Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SbLey1UL1gnI2zpTtPd2ao6R8lE.roa
File:                     SbLey1UL1gnI2zpTtPd2ao6R8lE.roa (raw, json)
Hash identifier:          EYBn7hRClXykJ4jnWJIYVYCetYLKwrWaYXWFpmmIl6g=
Subject key identifier:   49:B2:DE:CB:55:0B:D6:09:C8:DB:3A:53:B4:F7:76:6A:8E:91:F2:51
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190123F463CED061F6684862A9549F22B49
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SbLey1UL1gnI2zpTtPd2ao6R8lE.roa
Signing time:             Thu 13 Jun 2024 15:37:34 +0000
ROA not before:           Thu 13 Jun 2024 15:37:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206286
IP address blocks:        82.153.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:3f:46:3c:ed:06:1f:66:84:86:2a:95:49:f2:2b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 13 15:37:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49b2decb550bd609c8db3a53b4f7766a8e91f251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:90:69:33:70:23:ed:a4:24:60:8b:c2:8c:50:
                    d0:a2:a3:3e:dc:76:b0:2c:2d:37:31:6a:7d:5e:04:
                    54:0a:55:ee:f7:9c:92:95:48:cc:9a:72:00:af:b3:
                    b1:4e:79:ad:56:80:3a:dc:b4:a5:e2:d3:51:a1:a5:
                    76:af:ae:1c:4d:8f:09:b5:21:3c:72:7b:a9:47:16:
                    3a:ff:88:d8:6d:d5:52:01:8f:15:56:e7:0f:17:73:
                    b7:69:63:c4:e3:43:2c:a5:e3:85:7e:48:15:e5:0d:
                    99:2c:4e:dd:ee:f1:98:87:9d:d2:82:96:3b:cc:4c:
                    a8:9b:e5:f5:eb:69:92:6b:6b:96:4b:7a:da:d8:a2:
                    ca:7a:04:69:d5:f2:8d:8c:8e:b4:53:16:bd:05:0c:
                    78:4b:f6:ce:96:db:07:2c:3e:6f:45:54:c6:70:8b:
                    ab:82:5b:35:f0:3c:e3:7e:6b:4d:22:59:b4:8d:d9:
                    dc:c7:21:ff:16:de:c6:d5:c7:80:45:ff:b2:4c:7d:
                    1b:b6:9f:1b:9c:cd:34:96:5d:4c:26:d9:0d:7b:1f:
                    3d:94:a4:48:bb:7b:33:ee:e6:60:f7:71:67:a6:3a:
                    67:e1:5e:d3:93:14:5c:aa:93:15:40:a1:44:62:20:
                    e5:22:10:37:dc:63:10:b7:eb:df:cb:87:2b:4b:1a:
                    10:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B2:DE:CB:55:0B:D6:09:C8:DB:3A:53:B4:F7:76:6A:8E:91:F2:51
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/SbLey1UL1gnI2zpTtPd2ao6R8lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:32:9a:b8:71:8b:98:e4:9e:67:b0:90:a0:7c:cb:2d:2c:9b:
         14:c9:ae:bf:1c:ff:9c:ce:7b:d8:a9:f6:8c:7d:09:d9:bb:53:
         fe:8b:f1:98:43:93:90:b5:fc:4b:77:19:8b:89:ed:cb:68:fc:
         1c:3e:74:39:3d:07:c9:40:18:23:b4:69:6f:c5:df:6b:1f:ff:
         5e:d9:04:fe:3f:f0:26:25:af:84:a8:ad:21:8d:a4:9b:24:28:
         db:6c:55:a7:c8:17:bd:13:2f:57:b3:3d:6f:1d:81:e5:ee:9e:
         58:73:be:5c:4e:87:85:d2:c0:e8:56:d8:32:1a:09:3b:e9:52:
         45:6f:88:2b:23:2d:e1:e0:ec:72:9c:dd:c4:da:66:5f:25:52:
         1e:ba:10:af:82:64:8b:e1:24:3d:65:49:b2:cd:bc:a4:2b:d5:
         22:7b:ca:68:ba:1e:35:b2:7f:b5:2e:78:97:2d:09:f1:1d:b1:
         72:90:f1:9b:53:b4:4f:e6:8e:22:fa:2f:7e:66:29:5b:d3:8f:
         6c:e2:f4:da:03:a0:e9:db:b4:97:0c:61:4d:89:b0:2c:06:90:
         90:a8:36:bf:40:2c:5f:73:ca:b8:1e:01:7e:43:6f:dd:f7:66:
         46:f4:09:6a:1c:88:11:b5:c4:32:a5:11:84:a8:e9:8d:3f:23:
         e5:42:50:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZASP0Y87QYfZoSGKpVJ8itJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjEzMTUzNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWIyZGVjYjU1MGJkNjA5YzhkYjNhNTNiNGY3NzY2YThlOTFmMjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJBpM3Aj7aQkYIvCjFDQoqM+3Haw
LC03MWp9XgRUClXu95ySlUjMmnIAr7OxTnmtVoA63LSl4tNRoaV2r64cTY8JtSE8
cnupRxY6/4jYbdVSAY8VVucPF3O3aWPE40MspeOFfkgV5Q2ZLE7d7vGYh53SgpY7
zEyom+X162mSa2uWS3ra2KLKegRp1fKNjI60Uxa9BQx4S/bOltsHLD5vRVTGcIur
gls18DzjfmtNIlm0jdncxyH/Ft7G1ceARf+yTH0btp8bnM00ll1MJtkNex89lKRI
u3sz7uZg93Fnpjpn4V7TkxRcqpMVQKFEYiDlIhA33GMQt+vfy4crSxoQUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmy3stVC9YJyNs6U7T3dmqOkfJRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU2JMZXkxVUwxZ25JMnpwVHRQZDJhbzZSOGxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmfMA0G
CSqGSIb3DQEBCwUAA4IBAQCIMpq4cYuY5J5nsJCgfMstLJsUya6/HP+cznvYqfaM
fQnZu1P+i/GYQ5OQtfxLdxmLie3LaPwcPnQ5PQfJQBgjtGlvxd9rH/9e2QT+P/Am
Ja+EqK0hjaSbJCjbbFWnyBe9Ey9Xsz1vHYHl7p5Yc75cToeF0sDoVtgyGgk76VJF
b4grIy3h4OxynN3E2mZfJVIeuhCvgmSL4SQ9ZUmyzbykK9Uie8pouh41sn+1LniX
LQnxHbFykPGbU7RP5o4i+i9+Zilb049s4vTaA6Dp27SXDGFNibAsBpCQqDa/QCxf
c8q4HgF+Q2/d92ZG9AlqHIgRtcQypRGEqOmNPyPlQlDS
-----END CERTIFICATE-----