Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/7d0353-3a62-4c39-bd3a-c3a3521e8f70/1/cnRSPInSBRDWselDYR_TfQc4HlU.roa
File:                     cnRSPInSBRDWselDYR_TfQc4HlU.roa (raw, json)
Hash identifier:          WKnT45x+L8lO3wufHbqzd6qjHxAi49kY9zv7+RA3psI=
Subject key identifier:   72:74:52:3C:89:D2:05:10:D6:B1:E9:43:61:1F:D3:7D:07:38:1E:55
Certificate issuer:       /CN=523881993cf0db674e89db5815e6f189a6c60d1f
Certificate serial:       018CC424729F4ABE06813222053060D4482D
Authority key identifier: 52:38:81:99:3C:F0:DB:67:4E:89:DB:58:15:E6:F1:89:A6:C6:0D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjiBmTzw22dOidtYFebxiabGDR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/7d0353-3a62-4c39-bd3a-c3a3521e8f70/1/cnRSPInSBRDWselDYR_TfQc4HlU.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206234
IP address blocks:        185.192.121.0/24 maxlen: 24
                          185.192.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/7d0353-3a62-4c39-bd3a-c3a3521e8f70/1/UjiBmTzw22dOidtYFebxiabGDR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/7d0353-3a62-4c39-bd3a-c3a3521e8f70/1/UjiBmTzw22dOidtYFebxiabGDR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjiBmTzw22dOidtYFebxiabGDR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:72:9f:4a:be:06:81:32:22:05:30:60:d4:48:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=523881993cf0db674e89db5815e6f189a6c60d1f
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7274523c89d20510d6b1e943611fd37d07381e55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fd:3d:8b:c7:f1:a1:9d:9c:b4:4b:00:42:93:
                    45:1f:7e:7e:f4:07:e7:e2:73:58:5e:ae:64:ed:4a:
                    2a:81:80:df:73:d0:7b:aa:3a:16:27:40:e8:a6:bd:
                    ec:82:4e:6b:84:71:15:1d:a2:bb:10:27:6d:ad:70:
                    22:58:b8:4e:00:9e:ff:2b:a9:39:61:0e:50:82:2b:
                    ab:33:96:7f:87:e8:a4:e4:e3:ee:be:c6:2c:3e:39:
                    bd:e0:93:9d:de:ab:fa:72:66:7e:00:54:67:97:bd:
                    21:2a:0a:6b:b1:18:f0:03:f1:85:95:81:92:6e:25:
                    a5:e9:45:c6:10:ce:94:df:aa:0a:ed:04:b6:3c:7b:
                    fe:d2:ba:88:3d:67:28:28:5d:b4:ae:8b:30:29:d9:
                    e9:4c:94:82:ae:5a:5d:c8:01:a7:47:95:c0:6a:b1:
                    a7:7c:af:52:db:8d:1c:01:15:1a:cd:38:a8:eb:58:
                    8c:cb:94:14:e4:2a:a8:79:b4:d3:42:16:b7:c2:e6:
                    22:22:b2:2e:cd:06:61:34:6c:bb:e9:24:60:a9:54:
                    0d:1c:5d:d6:44:61:59:3b:ab:b7:e6:4c:70:d4:6a:
                    76:3e:b6:30:eb:0b:7a:12:1f:bd:93:4c:33:f5:0b:
                    4b:54:e3:90:40:1f:88:8a:bb:50:f9:25:f5:1f:80:
                    66:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:74:52:3C:89:D2:05:10:D6:B1:E9:43:61:1F:D3:7D:07:38:1E:55
            X509v3 Authority Key Identifier:
                keyid:52:38:81:99:3C:F0:DB:67:4E:89:DB:58:15:E6:F1:89:A6:C6:0D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjiBmTzw22dOidtYFebxiabGDR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/7d0353-3a62-4c39-bd3a-c3a3521e8f70/1/cnRSPInSBRDWselDYR_TfQc4HlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/7d0353-3a62-4c39-bd3a-c3a3521e8f70/1/UjiBmTzw22dOidtYFebxiabGDR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:8f:18:e5:1f:65:b2:ef:30:ca:19:67:98:fd:d4:86:31:3e:
         30:de:17:e4:59:8d:ba:64:15:81:c7:d3:48:25:ae:d2:03:57:
         d1:52:ea:9e:4e:e3:7f:0c:20:31:9d:19:f0:b4:0c:83:ca:e6:
         54:c9:b2:57:cf:5f:83:34:ba:16:ce:6e:16:54:77:18:e6:31:
         2e:09:4c:a5:84:62:cd:ca:6e:5c:5e:89:e9:b2:f1:64:66:f3:
         f5:fb:bb:ea:75:ee:7f:3f:52:21:51:1a:a0:72:3f:cf:17:db:
         28:ad:d5:29:1f:bc:36:6b:75:c1:59:d3:de:ec:f0:41:12:0f:
         58:ea:04:15:26:da:35:db:70:69:e1:be:36:a1:0d:69:7f:c0:
         12:6a:0b:25:9f:15:24:15:d6:6e:99:9d:75:7e:01:1a:c5:56:
         c6:d4:00:23:e9:4e:04:09:23:2e:b6:4f:e2:98:4c:d1:fa:ad:
         d1:09:11:2c:27:7e:a9:8a:f4:a9:b1:1f:fc:1b:c3:24:c2:4c:
         88:24:09:23:6b:8b:85:c4:ca:7d:99:cc:d4:68:53:f9:22:90:
         ff:7f:de:4f:6b:bf:6d:f4:33:67:da:63:b2:46:1d:8f:fc:4b:
         1a:5b:e1:ac:23:9e:fe:77:a7:fd:27:12:3e:0a:16:f2:56:8f:
         26:7b:a1:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHKfSr4GgTIiBTBg1EgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzg4MTk5M2NmMGRiNjc0ZTg5ZGI1ODE1ZTZmMTg5YTZj
NjBkMWYwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjc0NTIzYzg5ZDIwNTEwZDZiMWU5NDM2MTFmZDM3ZDA3MzgxZTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgv09i8fxoZ2ctEsAQpNFH35+9Afn
4nNYXq5k7UoqgYDfc9B7qjoWJ0Dopr3sgk5rhHEVHaK7ECdtrXAiWLhOAJ7/K6k5
YQ5QgiurM5Z/h+ik5OPuvsYsPjm94JOd3qv6cmZ+AFRnl70hKgprsRjwA/GFlYGS
biWl6UXGEM6U36oK7QS2PHv+0rqIPWcoKF20roswKdnpTJSCrlpdyAGnR5XAarGn
fK9S240cARUazTio61iMy5QU5CqoebTTQha3wuYiIrIuzQZhNGy76SRgqVQNHF3W
RGFZO6u35kxw1Gp2PrYw6wt6Eh+9k0wz9QtLVOOQQB+IirtQ+SX1H4BmDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJ0UjyJ0gUQ1rHpQ2Ef030HOB5VMB8GA1UdIwQY
MBaAFFI4gZk88NtnTonbWBXm8Ymmxg0fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWppQm1UencyMmRPaWR0WUZlYnhpYWJHRFI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83ZDAzNTMtM2E2Mi00YzM5LWJkM2Et
YzNhMzUyMWU4ZjcwLzEvY25SU1BJblNCUkRXc2VsRFlSX1RmUWM0SGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83ZDAzNTMtM2E2Mi00YzM5LWJkM2EtYzNhMzUyMWU4Zjcw
LzEvVWppQm1UencyMmRPaWR0WUZlYnhpYWJHRFI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucB4MA0G
CSqGSIb3DQEBCwUAA4IBAQA5jxjlH2Wy7zDKGWeY/dSGMT4w3hfkWY26ZBWBx9NI
Ja7SA1fRUuqeTuN/DCAxnRnwtAyDyuZUybJXz1+DNLoWzm4WVHcY5jEuCUylhGLN
ym5cXonpsvFkZvP1+7vqde5/P1IhURqgcj/PF9sordUpH7w2a3XBWdPe7PBBEg9Y
6gQVJto123Bp4b42oQ1pf8ASagslnxUkFdZumZ11fgEaxVbG1AAj6U4ECSMutk/i
mEzR+q3RCREsJ36pivSpsR/8G8MkwkyIJAkja4uFxMp9mczUaFP5IpD/f95Pa79t
9DNn2mOyRh2P/EsaW+GsI57+d6f9JxI+ChbyVo8me6EQ
-----END CERTIFICATE-----