Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/smVfooDQO_edmWP8jl4HY2uLMN4.roa
File:                     smVfooDQO_edmWP8jl4HY2uLMN4.roa (raw, json)
Hash identifier:          C6dCRCbGaSEDCBfxFQJhOOVnvCCLMm8Zz+RgpeYAJQ8=
Subject key identifier:   B2:65:5F:A2:80:D0:3B:F7:9D:99:63:FC:8E:5E:07:63:6B:8B:30:DE
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0192BEA54CB4BF97017F814D7F11CA79997E
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/smVfooDQO_edmWP8jl4HY2uLMN4.roa
Signing time:             Thu 24 Oct 2024 13:09:16 +0000
ROA not before:           Thu 24 Oct 2024 13:09:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198037
IP address blocks:        80.71.227.0/24 maxlen: 24
                          80.71.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:a5:4c:b4:bf:97:01:7f:81:4d:7f:11:ca:79:99:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Oct 24 13:09:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2655fa280d03bf79d9963fc8e5e07636b8b30de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:30:d0:0a:74:90:38:5c:ff:20:4a:5a:25:c9:
                    68:22:24:42:15:6a:6c:9a:6b:29:e4:91:b0:01:53:
                    79:93:e7:e5:b3:ea:0d:5b:02:de:14:ac:3c:20:75:
                    07:08:03:24:25:b0:a0:f0:81:a5:8b:6b:08:41:eb:
                    0e:18:89:27:a3:70:69:ac:0e:5d:7a:fe:cb:2a:03:
                    73:a4:34:8f:78:3b:00:6a:c8:a9:70:90:42:88:99:
                    9a:ac:f1:10:c7:3f:c1:ca:66:1d:83:bf:11:fe:65:
                    99:e9:a7:9e:d0:44:09:27:87:6b:bf:42:52:47:99:
                    57:aa:4e:01:b2:67:c2:d4:f7:07:c4:31:6c:a4:05:
                    f2:82:6a:ea:6a:28:a0:93:5f:cf:90:e8:96:58:fa:
                    ea:3c:1f:96:66:67:fc:a6:fb:06:21:a7:63:b0:16:
                    cb:ac:1e:8f:1b:23:b4:cf:f4:7a:2a:06:81:fc:0e:
                    77:46:b6:1f:62:e6:97:a4:a9:66:bf:8c:f3:56:8e:
                    ef:f2:84:a9:29:e5:ac:08:1e:df:86:bb:1a:78:61:
                    e5:98:79:eb:6a:dc:77:58:70:ca:7f:18:6f:f5:77:
                    f4:e4:b3:67:4f:9c:8a:ff:f8:ae:b6:c1:c2:53:da:
                    17:ab:1e:35:ee:51:4b:81:70:a0:e4:32:2a:8a:ef:
                    10:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:65:5F:A2:80:D0:3B:F7:9D:99:63:FC:8E:5E:07:63:6B:8B:30:DE
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/smVfooDQO_edmWP8jl4HY2uLMN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.227.0/24
                  80.71.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:51:b3:ae:78:5c:27:1f:b8:da:9a:aa:99:85:68:76:7c:c9:
         1e:da:b4:99:53:2c:8c:5c:f6:41:0a:b2:5d:40:c8:da:50:91:
         a2:b4:7f:1c:77:d4:06:08:c6:04:42:bd:0a:52:20:08:9e:2d:
         38:39:ce:cb:a5:3d:d3:96:ea:36:2f:b6:63:89:f0:84:f7:3b:
         f3:2f:e3:6c:50:81:f6:bc:6e:15:d2:67:a1:8c:b7:da:37:1a:
         ad:2e:89:ae:c0:0f:9d:93:7b:47:42:4f:38:e8:77:31:3d:f0:
         9a:37:44:53:0c:fb:f0:5e:9d:0a:8e:23:b2:1d:d4:25:f9:f9:
         75:8b:de:e0:e8:4f:8e:38:cb:fb:81:9f:75:9f:b2:9a:ce:64:
         93:40:4f:4e:f3:7b:7a:9a:25:f2:07:01:7f:30:28:e4:d2:f6:
         66:59:90:24:0a:f4:ab:5b:22:18:a5:09:d3:aa:fe:47:28:26:
         a8:9b:95:e8:a6:b0:52:57:b3:73:30:e2:09:04:ac:95:89:8e:
         f5:b1:6b:08:3c:16:52:82:2d:5e:e6:6f:bd:98:c8:cc:3a:2d:
         dc:ed:f0:10:b7:41:34:57:0d:c4:2a:53:5d:db:81:63:7b:a6:
         eb:83:6a:45:fe:e9:e2:7f:04:f0:6f:9f:70:fb:f2:cb:d2:87:
         13:a1:f6:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK+pUy0v5cBf4FNfxHKeZl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQxMDI0MTMwOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjY1NWZhMjgwZDAzYmY3OWQ5OTYzZmM4ZTVlMDc2MzZiOGIzMGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjDQCnSQOFz/IEpaJcloIiRCFWps
mmsp5JGwAVN5k+fls+oNWwLeFKw8IHUHCAMkJbCg8IGli2sIQesOGIkno3BprA5d
ev7LKgNzpDSPeDsAasipcJBCiJmarPEQxz/BymYdg78R/mWZ6aee0EQJJ4drv0JS
R5lXqk4BsmfC1PcHxDFspAXygmrqaiigk1/PkOiWWPrqPB+WZmf8pvsGIadjsBbL
rB6PGyO0z/R6KgaB/A53RrYfYuaXpKlmv4zzVo7v8oSpKeWsCB7fhrsaeGHlmHnr
atx3WHDKfxhv9Xf05LNnT5yK//iutsHCU9oXqx417lFLgXCg5DIqiu8QawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLJlX6KA0Dv3nZlj/I5eB2NrizDeMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvc21WZm9vRFFPX2VkbVdQOGpsNEhZMnVMTU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEfjAwQA
UEfoMA0GCSqGSIb3DQEBCwUAA4IBAQCOUbOueFwnH7jamqqZhWh2fMke2rSZUyyM
XPZBCrJdQMjaUJGitH8cd9QGCMYEQr0KUiAIni04Oc7LpT3Tluo2L7ZjifCE9zvz
L+NsUIH2vG4V0mehjLfaNxqtLomuwA+dk3tHQk846HcxPfCaN0RTDPvwXp0KjiOy
HdQl+fl1i97g6E+OOMv7gZ91n7KazmSTQE9O83t6miXyBwF/MCjk0vZmWZAkCvSr
WyIYpQnTqv5HKCaom5XoprBSV7NzMOIJBKyViY71sWsIPBZSgi1e5m+9mMjMOi3c
7fAQt0E0Vw3EKlNd24Fje6brg2pF/unifwTwb59w+/LL0ocTofZw
-----END CERTIFICATE-----