Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/2f67b9-490b-43ef-b088-4ab3973502fb/1/SNODBlce-8709vD03pVEd30K-jU.roa
File:                     SNODBlce-8709vD03pVEd30K-jU.roa (raw, json)
Hash identifier:          2qJtSEDXaXwFLyZfr1aLFlOhGqKtJXUR87TGdDlVjPw=
Subject key identifier:   48:D3:83:06:57:1E:FB:CE:F4:F6:F0:F4:DE:95:44:77:7D:0A:FA:35
Certificate issuer:       /CN=602f27fad92452a254b30a060ed383b13c758ed6
Certificate serial:       018CC4254A161E574BA0B13161267EB3ED79
Authority key identifier: 60:2F:27:FA:D9:24:52:A2:54:B3:0A:06:0E:D3:83:B1:3C:75:8E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YC8n-tkkUqJUswoGDtODsTx1jtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/2f67b9-490b-43ef-b088-4ab3973502fb/1/SNODBlce-8709vD03pVEd30K-jU.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47216
IP address blocks:        185.119.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/2f67b9-490b-43ef-b088-4ab3973502fb/1/YC8n-tkkUqJUswoGDtODsTx1jtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/2f67b9-490b-43ef-b088-4ab3973502fb/1/YC8n-tkkUqJUswoGDtODsTx1jtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YC8n-tkkUqJUswoGDtODsTx1jtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4a:16:1e:57:4b:a0:b1:31:61:26:7e:b3:ed:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=602f27fad92452a254b30a060ed383b13c758ed6
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48d38306571efbcef4f6f0f4de9544777d0afa35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:6a:34:84:8c:e0:9b:5b:12:16:86:6c:36:
                    5e:d7:53:78:58:47:91:99:cd:88:2a:9c:c1:b0:20:
                    84:e4:99:83:7f:37:85:db:09:8d:2f:37:a7:0d:5d:
                    dd:f8:0a:66:4b:b4:be:a4:1e:b1:57:33:1b:12:ad:
                    1e:86:1c:54:df:4a:d5:52:eb:f3:4f:89:c5:7a:2a:
                    f6:db:d9:53:f3:2e:d1:70:45:b5:8d:bd:84:18:77:
                    ad:ec:21:29:4b:02:fb:55:9c:d3:1f:7f:2a:6f:bf:
                    ec:05:35:ab:28:2d:08:e8:bd:d6:06:dd:da:98:9e:
                    2a:52:9c:16:5d:29:84:cb:f3:85:84:b4:28:c1:6c:
                    08:dc:84:91:e9:81:6f:fd:39:0e:ee:3a:6a:c5:48:
                    76:e5:05:5d:8b:04:94:e1:5e:2a:e4:41:ef:b5:24:
                    dc:c5:34:8a:1b:6a:1e:fd:53:c3:48:a9:97:f4:5e:
                    17:81:fd:de:03:01:68:49:7f:74:55:45:86:8f:06:
                    f4:eb:b5:b6:06:b0:64:b9:f1:db:09:a2:7f:bd:68:
                    db:b7:26:d2:51:79:60:4c:0b:ab:40:0f:ad:27:9f:
                    07:0c:4c:a0:ce:47:f8:b0:d3:ca:5a:69:05:34:d8:
                    dc:05:03:8a:2f:6a:d5:e8:c0:20:64:92:4d:97:0d:
                    b4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D3:83:06:57:1E:FB:CE:F4:F6:F0:F4:DE:95:44:77:7D:0A:FA:35
            X509v3 Authority Key Identifier:
                keyid:60:2F:27:FA:D9:24:52:A2:54:B3:0A:06:0E:D3:83:B1:3C:75:8E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YC8n-tkkUqJUswoGDtODsTx1jtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2f67b9-490b-43ef-b088-4ab3973502fb/1/SNODBlce-8709vD03pVEd30K-jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2f67b9-490b-43ef-b088-4ab3973502fb/1/YC8n-tkkUqJUswoGDtODsTx1jtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:40:b2:87:de:b4:24:29:a6:a4:03:cf:4f:d7:ae:5e:0b:13:
         43:cf:90:a1:f1:fe:a1:e0:d6:77:a7:45:06:5f:ba:2c:dd:eb:
         9d:cb:b2:d7:bd:09:1a:8d:2f:4d:84:e9:ec:cc:2d:32:fc:2a:
         a3:1d:22:cb:b3:ad:5b:82:78:c9:d0:68:57:cc:8e:7f:c9:be:
         3c:3c:fa:9e:9e:4c:6f:57:f7:bb:5b:51:1a:e5:15:3d:33:cf:
         2f:42:46:3f:ae:e2:ec:12:88:c8:7c:d8:b7:74:b7:42:83:62:
         53:ac:9c:d3:d5:3c:e9:2e:cf:01:0d:38:e3:0f:d1:9e:1e:8a:
         ea:85:a1:3d:6d:9b:d0:33:0b:9f:4f:59:66:59:5c:10:45:e4:
         56:c2:b6:83:25:e3:3b:5d:d9:e7:22:77:59:c6:ca:fc:d2:d8:
         cd:8e:13:42:af:bb:ee:64:02:52:eb:fa:46:92:1f:ce:e5:21:
         b5:0a:86:11:df:79:52:d0:9e:55:9c:2f:7a:7e:f9:ce:cc:f5:
         25:e9:73:bd:d3:0a:86:ab:0a:3f:50:4d:ec:ec:1c:4e:4c:33:
         5c:3a:3e:dc:5f:33:4f:fd:e9:64:8d:92:6d:c9:68:f8:20:fb:
         ad:13:20:be:ee:40:c2:07:21:2f:e2:a8:b0:05:81:17:ea:58:
         ee:3a:58:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUoWHldLoLExYSZ+s+15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMmYyN2ZhZDkyNDUyYTI1NGIzMGEwNjBlZDM4M2IxM2M3
NThlZDYwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGQzODMwNjU3MWVmYmNlZjRmNmYwZjRkZTk1NDQ3NzdkMGFmYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqlqNISM4JtbEhaGbDZe11N4WEeR
mc2IKpzBsCCE5JmDfzeF2wmNLzenDV3d+ApmS7S+pB6xVzMbEq0ehhxU30rVUuvz
T4nFeir229lT8y7RcEW1jb2EGHet7CEpSwL7VZzTH38qb7/sBTWrKC0I6L3WBt3a
mJ4qUpwWXSmEy/OFhLQowWwI3ISR6YFv/TkO7jpqxUh25QVdiwSU4V4q5EHvtSTc
xTSKG2oe/VPDSKmX9F4Xgf3eAwFoSX90VUWGjwb067W2BrBkufHbCaJ/vWjbtybS
UXlgTAurQA+tJ58HDEygzkf4sNPKWmkFNNjcBQOKL2rV6MAgZJJNlw20kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjTgwZXHvvO9Pbw9N6VRHd9Cvo1MB8GA1UdIwQY
MBaAFGAvJ/rZJFKiVLMKBg7Tg7E8dY7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUM4bi10a2tVcUpVc3dvR0R0T0RzVHgxanRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8yZjY3YjktNDkwYi00M2VmLWIwODgt
NGFiMzk3MzUwMmZiLzEvU05PREJsY2UtODcwOXZEMDNwVkVkMzBLLWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8yZjY3YjktNDkwYi00M2VmLWIwODgtNGFiMzk3MzUwMmZi
LzEvWUM4bi10a2tVcUpVc3dvR0R0T0RzVHgxanRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXfHMA0G
CSqGSIb3DQEBCwUAA4IBAQAwQLKH3rQkKaakA89P165eCxNDz5Ch8f6h4NZ3p0UG
X7os3eudy7LXvQkajS9NhOnszC0y/CqjHSLLs61bgnjJ0GhXzI5/yb48PPqenkxv
V/e7W1Ea5RU9M88vQkY/ruLsEojIfNi3dLdCg2JTrJzT1TzpLs8BDTjjD9GeHorq
haE9bZvQMwufT1lmWVwQReRWwraDJeM7XdnnIndZxsr80tjNjhNCr7vuZAJS6/pG
kh/O5SG1CoYR33lS0J5VnC96fvnOzPUl6XO90wqGqwo/UE3s7BxOTDNcOj7cXzNP
/elkjZJtyWj4IPutEyC+7kDCByEv4qiwBYEX6ljuOli5
-----END CERTIFICATE-----