Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7ef2ee-c40d-4b22-a18f-53f25d436e2c/1/SIcp98V2RvQYGgdb1fwoe_pongM.roa
File:                     SIcp98V2RvQYGgdb1fwoe_pongM.roa (raw, json)
Hash identifier:          tVLHDDjBMe6To9PJqgI4lL9FlMTLtKacGmeiGH6MkVE=
Subject key identifier:   48:87:29:F7:C5:76:46:F4:18:1A:07:5B:D5:FC:28:7B:FA:68:9E:03
Certificate issuer:       /CN=79bb370b0c9a06fd82cb7100d903859b09f50333
Certificate serial:       018CC56DEB63AD0768618DAF1ECA48EA93E2
Authority key identifier: 79:BB:37:0B:0C:9A:06:FD:82:CB:71:00:D9:03:85:9B:09:F5:03:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ebs3CwyaBv2Cy3EA2QOFmwn1AzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7ef2ee-c40d-4b22-a18f-53f25d436e2c/1/SIcp98V2RvQYGgdb1fwoe_pongM.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51186
IP address blocks:        194.28.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7ef2ee-c40d-4b22-a18f-53f25d436e2c/1/ebs3CwyaBv2Cy3EA2QOFmwn1AzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7ef2ee-c40d-4b22-a18f-53f25d436e2c/1/ebs3CwyaBv2Cy3EA2QOFmwn1AzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ebs3CwyaBv2Cy3EA2QOFmwn1AzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:eb:63:ad:07:68:61:8d:af:1e:ca:48:ea:93:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79bb370b0c9a06fd82cb7100d903859b09f50333
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=488729f7c57646f4181a075bd5fc287bfa689e03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0f:8f:d8:b9:10:bd:f2:c4:cd:45:15:c6:66:
                    2a:20:1f:c1:58:e1:b6:fc:19:64:47:5e:a0:09:0f:
                    88:10:62:20:c5:cd:ee:69:7b:95:a4:f3:f1:0d:20:
                    39:f3:b8:8a:64:d5:6b:14:09:2b:4c:91:b4:af:fd:
                    d3:60:41:a0:0d:a2:0a:e0:0f:9b:cd:fd:9c:64:c7:
                    2c:28:07:a8:58:9f:19:07:72:35:cb:ed:44:30:c4:
                    cf:af:88:c3:8f:a3:dc:b3:4f:19:e5:a2:28:15:7f:
                    4f:c4:04:af:b2:02:c3:1b:99:1e:c6:9f:41:28:65:
                    d8:dd:77:86:7e:b4:5d:8b:bb:2e:87:63:9f:e8:73:
                    d1:ad:bd:e0:01:36:d6:d3:08:88:68:93:08:f4:f6:
                    6c:60:26:74:46:c1:a7:f9:cc:4e:47:54:34:af:76:
                    58:5a:7d:eb:08:77:b8:bc:71:d9:b6:62:d0:6e:2f:
                    c4:14:80:e3:5f:75:c9:1b:d6:82:a5:79:3a:c3:b0:
                    9c:89:81:63:36:02:e5:b4:17:18:4f:c8:e6:ce:2f:
                    f9:1d:18:85:9e:73:19:91:72:5c:58:55:98:28:98:
                    12:c7:79:64:36:1b:e8:21:22:6f:51:8b:5a:73:bb:
                    90:28:3a:45:9f:96:56:a5:70:d1:e7:b1:78:87:73:
                    84:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:87:29:F7:C5:76:46:F4:18:1A:07:5B:D5:FC:28:7B:FA:68:9E:03
            X509v3 Authority Key Identifier:
                keyid:79:BB:37:0B:0C:9A:06:FD:82:CB:71:00:D9:03:85:9B:09:F5:03:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ebs3CwyaBv2Cy3EA2QOFmwn1AzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7ef2ee-c40d-4b22-a18f-53f25d436e2c/1/SIcp98V2RvQYGgdb1fwoe_pongM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7ef2ee-c40d-4b22-a18f-53f25d436e2c/1/ebs3CwyaBv2Cy3EA2QOFmwn1AzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:8c:a3:ac:3d:c9:02:f9:40:37:5a:c8:6b:97:9d:fa:20:9e:
         89:cb:3e:5f:7d:09:3d:c6:2b:1c:b6:40:c2:a7:6c:64:2e:13:
         21:3c:dd:47:83:1d:cf:de:6c:be:af:0a:c6:15:40:e8:61:c0:
         3b:99:66:5f:4b:52:6f:dd:16:97:af:11:7b:e2:fe:b4:2c:e6:
         47:19:30:61:67:c4:e8:e1:48:a5:30:7b:e9:b2:6f:e8:0e:3d:
         21:7f:da:2a:85:dd:99:3e:08:3b:dd:ac:81:17:42:45:4a:60:
         b1:cd:45:39:d9:02:9c:de:4d:bd:04:40:d1:59:51:3e:d6:00:
         8d:f4:6a:e5:92:48:a2:bb:24:e5:ea:70:b3:8f:51:e8:d0:e0:
         d2:0e:ad:10:c0:a9:e7:33:42:02:e8:36:69:e3:10:ef:58:ca:
         05:08:d1:e0:b3:56:09:6b:be:36:cc:07:90:f5:18:41:1c:4f:
         51:2b:18:2a:25:1c:07:0e:a0:fe:77:ec:c4:dd:5e:cf:c6:6a:
         1c:fc:db:e1:2f:62:66:93:65:37:b6:26:6f:5c:54:32:1b:d7:
         b2:ff:82:c2:1f:52:da:e6:be:07:02:d4:60:32:1f:cd:39:41:
         a5:ac:35:25:fb:22:bc:61:e4:37:4b:4b:1f:47:95:52:c8:21:
         0e:55:fe:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbetjrQdoYY2vHspI6pPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YmIzNzBiMGM5YTA2ZmQ4MmNiNzEwMGQ5MDM4NTliMDlm
NTAzMzMwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODg3MjlmN2M1NzY0NmY0MTgxYTA3NWJkNWZjMjg3YmZhNjg5ZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzA+P2LkQvfLEzUUVxmYqIB/BWOG2
/BlkR16gCQ+IEGIgxc3uaXuVpPPxDSA587iKZNVrFAkrTJG0r/3TYEGgDaIK4A+b
zf2cZMcsKAeoWJ8ZB3I1y+1EMMTPr4jDj6Pcs08Z5aIoFX9PxASvsgLDG5kexp9B
KGXY3XeGfrRdi7suh2Of6HPRrb3gATbW0wiIaJMI9PZsYCZ0RsGn+cxOR1Q0r3ZY
Wn3rCHe4vHHZtmLQbi/EFIDjX3XJG9aCpXk6w7CciYFjNgLltBcYT8jmzi/5HRiF
nnMZkXJcWFWYKJgSx3lkNhvoISJvUYtac7uQKDpFn5ZWpXDR57F4h3OEDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiHKffFdkb0GBoHW9X8KHv6aJ4DMB8GA1UdIwQY
MBaAFHm7NwsMmgb9gstxANkDhZsJ9QMzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWJzM0N3eWFCdjJDeTNFQTJRT0Ztd24xQXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83ZWYyZWUtYzQwZC00YjIyLWExOGYt
NTNmMjVkNDM2ZTJjLzEvU0ljcDk4VjJSdlFZR2dkYjFmd29lX3BvbmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83ZWYyZWUtYzQwZC00YjIyLWExOGYtNTNmMjVkNDM2ZTJj
LzEvZWJzM0N3eWFCdjJDeTNFQTJRT0Ztd24xQXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwhzsMA0G
CSqGSIb3DQEBCwUAA4IBAQCijKOsPckC+UA3Wshrl536IJ6Jyz5ffQk9xisctkDC
p2xkLhMhPN1Hgx3P3my+rwrGFUDoYcA7mWZfS1Jv3RaXrxF74v60LOZHGTBhZ8To
4UilMHvpsm/oDj0hf9oqhd2ZPgg73ayBF0JFSmCxzUU52QKc3k29BEDRWVE+1gCN
9GrlkkiiuyTl6nCzj1Ho0ODSDq0QwKnnM0IC6DZp4xDvWMoFCNHgs1YJa742zAeQ
9RhBHE9RKxgqJRwHDqD+d+zE3V7Pxmoc/NvhL2Jmk2U3tiZvXFQyG9ey/4LCH1La
5r4HAtRgMh/NOUGlrDUl+yK8YeQ3S0sfR5VSyCEOVf7j
-----END CERTIFICATE-----