Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/58538a-24eb-4f9d-9811-525959e6ee22/1/_SBDKGIyGAdS_OkB1pf3LwkP4Ho.roa
File:                     _SBDKGIyGAdS_OkB1pf3LwkP4Ho.roa (raw, json)
Hash identifier:          cgKC1caVsfHvIhcCvZxz2r06+VCMKnlln1BOk9n+qME=
Subject key identifier:   FD:20:43:28:62:32:18:07:52:FC:E9:01:D6:97:F7:2F:09:0F:E0:7A
Certificate issuer:       /CN=07ffd290387dd34ac0790c6b9d7ee99fedb78149
Certificate serial:       018FE3098340764F6C1B3210B246ACCB1A86
Authority key identifier: 07:FF:D2:90:38:7D:D3:4A:C0:79:0C:6B:9D:7E:E9:9F:ED:B7:81:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B__SkDh900rAeQxrnX7pn-23gUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/58538a-24eb-4f9d-9811-525959e6ee22/1/_SBDKGIyGAdS_OkB1pf3LwkP4Ho.roa
Signing time:             Tue 04 Jun 2024 11:36:42 +0000
ROA not before:           Tue 04 Jun 2024 11:36:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43543
IP address blocks:        193.239.170.0/23 maxlen: 23
                          193.239.170.0/24 maxlen: 24
                          193.239.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/58538a-24eb-4f9d-9811-525959e6ee22/1/B__SkDh900rAeQxrnX7pn-23gUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/58538a-24eb-4f9d-9811-525959e6ee22/1/B__SkDh900rAeQxrnX7pn-23gUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B__SkDh900rAeQxrnX7pn-23gUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:09:83:40:76:4f:6c:1b:32:10:b2:46:ac:cb:1a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07ffd290387dd34ac0790c6b9d7ee99fedb78149
        Validity
            Not Before: Jun  4 11:36:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd2043286232180752fce901d697f72f090fe07a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:96:60:bb:32:8c:b9:61:25:13:4d:3d:18:59:
                    96:53:7f:e2:9f:05:22:10:83:55:3a:c6:cc:61:80:
                    64:59:1c:37:01:95:ce:23:89:52:5c:eb:c1:d1:1f:
                    89:92:96:2f:31:d4:fb:2f:f5:32:c3:29:a7:6c:4d:
                    a6:f3:4d:8d:01:fb:e2:fd:87:d1:29:a4:78:33:f8:
                    53:bc:f4:37:b0:5e:3b:fa:ed:d0:c5:0e:c9:63:cd:
                    59:14:1c:b6:ee:3b:83:98:38:b7:9e:19:64:89:30:
                    6c:fc:dc:f3:b1:0b:1c:70:a1:fb:15:8d:13:d8:e2:
                    7b:0a:ac:55:26:95:30:72:f0:22:1a:5c:2a:94:2c:
                    6d:77:a4:6a:7f:29:a0:30:dd:3a:d6:98:9c:e1:bc:
                    50:55:9d:0e:b3:6f:12:8f:68:98:2e:bd:3e:af:8c:
                    ad:13:1b:e8:8f:07:cb:1b:28:e8:f6:67:16:09:22:
                    83:d9:ff:be:f8:7a:c7:eb:01:21:63:92:cd:da:53:
                    ec:6a:3b:03:30:be:c1:b6:e3:79:4a:5e:df:dc:9d:
                    fd:44:c7:a8:12:25:fb:e9:e2:11:dd:c5:cb:2f:8a:
                    48:2f:00:2d:61:7b:95:5a:0d:2d:db:eb:10:0c:00:
                    a8:89:ee:18:6d:57:c3:64:b1:5f:90:8d:74:4e:76:
                    c1:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:20:43:28:62:32:18:07:52:FC:E9:01:D6:97:F7:2F:09:0F:E0:7A
            X509v3 Authority Key Identifier:
                keyid:07:FF:D2:90:38:7D:D3:4A:C0:79:0C:6B:9D:7E:E9:9F:ED:B7:81:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B__SkDh900rAeQxrnX7pn-23gUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/58538a-24eb-4f9d-9811-525959e6ee22/1/_SBDKGIyGAdS_OkB1pf3LwkP4Ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/58538a-24eb-4f9d-9811-525959e6ee22/1/B__SkDh900rAeQxrnX7pn-23gUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:04:7e:f2:9a:69:2c:bb:58:8c:06:4f:54:46:7b:e0:9f:64:
         98:dd:a1:fc:51:85:11:42:37:8b:6b:19:98:34:69:64:3f:b2:
         1e:08:d3:eb:1f:2b:45:3f:e5:dd:8c:6b:1b:49:07:33:21:d2:
         d6:53:1f:d6:73:34:5a:c6:f5:e6:5f:e1:51:60:4c:27:03:d5:
         05:41:e9:fb:67:6a:12:36:98:3f:16:a4:69:39:da:d2:df:70:
         e1:81:cd:6c:63:e0:7b:69:0b:81:16:31:c4:92:df:1b:7f:ef:
         b4:3e:2c:43:72:57:ca:ce:28:e8:c9:3f:df:e2:4d:0e:f1:74:
         7e:fd:b0:ba:bd:bf:a1:40:01:36:e6:4c:7a:7c:85:3d:27:54:
         13:71:55:88:38:66:a5:76:f4:6b:a2:66:ff:b0:f1:2f:c5:6f:
         d9:8f:0e:43:52:f5:7c:a7:0c:bd:70:57:08:8e:1c:2c:56:38:
         61:a7:23:cf:09:05:86:2d:8d:e3:e6:75:f8:5f:f7:d4:f2:b8:
         46:f9:c8:64:be:3f:fe:ac:56:72:53:a5:5c:30:e9:92:1a:e3:
         7a:5b:e7:f7:a4:fe:a0:14:6c:06:f7:7c:67:a4:a8:2d:a2:66:
         5a:78:0a:b2:20:2d:67:e7:ad:93:7b:b9:85:ab:2a:b0:1d:ec:
         ed:52:9a:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/jCYNAdk9sGzIQskasyxqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmZkMjkwMzg3ZGQzNGFjMDc5MGM2YjlkN2VlOTlmZWRi
NzgxNDkwHhcNMjQwNjA0MTEzNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDIwNDMyODYyMzIxODA3NTJmY2U5MDFkNjk3ZjcyZjA5MGZlMDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6JZguzKMuWElE009GFmWU3/inwUi
EINVOsbMYYBkWRw3AZXOI4lSXOvB0R+JkpYvMdT7L/UywymnbE2m802NAfvi/YfR
KaR4M/hTvPQ3sF47+u3QxQ7JY81ZFBy27juDmDi3nhlkiTBs/NzzsQsccKH7FY0T
2OJ7CqxVJpUwcvAiGlwqlCxtd6RqfymgMN061pic4bxQVZ0Os28Sj2iYLr0+r4yt
ExvojwfLGyjo9mcWCSKD2f+++HrH6wEhY5LN2lPsajsDML7BtuN5Sl7f3J39RMeo
EiX76eIR3cXLL4pILwAtYXuVWg0t2+sQDACoie4YbVfDZLFfkI10TnbBywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0gQyhiMhgHUvzpAdaX9y8JD+B6MB8GA1UdIwQY
MBaAFAf/0pA4fdNKwHkMa51+6Z/tt4FJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9fU2tEaDkwMHJBZVF4cm5YN3BuLTIzZ1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy81ODUzOGEtMjRlYi00ZjlkLTk4MTEt
NTI1OTU5ZTZlZTIyLzEvX1NCREtHSXlHQWRTX09rQjFwZjNMd2tQNEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy81ODUzOGEtMjRlYi00ZjlkLTk4MTEtNTI1OTU5ZTZlZTIy
LzEvQl9fU2tEaDkwMHJBZVF4cm5YN3BuLTIzZ1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+qMA0G
CSqGSIb3DQEBCwUAA4IBAQAOBH7ymmksu1iMBk9URnvgn2SY3aH8UYURQjeLaxmY
NGlkP7IeCNPrHytFP+XdjGsbSQczIdLWUx/WczRaxvXmX+FRYEwnA9UFQen7Z2oS
Npg/FqRpOdrS33Dhgc1sY+B7aQuBFjHEkt8bf++0PixDclfKzijoyT/f4k0O8XR+
/bC6vb+hQAE25kx6fIU9J1QTcVWIOGaldvRromb/sPEvxW/Zjw5DUvV8pwy9cFcI
jhwsVjhhpyPPCQWGLY3j5nX4X/fU8rhG+chkvj/+rFZyU6VcMOmSGuN6W+f3pP6g
FGwG93xnpKgtomZaeAqyIC1n562Te7mFqyqwHeztUpoY
-----END CERTIFICATE-----