Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/SSxz9SEN53e3bjwMAXNfyBBlQzg.roa
File:                     SSxz9SEN53e3bjwMAXNfyBBlQzg.roa (raw, json)
Hash identifier:          XywDaRUvHGTmBKjdWYw8syMgm6fj1DC54+QKqotQuJc=
Subject key identifier:   49:2C:73:F5:21:0D:E7:77:B7:6E:3C:0C:01:73:5F:C8:10:65:43:38
Certificate issuer:       /CN=f4f8ec96c8ee265c3da423230a55219366dd9b28
Certificate serial:       018CC6B7ABAC08F038F993D295FC87441FE1
Authority key identifier: F4:F8:EC:96:C8:EE:26:5C:3D:A4:23:23:0A:55:21:93:66:DD:9B:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9PjslsjuJlw9pCMjClUhk2bdmyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/SSxz9SEN53e3bjwMAXNfyBBlQzg.roa
Signing time:             Mon 01 Jan 2024 20:29:34 +0000
ROA not before:           Mon 01 Jan 2024 20:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62050
IP address blocks:        185.51.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/9PjslsjuJlw9pCMjClUhk2bdmyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/9PjslsjuJlw9pCMjClUhk2bdmyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9PjslsjuJlw9pCMjClUhk2bdmyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ab:ac:08:f0:38:f9:93:d2:95:fc:87:44:1f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4f8ec96c8ee265c3da423230a55219366dd9b28
        Validity
            Not Before: Jan  1 20:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=492c73f5210de777b76e3c0c01735fc810654338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:04:71:84:84:03:4d:3e:71:3c:eb:93:d8:b5:
                    3c:3f:47:62:74:9b:7b:1f:61:ef:d3:2d:66:ad:0e:
                    73:33:24:06:d4:b8:57:2a:f7:66:8d:51:67:b9:53:
                    23:8a:0c:4e:68:99:c9:37:c8:15:b0:f7:a5:f9:7d:
                    d7:6d:b1:49:b3:a3:a3:3f:fd:9d:04:60:db:34:c7:
                    02:66:08:bd:a5:3b:fd:9d:b2:25:6b:05:28:6a:13:
                    15:3d:b8:ed:b2:e5:3f:9a:9b:13:8c:05:23:55:cd:
                    ba:19:8f:98:7d:51:87:8e:7c:53:b5:e7:7d:dd:7b:
                    bd:d4:f8:be:44:22:21:3b:e9:83:d0:f3:06:30:93:
                    50:83:17:28:4e:24:cd:c6:36:29:b4:1f:1e:67:ad:
                    b2:c5:4b:73:cb:52:b5:ca:26:22:13:46:4c:fc:4f:
                    ca:e3:79:23:5c:3e:01:93:4d:4b:6b:bb:fc:c0:fc:
                    b1:e4:21:fb:d1:04:94:7c:c2:78:64:6b:13:ab:66:
                    5e:0c:6a:82:e0:89:ee:16:5f:15:95:d4:b7:2f:da:
                    11:7e:43:66:66:90:c0:80:5d:de:0f:58:3e:30:f5:
                    a9:d1:29:89:9d:7b:fd:09:09:6a:60:ab:3c:b1:10:
                    77:c5:2a:2e:5a:35:e4:bb:67:f5:30:df:df:a2:5e:
                    f8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:2C:73:F5:21:0D:E7:77:B7:6E:3C:0C:01:73:5F:C8:10:65:43:38
            X509v3 Authority Key Identifier:
                keyid:F4:F8:EC:96:C8:EE:26:5C:3D:A4:23:23:0A:55:21:93:66:DD:9B:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9PjslsjuJlw9pCMjClUhk2bdmyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/SSxz9SEN53e3bjwMAXNfyBBlQzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/9159db-6173-408c-8e1b-8d498827f45c/1/9PjslsjuJlw9pCMjClUhk2bdmyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:04:8b:7a:ac:b3:43:93:9f:76:e8:b4:be:be:95:fd:25:1b:
         c7:70:7f:60:b7:ea:88:50:d3:3e:dd:29:5e:28:32:be:c0:e1:
         68:b8:00:bf:51:07:90:05:17:2c:e4:66:13:29:fd:a1:57:28:
         d1:f5:24:e8:b8:6c:53:15:52:32:4e:38:8a:46:a0:38:96:da:
         d8:d2:fb:b8:83:ca:41:75:20:b2:62:15:ba:8d:ff:25:5c:55:
         bc:76:48:e0:84:34:ed:92:b2:ce:4f:a7:ab:58:0d:ed:53:89:
         6d:5e:77:64:ff:0f:fe:a5:54:01:51:3c:ad:8f:eb:3c:05:ce:
         2e:bf:e2:9f:5f:a9:49:5b:79:a7:e7:0c:2c:04:9b:e7:ac:a4:
         60:c1:62:5a:dc:57:7c:0d:41:89:17:66:29:b2:b1:03:cc:c5:
         f4:62:28:87:e4:ec:ea:eb:84:39:35:37:6c:c1:57:e8:3d:0f:
         d3:cb:32:b4:4c:ee:e0:31:57:e3:dc:8d:ec:c0:dc:73:98:dd:
         63:1c:bb:21:ac:d8:ae:57:91:5d:ca:40:1f:c9:73:6f:bc:38:
         f6:94:f4:69:da:52:29:94:94:29:cf:1f:4b:ce:e7:ba:0e:64:
         9a:2e:7c:28:57:48:4f:9b:43:0b:97:7e:05:55:3b:05:cc:61:
         27:d1:65:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6usCPA4+ZPSlfyHRB/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZjhlYzk2YzhlZTI2NWMzZGE0MjMyMzBhNTUyMTkzNjZk
ZDliMjgwHhcNMjQwMTAxMjAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTJjNzNmNTIxMGRlNzc3Yjc2ZTNjMGMwMTczNWZjODEwNjU0MzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQRxhIQDTT5xPOuT2LU8P0didJt7
H2Hv0y1mrQ5zMyQG1LhXKvdmjVFnuVMjigxOaJnJN8gVsPel+X3XbbFJs6OjP/2d
BGDbNMcCZgi9pTv9nbIlawUoahMVPbjtsuU/mpsTjAUjVc26GY+YfVGHjnxTted9
3Xu91Pi+RCIhO+mD0PMGMJNQgxcoTiTNxjYptB8eZ62yxUtzy1K1yiYiE0ZM/E/K
43kjXD4Bk01La7v8wPyx5CH70QSUfMJ4ZGsTq2ZeDGqC4InuFl8VldS3L9oRfkNm
ZpDAgF3eD1g+MPWp0SmJnXv9CQlqYKs8sRB3xSouWjXku2f1MN/fol74JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEksc/UhDed3t248DAFzX8gQZUM4MB8GA1UdIwQY
MBaAFPT47JbI7iZcPaQjIwpVIZNm3ZsoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBqc2xzanVKbHc5cENNakNsVWhrMmJkbXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85MTU5ZGItNjE3My00MDhjLThlMWIt
OGQ0OTg4MjdmNDVjLzEvU1N4ejlTRU41M2UzYmp3TUFYTmZ5QkJsUXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85MTU5ZGItNjE3My00MDhjLThlMWItOGQ0OTg4MjdmNDVj
LzEvOVBqc2xzanVKbHc5cENNakNsVWhrMmJkbXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTN0MA0G
CSqGSIb3DQEBCwUAA4IBAQACBIt6rLNDk5926LS+vpX9JRvHcH9gt+qIUNM+3Sle
KDK+wOFouAC/UQeQBRcs5GYTKf2hVyjR9STouGxTFVIyTjiKRqA4ltrY0vu4g8pB
dSCyYhW6jf8lXFW8dkjghDTtkrLOT6erWA3tU4ltXndk/w/+pVQBUTytj+s8Bc4u
v+KfX6lJW3mn5wwsBJvnrKRgwWJa3Fd8DUGJF2YpsrEDzMX0YiiH5Ozq64Q5NTds
wVfoPQ/TyzK0TO7gMVfj3I3swNxzmN1jHLshrNiuV5FdykAfyXNvvDj2lPRp2lIp
lJQpzx9Lzue6DmSaLnwoV0hPm0MLl34FVTsFzGEn0WWO
-----END CERTIFICATE-----