Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/smUXqEoBASmp9npQfz_QDG9Z4zw.roa
File:                     smUXqEoBASmp9npQfz_QDG9Z4zw.roa (raw, json)
Hash identifier:          CBtqIq7YD85/Q5a4eS+pbOsQdhOxzGUIA/wpywIb3zg=
Subject key identifier:   B2:65:17:A8:4A:01:01:29:A9:F6:7A:50:7F:3F:D0:0C:6F:59:E3:3C
Certificate issuer:       /CN=d689cb71891c6d94bd9e6f14f16e7e37c2c728bf
Certificate serial:       019128FDC31F29CC02E6CDCC6B004F81F2A0
Authority key identifier: D6:89:CB:71:89:1C:6D:94:BD:9E:6F:14:F1:6E:7E:37:C2:C7:28:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1onLcYkcbZS9nm8U8W5-N8LHKL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/smUXqEoBASmp9npQfz_QDG9Z4zw.roa
Signing time:             Tue 06 Aug 2024 18:40:04 +0000
ROA not before:           Tue 06 Aug 2024 18:40:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212599
IP address blocks:        185.134.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/1onLcYkcbZS9nm8U8W5-N8LHKL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/1onLcYkcbZS9nm8U8W5-N8LHKL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1onLcYkcbZS9nm8U8W5-N8LHKL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:28:fd:c3:1f:29:cc:02:e6:cd:cc:6b:00:4f:81:f2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d689cb71891c6d94bd9e6f14f16e7e37c2c728bf
        Validity
            Not Before: Aug  6 18:40:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b26517a84a010129a9f67a507f3fd00c6f59e33c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:88:11:16:f1:80:f3:ba:39:0e:b5:a7:50:87:
                    fe:ad:8e:49:b2:89:60:44:c6:7c:da:cd:fb:44:96:
                    f9:e3:df:42:a2:81:9d:85:11:cc:b8:a9:b6:54:63:
                    dc:e3:9b:14:1c:c7:db:ca:ed:39:e5:54:9a:3d:88:
                    71:c4:f5:1a:dc:92:c0:a8:15:52:b2:0e:26:ea:70:
                    85:0b:c9:03:9c:c7:a8:7f:25:a1:67:e4:78:0d:44:
                    fc:b3:23:8b:56:d1:73:00:2c:81:72:d7:59:03:22:
                    61:c2:fb:7b:49:80:f4:7e:50:12:4b:5e:1c:ea:fa:
                    2e:9f:cf:4f:8f:17:85:54:0d:51:c3:b6:a9:85:34:
                    6a:7d:ef:e0:52:b3:c8:59:d3:3b:57:68:67:79:fc:
                    f8:8c:22:34:f2:fc:fb:a4:62:45:86:c9:26:7d:78:
                    9e:57:7d:b5:30:1e:5c:96:55:2a:85:d9:a8:83:03:
                    2c:39:ea:74:ae:9d:e1:70:63:80:d6:7a:c9:64:ec:
                    5a:37:25:88:4b:97:7b:fe:18:31:da:2c:15:c0:cc:
                    cb:9e:1b:5e:39:72:ef:19:40:7d:3e:f3:96:4a:56:
                    ae:9e:68:25:80:62:67:68:49:2e:e1:72:95:ef:b9:
                    da:60:c7:2e:5a:0e:e0:66:6d:de:06:1a:83:a2:5d:
                    1a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:65:17:A8:4A:01:01:29:A9:F6:7A:50:7F:3F:D0:0C:6F:59:E3:3C
            X509v3 Authority Key Identifier:
                keyid:D6:89:CB:71:89:1C:6D:94:BD:9E:6F:14:F1:6E:7E:37:C2:C7:28:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1onLcYkcbZS9nm8U8W5-N8LHKL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/smUXqEoBASmp9npQfz_QDG9Z4zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0df28d-924d-4b4e-94b8-824ffc6942f4/1/1onLcYkcbZS9nm8U8W5-N8LHKL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:8a:7f:87:d1:c8:ad:d0:35:77:b1:e7:13:9f:2d:34:05:d3:
         4e:23:53:1b:1d:30:ed:82:e7:30:58:79:4f:d6:d5:0f:90:b3:
         df:64:4d:27:7a:c3:d7:26:f1:f4:ab:26:d7:c3:b5:ad:c9:22:
         e6:ab:7e:45:65:95:1b:fe:55:ad:ee:05:a1:c1:82:59:87:45:
         05:00:61:f9:2d:7c:32:10:e2:38:f9:38:1d:76:68:78:66:93:
         63:87:51:6b:c7:d8:fe:3c:ad:a8:c0:26:e6:0c:a3:3c:f7:51:
         ea:9b:f0:14:0d:0c:d6:b7:25:c9:58:09:ff:19:d6:38:9d:f7:
         bb:b4:b3:4a:69:fc:04:5e:71:cb:88:a0:bd:c5:e5:35:9b:5e:
         4f:e2:37:dd:ac:28:45:f6:59:2b:1b:3e:7e:fd:fb:d5:d0:b3:
         2a:88:97:9a:24:1b:53:44:af:04:59:db:e6:02:5a:49:ec:5e:
         36:f5:48:9a:04:d5:fe:ee:6f:95:64:95:98:7d:0b:70:c0:30:
         52:c9:dc:09:cc:a7:c7:6f:ed:ce:13:35:51:5b:8f:fc:be:a8:
         7b:7a:df:81:71:c2:36:a2:e2:59:70:71:e9:ac:fb:90:b1:e8:
         a6:90:c3:52:c8:76:77:25:82:d2:f5:35:d7:2e:55:32:2e:7e:
         7f:e1:36:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEo/cMfKcwC5s3MawBPgfKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ODljYjcxODkxYzZkOTRiZDllNmYxNGYxNmU3ZTM3YzJj
NzI4YmYwHhcNMjQwODA2MTg0MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjY1MTdhODRhMDEwMTI5YTlmNjdhNTA3ZjNmZDAwYzZmNTllMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YgRFvGA87o5DrWnUIf+rY5Jsolg
RMZ82s37RJb5499CooGdhRHMuKm2VGPc45sUHMfbyu055VSaPYhxxPUa3JLAqBVS
sg4m6nCFC8kDnMeofyWhZ+R4DUT8syOLVtFzACyBctdZAyJhwvt7SYD0flASS14c
6voun89PjxeFVA1Rw7aphTRqfe/gUrPIWdM7V2hnefz4jCI08vz7pGJFhskmfXie
V321MB5cllUqhdmogwMsOep0rp3hcGOA1nrJZOxaNyWIS5d7/hgx2iwVwMzLnhte
OXLvGUB9PvOWSlaunmglgGJnaEku4XKV77naYMcuWg7gZm3eBhqDol0a2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJlF6hKAQEpqfZ6UH8/0AxvWeM8MB8GA1UdIwQY
MBaAFNaJy3GJHG2UvZ5vFPFufjfCxyi/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW9uTGNZa2NiWlM5bm04VThXNS1OOExIS0w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wZGYyOGQtOTI0ZC00YjRlLTk0Yjgt
ODI0ZmZjNjk0MmY0LzEvc21VWHFFb0JBU21wOW5wUWZ6X1FERzlaNHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wZGYyOGQtOTI0ZC00YjRlLTk0YjgtODI0ZmZjNjk0MmY0
LzEvMW9uTGNZa2NiWlM5bm04VThXNS1OOExIS0w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYavMA0G
CSqGSIb3DQEBCwUAA4IBAQB4in+H0cit0DV3secTny00BdNOI1MbHTDtgucwWHlP
1tUPkLPfZE0nesPXJvH0qybXw7WtySLmq35FZZUb/lWt7gWhwYJZh0UFAGH5LXwy
EOI4+Tgddmh4ZpNjh1Frx9j+PK2owCbmDKM891Hqm/AUDQzWtyXJWAn/GdY4nfe7
tLNKafwEXnHLiKC9xeU1m15P4jfdrChF9lkrGz5+/fvV0LMqiJeaJBtTRK8EWdvm
AlpJ7F429UiaBNX+7m+VZJWYfQtwwDBSydwJzKfHb+3OEzVRW4/8vqh7et+BccI2
ouJZcHHprPuQseimkMNSyHZ3JYLS9TXXLlUyLn5/4Tb7
-----END CERTIFICATE-----