Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/sma4dTp4Dmb4EX6M4OeIDtFLv-s.roa
File:                     sma4dTp4Dmb4EX6M4OeIDtFLv-s.roa (raw, json)
Hash identifier:          cjuz1JY0fHykf7MrbOG1u8qjvenhy/mzbk7rw9Wq04M=
Subject key identifier:   B2:66:B8:75:3A:78:0E:66:F8:11:7E:8C:E0:E7:88:0E:D1:4B:BF:EB
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       018CCA2A903A94258E9DA574157507D1B205
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/sma4dTp4Dmb4EX6M4OeIDtFLv-s.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30933
IP address blocks:        80.253.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:90:3a:94:25:8e:9d:a5:74:15:75:07:d1:b2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b266b8753a780e66f8117e8ce0e7880ed14bbfeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:42:c4:51:64:0e:6e:ec:52:ff:22:c4:37:6a:
                    3b:6a:4e:95:59:87:a2:a7:66:2a:43:26:c2:28:b9:
                    61:f3:f4:dd:97:ce:5f:cc:68:97:39:12:07:db:7d:
                    49:c3:08:e2:a5:6e:6e:a0:c2:e2:63:fa:c2:8b:95:
                    21:70:69:c3:0b:06:fd:47:0e:85:47:42:68:d8:e5:
                    57:b1:86:e7:2d:fd:d4:a3:83:69:87:c9:1f:c3:62:
                    d8:c0:e8:2c:a1:ce:7a:bc:cd:af:1b:bb:92:50:a2:
                    ed:92:cc:3f:73:31:31:10:37:14:4a:68:8c:21:b9:
                    90:46:1f:50:27:f1:07:68:de:b6:ab:43:51:07:c6:
                    ce:86:ca:6c:c7:b2:7c:dd:12:a0:06:59:55:bc:38:
                    83:9d:08:54:c4:1f:55:47:0a:94:dd:52:15:ac:0d:
                    eb:8d:3a:21:0e:fd:5e:58:50:d7:f7:1e:3c:af:9f:
                    21:2b:5b:ab:38:ae:11:1f:b3:21:45:34:c4:d6:d7:
                    39:7e:bc:ac:f0:49:dc:c0:59:7c:1c:33:97:b9:3c:
                    15:21:74:9f:61:a4:f8:f1:44:f7:1e:4a:52:e5:e2:
                    8e:93:fe:53:82:30:6f:0c:0a:48:b4:e8:6d:00:6b:
                    33:19:14:06:ad:9d:66:b6:4d:5d:44:43:5f:b9:af:
                    72:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:66:B8:75:3A:78:0E:66:F8:11:7E:8C:E0:E7:88:0E:D1:4B:BF:EB
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/sma4dTp4Dmb4EX6M4OeIDtFLv-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:92:dc:8f:d6:01:72:a8:a7:1d:05:7f:39:78:8b:02:70:68:
         e8:06:5b:e3:ea:aa:11:ce:bc:4f:4e:86:95:a4:0f:b7:2b:74:
         ec:7f:98:11:7d:19:dc:b5:6b:9a:43:46:76:2c:b8:9f:37:cd:
         8f:7a:c1:34:dd:66:ed:ad:01:fe:9e:16:a1:64:6a:58:d7:a1:
         d0:08:a0:87:35:ae:8d:6c:7a:cd:b8:15:08:47:02:da:ce:a2:
         8c:0b:33:ac:25:20:d8:50:ab:5b:2e:21:46:c5:34:5d:ad:5b:
         38:e4:ad:a2:0f:90:a9:1d:4b:77:93:63:53:a4:5f:3e:34:f8:
         74:16:a3:c8:44:79:0e:c2:f9:2b:cc:c0:53:cd:90:4c:32:b5:
         2d:9b:35:b1:9b:15:ba:35:7a:9f:78:52:20:14:44:8a:84:fb:
         7a:1f:4c:7b:2f:19:da:0d:03:7f:75:fa:be:7e:3a:ed:5c:51:
         08:4d:a1:bb:a1:40:81:e7:52:d8:87:22:91:72:35:f6:69:70:
         80:29:bc:d4:92:b5:13:36:1c:cd:fe:df:db:47:d2:52:e5:e3:
         d6:9b:bd:89:3e:42:5b:74:16:85:c5:bf:b2:e7:f8:7f:40:19:
         f2:12:b8:c1:cd:36:46:8a:01:63:89:66:e1:29:24:c7:53:f8:
         f7:f1:02:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpA6lCWOnaV0FXUH0bIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjY2Yjg3NTNhNzgwZTY2ZjgxMTdlOGNlMGU3ODgwZWQxNGJiZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgELEUWQObuxS/yLEN2o7ak6VWYei
p2YqQybCKLlh8/Tdl85fzGiXORIH231JwwjipW5uoMLiY/rCi5UhcGnDCwb9Rw6F
R0Jo2OVXsYbnLf3Uo4Nph8kfw2LYwOgsoc56vM2vG7uSUKLtksw/czExEDcUSmiM
IbmQRh9QJ/EHaN62q0NRB8bOhspsx7J83RKgBllVvDiDnQhUxB9VRwqU3VIVrA3r
jTohDv1eWFDX9x48r58hK1urOK4RH7MhRTTE1tc5frys8EncwFl8HDOXuTwVIXSf
YaT48UT3HkpS5eKOk/5TgjBvDApItOhtAGszGRQGrZ1mtk1dRENfua9ymQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJmuHU6eA5m+BF+jODniA7RS7/rMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvc21hNGRUcDREbWI0RVg2TTRPZUlEdEZMdi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUP1jMA0G
CSqGSIb3DQEBCwUAA4IBAQACktyP1gFyqKcdBX85eIsCcGjoBlvj6qoRzrxPToaV
pA+3K3Tsf5gRfRnctWuaQ0Z2LLifN82PesE03WbtrQH+nhahZGpY16HQCKCHNa6N
bHrNuBUIRwLazqKMCzOsJSDYUKtbLiFGxTRdrVs45K2iD5CpHUt3k2NTpF8+NPh0
FqPIRHkOwvkrzMBTzZBMMrUtmzWxmxW6NXqfeFIgFESKhPt6H0x7LxnaDQN/dfq+
fjrtXFEITaG7oUCB51LYhyKRcjX2aXCAKbzUkrUTNhzN/t/bR9JS5ePWm72JPkJb
dBaFxb+y5/h/QBnyErjBzTZGigFjiWbhKSTHU/j38QIe
-----END CERTIFICATE-----