Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/SKSBR-I5Kd4IuIQjqllX95V711g.roa
File:                     SKSBR-I5Kd4IuIQjqllX95V711g.roa (raw, json)
Hash identifier:          lFqtTFlUGrQS465DKKSz7YzAR9EGa3UL57FByJ++I/w=
Subject key identifier:   48:A4:81:47:E2:39:29:DE:08:B8:84:23:AA:59:57:F7:95:7B:D7:58
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D583574E56B9039140C79110F397E
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/SKSBR-I5Kd4IuIQjqllX95V711g.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43943
IP address blocks:        213.91.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:58:35:74:e5:6b:90:39:14:0c:79:11:0f:39:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48a48147e23929de08b88423aa5957f7957bd758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b9:50:fe:73:f9:d0:17:16:f5:39:b5:a5:1f:
                    84:84:01:b0:d7:bf:b7:d6:84:b2:47:6c:1b:8e:64:
                    44:58:46:a2:64:54:c9:c2:12:e0:cb:b0:87:be:6f:
                    49:7f:a0:7a:78:8c:fe:b6:cc:8c:d4:f2:98:b5:7e:
                    31:47:02:88:28:01:d0:e8:e4:5f:11:3d:11:19:66:
                    35:02:97:3b:a1:76:48:81:81:0a:e8:a1:69:61:af:
                    b3:de:b9:32:a5:b4:24:23:f9:78:96:f4:7f:fa:68:
                    57:f9:ae:a5:2a:94:e0:7f:3f:f4:6e:ac:81:d4:c3:
                    19:02:83:5f:55:b9:ca:8c:53:eb:19:f9:f9:2e:da:
                    2f:5e:88:3a:98:9a:57:87:3b:b2:34:7c:9b:8a:04:
                    d9:42:53:67:3b:3d:d0:a9:80:82:ca:9f:ff:ff:a1:
                    3a:3e:67:45:b5:0c:3d:62:1d:4b:c6:83:a3:4d:cc:
                    73:86:aa:47:3e:e0:ae:c1:7a:e5:39:43:ae:b3:38:
                    92:b8:fc:1f:4a:f6:e7:23:ba:75:f4:a8:1f:99:4f:
                    ad:b4:b7:2b:46:72:dc:34:8a:81:3d:62:91:c3:78:
                    63:53:c8:73:0c:27:26:cb:00:a8:89:5f:19:44:0b:
                    5b:46:79:7a:bc:aa:c7:17:0b:de:12:88:0f:7d:d7:
                    3e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A4:81:47:E2:39:29:DE:08:B8:84:23:AA:59:57:F7:95:7B:D7:58
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/SKSBR-I5Kd4IuIQjqllX95V711g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:1c:d1:10:83:78:f0:0d:c3:73:29:3d:77:d6:f1:03:93:a9:
         ab:58:49:6f:62:ac:31:77:1d:6d:f3:2e:83:10:05:af:cf:23:
         e2:cf:2a:50:4d:24:3e:ac:80:2a:6e:89:1d:12:c4:62:9a:2c:
         c0:55:60:34:82:0f:61:10:ec:e0:fb:16:b7:cb:69:a1:ff:66:
         66:3c:2b:1f:f4:37:e3:38:da:62:c1:86:10:fe:43:5f:a6:24:
         87:16:9e:38:97:7c:06:ad:c9:e0:9a:17:4a:8d:c1:d3:1e:f9:
         49:9b:72:c0:15:c7:b7:f4:85:86:91:92:6c:ac:bb:ca:86:26:
         d7:1b:99:27:e9:79:ff:fe:01:57:d1:0e:15:0f:a2:db:f9:16:
         5d:12:32:f2:56:23:d4:c5:9a:16:f4:75:1f:b1:64:ad:22:cf:
         aa:7a:b0:0c:56:87:40:e7:51:fa:92:1a:c3:b5:d4:67:7a:2e:
         99:06:e7:51:f6:ea:d3:57:3a:e1:e9:fd:02:d5:74:30:23:f9:
         0c:53:0b:e8:59:ed:fc:b6:61:07:ab:ff:6e:e2:3a:e9:d9:3d:
         c0:8f:f8:85:e3:57:4e:50:48:f6:e5:08:89:23:e7:23:bd:8e:
         e5:1e:6a:63:16:3e:89:5a:67:b1:51:9b:a3:c6:5c:3c:d9:15:
         08:22:97:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVg1dOVrkDkUDHkRDzl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE0ODE0N2UyMzkyOWRlMDhiODg0MjNhYTU5NTdmNzk1N2JkNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7lQ/nP50BcW9Tm1pR+EhAGw17+3
1oSyR2wbjmREWEaiZFTJwhLgy7CHvm9Jf6B6eIz+tsyM1PKYtX4xRwKIKAHQ6ORf
ET0RGWY1Apc7oXZIgYEK6KFpYa+z3rkypbQkI/l4lvR/+mhX+a6lKpTgfz/0bqyB
1MMZAoNfVbnKjFPrGfn5LtovXog6mJpXhzuyNHybigTZQlNnOz3QqYCCyp///6E6
PmdFtQw9Yh1LxoOjTcxzhqpHPuCuwXrlOUOusziSuPwfSvbnI7p19KgfmU+ttLcr
RnLcNIqBPWKRw3hjU8hzDCcmywCoiV8ZRAtbRnl6vKrHFwveEogPfdc+YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEikgUfiOSneCLiEI6pZV/eVe9dYMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvU0tTQlItSTVLZDRJdUlRanFsbFg5NVY3MTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VuwMA0G
CSqGSIb3DQEBCwUAA4IBAQBFHNEQg3jwDcNzKT131vEDk6mrWElvYqwxdx1t8y6D
EAWvzyPizypQTSQ+rIAqbokdEsRimizAVWA0gg9hEOzg+xa3y2mh/2ZmPCsf9Dfj
ONpiwYYQ/kNfpiSHFp44l3wGrcngmhdKjcHTHvlJm3LAFce39IWGkZJsrLvKhibX
G5kn6Xn//gFX0Q4VD6Lb+RZdEjLyViPUxZoW9HUfsWStIs+qerAMVodA51H6khrD
tdRnei6ZBudR9urTVzrh6f0C1XQwI/kMUwvoWe38tmEHq/9u4jrp2T3Aj/iF41dO
UEj25QiJI+cjvY7lHmpjFj6JWmexUZujxlw82RUIIpev
-----END CERTIFICATE-----