Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SBL2UfS9GGZAiSyLdqfjuHiTirY.roa
File:                     SBL2UfS9GGZAiSyLdqfjuHiTirY.roa (raw, json)
Hash identifier:          FEn55lhGYQKvVtdeWljVVvvccRbKtqzeTDhPKb2NEKo=
Subject key identifier:   48:12:F6:51:F4:BD:18:66:40:89:2C:8B:76:A7:E3:B8:78:93:8A:B6
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802D71C2F41F9B867396F0056763056
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SBL2UfS9GGZAiSyLdqfjuHiTirY.roa
Signing time:             Tue 02 Jan 2024 02:31:18 +0000
ROA not before:           Tue 02 Jan 2024 02:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1881
IP address blocks:        192.121.30.0/24 maxlen: 24
                          192.71.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d7:1c:2f:41:f9:b8:67:39:6f:00:56:76:30:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4812f651f4bd186640892c8b76a7e3b878938ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:92:55:cb:91:a3:a8:5d:be:46:20:a1:d1:81:
                    35:3c:66:2c:c3:bc:71:ec:ca:36:fd:ea:67:73:b0:
                    ce:09:d1:fa:da:96:c1:7f:c6:ac:ed:47:ff:06:9b:
                    24:2d:cc:05:71:fb:eb:fe:fd:e1:7e:2f:cc:e0:f5:
                    b9:14:42:69:5c:da:d1:0d:af:c0:af:6b:c5:03:1a:
                    e1:85:ea:38:7b:53:94:56:76:c9:ba:1a:fa:f2:fd:
                    3f:44:de:4e:1c:8e:91:35:8a:b6:d4:3e:dd:04:26:
                    f0:59:f1:02:f5:2a:9d:f4:5e:39:56:dd:55:df:40:
                    10:8a:60:fa:9c:d0:0c:6e:72:19:f3:eb:66:dd:23:
                    44:e1:82:e2:fd:7d:a2:27:5e:e5:f2:65:18:da:3a:
                    f0:8f:a3:44:51:98:77:7d:cb:01:50:e2:f3:27:ff:
                    ce:c3:1a:58:ea:d7:0b:c4:39:b9:0a:c1:8d:86:f9:
                    20:bd:0e:a5:be:50:dd:5d:d8:4f:6f:ca:2a:49:85:
                    20:a1:60:51:1a:4c:8a:30:f8:0a:52:6d:a9:b9:22:
                    d5:40:2c:a5:13:9d:a0:9a:2d:90:a0:2c:55:56:66:
                    55:41:b8:5a:a2:bc:00:e8:4c:ba:3e:45:6d:2f:ac:
                    b3:ab:5e:ec:20:e1:52:7b:4c:32:30:1a:45:d1:43:
                    9a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:12:F6:51:F4:BD:18:66:40:89:2C:8B:76:A7:E3:B8:78:93:8A:B6
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SBL2UfS9GGZAiSyLdqfjuHiTirY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.128.0/24
                  192.121.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ed:c5:4f:94:d2:d6:c1:94:dc:45:a3:ab:7d:52:1b:88:9b:
         92:ff:2f:a6:36:12:9f:68:4e:b0:74:15:e2:93:51:9a:71:b7:
         1f:1e:12:82:11:3c:18:dd:1d:02:30:f1:32:d3:2f:33:cc:e9:
         40:35:64:0b:02:92:f5:02:ea:ec:a3:28:cb:aa:2d:27:75:20:
         ef:fd:0e:9e:c3:6d:ec:6f:e1:41:90:b9:16:66:7a:64:1d:f9:
         f6:d3:64:4e:6c:ff:d9:5b:52:7f:82:18:38:5b:b9:64:64:40:
         b8:e0:ae:97:35:ce:30:78:e3:ac:bd:13:b8:b2:24:27:f3:af:
         a3:ea:4b:e5:20:b8:c7:07:cb:31:d0:7b:3e:e5:fb:4a:cf:b9:
         8f:49:72:01:66:ca:1f:2b:c6:07:d1:ee:73:d9:3c:0f:67:26:
         b0:ec:bc:fa:65:5a:6d:16:5d:b9:f5:1d:46:b9:dd:e5:c5:6d:
         70:99:e1:7b:95:30:3d:86:51:c3:09:78:ac:ea:8c:dc:0a:7d:
         d3:21:cc:b5:86:a1:be:10:b8:54:30:5c:f9:cf:05:19:2b:b1:
         60:c2:04:3e:98:88:84:1f:a9:9a:76:58:4a:56:b8:ff:ea:ff:
         99:e9:04:a1:e5:fb:58:36:de:68:0f:e3:ee:52:c1:44:3b:e5:
         49:d5:50:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAtccL0H5uGc5bwBWdjBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODEyZjY1MWY0YmQxODY2NDA4OTJjOGI3NmE3ZTNiODc4OTM4YWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZJVy5GjqF2+RiCh0YE1PGYsw7xx
7Mo2/epnc7DOCdH62pbBf8as7Uf/BpskLcwFcfvr/v3hfi/M4PW5FEJpXNrRDa/A
r2vFAxrhheo4e1OUVnbJuhr68v0/RN5OHI6RNYq21D7dBCbwWfEC9Sqd9F45Vt1V
30AQimD6nNAMbnIZ8+tm3SNE4YLi/X2iJ17l8mUY2jrwj6NEUZh3fcsBUOLzJ//O
wxpY6tcLxDm5CsGNhvkgvQ6lvlDdXdhPb8oqSYUgoWBRGkyKMPgKUm2puSLVQCyl
E52gmi2QoCxVVmZVQbhaorwA6Ey6PkVtL6yzq17sIOFSe0wyMBpF0UOaoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEgS9lH0vRhmQIksi3an47h4k4q2MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvU0JMMlVmUzlHR1pBaVN5TGRxZmp1SGlUaXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwEeAAwQA
wHkeMA0GCSqGSIb3DQEBCwUAA4IBAQBW7cVPlNLWwZTcRaOrfVIbiJuS/y+mNhKf
aE6wdBXik1GacbcfHhKCETwY3R0CMPEy0y8zzOlANWQLApL1AursoyjLqi0ndSDv
/Q6ew23sb+FBkLkWZnpkHfn202RObP/ZW1J/ghg4W7lkZEC44K6XNc4weOOsvRO4
siQn86+j6kvlILjHB8sx0Hs+5ftKz7mPSXIBZsofK8YH0e5z2TwPZyaw7Lz6ZVpt
Fl259R1Gud3lxW1wmeF7lTA9hlHDCXis6ozcCn3TIcy1hqG+ELhUMFz5zwUZK7Fg
wgQ+mIiEH6madlhKVrj/6v+Z6QSh5ftYNt5oD+PuUsFEO+VJ1VAX
-----END CERTIFICATE-----