Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/Sdk6R_H7GE1Eshu5Fdm1gj5BKjg.roa
File:                     Sdk6R_H7GE1Eshu5Fdm1gj5BKjg.roa (raw, json)
Hash identifier:          31nnWVMIBvc92avsgwaYN4KBU13SyF6S3mjxvMxoDy8=
Subject key identifier:   49:D9:3A:47:F1:FB:18:4D:44:B2:1B:B9:15:D9:B5:82:3E:41:2A:38
Certificate issuer:       /CN=048dc3b923c7738f9a58ee80b49bcd0c5e7dcffa
Certificate serial:       018CC2DAF5222EB1CD532DF9C93CE16490BF
Authority key identifier: 04:8D:C3:B9:23:C7:73:8F:9A:58:EE:80:B4:9B:CD:0C:5E:7D:CF:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/Sdk6R_H7GE1Eshu5Fdm1gj5BKjg.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212586
IP address blocks:        79.174.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f5:22:2e:b1:cd:53:2d:f9:c9:3c:e1:64:90:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048dc3b923c7738f9a58ee80b49bcd0c5e7dcffa
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49d93a47f1fb184d44b21bb915d9b5823e412a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6e:4e:11:4a:5d:6b:39:da:12:8e:97:e9:2b:
                    02:08:44:ed:d7:e7:bc:aa:6c:d8:87:2a:d4:57:86:
                    13:39:37:ae:71:1e:b3:fc:df:97:88:d9:ba:72:1f:
                    f2:56:a4:25:66:32:31:02:6a:a6:c8:d6:3d:1b:d5:
                    2d:9f:a9:d7:99:93:91:49:f1:0b:11:42:40:f1:93:
                    aa:65:3b:b1:79:21:10:5d:af:68:11:fc:b0:a6:ea:
                    de:be:4c:cc:ee:59:d7:22:90:50:30:46:9d:3f:40:
                    8e:c2:07:cd:b3:45:42:3f:1b:5b:81:e0:27:45:99:
                    b0:03:82:a5:3c:60:9f:21:4c:59:f0:de:46:3b:af:
                    89:38:18:43:f9:4e:f3:34:45:f1:ba:aa:8e:13:a8:
                    4a:03:f3:0b:60:d7:1f:2d:97:43:14:e9:59:f5:9f:
                    76:d1:23:d4:4b:54:ab:95:03:bb:63:d5:c3:77:fd:
                    dd:05:e8:dd:39:f1:35:65:8b:a3:98:a7:cc:07:ca:
                    c1:c4:a1:8e:12:77:c8:84:98:59:41:45:7b:4c:55:
                    f7:52:d7:05:f7:19:07:65:1d:7d:7e:ea:eb:60:fb:
                    a2:9a:7d:7b:37:cb:07:ce:e5:03:5a:57:72:52:36:
                    33:ba:fd:9c:7f:ae:d7:3b:9b:56:32:d2:51:05:8b:
                    05:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D9:3A:47:F1:FB:18:4D:44:B2:1B:B9:15:D9:B5:82:3E:41:2A:38
            X509v3 Authority Key Identifier:
                keyid:04:8D:C3:B9:23:C7:73:8F:9A:58:EE:80:B4:9B:CD:0C:5E:7D:CF:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/Sdk6R_H7GE1Eshu5Fdm1gj5BKjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:e4:ee:55:f8:a0:aa:10:58:05:8e:c5:bc:b5:70:a8:25:7d:
         30:0a:e0:f6:75:71:ad:63:b0:ce:85:a7:5a:a2:ef:0e:99:a8:
         9b:38:5b:f9:77:a4:d3:26:6d:0b:7f:e2:83:3f:6c:9d:32:58:
         2b:94:72:9a:4c:55:df:c3:16:e4:21:3f:b9:4f:40:74:ae:11:
         8a:0a:25:b6:f4:b0:03:79:62:7b:0f:7d:35:ef:3e:af:93:71:
         55:49:c4:a0:8e:f0:53:c5:cd:59:e6:0c:e0:24:41:76:13:23:
         ee:d2:65:bb:62:2e:74:26:aa:45:90:44:57:84:8c:d5:a6:5c:
         29:9b:ec:ad:8a:25:14:8f:9d:c2:07:75:f6:23:47:d1:58:d5:
         54:5a:69:a9:14:4c:31:fd:85:eb:1b:76:d4:52:7e:36:01:d0:
         53:93:4f:f8:86:a3:de:33:99:c7:ab:12:e0:c1:aa:e7:4a:a4:
         61:36:d4:7e:88:13:8b:49:39:69:75:9c:f4:ad:8c:79:4b:fb:
         4d:96:2c:0e:de:01:1b:2f:71:dd:6d:c0:f7:e6:91:9f:5b:1f:
         ec:ff:e9:fd:e3:87:5f:64:19:f6:93:72:82:c0:ea:77:06:eb:
         53:c7:4b:ba:8e:62:9a:83:d4:1b:20:49:f6:d6:1c:cd:83:79:
         25:ae:eb:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vUiLrHNUy35yTzhZJC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OGRjM2I5MjNjNzczOGY5YTU4ZWU4MGI0OWJjZDBjNWU3
ZGNmZmEwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQ5M2E0N2YxZmIxODRkNDRiMjFiYjkxNWQ5YjU4MjNlNDEyYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm5OEUpdaznaEo6X6SsCCETt1+e8
qmzYhyrUV4YTOTeucR6z/N+XiNm6ch/yVqQlZjIxAmqmyNY9G9Utn6nXmZORSfEL
EUJA8ZOqZTuxeSEQXa9oEfywpurevkzM7lnXIpBQMEadP0COwgfNs0VCPxtbgeAn
RZmwA4KlPGCfIUxZ8N5GO6+JOBhD+U7zNEXxuqqOE6hKA/MLYNcfLZdDFOlZ9Z92
0SPUS1SrlQO7Y9XDd/3dBejdOfE1ZYujmKfMB8rBxKGOEnfIhJhZQUV7TFX3UtcF
9xkHZR19furrYPuimn17N8sHzuUDWldyUjYzuv2cf67XO5tWMtJRBYsFBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnZOkfx+xhNRLIbuRXZtYI+QSo4MB8GA1UdIwQY
MBaAFASNw7kjx3OPmljugLSbzQxefc/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkkzRHVTUEhjNC1hV082QXRKdk5ERjU5el9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mOGMwMTgtYjkwZi00Zjg5LWEzZjQt
MmVjODcxNDY1NTk5LzEvU2RrNlJfSDdHRTFFc2h1NUZkbTFnajVCS2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mOGMwMTgtYjkwZi00Zjg5LWEzZjQtMmVjODcxNDY1NTk5
LzEvQkkzRHVTUEhjNC1hV082QXRKdk5ERjU5el9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCT64AMA0G
CSqGSIb3DQEBCwUAA4IBAQAe5O5V+KCqEFgFjsW8tXCoJX0wCuD2dXGtY7DOhada
ou8OmaibOFv5d6TTJm0Lf+KDP2ydMlgrlHKaTFXfwxbkIT+5T0B0rhGKCiW29LAD
eWJ7D3017z6vk3FVScSgjvBTxc1Z5gzgJEF2EyPu0mW7Yi50JqpFkERXhIzVplwp
m+ytiiUUj53CB3X2I0fRWNVUWmmpFEwx/YXrG3bUUn42AdBTk0/4hqPeM5nHqxLg
warnSqRhNtR+iBOLSTlpdZz0rYx5S/tNliwO3gEbL3HdbcD35pGfWx/s/+n944df
ZBn2k3KCwOp3ButTx0u6jmKag9QbIEn21hzNg3klruuA
-----END CERTIFICATE-----