Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/SxXMTPCedevqS6EtIPu5Mx0jQJQ.roa
File:                     SxXMTPCedevqS6EtIPu5Mx0jQJQ.roa (raw, json)
Hash identifier:          aAOD23G++pP68+W+FHD/4ZmMDZrHkdoRNJ0/IL4yG60=
Subject key identifier:   4B:15:CC:4C:F0:9E:75:EB:EA:4B:A1:2D:20:FB:B9:33:1D:23:40:94
Certificate issuer:       /CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
Certificate serial:       018CC3B71F744B820B3E4FC16ADD8C19A94D
Authority key identifier: CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/SxXMTPCedevqS6EtIPu5Mx0jQJQ.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198485
IP address blocks:        195.22.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1f:74:4b:82:0b:3e:4f:c1:6a:dd:8c:19:a9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b15cc4cf09e75ebea4ba12d20fbb9331d234094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b1:c4:0e:09:f9:6f:01:0a:b7:ba:3c:df:94:
                    c0:99:a5:b1:ee:a3:8d:35:c9:25:78:13:de:71:2c:
                    3d:2b:00:25:b0:c0:2c:9c:98:2f:20:9d:c0:42:29:
                    81:62:2e:e2:81:cf:fe:37:19:65:60:ad:de:52:3b:
                    fa:e6:4e:57:bf:fe:3f:53:be:ab:6f:bc:d3:ce:60:
                    09:99:e1:0f:31:59:d4:27:52:29:ca:35:2c:9c:0e:
                    e1:73:eb:32:17:7c:ef:04:c4:b1:ef:a5:83:6f:5e:
                    d8:9d:e1:ff:7b:31:94:44:54:e2:83:8d:61:47:e1:
                    a6:4b:9c:03:52:ca:00:4e:98:df:46:63:41:89:1a:
                    da:bd:22:b5:3e:cb:f4:b4:24:02:63:cb:35:e6:82:
                    38:4a:5e:97:b7:8f:e6:f7:97:34:8f:42:2c:32:6d:
                    89:9a:00:62:0a:bd:55:c7:b1:31:62:f7:4a:3c:6c:
                    9d:21:1e:26:5f:b2:62:67:74:f2:58:5c:e4:fb:37:
                    08:f1:08:e7:54:fe:f7:ef:25:a8:80:96:f4:93:7f:
                    3e:ff:b9:3e:8a:b2:e3:87:bf:3c:1b:d5:87:b7:bd:
                    a5:05:c3:cf:a4:85:07:c3:e2:f3:49:4b:54:4b:54:
                    61:1f:8e:07:f2:33:81:f8:6b:a6:ef:db:5c:e7:db:
                    c0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:15:CC:4C:F0:9E:75:EB:EA:4B:A1:2D:20:FB:B9:33:1D:23:40:94
            X509v3 Authority Key Identifier:
                keyid:CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/SxXMTPCedevqS6EtIPu5Mx0jQJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:76:03:0b:64:d0:95:ba:ea:fc:2b:29:3b:32:f4:be:db:fb:
         81:d3:8e:17:d0:ff:37:c8:22:3e:5d:17:fe:77:4d:59:89:a4:
         fa:90:32:dc:0b:c3:38:6b:03:ac:89:d5:b4:f1:08:05:17:d8:
         0b:0c:c9:ef:60:2f:bb:ab:fe:97:2b:02:4b:d9:cb:86:d0:90:
         38:73:36:63:76:e4:27:bd:64:b7:f7:b5:c3:d7:fd:af:91:a6:
         d9:2a:fa:ab:5e:33:3d:87:b9:ea:b1:fb:c2:a3:2d:0b:df:76:
         0c:8b:82:9f:5f:e4:62:2c:eb:1c:5c:7e:2a:5c:c6:0f:80:2b:
         0d:8d:88:b4:73:5e:0a:0d:1f:0e:67:79:97:ee:39:85:bf:83:
         78:70:cd:d1:4f:3a:24:c6:8d:c5:6f:e7:c7:c4:61:c2:9f:76:
         aa:e7:52:24:10:45:24:e2:a3:5f:ed:d2:6f:d8:05:b7:6c:2c:
         27:db:d9:2e:cd:e6:bb:6c:c3:07:ff:ea:cd:c3:f0:31:6c:bc:
         37:d7:b4:a6:e1:54:e8:da:e7:15:89:9e:80:48:d6:f5:35:e7:
         7d:cf:3f:2f:d7:20:0b:e4:fb:5a:34:58:a6:a6:2b:78:a0:2d:
         e1:6c:5c:27:ae:7c:df:e2:0e:05:20:7c:d9:0a:92:ed:19:5a:
         dc:13:49:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx90S4ILPk/Bat2MGalNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNWVmN2E4NzBkNGIxNDhlYjFkNGY0ZmU2NjZlZDUwNTRh
ZGVhZWMwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE1Y2M0Y2YwOWU3NWViZWE0YmExMmQyMGZiYjkzMzFkMjM0MDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7HEDgn5bwEKt7o835TAmaWx7qON
NckleBPecSw9KwAlsMAsnJgvIJ3AQimBYi7igc/+NxllYK3eUjv65k5Xv/4/U76r
b7zTzmAJmeEPMVnUJ1IpyjUsnA7hc+syF3zvBMSx76WDb17YneH/ezGURFTig41h
R+GmS5wDUsoATpjfRmNBiRravSK1Psv0tCQCY8s15oI4Sl6Xt4/m95c0j0IsMm2J
mgBiCr1Vx7ExYvdKPGydIR4mX7JiZ3TyWFzk+zcI8QjnVP737yWogJb0k38+/7k+
irLjh788G9WHt72lBcPPpIUHw+LzSUtUS1RhH44H8jOB+Gum79tc59vAoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsVzEzwnnXr6kuhLSD7uTMdI0CUMB8GA1UdIwQY
MBaAFM9e96hw1LFI6x1PT+Zm7VBUrersMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejE3M3FIRFVzVWpySFU5UDVtYnRVRlN0NnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzE1MjEtZDRiNy00ZjEwLThjMDYt
ODdhYTI4NWY4MDdjLzEvU3hYTVRQQ2VkZXZxUzZFdElQdTVNeDBqUUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzE1MjEtZDRiNy00ZjEwLThjMDYtODdhYTI4NWY4MDdj
LzEvejE3M3FIRFVzVWpySFU5UDVtYnRVRlN0NnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxZ6MA0G
CSqGSIb3DQEBCwUAA4IBAQCrdgMLZNCVuur8Kyk7MvS+2/uB044X0P83yCI+XRf+
d01ZiaT6kDLcC8M4awOsidW08QgFF9gLDMnvYC+7q/6XKwJL2cuG0JA4czZjduQn
vWS397XD1/2vkabZKvqrXjM9h7nqsfvCoy0L33YMi4KfX+RiLOscXH4qXMYPgCsN
jYi0c14KDR8OZ3mX7jmFv4N4cM3RTzokxo3Fb+fHxGHCn3aq51IkEEUk4qNf7dJv
2AW3bCwn29kuzea7bMMH/+rNw/AxbLw317Sm4VTo2ucViZ6ASNb1Ned9zz8v1yAL
5PtaNFimpit4oC3hbFwnrnzf4g4FIHzZCpLtGVrcE0nz
-----END CERTIFICATE-----