Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/67080d-cae0-48c1-a338-38f5d963222c/1/STDbMK7aYSDJQu6cTVBywUzJGRU.roa
File:                     STDbMK7aYSDJQu6cTVBywUzJGRU.roa (raw, json)
Hash identifier:          CqtM9jfkIuESr6HqnpCxEQl/gny97HfSH1vRokwZ2qw=
Subject key identifier:   49:30:DB:30:AE:DA:61:20:C9:42:EE:9C:4D:50:72:C1:4C:C9:19:15
Certificate issuer:       /CN=135155cebf9de0cb73e40a0fa0a1ab4dcf1d09ca
Certificate serial:       018CC34963037F0ECD338D2FE6CAC451F4A3
Authority key identifier: 13:51:55:CE:BF:9D:E0:CB:73:E4:0A:0F:A0:A1:AB:4D:CF:1D:09:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E1FVzr-d4Mtz5AoPoKGrTc8dCco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/67080d-cae0-48c1-a338-38f5d963222c/1/STDbMK7aYSDJQu6cTVBywUzJGRU.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        130.251.0.0/16 maxlen: 16
                          192.148.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/67080d-cae0-48c1-a338-38f5d963222c/1/E1FVzr-d4Mtz5AoPoKGrTc8dCco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/67080d-cae0-48c1-a338-38f5d963222c/1/E1FVzr-d4Mtz5AoPoKGrTc8dCco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E1FVzr-d4Mtz5AoPoKGrTc8dCco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:63:03:7f:0e:cd:33:8d:2f:e6:ca:c4:51:f4:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=135155cebf9de0cb73e40a0fa0a1ab4dcf1d09ca
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4930db30aeda6120c942ee9c4d5072c14cc91915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a1:c4:43:6b:d0:20:ca:ff:78:5f:51:da:e4:
                    d2:04:b8:65:fb:d0:7b:10:5c:dd:c8:8f:59:7c:cc:
                    37:7b:2b:ee:6e:02:cc:0e:32:a0:33:b5:4a:34:70:
                    d6:6d:31:86:45:ef:72:99:93:20:38:ef:4e:e7:bb:
                    e3:6b:34:c6:36:c9:dc:e6:6f:c6:24:75:ac:b1:6c:
                    50:e3:dd:11:28:0c:57:7e:a6:20:8f:07:44:b8:19:
                    e8:02:3f:f7:7b:d4:ff:76:24:1f:28:78:1f:0e:1e:
                    a7:51:2b:d9:c5:83:03:11:48:85:e4:16:e0:a2:cc:
                    0e:41:a9:e7:7e:47:40:a5:4d:3a:b0:17:ed:07:cd:
                    0d:b8:5a:e3:a2:b0:54:80:9e:69:d1:d2:d9:ee:01:
                    94:c7:e1:1c:e6:8d:d6:bb:e8:b4:7b:81:85:ba:f1:
                    68:34:7a:33:9e:d2:81:cb:c8:96:77:9e:c1:a6:79:
                    7c:c8:18:f3:0b:f4:a1:bf:82:53:39:07:d5:40:f1:
                    30:25:9a:ec:8a:d4:57:3e:70:0a:12:0f:7d:05:b1:
                    ea:43:8f:93:2d:e5:d4:2a:34:5f:4f:01:26:25:44:
                    db:79:53:66:82:d9:db:21:08:52:84:b1:31:de:69:
                    32:c5:a3:51:fe:9a:ce:33:72:5f:c4:76:0d:d6:77:
                    e7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:30:DB:30:AE:DA:61:20:C9:42:EE:9C:4D:50:72:C1:4C:C9:19:15
            X509v3 Authority Key Identifier:
                keyid:13:51:55:CE:BF:9D:E0:CB:73:E4:0A:0F:A0:A1:AB:4D:CF:1D:09:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E1FVzr-d4Mtz5AoPoKGrTc8dCco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/67080d-cae0-48c1-a338-38f5d963222c/1/STDbMK7aYSDJQu6cTVBywUzJGRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/67080d-cae0-48c1-a338-38f5d963222c/1/E1FVzr-d4Mtz5AoPoKGrTc8dCco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.251.0.0/16
                  192.148.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:0e:de:50:d5:d9:09:73:1c:d8:ef:14:94:37:40:a2:e5:cb:
         24:ac:57:1d:5d:c7:26:e2:e2:d5:dd:a9:9a:78:27:ef:6c:b6:
         67:9d:a2:a8:ab:3f:02:b1:48:ec:ee:4a:24:96:c9:a4:37:ef:
         9b:46:26:78:8d:d1:b9:60:c2:21:98:1d:29:57:a0:cb:72:3d:
         63:ef:32:68:b1:90:59:93:8a:d7:90:9d:b4:b0:55:34:a1:50:
         89:72:eb:c7:bd:85:8b:79:de:a2:59:a8:41:e0:9a:cb:9b:c6:
         1c:be:44:11:2a:45:e7:79:82:13:9b:74:dc:33:27:51:e0:58:
         eb:0c:21:fe:bf:1a:cb:a9:66:3e:72:1d:0c:d3:78:81:25:47:
         1a:4a:20:e1:c9:e8:20:0b:94:16:9f:a8:25:3f:18:6a:57:b1:
         ec:0d:10:20:72:2c:b2:aa:97:07:6d:99:f3:15:6c:f9:95:81:
         45:1d:d3:c0:e9:fe:db:a3:b6:16:8f:99:fb:48:ae:f9:22:0d:
         fd:09:1b:53:66:38:65:7a:22:7d:b9:2e:8d:68:09:9c:1e:96:
         6b:d0:99:0c:ed:d4:cb:45:fa:34:9e:32:31:03:13:d4:63:13:
         21:7c:cf:dc:c5:05:68:65:00:3c:ff:34:9d:7b:c4:ef:8d:48:
         03:2b:29:90
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzDSWMDfw7NM40v5srEUfSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNTE1NWNlYmY5ZGUwY2I3M2U0MGEwZmEwYTFhYjRkY2Yx
ZDA5Y2EwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMwZGIzMGFlZGE2MTIwYzk0MmVlOWM0ZDUwNzJjMTRjYzkxOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqHEQ2vQIMr/eF9R2uTSBLhl+9B7
EFzdyI9ZfMw3eyvubgLMDjKgM7VKNHDWbTGGRe9ymZMgOO9O57vjazTGNsnc5m/G
JHWssWxQ490RKAxXfqYgjwdEuBnoAj/3e9T/diQfKHgfDh6nUSvZxYMDEUiF5Bbg
oswOQannfkdApU06sBftB80NuFrjorBUgJ5p0dLZ7gGUx+Ec5o3Wu+i0e4GFuvFo
NHozntKBy8iWd57Bpnl8yBjzC/Shv4JTOQfVQPEwJZrsitRXPnAKEg99BbHqQ4+T
LeXUKjRfTwEmJUTbeVNmgtnbIQhShLEx3mkyxaNR/prOM3JfxHYN1nfnZQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFEkw2zCu2mEgyULunE1QcsFMyRkVMB8GA1UdIwQY
MBaAFBNRVc6/neDLc+QKD6Chq03PHQnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTFGVnpyLWQ0TXR6NUFvUG9LR3JUYzhkQ2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy82NzA4MGQtY2FlMC00OGMxLWEzMzgt
MzhmNWQ5NjMyMjJjLzEvU1REYk1LN2FZU0RKUXU2Y1RWQnl3VXpKR1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy82NzA4MGQtY2FlMC00OGMxLWEzMzgtMzhmNWQ5NjMyMjJj
LzEvRTFGVnpyLWQ0TXR6NUFvUG9LR3JUYzhkQ2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAgvsDBADA
lMEwDQYJKoZIhvcNAQELBQADggEBAB8O3lDV2QlzHNjvFJQ3QKLlyySsVx1dxybi
4tXdqZp4J+9stmedoqirPwKxSOzuSiSWyaQ375tGJniN0blgwiGYHSlXoMtyPWPv
MmixkFmTiteQnbSwVTShUIly68e9hYt53qJZqEHgmsubxhy+RBEqRed5ghObdNwz
J1HgWOsMIf6/GsupZj5yHQzTeIElRxpKIOHJ6CALlBafqCU/GGpXsewNECByLLKq
lwdtmfMVbPmVgUUd08Dp/tujthaPmftIrvkiDf0JG1NmOGV6In25Lo1oCZwelmvQ
mQzt1MtF+jSeMjEDE9RjEyF8z9zFBWhlADz/NJ17xO+NSAMrKZA=
-----END CERTIFICATE-----