Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/sPgmpLyF_PKafpXcgtR7FvsC9bY.roa
File:                     sPgmpLyF_PKafpXcgtR7FvsC9bY.roa (raw, json)
Hash identifier:          sMp8sjJ9YjMshoV/D5bSKKVpPxzHt4F0frkmzXOCA3k=
Subject key identifier:   B0:F8:26:A4:BC:85:FC:F2:9A:7E:95:DC:82:D4:7B:16:FB:02:F5:B6
Certificate issuer:       /CN=1662cfd26eccf289757399cc99c17d1cb4357535
Certificate serial:       01941F8C288C9614B2D02688B8761ECC107C
Authority key identifier: 16:62:CF:D2:6E:CC:F2:89:75:73:99:CC:99:C1:7D:1C:B4:35:75:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/sPgmpLyF_PKafpXcgtR7FvsC9bY.roa
Signing time:             Wed 01 Jan 2025 01:47:46 +0000
ROA not before:           Wed 01 Jan 2025 01:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.138.31.0/24 maxlen: 32
                          2001:7f8:56::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:28:8c:96:14:b2:d0:26:88:b8:76:1e:cc:10:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1662cfd26eccf289757399cc99c17d1cb4357535
        Validity
            Not Before: Jan  1 01:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0f826a4bc85fcf29a7e95dc82d47b16fb02f5b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:72:78:db:dc:b9:b4:b4:4e:ba:11:57:0e:bc:
                    10:7d:c3:33:7a:2f:be:f9:1a:9f:74:41:4d:e7:cc:
                    06:c5:ae:ec:5d:a8:24:ae:9d:3c:ae:06:35:af:e5:
                    99:8b:58:d7:6c:c3:d1:73:72:25:9d:38:a6:b0:c5:
                    a0:b7:b1:65:d9:33:7a:d9:4b:ee:79:5b:5e:c6:bc:
                    e6:ae:c5:aa:01:49:f8:7a:fe:12:b4:ed:69:7b:3e:
                    13:4a:30:b4:84:c9:72:69:37:83:48:43:bf:78:2d:
                    dd:04:8e:5b:4e:77:c9:98:34:74:16:9a:02:9e:4e:
                    a0:7a:e8:d5:5b:65:ec:24:e7:63:0b:28:24:e3:ea:
                    92:7e:7e:33:f7:c2:14:9c:ef:0e:8b:a3:77:56:c3:
                    8b:32:e6:a4:a0:26:7d:18:7e:7e:e2:23:f9:ea:6c:
                    56:06:e9:0a:97:ef:f7:5d:3c:a0:fd:ae:92:18:11:
                    21:2f:5f:b9:bb:f2:2d:f6:f2:04:fd:d2:94:3c:c3:
                    04:15:30:ff:5e:33:b6:b9:57:8c:04:f3:61:ef:3b:
                    6b:a5:14:8f:76:90:2e:bd:97:a3:ca:68:aa:c5:b0:
                    17:a4:4e:9f:2f:30:8b:7d:d4:0d:b7:7a:50:f2:1e:
                    d9:12:b0:d7:b8:16:37:fd:10:5e:89:15:2e:dc:28:
                    0f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F8:26:A4:BC:85:FC:F2:9A:7E:95:DC:82:D4:7B:16:FB:02:F5:B6
            X509v3 Authority Key Identifier:
                keyid:16:62:CF:D2:6E:CC:F2:89:75:73:99:CC:99:C1:7D:1C:B4:35:75:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/sPgmpLyF_PKafpXcgtR7FvsC9bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/5b9878-2080-4354-9592-b7231941fc3a/1/FmLP0m7M8ol1c5nMmcF9HLQ1dTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.31.0/24
                IPv6:
                  2001:7f8:56::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:02:c0:98:ed:9e:0d:53:4e:e6:59:1a:11:cf:52:50:82:9f:
         f6:e9:71:de:76:c0:80:8e:57:b7:e9:b4:3c:62:07:f5:f3:21:
         e5:19:74:60:d9:de:5a:27:35:33:a3:f8:5b:2b:91:ad:f6:47:
         5a:4e:4d:5d:61:fb:38:2b:6b:5e:32:eb:ca:18:09:4a:90:c1:
         0f:e4:83:af:15:26:ee:73:09:db:b4:f1:fa:93:ba:70:20:d9:
         9e:2f:4b:6e:c4:11:08:8d:56:1a:0c:b1:3b:5c:1b:0d:25:45:
         e3:10:3c:1a:83:b4:b2:cd:32:49:bb:0a:51:83:19:9c:e2:51:
         8a:aa:c1:fa:36:03:59:24:72:ed:58:f7:1a:1a:65:c0:61:eb:
         45:a2:3b:2f:f2:1a:24:94:47:cb:79:21:a5:66:12:d7:c8:45:
         a2:7a:6e:00:e3:9e:5d:a1:be:cc:87:ec:32:9d:7b:9e:83:08:
         56:24:f9:56:e8:4a:79:dd:c4:8e:fe:f4:f5:96:eb:48:e7:db:
         ed:40:32:f0:a3:cb:64:5e:d4:ab:15:84:94:00:2b:82:f3:cf:
         9c:b4:ae:b6:fd:c4:0e:51:6a:9d:42:46:db:a8:2b:0c:b6:f5:
         f7:24:29:af:0c:28:2f:b7:7f:14:5d:d6:5c:51:94:ba:82:1d:
         f0:9a:31:58
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjCiMlhSy0CaIuHYezBB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NjJjZmQyNmVjY2YyODk3NTczOTljYzk5YzE3ZDFjYjQz
NTc1MzUwHhcNMjUwMTAxMDE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY4MjZhNGJjODVmY2YyOWE3ZTk1ZGM4MmQ0N2IxNmZiMDJmNWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nJ429y5tLROuhFXDrwQfcMzei++
+RqfdEFN58wGxa7sXagkrp08rgY1r+WZi1jXbMPRc3IlnTimsMWgt7Fl2TN62Uvu
eVtexrzmrsWqAUn4ev4StO1pez4TSjC0hMlyaTeDSEO/eC3dBI5bTnfJmDR0FpoC
nk6geujVW2XsJOdjCygk4+qSfn4z98IUnO8Oi6N3VsOLMuakoCZ9GH5+4iP56mxW
BukKl+/3XTyg/a6SGBEhL1+5u/It9vIE/dKUPMMEFTD/XjO2uVeMBPNh7ztrpRSP
dpAuvZejymiqxbAXpE6fLzCLfdQNt3pQ8h7ZErDXuBY3/RBeiRUu3CgPlQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLD4JqS8hfzymn6V3ILUexb7AvW2MB8GA1UdIwQY
MBaAFBZiz9JuzPKJdXOZzJnBfRy0NXU1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1MUDBtN004b2wxYzVuTW1jRjlITFExZFRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My81Yjk4NzgtMjA4MC00MzU0LTk1OTIt
YjcyMzE5NDFmYzNhLzEvc1BnbXBMeUZfUEthZnBYY2d0UjdGdnNDOWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My81Yjk4NzgtMjA4MC00MzU0LTk1OTItYjcyMzE5NDFmYzNh
LzEvRm1MUDBtN004b2wxYzVuTW1jRjlITFExZFRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwYofMA8E
AgACMAkDBwAgAQf4AFYwDQYJKoZIhvcNAQELBQADggEBAL8CwJjtng1TTuZZGhHP
UlCCn/bpcd52wICOV7fptDxiB/XzIeUZdGDZ3lonNTOj+Fsrka32R1pOTV1h+zgr
a14y68oYCUqQwQ/kg68VJu5zCdu08fqTunAg2Z4vS27EEQiNVhoMsTtcGw0lReMQ
PBqDtLLNMkm7ClGDGZziUYqqwfo2A1kkcu1Y9xoaZcBh60WiOy/yGiSUR8t5IaVm
EtfIRaJ6bgDjnl2hvsyH7DKde56DCFYk+VboSnndxI7+9PWW60jn2+1AMvCjy2Re
1KsVhJQAK4Lzz5y0rrb9xA5Rap1CRtuoKwy29fckKa8MKC+3fxRd1lxRlLqCHfCa
MVg=
-----END CERTIFICATE-----