Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/SJUMWfy-_S2bbNSGO_9IMByJtFE.roa
File:                     SJUMWfy-_S2bbNSGO_9IMByJtFE.roa (raw, json)
Hash identifier:          3Z6S1BKBJ8DeI9sOxdBvxeOO8w3UVzV2+bJCaabofVE=
Subject key identifier:   48:95:0C:59:FC:BE:FD:2D:9B:6C:D4:86:3B:FF:48:30:1C:89:B4:51
Certificate issuer:       /CN=ba99d4db12e4f0b002f60e92cc533e6f882d1508
Certificate serial:       018CC425472A717946A988935A8BF3E39525
Authority key identifier: BA:99:D4:DB:12:E4:F0:B0:02:F6:0E:92:CC:53:3E:6F:88:2D:15:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upnU2xLk8LAC9g6SzFM-b4gtFQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/SJUMWfy-_S2bbNSGO_9IMByJtFE.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.69.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/upnU2xLk8LAC9g6SzFM-b4gtFQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/upnU2xLk8LAC9g6SzFM-b4gtFQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upnU2xLk8LAC9g6SzFM-b4gtFQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:47:2a:71:79:46:a9:88:93:5a:8b:f3:e3:95:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba99d4db12e4f0b002f60e92cc533e6f882d1508
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48950c59fcbefd2d9b6cd4863bff48301c89b451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0c:a2:b9:93:a1:ba:43:ff:59:57:09:e5:17:
                    b8:30:8c:fc:fd:ed:6b:fc:db:fa:97:56:fd:e4:6e:
                    15:19:f4:12:97:01:bc:75:c6:00:d1:41:c4:00:ee:
                    16:af:e9:82:32:9b:72:fd:8a:18:f2:46:69:75:22:
                    af:01:46:e1:86:ff:fd:a4:67:db:14:09:1b:17:7e:
                    bd:bd:4e:f1:c1:8c:20:fd:48:91:fc:39:28:bd:c2:
                    d3:c1:f4:c7:5d:a5:8f:bd:30:ee:bb:2a:9f:bf:6d:
                    d2:84:b8:6d:d1:d8:d5:00:bc:ee:7d:65:00:bd:6c:
                    ba:6b:68:8b:20:39:10:5f:ae:fe:97:aa:d4:ed:45:
                    38:fc:1b:28:3f:91:4a:3d:f4:5f:fa:a2:b2:c4:9a:
                    30:bd:28:c5:db:df:a9:ac:96:97:c4:8c:e7:0c:6a:
                    36:bd:11:9c:65:bb:cc:fe:db:9b:f1:a4:11:a8:d0:
                    30:e7:47:25:0e:44:b9:db:0c:9b:a2:0e:67:0b:7c:
                    61:2e:22:4b:ed:8f:b9:e2:6b:ae:67:cf:a1:d5:d6:
                    d6:fc:69:f5:6f:58:7e:aa:50:05:85:68:d6:45:c9:
                    54:03:a8:e5:b5:4e:c6:16:4c:66:fb:e9:c4:cc:a6:
                    44:f2:d8:6f:a7:42:03:92:dd:35:2a:d8:08:c8:22:
                    12:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:95:0C:59:FC:BE:FD:2D:9B:6C:D4:86:3B:FF:48:30:1C:89:B4:51
            X509v3 Authority Key Identifier:
                keyid:BA:99:D4:DB:12:E4:F0:B0:02:F6:0E:92:CC:53:3E:6F:88:2D:15:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upnU2xLk8LAC9g6SzFM-b4gtFQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/SJUMWfy-_S2bbNSGO_9IMByJtFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2f516d-96c9-4bf2-81c8-8b48f3f40625/1/upnU2xLk8LAC9g6SzFM-b4gtFQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:18:ac:38:39:4b:46:5c:5f:e8:a0:20:c5:f7:e6:f4:6e:f3:
         93:33:19:95:27:f5:db:00:6e:34:6c:d6:8d:af:a3:4c:27:75:
         d0:13:ca:58:f3:58:64:80:aa:81:ea:36:c8:54:5e:b8:ac:6f:
         8c:f7:d4:57:30:bc:07:c0:37:c0:72:0e:74:fe:60:ed:a3:6a:
         59:18:62:0a:22:d9:6b:c8:34:34:e9:36:9a:f2:62:aa:ad:e0:
         5e:cc:72:a4:cd:6f:ae:2b:9a:90:bb:8f:ef:35:57:59:28:2a:
         cf:88:52:5f:d8:74:39:bf:47:12:cb:16:4d:a8:47:82:97:9c:
         55:47:4d:89:06:63:80:7e:9b:b0:97:6a:ee:18:e7:93:c7:c3:
         60:f3:3e:d6:bf:51:88:b5:29:0f:fa:42:31:5e:e1:47:db:74:
         6d:b4:b8:50:46:38:3c:14:c6:db:57:d4:a5:89:f3:91:b5:1a:
         84:b2:e7:5f:ed:d8:98:c0:ca:77:cf:69:d3:4d:e5:10:88:6a:
         34:51:9c:e3:83:3e:87:d3:ae:28:bc:6a:bb:e9:f4:50:75:6a:
         bb:c3:b0:a0:45:38:2d:ec:e9:83:95:f5:bb:74:a5:e2:31:09:
         b7:d5:36:dd:4a:a6:28:cb:77:e9:ec:b7:2c:84:51:58:22:a8:
         eb:ca:7a:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUcqcXlGqYiTWovz45UlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOTlkNGRiMTJlNGYwYjAwMmY2MGU5MmNjNTMzZTZmODgy
ZDE1MDgwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODk1MGM1OWZjYmVmZDJkOWI2Y2Q0ODYzYmZmNDgzMDFjODliNDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwyiuZOhukP/WVcJ5Re4MIz8/e1r
/Nv6l1b95G4VGfQSlwG8dcYA0UHEAO4Wr+mCMpty/YoY8kZpdSKvAUbhhv/9pGfb
FAkbF369vU7xwYwg/UiR/DkovcLTwfTHXaWPvTDuuyqfv23ShLht0djVALzufWUA
vWy6a2iLIDkQX67+l6rU7UU4/BsoP5FKPfRf+qKyxJowvSjF29+prJaXxIznDGo2
vRGcZbvM/tub8aQRqNAw50clDkS52wybog5nC3xhLiJL7Y+54muuZ8+h1dbW/Gn1
b1h+qlAFhWjWRclUA6jltU7GFkxm++nEzKZE8thvp0IDkt01KtgIyCISgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEiVDFn8vv0tm2zUhjv/SDAcibRRMB8GA1UdIwQY
MBaAFLqZ1NsS5PCwAvYOksxTPm+ILRUIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXBuVTJ4TGs4TEFDOWc2U3pGTS1iNGd0RlFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yZjUxNmQtOTZjOS00YmYyLTgxYzgt
OGI0OGYzZjQwNjI1LzEvU0pVTVdmeS1fUzJiYk5TR09fOUlNQnlKdEZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yZjUxNmQtOTZjOS00YmYyLTgxYzgtOGI0OGYzZjQwNjI1
LzEvdXBuVTJ4TGs4TEFDOWc2U3pGTS1iNGd0RlFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUUBMA0G
CSqGSIb3DQEBCwUAA4IBAQCRGKw4OUtGXF/ooCDF9+b0bvOTMxmVJ/XbAG40bNaN
r6NMJ3XQE8pY81hkgKqB6jbIVF64rG+M99RXMLwHwDfAcg50/mDto2pZGGIKItlr
yDQ06Taa8mKqreBezHKkzW+uK5qQu4/vNVdZKCrPiFJf2HQ5v0cSyxZNqEeCl5xV
R02JBmOAfpuwl2ruGOeTx8Ng8z7Wv1GItSkP+kIxXuFH23RttLhQRjg8FMbbV9Sl
ifORtRqEsudf7diYwMp3z2nTTeUQiGo0UZzjgz6H064ovGq76fRQdWq7w7CgRTgt
7OmDlfW7dKXiMQm31TbdSqYoy3fp7LcshFFYIqjrynqI
-----END CERTIFICATE-----