Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/SzBJlVHh9D6OA7gsJy8haUSSpdA.roa
File:                     SzBJlVHh9D6OA7gsJy8haUSSpdA.roa (raw, json)
Hash identifier:          EqQOez1rCM8FLTIRLGrmN2TtUuO1MfHfpNj5EOKFCUA=
Subject key identifier:   4B:30:49:95:51:E1:F4:3E:8E:03:B8:2C:27:2F:21:69:44:92:A5:D0
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       01922F8AF5832A5743F56F2B850F971EF553
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/SzBJlVHh9D6OA7gsJy8haUSSpdA.roa
Signing time:             Thu 26 Sep 2024 18:14:48 +0000
ROA not before:           Thu 26 Sep 2024 18:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400992
IP address blocks:        185.219.7.0/24 maxlen: 24
                          193.46.217.0/24 maxlen: 24
                          193.46.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2f:8a:f5:83:2a:57:43:f5:6f:2b:85:0f:97:1e:f5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Sep 26 18:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b30499551e1f43e8e03b82c272f21694492a5d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d5:0d:b1:95:66:6e:12:b7:92:1c:69:2b:9e:
                    bb:51:26:d7:1f:39:5f:1b:81:04:9e:98:0e:1c:18:
                    33:81:a6:68:c4:28:e0:c7:e7:75:5f:1f:df:c3:d1:
                    e9:45:0f:9b:8e:12:1c:07:63:f3:8a:c3:78:3a:14:
                    ab:76:df:98:97:d1:07:43:74:5d:5b:f7:6f:a8:46:
                    8e:bc:9c:b0:85:a3:49:9d:0f:c2:e1:f4:f2:1e:22:
                    eb:7a:d2:e1:d7:67:8b:e6:97:ae:b4:61:c3:2a:57:
                    3e:0d:c2:54:4c:b6:6a:b5:d5:d9:d1:f3:e9:d0:8b:
                    e2:61:36:8a:e4:99:59:d4:4f:04:bc:86:f3:8a:90:
                    33:a2:33:ce:5a:5a:6b:c0:0c:e3:68:45:60:e0:25:
                    88:f4:57:8d:4b:bc:21:49:ff:6e:67:24:9c:f4:b9:
                    7d:33:fb:04:37:f2:85:c6:4f:fb:83:8e:2a:48:1e:
                    fa:19:c2:58:bc:98:b3:1f:42:f6:0e:7f:cb:f4:6f:
                    15:a0:2e:16:34:08:f8:36:04:0f:1c:4b:bd:22:75:
                    4a:17:4c:a6:8f:18:12:5b:e1:a4:e5:3a:4a:58:c5:
                    6f:26:aa:a1:ba:e6:06:7c:e7:35:8f:75:05:6a:4f:
                    b1:af:c9:bb:4e:27:e9:d7:0d:ee:67:cc:7a:5d:7a:
                    8c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:30:49:95:51:E1:F4:3E:8E:03:B8:2C:27:2F:21:69:44:92:A5:D0
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/SzBJlVHh9D6OA7gsJy8haUSSpdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.7.0/24
                  193.46.217.0-193.46.218.255

    Signature Algorithm: sha256WithRSAEncryption
         15:9d:42:a3:04:34:8d:4b:5a:ca:88:c3:7a:b0:4d:c2:a4:e0:
         51:85:8b:be:bc:b1:05:ad:fa:38:1c:2d:e4:18:97:05:cb:1c:
         b5:a3:c9:fa:ea:f1:04:f5:a4:77:ae:ac:6b:08:54:68:99:2a:
         be:6e:de:1f:a7:6f:a7:d6:84:4b:a7:4c:d8:3b:c2:f6:8b:3b:
         10:08:be:bb:b1:f7:b8:7b:c9:ff:f6:6e:9e:97:ed:13:fe:87:
         68:13:e3:b5:f2:e5:59:e4:d1:da:93:51:47:b9:30:58:ac:83:
         80:12:1f:de:fc:fd:fa:22:9d:62:ca:14:60:75:7a:83:f6:92:
         3a:a9:78:d0:bb:22:93:68:0b:46:a8:5d:d3:c0:c0:97:d9:cd:
         ae:d9:e5:4a:d9:28:38:5e:19:35:3e:36:a2:87:6a:2e:e4:fd:
         16:16:6d:8c:6e:39:ec:f8:1f:d4:e9:6d:9f:00:3d:a4:cb:40:
         d1:8e:d6:3a:2e:03:2d:f7:cf:96:44:7d:c1:f5:06:f6:5c:d3:
         f5:0f:67:07:90:aa:89:2f:e2:9d:87:5d:42:44:f0:72:f9:ed:
         09:2a:3c:d7:fc:57:cc:cc:8a:da:4b:48:5f:e3:f1:9a:34:7f:
         36:38:e2:4d:39:01:66:ad:5d:fd:63:db:38:87:d2:b3:8d:76:
         63:c1:9b:7b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZIvivWDKldD9W8rhQ+XHvVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwOTI2MTgxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjMwNDk5NTUxZTFmNDNlOGUwM2I4MmMyNzJmMjE2OTQ0OTJhNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9UNsZVmbhK3khxpK567USbXHzlf
G4EEnpgOHBgzgaZoxCjgx+d1Xx/fw9HpRQ+bjhIcB2PzisN4OhSrdt+Yl9EHQ3Rd
W/dvqEaOvJywhaNJnQ/C4fTyHiLretLh12eL5peutGHDKlc+DcJUTLZqtdXZ0fPp
0IviYTaK5JlZ1E8EvIbzipAzojPOWlprwAzjaEVg4CWI9FeNS7whSf9uZySc9Ll9
M/sEN/KFxk/7g44qSB76GcJYvJizH0L2Dn/L9G8VoC4WNAj4NgQPHEu9InVKF0ym
jxgSW+Gk5TpKWMVvJqqhuuYGfOc1j3UFak+xr8m7Tifp1w3uZ8x6XXqM7wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEswSZVR4fQ+jgO4LCcvIWlEkqXQMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvU3pCSmxWSGg5RDZPQTdnc0p5OGhhVVNTcGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAudsHMAwD
BADBLtkDBADBLtowDQYJKoZIhvcNAQELBQADggEBABWdQqMENI1LWsqIw3qwTcKk
4FGFi768sQWt+jgcLeQYlwXLHLWjyfrq8QT1pHeurGsIVGiZKr5u3h+nb6fWhEun
TNg7wvaLOxAIvrux97h7yf/2bp6X7RP+h2gT47Xy5Vnk0dqTUUe5MFisg4ASH978
/foinWLKFGB1eoP2kjqpeNC7IpNoC0aoXdPAwJfZza7Z5UrZKDheGTU+NqKHai7k
/RYWbYxuOez4H9TpbZ8APaTLQNGO1jouAy33z5ZEfcH1BvZc0/UPZweQqokv4p2H
XUJE8HL57QkqPNf8V8zMitpLSF/j8Zo0fzY44k05AWatXf1j2ziH0rONdmPBm3s=
-----END CERTIFICATE-----