Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/SZdqDZE4RneeVStaWVqTFRmSMyE.roa
File:                     SZdqDZE4RneeVStaWVqTFRmSMyE.roa (raw, json)
Hash identifier:          ZULMkn9QqMM3ZuiZefF0oY4XRw2aRazZd+lj10PySPU=
Subject key identifier:   49:97:6A:0D:91:38:46:77:9E:55:2B:5A:59:5A:93:15:19:92:33:21
Certificate issuer:       /CN=1d54be79c892b5356bf1b7bcd131397f2c23adc0
Certificate serial:       018CC64AEC51FE4A7865827690045CC25115
Authority key identifier: 1D:54:BE:79:C8:92:B5:35:6B:F1:B7:BC:D1:31:39:7F:2C:23:AD:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/SZdqDZE4RneeVStaWVqTFRmSMyE.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        185.248.164.0/23 maxlen: 23
                          185.248.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ec:51:fe:4a:78:65:82:76:90:04:5c:c2:51:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d54be79c892b5356bf1b7bcd131397f2c23adc0
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49976a0d913846779e552b5a595a931519923321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:72:03:00:c3:8b:0c:c5:da:dd:8e:1c:73:52:
                    4e:58:14:ec:21:8a:e1:fd:cd:e4:ff:43:54:e2:1d:
                    3a:d7:02:b1:ea:f5:aa:57:8a:cb:f1:74:8a:34:25:
                    2a:ee:60:d7:f3:60:6b:e5:c2:83:3e:d1:96:cd:01:
                    38:11:3d:50:9f:9b:24:6a:01:8d:d0:2c:52:8a:a2:
                    d1:89:7b:47:30:63:d5:bb:f0:b8:3a:23:62:18:5c:
                    06:b0:c5:2c:11:50:89:53:a3:a2:0d:4d:2f:62:14:
                    f9:05:9d:98:91:be:2a:42:4e:c1:4e:a9:4a:6c:9d:
                    99:66:51:fc:9b:d9:f9:0c:0d:55:99:23:62:63:77:
                    2a:af:63:42:fa:59:2e:d0:85:f5:09:6d:4e:6a:18:
                    ea:78:ff:3a:51:55:21:40:59:c7:3a:29:b6:af:dc:
                    1e:a0:83:84:2a:8e:89:ec:d9:c0:b9:88:de:27:e9:
                    4c:e8:87:19:8c:4d:2b:a3:89:39:99:5c:63:19:43:
                    e0:51:0d:01:4e:62:c4:de:4f:1a:b7:73:0f:27:ec:
                    8f:2e:14:36:48:da:d0:80:fd:67:29:5c:5c:be:3f:
                    23:67:20:14:08:72:e4:b4:13:d1:a5:9e:e8:62:88:
                    7e:8a:f7:b8:4f:0e:fe:a1:1b:55:05:f8:52:c5:d1:
                    f2:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:97:6A:0D:91:38:46:77:9E:55:2B:5A:59:5A:93:15:19:92:33:21
            X509v3 Authority Key Identifier:
                keyid:1D:54:BE:79:C8:92:B5:35:6B:F1:B7:BC:D1:31:39:7F:2C:23:AD:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HVS-eciStTVr8be80TE5fywjrcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/SZdqDZE4RneeVStaWVqTFRmSMyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/67769b-85a5-4a0a-889b-802b6376f743/1/HVS-eciStTVr8be80TE5fywjrcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.164.0/23
                  185.248.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:42:69:fe:64:e7:59:ec:5d:61:75:05:9c:32:39:9d:75:15:
         16:bb:b3:90:fe:d4:e9:36:ef:40:d7:f4:1c:b0:34:3c:b7:16:
         4c:ec:86:7f:a3:5e:04:a5:c9:30:67:34:0d:7a:75:00:05:07:
         5d:7c:e3:19:e1:7a:7e:90:f1:36:48:0d:08:93:38:d7:d5:96:
         08:5d:ea:42:ce:11:b8:3a:ba:d6:47:7e:f9:9f:6e:52:68:47:
         ac:c7:d1:6c:2d:be:dc:25:77:35:f6:80:76:53:d1:70:ef:e0:
         8f:08:85:4d:b2:e2:ba:4b:e5:a1:14:1e:16:e6:c6:8d:7a:04:
         dc:d0:eb:cd:fc:c8:01:85:be:97:cd:11:f0:e2:e5:b2:17:89:
         e6:73:61:bd:a0:ca:30:e9:44:58:6f:68:ba:0f:01:48:33:09:
         50:2c:5e:30:9d:f1:82:80:fd:8e:a1:4f:a0:79:f8:32:6f:13:
         8d:05:36:11:ce:5f:6e:2c:f6:e0:78:34:b6:93:0e:0f:81:40:
         4e:f7:5e:88:2a:c2:e7:9a:15:dc:00:98:12:ac:3e:15:dd:52:
         23:1f:b5:63:61:8a:30:bf:29:e5:dc:89:89:2a:6e:8d:40:32:
         0f:33:02:f2:bb:de:fd:32:93:1f:05:ae:64:29:30:f9:02:f0:
         67:1d:fd:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSuxR/kp4ZYJ2kARcwlEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNTRiZTc5Yzg5MmI1MzU2YmYxYjdiY2QxMzEzOTdmMmMy
M2FkYzAwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk3NmEwZDkxMzg0Njc3OWU1NTJiNWE1OTVhOTMxNTE5OTIzMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXIDAMOLDMXa3Y4cc1JOWBTsIYrh
/c3k/0NU4h061wKx6vWqV4rL8XSKNCUq7mDX82Br5cKDPtGWzQE4ET1Qn5skagGN
0CxSiqLRiXtHMGPVu/C4OiNiGFwGsMUsEVCJU6OiDU0vYhT5BZ2Ykb4qQk7BTqlK
bJ2ZZlH8m9n5DA1VmSNiY3cqr2NC+lku0IX1CW1OahjqeP86UVUhQFnHOim2r9we
oIOEKo6J7NnAuYjeJ+lM6IcZjE0ro4k5mVxjGUPgUQ0BTmLE3k8at3MPJ+yPLhQ2
SNrQgP1nKVxcvj8jZyAUCHLktBPRpZ7oYoh+ive4Tw7+oRtVBfhSxdHy7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEmXag2ROEZ3nlUrWllakxUZkjMhMB8GA1UdIwQY
MBaAFB1UvnnIkrU1a/G3vNExOX8sI63AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFZTLWVjaVN0VFZyOGJlODBURTVmeXdqcmNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82Nzc2OWItODVhNS00YTBhLTg4OWIt
ODAyYjYzNzZmNzQzLzEvU1pkcURaRTRSbmVlVlN0YVdWcVRGUm1TTXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82Nzc2OWItODVhNS00YTBhLTg4OWItODAyYjYzNzZmNzQz
LzEvSFZTLWVjaVN0VFZyOGJlODBURTVmeXdqcmNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBufikAwQA
ufinMA0GCSqGSIb3DQEBCwUAA4IBAQAcQmn+ZOdZ7F1hdQWcMjmddRUWu7OQ/tTp
Nu9A1/QcsDQ8txZM7IZ/o14EpckwZzQNenUABQddfOMZ4Xp+kPE2SA0IkzjX1ZYI
XepCzhG4OrrWR375n25SaEesx9FsLb7cJXc19oB2U9Fw7+CPCIVNsuK6S+WhFB4W
5saNegTc0OvN/MgBhb6XzRHw4uWyF4nmc2G9oMow6URYb2i6DwFIMwlQLF4wnfGC
gP2OoU+gefgybxONBTYRzl9uLPbgeDS2kw4PgUBO916IKsLnmhXcAJgSrD4V3VIj
H7VjYYowvynl3ImJKm6NQDIPMwLyu979MpMfBa5kKTD5AvBnHf2U
-----END CERTIFICATE-----