Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/SATDiNk0aElld777RnLTntcnKpo.roa
File:                     SATDiNk0aElld777RnLTntcnKpo.roa (raw, json)
Hash identifier:          Jmab3JIqcIJ9KNbjJd90ZwG16MQs/kl9qm75b5lKuTo=
Subject key identifier:   48:04:C3:88:D9:34:68:49:65:77:BE:FB:46:72:D3:9E:D7:27:2A:9A
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       018DFAA8459EAEF650A9E408FDBE54C050CD
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/SATDiNk0aElld777RnLTntcnKpo.roa
Signing time:             Fri 01 Mar 2024 15:35:48 +0000
ROA not before:           Fri 01 Mar 2024 15:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        80.208.221.0/24 maxlen: 24
                          185.174.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:a8:45:9e:ae:f6:50:a9:e4:08:fd:be:54:c0:50:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Mar  1 15:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4804c388d93468496577befb4672d39ed7272a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dd:bd:48:42:59:8a:2c:ea:00:e5:9d:19:d5:
                    0f:b5:ac:3f:c2:be:f4:5c:6f:b5:36:08:90:f7:af:
                    b5:c7:96:9f:08:21:f6:71:f6:69:ba:78:c1:db:33:
                    38:91:c5:08:0a:47:eb:0a:53:1b:95:c8:24:6a:a7:
                    18:7e:60:c7:37:57:e4:4f:b7:d1:1a:19:85:4c:15:
                    64:1c:4f:c6:8b:6f:1f:94:87:46:c6:e9:a2:fe:4b:
                    44:b4:22:b0:76:0f:f4:fb:b2:0a:5b:10:0d:41:25:
                    94:6d:f9:0b:d5:63:8b:4f:0a:1a:ec:df:ae:b0:c0:
                    18:0b:eb:72:f6:8a:01:44:76:2b:e5:38:b6:09:f7:
                    6e:6f:06:be:23:6b:4f:ef:41:05:a4:e0:74:db:00:
                    42:fc:22:3b:34:25:40:95:62:d4:1c:e1:4c:84:7f:
                    37:76:b6:b0:44:b4:f9:48:a9:7e:d5:d9:2b:1f:3d:
                    33:6c:f2:0e:b5:86:3d:43:2f:ec:92:ac:e8:2c:35:
                    b2:b6:9c:cc:63:6a:9a:96:bf:b4:69:0f:a9:07:4e:
                    fc:f7:8a:1c:d6:e8:98:9f:4b:c4:a8:4c:39:15:b2:
                    0f:cd:ea:df:d8:d5:4b:d6:32:f0:5d:46:83:7c:d5:
                    42:a8:2f:dc:c8:80:5c:5c:9d:86:a4:ff:88:52:5e:
                    d6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:04:C3:88:D9:34:68:49:65:77:BE:FB:46:72:D3:9E:D7:27:2A:9A
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/SATDiNk0aElld777RnLTntcnKpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.208.221.0/24
                  185.174.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:aa:f5:a0:3c:07:20:a9:81:3f:96:12:94:92:65:2c:54:53:
         49:e8:9d:cd:66:88:25:62:a1:33:c3:10:43:5a:83:2f:f8:0e:
         d2:e6:df:b2:ab:58:37:69:81:f8:42:0b:81:f4:12:85:91:d2:
         f1:41:c3:bb:1f:fe:f6:f9:cc:a6:24:27:4c:4e:3a:d1:c8:64:
         1d:66:8b:ff:0b:de:26:42:0d:37:80:cc:ed:3f:2d:af:73:40:
         0c:35:06:f8:66:ca:d2:49:01:8b:f4:aa:76:c3:60:3f:96:26:
         37:53:83:50:fa:97:d0:8d:8e:f3:12:ec:4f:e8:63:20:d5:55:
         2e:2e:0c:de:ec:75:df:23:d6:86:67:b5:1f:99:30:a2:d7:80:
         4f:0f:fe:2f:7f:82:5c:96:93:cc:73:aa:c4:a4:19:8d:1c:02:
         df:1b:c5:61:f8:71:83:69:a8:0f:00:f1:74:8d:2a:5f:91:12:
         99:ab:87:29:58:c5:db:ef:29:b9:77:3e:c3:71:69:6a:78:4f:
         a2:5c:cc:a4:6d:19:a6:89:6c:b4:c9:da:12:60:78:5d:0a:eb:
         39:fe:ff:eb:20:1f:da:91:e7:a7:f6:11:08:7f:3d:12:12:2f:
         69:2e:02:2e:f3:a0:a0:6d:c1:2c:4d:bf:fe:e1:70:ec:06:61:
         48:dd:d9:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY36qEWervZQqeQI/b5UwFDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjQwMzAxMTUzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODA0YzM4OGQ5MzQ2ODQ5NjU3N2JlZmI0NjcyZDM5ZWQ3MjcyYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq929SEJZiizqAOWdGdUPtaw/wr70
XG+1NgiQ96+1x5afCCH2cfZpunjB2zM4kcUICkfrClMblcgkaqcYfmDHN1fkT7fR
GhmFTBVkHE/Gi28flIdGxumi/ktEtCKwdg/0+7IKWxANQSWUbfkL1WOLTwoa7N+u
sMAYC+ty9ooBRHYr5Ti2Cfdubwa+I2tP70EFpOB02wBC/CI7NCVAlWLUHOFMhH83
drawRLT5SKl+1dkrHz0zbPIOtYY9Qy/skqzoLDWytpzMY2qalr+0aQ+pB07894oc
1uiYn0vEqEw5FbIPzerf2NVL1jLwXUaDfNVCqC/cyIBcXJ2GpP+IUl7WrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEgEw4jZNGhJZXe++0Zy057XJyqaMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvU0FURGlOazBhRWxsZDc3N1JuTFRudGNuS3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUNDdAwQA
ua5GMA0GCSqGSIb3DQEBCwUAA4IBAQBfqvWgPAcgqYE/lhKUkmUsVFNJ6J3NZogl
YqEzwxBDWoMv+A7S5t+yq1g3aYH4QguB9BKFkdLxQcO7H/72+cymJCdMTjrRyGQd
Zov/C94mQg03gMztPy2vc0AMNQb4ZsrSSQGL9Kp2w2A/liY3U4NQ+pfQjY7zEuxP
6GMg1VUuLgze7HXfI9aGZ7UfmTCi14BPD/4vf4JclpPMc6rEpBmNHALfG8Vh+HGD
aagPAPF0jSpfkRKZq4cpWMXb7ym5dz7DcWlqeE+iXMykbRmmiWy0ydoSYHhdCus5
/v/rIB/akeen9hEIfz0SEi9pLgIu86CgbcEsTb/+4XDsBmFI3dkq
-----END CERTIFICATE-----