Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/c0def6-bc0a-4221-9791-2d8019017849/1/SGFaRhnHcFKz76evEJpN6XUT1WQ.roa
File:                     SGFaRhnHcFKz76evEJpN6XUT1WQ.roa (raw, json)
Hash identifier:          esVhdd97pvhtqs32rsoYqbULcgaXyTAL5sRHsgGkn4E=
Subject key identifier:   48:61:5A:46:19:C7:70:52:B3:EF:A7:AF:10:9A:4D:E9:75:13:D5:64
Certificate issuer:       /CN=c339d11e7d4992f9afb30431e36042aafdde5c0a
Certificate serial:       018E517068807078CFBBBDEA745541B5337A
Authority key identifier: C3:39:D1:1E:7D:49:92:F9:AF:B3:04:31:E3:60:42:AA:FD:DE:5C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wznRHn1JkvmvswQx42BCqv3eXAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/c0def6-bc0a-4221-9791-2d8019017849/1/SGFaRhnHcFKz76evEJpN6XUT1WQ.roa
Signing time:             Mon 18 Mar 2024 12:01:44 +0000
ROA not before:           Mon 18 Mar 2024 12:01:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210973
IP address blocks:        149.62.35.0/24 maxlen: 24
                          2a10:fd00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/c0def6-bc0a-4221-9791-2d8019017849/1/wznRHn1JkvmvswQx42BCqv3eXAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/c0def6-bc0a-4221-9791-2d8019017849/1/wznRHn1JkvmvswQx42BCqv3eXAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wznRHn1JkvmvswQx42BCqv3eXAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:70:68:80:70:78:cf:bb:bd:ea:74:55:41:b5:33:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c339d11e7d4992f9afb30431e36042aafdde5c0a
        Validity
            Not Before: Mar 18 12:01:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48615a4619c77052b3efa7af109a4de97513d564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8a:2a:81:2c:28:26:72:5f:6b:61:3c:99:1c:
                    83:ba:58:73:5a:08:c5:91:45:f4:4c:21:d3:c0:2b:
                    63:87:36:c1:5f:fe:ac:08:01:a3:66:3c:ad:0c:ee:
                    e7:d3:aa:dc:d6:c5:78:f5:76:ac:45:18:f8:51:66:
                    80:c1:ef:2c:f2:84:3f:ce:98:13:36:7e:57:12:14:
                    c8:0e:d4:85:55:db:b3:93:e4:bf:f9:c1:c6:30:b0:
                    cb:4a:93:65:1b:12:71:85:78:ec:49:f1:88:77:d5:
                    71:a3:a3:ac:c4:17:99:b8:39:6a:ce:66:d5:f1:e1:
                    dd:12:c1:63:29:41:38:9a:1b:73:0d:21:de:9f:1a:
                    48:f2:f3:20:7e:00:a8:f7:33:2f:a2:1b:99:89:4d:
                    2d:58:16:9d:73:ef:80:74:b8:26:16:af:56:cc:e7:
                    3f:c0:54:b1:dc:3b:50:1e:4f:9d:21:0c:54:f1:1d:
                    f1:a3:cd:fc:fe:8e:42:4d:c0:fa:52:ed:62:c9:8d:
                    56:de:55:21:f4:3c:58:77:34:99:44:5d:92:1d:68:
                    2d:2e:b1:40:7a:0f:7e:87:e8:b4:a1:8d:a0:49:66:
                    9d:f9:0e:d9:d9:a2:7e:8f:0e:3f:ef:1b:16:74:f7:
                    2d:f2:6b:d0:9f:e4:0b:7a:52:98:45:b1:99:67:33:
                    08:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:61:5A:46:19:C7:70:52:B3:EF:A7:AF:10:9A:4D:E9:75:13:D5:64
            X509v3 Authority Key Identifier:
                keyid:C3:39:D1:1E:7D:49:92:F9:AF:B3:04:31:E3:60:42:AA:FD:DE:5C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wznRHn1JkvmvswQx42BCqv3eXAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/c0def6-bc0a-4221-9791-2d8019017849/1/SGFaRhnHcFKz76evEJpN6XUT1WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/c0def6-bc0a-4221-9791-2d8019017849/1/wznRHn1JkvmvswQx42BCqv3eXAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.35.0/24
                IPv6:
                  2a10:fd00::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:32:42:24:13:4b:7c:0b:a9:c7:71:7e:93:eb:74:f6:e2:09:
         13:19:eb:74:31:8b:57:ff:6f:b1:d6:89:0a:52:2d:d4:a9:53:
         7a:44:c4:c9:9b:ac:14:2b:00:39:db:a3:6d:92:54:a8:f6:85:
         ae:c4:35:46:eb:94:a4:fb:14:23:7a:f1:1a:1a:c4:74:67:60:
         30:f8:63:86:7a:0e:6e:7b:e7:e3:17:21:7a:a7:0f:d8:3b:f3:
         b7:09:5b:bb:4f:94:ed:27:40:44:7a:34:44:1e:25:d1:74:78:
         5e:46:a8:d8:4d:f1:5e:4a:3e:62:14:dd:0a:e7:84:76:ea:58:
         46:53:ad:64:17:dc:30:98:97:3e:7f:19:e6:57:a4:11:90:4f:
         b7:07:73:e7:f8:88:4c:a4:16:f1:4f:50:5f:93:bc:e2:78:be:
         cf:c5:c9:b7:a4:73:fd:b8:07:df:dd:90:70:0f:ee:9f:52:f5:
         60:02:d5:1f:b2:bd:0d:87:82:8d:e2:cf:f5:13:3c:25:a6:36:
         cf:da:ea:85:97:18:12:84:20:00:31:34:61:9b:71:cd:54:56:
         b3:51:63:99:a2:9f:4a:a1:97:91:26:f4:01:46:1d:54:29:15:
         23:be:0e:76:cb:6b:dc:4f:db:1f:f8:75:97:88:ff:f5:78:1f:
         ac:75:9c:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5RcGiAcHjPu73qdFVBtTN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMzlkMTFlN2Q0OTkyZjlhZmIzMDQzMWUzNjA0MmFhZmRk
ZTVjMGEwHhcNMjQwMzE4MTIwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODYxNWE0NjE5Yzc3MDUyYjNlZmE3YWYxMDlhNGRlOTc1MTNkNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIoqgSwoJnJfa2E8mRyDulhzWgjF
kUX0TCHTwCtjhzbBX/6sCAGjZjytDO7n06rc1sV49XasRRj4UWaAwe8s8oQ/zpgT
Nn5XEhTIDtSFVduzk+S/+cHGMLDLSpNlGxJxhXjsSfGId9Vxo6OsxBeZuDlqzmbV
8eHdEsFjKUE4mhtzDSHenxpI8vMgfgCo9zMvohuZiU0tWBadc++AdLgmFq9WzOc/
wFSx3DtQHk+dIQxU8R3xo838/o5CTcD6Uu1iyY1W3lUh9DxYdzSZRF2SHWgtLrFA
eg9+h+i0oY2gSWad+Q7Z2aJ+jw4/7xsWdPct8mvQn+QLelKYRbGZZzMIiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEhhWkYZx3BSs++nrxCaTel1E9VkMB8GA1UdIwQY
MBaAFMM50R59SZL5r7MEMeNgQqr93lwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3puUkhuMUprdm12c3dReDQyQkNxdjNlWEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9jMGRlZjYtYmMwYS00MjIxLTk3OTEt
MmQ4MDE5MDE3ODQ5LzEvU0dGYVJobkhjRkt6NzZldkVKcE42WFVUMVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9jMGRlZjYtYmMwYS00MjIxLTk3OTEtMmQ4MDE5MDE3ODQ5
LzEvd3puUkhuMUprdm12c3dReDQyQkNxdjNlWEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAlT4jMA0E
AgACMAcDBQAqEP0AMA0GCSqGSIb3DQEBCwUAA4IBAQBOMkIkE0t8C6nHcX6T63T2
4gkTGet0MYtX/2+x1okKUi3UqVN6RMTJm6wUKwA526NtklSo9oWuxDVG65Sk+xQj
evEaGsR0Z2Aw+GOGeg5ue+fjFyF6pw/YO/O3CVu7T5TtJ0BEejREHiXRdHheRqjY
TfFeSj5iFN0K54R26lhGU61kF9wwmJc+fxnmV6QRkE+3B3Pn+IhMpBbxT1Bfk7zi
eL7Pxcm3pHP9uAff3ZBwD+6fUvVgAtUfsr0Nh4KN4s/1EzwlpjbP2uqFlxgShCAA
MTRhm3HNVFazUWOZop9KoZeRJvQBRh1UKRUjvg52y2vcT9sf+HWXiP/1eB+sdZxX
-----END CERTIFICATE-----