7olApN88Zz6fx8MStXNHN7PIwDMEL729cPvp7pcuzDsnj94xjXVmZ3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEgSOUwqUMKQ/AZvkxcS31eyp3/1MB8GA1UdIwQY
MBaAFKe6xhdQ6i/IM/ApgJ/lY6EULIE+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDdyR0YxRHFMOGd6OENtQW4tVmpvUlFzZ1Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kZjk5YTEtODZiMy00NmFiLWJjZTQt
OTQxNjkyZWNiNmQ2LzEvU0JJNVRDcFF3cEQ4Qm0tVEZ4TGZWN0tuZl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kZjk5YTEtODZiMy00NmFiLWJjZTQtOTQxNjkyZWNiNmQ2
LzEvcDdyR0YxRHFMOGd6OENtQW4tVmpvUlFzZ1Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw/KUAwQB
w/QCMA0GCSqGSIb3DQEBCwUAA4IBAQBuyKevtFwJNREx0e60WWJDKujIIP428uZj
usur7VlYu7sNLR3Me6yrVACfKYE+58jRVwtCa/gUa9+nrsERN03YFv3GJtOWxqhD
VrQCtpWPIBl4+AotWaNoLm3hXSBEBhQ1KvTgcmtunGSTXNJbxN7JNpu00xUEkIII
ovJe3VtD0VD8+YoOoI6ie03cBW4uwRVVrEK5VNNE10HMiRpaYX/VILWWI2Iz77oX
y63ZXcGQ4YPv1DOGH7xgV2LVs9evqI1seFhWJLY5whllmCB6S42VJf/wj4DUiqfD
BJFaCMWnz9ACT60P+tOPcfVLDE2wASplam4nmbbGvW0bB+Sj577h
-----END CERTIFICATE-----