Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/598415-445e-468d-9f8e-d19839206ce6/1/siOfQhv_q1PKVfeCyZhOezZpRLc.roa
File:                     siOfQhv_q1PKVfeCyZhOezZpRLc.roa (raw, json)
Hash identifier:          lvqczXph1cEKIVNBqB8FpTTlLOQNfESBwwewLU0U/qs=
Subject key identifier:   B2:23:9F:42:1B:FF:AB:53:CA:55:F7:82:C9:98:4E:7B:36:69:44:B7
Certificate issuer:       /CN=4c325637cd4de9afe53bd4f121abf62245f6714f
Certificate serial:       018CC9BC2404A34BDD07ECA61A3B6BA44C14
Authority key identifier: 4C:32:56:37:CD:4D:E9:AF:E5:3B:D4:F1:21:AB:F6:22:45:F6:71:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDJWN81N6a_lO9TxIav2IkX2cU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/598415-445e-468d-9f8e-d19839206ce6/1/siOfQhv_q1PKVfeCyZhOezZpRLc.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42093
IP address blocks:        194.48.214.0/24 maxlen: 24
                          2001:67c:1724::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/598415-445e-468d-9f8e-d19839206ce6/1/TDJWN81N6a_lO9TxIav2IkX2cU8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/598415-445e-468d-9f8e-d19839206ce6/1/TDJWN81N6a_lO9TxIav2IkX2cU8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDJWN81N6a_lO9TxIav2IkX2cU8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:24:04:a3:4b:dd:07:ec:a6:1a:3b:6b:a4:4c:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c325637cd4de9afe53bd4f121abf62245f6714f
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2239f421bffab53ca55f782c9984e7b366944b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7f:f0:1b:53:d8:61:bb:87:43:97:f3:03:df:
                    e5:e6:3a:42:25:0d:80:0b:ad:e8:8b:51:99:17:1a:
                    22:04:24:d4:2a:01:1f:5b:6f:91:97:ff:2e:5f:93:
                    4b:9a:4f:5c:b4:02:50:03:98:3a:4d:e5:ba:0a:ef:
                    8e:d7:90:19:3e:2f:a5:7c:a0:ec:44:7c:78:c8:10:
                    d3:75:07:4b:25:c2:45:df:f0:fa:d1:32:03:30:f5:
                    a7:a4:46:e2:1e:2d:cc:ff:04:d1:96:87:17:70:55:
                    7f:a9:6d:15:f0:a6:1b:46:01:ca:e7:6f:30:a8:6c:
                    fa:c4:02:ae:1f:52:27:fb:fc:52:f9:80:a2:42:29:
                    43:d4:87:70:ab:bd:4f:4a:96:87:cc:13:e3:0b:ed:
                    c0:f3:cf:a3:35:76:8b:d8:11:ba:b6:83:95:34:29:
                    7c:16:22:41:7d:c2:9a:31:77:9e:9d:0c:3a:5f:76:
                    6f:2e:84:fc:f1:c7:33:9b:c7:c9:d6:02:a5:d9:c0:
                    48:5c:91:61:5f:9b:95:b9:a6:2e:7e:ab:eb:2c:ec:
                    f1:f1:d7:17:a9:5b:b8:21:ee:a2:50:37:0b:60:e2:
                    27:b0:ab:b2:f3:f6:8e:c0:97:5b:dc:e5:06:f8:4e:
                    ab:e6:ef:44:28:11:3c:da:58:e0:7a:65:bc:ef:88:
                    66:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:23:9F:42:1B:FF:AB:53:CA:55:F7:82:C9:98:4E:7B:36:69:44:B7
            X509v3 Authority Key Identifier:
                keyid:4C:32:56:37:CD:4D:E9:AF:E5:3B:D4:F1:21:AB:F6:22:45:F6:71:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDJWN81N6a_lO9TxIav2IkX2cU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/598415-445e-468d-9f8e-d19839206ce6/1/siOfQhv_q1PKVfeCyZhOezZpRLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/598415-445e-468d-9f8e-d19839206ce6/1/TDJWN81N6a_lO9TxIav2IkX2cU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.214.0/24
                IPv6:
                  2001:67c:1724::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:0f:32:c7:61:bd:6d:08:1d:cc:8e:54:97:cd:58:cd:3a:82:
         8b:19:7a:01:62:82:c9:16:fe:88:2b:3c:8e:03:ed:95:18:1e:
         48:99:58:ef:a8:6f:30:0a:5e:0c:9a:bc:bf:70:c7:58:c5:fd:
         5b:12:e2:3a:e2:cc:d1:5a:b8:35:17:65:fa:13:ca:d9:5f:05:
         14:44:96:c1:54:5c:84:a9:22:17:23:12:8e:1e:cd:2f:07:a3:
         b4:b1:61:4d:40:57:f6:31:72:03:dd:38:4d:fb:e5:80:29:df:
         57:77:ee:c3:40:8e:c0:d7:2f:8a:c0:d8:33:6f:d4:a7:58:74:
         4e:ae:52:ec:af:69:6f:60:9f:bd:5b:b8:06:40:93:e4:9e:c7:
         03:4d:7b:06:4f:01:66:69:f4:4c:a1:ea:11:2f:7c:e4:81:a1:
         89:41:f9:99:50:fe:90:8f:bb:d7:4e:69:cf:1b:76:f4:39:3c:
         47:ca:39:74:ce:6d:d6:bf:81:ee:16:5c:62:0d:f2:58:a7:e9:
         63:fa:c6:33:66:a9:b1:29:9b:2d:e6:13:0f:02:58:74:59:2b:
         07:48:98:09:f6:17:96:aa:7e:94:91:28:3d:b3:df:37:8a:c1:
         7b:be:81:a8:12:cd:8f:a9:c5:ec:79:61:2a:56:ee:8f:b1:ce:
         2f:9a:7e:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvCQEo0vdB+ymGjtrpEwUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzI1NjM3Y2Q0ZGU5YWZlNTNiZDRmMTIxYWJmNjIyNDVm
NjcxNGYwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjIzOWY0MjFiZmZhYjUzY2E1NWY3ODJjOTk4NGU3YjM2Njk0NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmn/wG1PYYbuHQ5fzA9/l5jpCJQ2A
C63oi1GZFxoiBCTUKgEfW2+Rl/8uX5NLmk9ctAJQA5g6TeW6Cu+O15AZPi+lfKDs
RHx4yBDTdQdLJcJF3/D60TIDMPWnpEbiHi3M/wTRlocXcFV/qW0V8KYbRgHK528w
qGz6xAKuH1In+/xS+YCiQilD1Idwq71PSpaHzBPjC+3A88+jNXaL2BG6toOVNCl8
FiJBfcKaMXeenQw6X3ZvLoT88cczm8fJ1gKl2cBIXJFhX5uVuaYufqvrLOzx8dcX
qVu4Ie6iUDcLYOInsKuy8/aOwJdb3OUG+E6r5u9EKBE82ljgemW874hmrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLIjn0Ib/6tTylX3gsmYTns2aUS3MB8GA1UdIwQY
MBaAFEwyVjfNTemv5TvU8SGr9iJF9nFPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERKV044MU42YV9sTzlUeElhdjJJa1gyY1U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OTg0MTUtNDQ1ZS00NjhkLTlmOGUt
ZDE5ODM5MjA2Y2U2LzEvc2lPZlFodl9xMVBLVmZlQ3laaE9lelpwUkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OTg0MTUtNDQ1ZS00NjhkLTlmOGUtZDE5ODM5MjA2Y2U2
LzEvVERKV044MU42YV9sTzlUeElhdjJJa1gyY1U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjDWMA8E
AgACMAkDBwAgAQZ8FyQwDQYJKoZIhvcNAQELBQADggEBAB8PMsdhvW0IHcyOVJfN
WM06gosZegFigskW/ogrPI4D7ZUYHkiZWO+obzAKXgyavL9wx1jF/VsS4jrizNFa
uDUXZfoTytlfBRRElsFUXISpIhcjEo4ezS8Ho7SxYU1AV/YxcgPdOE375YAp31d3
7sNAjsDXL4rA2DNv1KdYdE6uUuyvaW9gn71buAZAk+SexwNNewZPAWZp9Eyh6hEv
fOSBoYlB+ZlQ/pCPu9dOac8bdvQ5PEfKOXTObda/ge4WXGIN8lin6WP6xjNmqbEp
my3mEw8CWHRZKwdImAn2F5aqfpSRKD2z3zeKwXu+gagSzY+pxex5YSpW7o+xzi+a
fmE=
-----END CERTIFICATE-----