Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/SibE2RclIlqaGvS9CLbxPMBvROw.roa
File:                     SibE2RclIlqaGvS9CLbxPMBvROw.roa (raw, json)
Hash identifier:          o1fhJFJzYJ3yXlVTxlbnSBgDxVQkcIGX8bewGewRN9M=
Subject key identifier:   4A:26:C4:D9:17:25:22:5A:9A:1A:F4:BD:08:B6:F1:3C:C0:6F:44:EC
Certificate issuer:       /CN=a4dd79707124b20672e69c38e17b666b7fae7c1d
Certificate serial:       018EF74C71830C17082FC367F306B28EA0D2
Authority key identifier: A4:DD:79:70:71:24:B2:06:72:E6:9C:38:E1:7B:66:6B:7F:AE:7C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pN15cHEksgZy5pw44Xtma3-ufB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/SibE2RclIlqaGvS9CLbxPMBvROw.roa
Signing time:             Fri 19 Apr 2024 16:59:25 +0000
ROA not before:           Fri 19 Apr 2024 16:59:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51933
IP address blocks:        46.183.32.0/21 maxlen: 21
                          194.125.228.0/22 maxlen: 22
                          2a0b:2a00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/pN15cHEksgZy5pw44Xtma3-ufB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/pN15cHEksgZy5pw44Xtma3-ufB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pN15cHEksgZy5pw44Xtma3-ufB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:4c:71:83:0c:17:08:2f:c3:67:f3:06:b2:8e:a0:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4dd79707124b20672e69c38e17b666b7fae7c1d
        Validity
            Not Before: Apr 19 16:59:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a26c4d91725225a9a1af4bd08b6f13cc06f44ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b5:dc:57:d0:9b:2e:de:c1:3a:8d:37:fa:bb:
                    7f:2a:83:e4:74:a8:f9:e1:42:96:b7:fb:67:8b:0a:
                    26:53:61:79:64:4c:7b:f1:c1:18:98:4c:06:21:71:
                    68:41:65:90:94:f1:a8:a4:2d:a3:9c:9f:3a:49:c0:
                    46:c2:38:ee:c0:60:61:34:12:60:77:c3:73:8d:13:
                    ee:d4:91:10:8e:10:87:45:e0:fd:62:b5:0f:97:f3:
                    d7:04:15:2b:13:f2:62:1a:82:8b:74:e9:21:52:d4:
                    6e:78:c1:c7:41:2c:9c:3c:77:29:3b:e5:e2:72:f1:
                    19:32:5d:20:8c:81:5d:02:ac:b2:0c:f6:d1:77:d1:
                    ea:0f:93:ed:a6:4c:42:4a:df:b3:47:ad:cc:b5:9b:
                    f1:02:4e:61:b6:1a:0a:be:f0:c1:0d:0c:11:dc:22:
                    4a:0f:70:00:44:25:7e:8b:34:8e:d4:f1:be:52:dd:
                    8a:97:6b:3e:7b:91:56:57:c1:5a:0b:0a:a7:8d:98:
                    3a:2f:b6:6b:68:9c:e6:ce:1b:db:ee:65:57:d1:37:
                    3e:1e:70:2d:8a:33:f0:40:d5:50:e8:61:da:be:b7:
                    03:2a:5a:e9:d7:2e:3e:c1:df:e4:2a:00:0f:37:83:
                    4a:dd:43:d5:42:91:28:82:5f:3f:9b:24:a9:29:04:
                    37:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:26:C4:D9:17:25:22:5A:9A:1A:F4:BD:08:B6:F1:3C:C0:6F:44:EC
            X509v3 Authority Key Identifier:
                keyid:A4:DD:79:70:71:24:B2:06:72:E6:9C:38:E1:7B:66:6B:7F:AE:7C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pN15cHEksgZy5pw44Xtma3-ufB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/SibE2RclIlqaGvS9CLbxPMBvROw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/pN15cHEksgZy5pw44Xtma3-ufB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.32.0/21
                  194.125.228.0/22
                IPv6:
                  2a0b:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:1a:cf:e5:44:c7:d7:72:54:32:40:66:8b:6d:bc:ee:8b:78:
         34:fc:4e:da:28:52:87:80:20:3f:b6:d4:c5:7c:85:40:1d:39:
         75:bd:8a:2e:e4:c5:f5:6a:65:2e:47:21:0e:e9:c6:74:4a:06:
         d5:06:42:f0:5e:51:5d:37:14:52:de:02:16:89:c8:5d:55:0b:
         9d:31:22:dc:fd:83:2e:73:25:7b:fb:1d:67:cc:43:1a:4c:df:
         8d:e6:11:8e:87:aa:b4:e2:79:cd:10:cb:a8:a8:d7:fe:b2:12:
         89:36:c6:19:0b:74:8f:33:6d:6d:65:71:a0:b3:3f:19:b4:fd:
         67:0e:86:1f:73:0d:3d:e2:7d:85:a8:c7:5a:f7:bf:08:12:65:
         d5:d9:b3:e7:7d:71:d5:bb:52:14:da:fb:7b:c2:6a:19:24:dd:
         55:c5:db:60:0d:fe:58:28:47:72:78:d0:e6:09:d6:62:3a:3e:
         b1:ca:89:f3:c0:72:dd:c9:35:da:ee:38:1b:cc:de:c4:f5:06:
         e0:fc:54:ec:58:c4:a9:22:08:9f:75:1d:1e:d7:45:fb:ff:90:
         22:e2:e5:71:ec:6a:a6:a1:6b:d5:44:a1:41:12:d5:b9:d8:86:
         6c:66:fe:5c:a3:c0:ee:ca:b4:63:fd:57:86:b9:35:2d:9e:5c:
         d3:48:66:54
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY73THGDDBcIL8Nn8wayjqDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZGQ3OTcwNzEyNGIyMDY3MmU2OWMzOGUxN2I2NjZiN2Zh
ZTdjMWQwHhcNMjQwNDE5MTY1OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI2YzRkOTE3MjUyMjVhOWExYWY0YmQwOGI2ZjEzY2MwNmY0NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLXcV9CbLt7BOo03+rt/KoPkdKj5
4UKWt/tniwomU2F5ZEx78cEYmEwGIXFoQWWQlPGopC2jnJ86ScBGwjjuwGBhNBJg
d8NzjRPu1JEQjhCHReD9YrUPl/PXBBUrE/JiGoKLdOkhUtRueMHHQSycPHcpO+Xi
cvEZMl0gjIFdAqyyDPbRd9HqD5PtpkxCSt+zR63MtZvxAk5hthoKvvDBDQwR3CJK
D3AARCV+izSO1PG+Ut2Kl2s+e5FWV8FaCwqnjZg6L7ZraJzmzhvb7mVX0Tc+HnAt
ijPwQNVQ6GHavrcDKlrp1y4+wd/kKgAPN4NK3UPVQpEogl8/mySpKQQ37wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEomxNkXJSJamhr0vQi28TzAb0TsMB8GA1UdIwQY
MBaAFKTdeXBxJLIGcuacOOF7Zmt/rnwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE4xNWNIRWtzZ1p5NXB3NDRYdG1hMy11ZkIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84ZDFjZWEtNGQ5ZC00OTA2LTk4ZDct
NzE4OGQ5MWE2Y2E5LzEvU2liRTJSY2xJbHFhR3ZTOUNMYnhQTUJ2Uk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84ZDFjZWEtNGQ5ZC00OTA2LTk4ZDctNzE4OGQ5MWE2Y2E5
LzEvcE4xNWNIRWtzZ1p5NXB3NDRYdG1hMy11ZkIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLrcgAwQC
wn3kMA0EAgACMAcDBQAqCyoAMA0GCSqGSIb3DQEBCwUAA4IBAQBPGs/lRMfXclQy
QGaLbbzui3g0/E7aKFKHgCA/ttTFfIVAHTl1vYou5MX1amUuRyEO6cZ0SgbVBkLw
XlFdNxRS3gIWichdVQudMSLc/YMucyV7+x1nzEMaTN+N5hGOh6q04nnNEMuoqNf+
shKJNsYZC3SPM21tZXGgsz8ZtP1nDoYfcw094n2FqMda978IEmXV2bPnfXHVu1IU
2vt7wmoZJN1VxdtgDf5YKEdyeNDmCdZiOj6xyonzwHLdyTXa7jgbzN7E9Qbg/FTs
WMSpIgifdR0e10X7/5Ai4uVx7GqmoWvVRKFBEtW52IZsZv5co8DuyrRj/VeGuTUt
nlzTSGZU
-----END CERTIFICATE-----