Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/smwiCcfPiZQxHzUiwBbVqoWakgs.roa
File:                     smwiCcfPiZQxHzUiwBbVqoWakgs.roa (raw, json)
Hash identifier:          VTpOWgcMg3rsLs8m+Qh76MQTe5SdrNraeUcUeWisbHs=
Subject key identifier:   B2:6C:22:09:C7:CF:89:94:31:1F:35:22:C0:16:D5:AA:85:9A:92:0B
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       018DC2DE9161E3C10F7543A5127E95532443
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/smwiCcfPiZQxHzUiwBbVqoWakgs.roa
Signing time:             Mon 19 Feb 2024 19:36:22 +0000
ROA not before:           Mon 19 Feb 2024 19:36:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215492
IP address blocks:        88.80.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c2:de:91:61:e3:c1:0f:75:43:a5:12:7e:95:53:24:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Feb 19 19:36:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b26c2209c7cf8994311f3522c016d5aa859a920b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:20:96:f1:c7:39:ba:3a:27:8a:62:8c:0c:45:
                    b1:82:0c:25:6e:77:96:9a:a0:3e:c8:1c:b8:e7:27:
                    b0:ae:c4:17:8e:c7:41:26:8a:f2:ec:de:1b:42:dd:
                    db:13:d9:86:92:34:d2:87:dc:da:02:6e:d0:42:52:
                    d2:28:19:57:53:43:a3:84:53:77:75:42:0d:8a:6d:
                    42:24:aa:75:f9:1f:2e:f4:7c:d2:e7:49:3b:5f:b2:
                    34:05:89:46:79:f2:c8:7e:a2:4c:86:da:31:47:a6:
                    d5:bd:a7:30:b5:42:97:ad:7a:31:63:aa:5b:10:d3:
                    ca:ce:6a:28:5f:62:6d:08:e8:60:4b:37:54:c1:83:
                    0b:4d:49:91:fb:c8:53:29:70:3f:3a:c0:57:cb:ed:
                    ea:fb:2b:da:ed:e2:b8:27:77:d9:99:46:15:52:c2:
                    b1:bf:f8:ec:4c:85:bd:53:cc:78:a7:b3:c2:d9:e0:
                    8e:d9:0c:f6:09:d4:38:8a:62:1f:fb:b0:8c:b8:ae:
                    26:34:b3:75:8f:a7:65:f0:8b:ca:91:da:46:b9:48:
                    6f:35:ba:e9:4a:a7:33:97:cf:6f:79:a7:d0:4b:ea:
                    44:a9:ba:f4:c7:1d:07:7e:d8:8b:ce:a6:29:9d:de:
                    be:a0:fa:aa:37:5b:11:a8:63:7e:f7:fb:a0:2c:3f:
                    4f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:6C:22:09:C7:CF:89:94:31:1F:35:22:C0:16:D5:AA:85:9A:92:0B
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/smwiCcfPiZQxHzUiwBbVqoWakgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:6e:ce:87:12:78:af:d9:2b:15:de:8e:72:5a:b2:1a:4d:cb:
         12:99:46:74:41:28:64:ff:12:2d:db:ee:d1:7b:18:50:e1:7e:
         9a:c8:1f:18:59:86:48:a0:0b:07:47:ed:f7:09:2e:ed:a9:63:
         1e:eb:53:5c:c3:78:94:c4:de:8c:fb:af:ae:ae:48:2d:48:88:
         c2:b4:9f:e9:c0:78:66:7e:c8:f8:9d:86:db:c4:5e:08:12:6a:
         36:9f:24:da:94:21:91:51:ab:38:99:27:f4:3b:45:d7:50:47:
         55:2c:c8:b8:84:9c:18:5d:7f:6c:55:5a:cb:bf:f1:ec:3c:a1:
         5c:75:e3:d1:4f:b6:5b:03:c1:80:8d:62:e7:e0:20:c5:e0:ee:
         77:01:89:6e:2c:cd:af:2b:1c:0f:0d:a0:7e:14:dc:91:46:3e:
         f0:03:a8:7a:98:09:e4:94:be:10:3f:09:2d:05:d9:5f:60:ea:
         31:05:2d:f3:2d:75:c7:ca:3c:dc:5a:1e:db:d1:5d:81:01:51:
         95:ce:6f:51:6c:40:ea:7f:0b:4a:40:1e:d5:c1:66:86:df:cf:
         a0:2f:dc:b5:dd:d7:84:64:3c:85:96:3d:e6:24:b9:37:5a:58:
         d8:5c:a6:08:1c:b3:83:92:fb:6f:f6:28:81:7b:8d:11:df:f2:
         b1:df:1d:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3C3pFh48EPdUOlEn6VUyRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQwMjE5MTkzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjZjMjIwOWM3Y2Y4OTk0MzExZjM1MjJjMDE2ZDVhYTg1OWE5MjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSCW8cc5ujonimKMDEWxggwlbneW
mqA+yBy45yewrsQXjsdBJory7N4bQt3bE9mGkjTSh9zaAm7QQlLSKBlXU0OjhFN3
dUINim1CJKp1+R8u9HzS50k7X7I0BYlGefLIfqJMhtoxR6bVvacwtUKXrXoxY6pb
ENPKzmooX2JtCOhgSzdUwYMLTUmR+8hTKXA/OsBXy+3q+yva7eK4J3fZmUYVUsKx
v/jsTIW9U8x4p7PC2eCO2Qz2CdQ4imIf+7CMuK4mNLN1j6dl8IvKkdpGuUhvNbrp
Sqczl89veafQS+pEqbr0xx0HftiLzqYpnd6+oPqqN1sRqGN+9/ugLD9PuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJsIgnHz4mUMR81IsAW1aqFmpILMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvc213aUNjZlBpWlF4SHpVaXdCYlZxb1dha2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCMMA0G
CSqGSIb3DQEBCwUAA4IBAQAIbs6HEniv2SsV3o5yWrIaTcsSmUZ0QShk/xIt2+7R
exhQ4X6ayB8YWYZIoAsHR+33CS7tqWMe61Ncw3iUxN6M+6+urkgtSIjCtJ/pwHhm
fsj4nYbbxF4IEmo2nyTalCGRUas4mSf0O0XXUEdVLMi4hJwYXX9sVVrLv/HsPKFc
dePRT7ZbA8GAjWLn4CDF4O53AYluLM2vKxwPDaB+FNyRRj7wA6h6mAnklL4QPwkt
BdlfYOoxBS3zLXXHyjzcWh7b0V2BAVGVzm9RbEDqfwtKQB7VwWaG38+gL9y13deE
ZDyFlj3mJLk3WljYXKYIHLODkvtv9iiBe40R3/Kx3x2p
-----END CERTIFICATE-----