Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Sg6p5jxDucyiytdA_BHqhYP26RE.roa
File:                     Sg6p5jxDucyiytdA_BHqhYP26RE.roa (raw, json)
Hash identifier:          1CDCKk++UOusosn8rB1u0l+vBhsIumTsE9XqilKvR/c=
Subject key identifier:   4A:0E:A9:E6:3C:43:B9:CC:A2:CA:D7:40:FC:11:EA:85:83:F6:E9:11
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018E9FFD0D59950C2514E6D9D3CE65FEA854
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Sg6p5jxDucyiytdA_BHqhYP26RE.roa
Signing time:             Tue 02 Apr 2024 18:05:45 +0000
ROA not before:           Tue 02 Apr 2024 18:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15395
IP address blocks:        193.138.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:fd:0d:59:95:0c:25:14:e6:d9:d3:ce:65:fe:a8:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Apr  2 18:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a0ea9e63c43b9cca2cad740fc11ea8583f6e911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:33:04:0c:61:99:12:18:c8:3f:e2:70:0d:9a:
                    c8:30:c4:18:ce:09:c5:28:6b:9d:a0:cc:3e:1f:81:
                    6f:f3:3e:cf:ff:11:06:04:cf:39:aa:21:71:ad:85:
                    e5:cd:d2:ad:0d:af:18:b9:6e:25:3a:98:dd:38:08:
                    16:80:d4:90:bc:00:a7:00:7a:7b:ce:1f:f2:01:25:
                    72:a9:76:a1:e7:51:a0:2d:ee:72:95:48:8e:40:d8:
                    78:30:34:bd:47:45:ed:ba:09:81:4f:d4:d2:45:f5:
                    35:0a:0c:16:bc:b5:43:88:31:56:45:7b:8b:2a:ca:
                    d9:f8:06:8a:c7:19:b4:dc:b0:93:f8:50:1e:ff:e5:
                    b8:4b:d9:c1:57:66:06:d1:2b:dd:7a:b8:60:8d:63:
                    97:81:dd:1c:5f:48:b7:6c:ad:b3:86:11:4a:44:f0:
                    ee:3f:95:50:df:26:f9:70:0f:27:28:11:83:63:d4:
                    fb:49:f1:e0:3a:94:93:7c:c9:f4:68:2c:04:55:5f:
                    1a:42:8e:be:ff:70:db:52:91:3e:c3:ba:b4:63:62:
                    da:bb:33:da:c9:4b:85:1f:22:b1:70:62:81:1e:87:
                    5f:fe:11:0c:09:a1:63:4e:07:f3:82:e8:ff:42:e5:
                    92:85:be:56:cb:d1:b7:b2:16:d2:bc:81:30:fa:aa:
                    bb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:0E:A9:E6:3C:43:B9:CC:A2:CA:D7:40:FC:11:EA:85:83:F6:E9:11
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Sg6p5jxDucyiytdA_BHqhYP26RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:69:d0:42:bc:72:3e:ff:6c:b7:39:36:e5:8f:ad:9c:11:a2:
         5f:23:b6:07:91:de:05:28:1a:5d:84:9c:42:c2:0f:02:cf:ae:
         53:15:1e:37:2b:e5:2c:17:af:fa:3a:f7:26:86:14:27:8b:4b:
         9f:ab:1a:b2:66:2b:f1:07:b9:a0:5d:73:f7:e4:d6:53:20:fb:
         c5:75:8c:33:b7:51:8e:cd:c0:42:7f:ee:73:2b:5e:2e:48:0d:
         d4:43:e5:d9:6f:0b:78:3a:56:5f:fa:88:f8:47:0a:15:db:81:
         70:63:c0:e8:d7:75:ad:e4:cb:a0:3e:e2:98:bf:4f:cc:70:d9:
         c4:38:d5:1a:da:d6:d7:3f:fc:53:c2:45:98:27:16:f5:1c:8e:
         53:0d:23:49:e1:e3:77:a8:b1:44:ac:c5:70:9b:e9:11:9c:66:
         9c:58:40:0e:b1:dc:fc:19:d2:1d:d4:b5:13:a5:38:88:4f:45:
         cc:3e:fd:06:7e:b7:6a:02:b7:ef:03:f2:13:5f:15:8c:93:b3:
         10:0f:09:08:79:be:a7:d7:d1:d0:75:09:8b:64:ec:f8:ca:32:
         91:3b:5f:a3:42:cf:1a:6d:80:5a:c8:9e:a8:1c:16:31:b8:3c:
         98:24:5d:ba:18:c1:5e:9e:fa:e3:f2:51:68:a9:e2:f3:51:66:
         d6:1a:7d:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6f/Q1ZlQwlFObZ085l/qhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwNDAyMTgwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTBlYTllNjNjNDNiOWNjYTJjYWQ3NDBmYzExZWE4NTgzZjZlOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTMEDGGZEhjIP+JwDZrIMMQYzgnF
KGudoMw+H4Fv8z7P/xEGBM85qiFxrYXlzdKtDa8YuW4lOpjdOAgWgNSQvACnAHp7
zh/yASVyqXah51GgLe5ylUiOQNh4MDS9R0XtugmBT9TSRfU1CgwWvLVDiDFWRXuL
KsrZ+AaKxxm03LCT+FAe/+W4S9nBV2YG0SvderhgjWOXgd0cX0i3bK2zhhFKRPDu
P5VQ3yb5cA8nKBGDY9T7SfHgOpSTfMn0aCwEVV8aQo6+/3DbUpE+w7q0Y2LauzPa
yUuFHyKxcGKBHodf/hEMCaFjTgfzguj/QuWShb5Wy9G3shbSvIEw+qq7KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEoOqeY8Q7nMosrXQPwR6oWD9ukRMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvU2c2cDVqeER1Y3lpeXRkQV9CSHFoWVAyNlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYp6MA0G
CSqGSIb3DQEBCwUAA4IBAQBtadBCvHI+/2y3OTblj62cEaJfI7YHkd4FKBpdhJxC
wg8Cz65TFR43K+UsF6/6OvcmhhQni0ufqxqyZivxB7mgXXP35NZTIPvFdYwzt1GO
zcBCf+5zK14uSA3UQ+XZbwt4OlZf+oj4RwoV24FwY8Do13Wt5MugPuKYv0/McNnE
ONUa2tbXP/xTwkWYJxb1HI5TDSNJ4eN3qLFErMVwm+kRnGacWEAOsdz8GdId1LUT
pTiIT0XMPv0GfrdqArfvA/ITXxWMk7MQDwkIeb6n19HQdQmLZOz4yjKRO1+jQs8a
bYBayJ6oHBYxuDyYJF26GMFenvrj8lFoqeLzUWbWGn14
-----END CERTIFICATE-----