Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/szvcPJbPPLBThMrG0407CrLfh0E.roa
File:                     szvcPJbPPLBThMrG0407CrLfh0E.roa (raw, json)
Hash identifier:          Zcver/IAQRyZ+EVQtMBuQP0fcGPESzh4yr3MgiRaRpg=
Subject key identifier:   B3:3B:DC:3C:96:CF:3C:B0:53:84:CA:C6:D3:8D:3B:0A:B2:DF:87:41
Certificate issuer:       /CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
Certificate serial:       018CC26D5A2BFF834A9B90B870EF4BDA4642
Authority key identifier: 1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/szvcPJbPPLBThMrG0407CrLfh0E.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        164.81.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5a:2b:ff:83:4a:9b:90:b8:70:ef:4b:da:46:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b33bdc3c96cf3cb05384cac6d38d3b0ab2df8741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d4:95:bf:cb:e9:b5:66:4f:a8:6c:9f:e8:f5:
                    c9:21:d0:ce:90:06:1b:ef:ac:c4:53:c0:44:3a:97:
                    38:c4:18:91:7a:12:e3:b3:e3:9d:05:66:2c:44:8d:
                    5d:33:e4:73:6a:67:6d:44:21:22:a7:3a:06:1f:a2:
                    92:a4:42:8c:5c:70:a7:f3:77:2b:cb:86:e8:69:bb:
                    84:93:8e:2a:ca:77:06:10:8d:20:94:c4:11:3f:20:
                    6d:8c:fc:54:51:bb:a1:60:d8:57:87:63:81:02:e6:
                    c4:10:cc:01:29:f1:b3:47:ee:0e:e6:9d:ef:31:21:
                    72:41:6c:8c:cf:61:18:90:18:fd:d7:dd:6c:21:b7:
                    fd:cb:34:50:7f:c7:73:3a:ee:f7:8f:c7:bd:c2:e1:
                    f1:53:ee:8f:7e:e0:fc:a9:d4:0d:bd:c7:3c:02:32:
                    86:6c:44:9f:34:c2:cd:5f:f4:73:89:3c:e8:43:a5:
                    d3:12:09:3b:d5:29:d8:e8:6f:3d:3d:d5:80:9b:91:
                    16:55:f6:0c:6a:f3:cc:73:db:9e:07:20:24:35:c6:
                    9f:0c:6c:c9:9b:98:93:d5:64:96:7a:db:6a:95:d7:
                    ef:43:a3:fd:4c:7d:11:be:f8:6f:b4:79:ac:5c:52:
                    59:a0:a6:0f:e8:e0:2b:df:27:e1:83:7c:86:71:5f:
                    48:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:3B:DC:3C:96:CF:3C:B0:53:84:CA:C6:D3:8D:3B:0A:B2:DF:87:41
            X509v3 Authority Key Identifier:
                keyid:1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/szvcPJbPPLBThMrG0407CrLfh0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         37:c2:bf:5c:bd:08:cd:ef:84:7b:8c:d7:91:cf:d3:d2:0a:61:
         6b:ca:f2:3e:3d:5d:8e:10:d4:95:3a:1b:2b:83:af:1d:18:e6:
         ad:96:4d:89:75:0f:dd:4c:06:9b:66:ee:e0:1a:fb:90:22:59:
         3d:01:06:63:59:51:ce:25:45:9c:a6:15:5c:a2:45:c9:0c:83:
         84:cd:ee:2b:d6:32:e8:3e:28:8c:8f:16:86:53:9c:d3:53:83:
         59:fb:41:63:51:cb:2b:af:b4:76:ed:fd:84:7d:49:84:de:ed:
         e9:79:f5:47:79:0e:6a:d7:f2:5e:7b:de:dc:56:da:f8:d8:83:
         9f:87:4a:66:46:69:89:93:1d:e3:d2:fc:99:a2:5a:08:7e:86:
         43:da:56:8b:94:8a:8c:c3:a8:cd:19:69:60:89:4a:be:97:cf:
         98:2f:a9:fc:9b:4f:ab:9f:17:b4:43:0b:ba:33:cf:2e:36:d4:
         3c:75:ed:79:a5:88:ca:b2:c9:9c:a7:e7:19:16:e8:1b:42:8e:
         fe:19:d0:d4:e6:e7:8a:a0:3a:d2:2f:9b:80:2b:a2:98:81:89:
         5e:64:ee:e6:56:1d:f1:7b:85:da:bf:72:e4:6b:5e:d0:0d:ba:
         21:87:2b:cc:4d:9b:1d:10:68:59:86:43:2a:59:c3:81:f5:7c:
         c1:a7:d4:14
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbVor/4NKm5C4cO9L2kZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYmJmYTQ5ODc3YmM1ZDllNGNmNDQ2OTUwZmQxNDI3OTky
OWY0OWEwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzNiZGMzYzk2Y2YzY2IwNTM4NGNhYzZkMzhkM2IwYWIyZGY4NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdSVv8vptWZPqGyf6PXJIdDOkAYb
76zEU8BEOpc4xBiRehLjs+OdBWYsRI1dM+RzamdtRCEipzoGH6KSpEKMXHCn83cr
y4boabuEk44qyncGEI0glMQRPyBtjPxUUbuhYNhXh2OBAubEEMwBKfGzR+4O5p3v
MSFyQWyMz2EYkBj9191sIbf9yzRQf8dzOu73j8e9wuHxU+6PfuD8qdQNvcc8AjKG
bESfNMLNX/RziTzoQ6XTEgk71SnY6G89PdWAm5EWVfYMavPMc9ueByAkNcafDGzJ
m5iT1WSWettqldfvQ6P9TH0RvvhvtHmsXFJZoKYP6OAr3yfhg3yGcV9IeQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLM73DyWzzywU4TKxtONOwqy34dBMB8GA1UdIwQY
MBaAFBy7+kmHe8XZ5M9EaVD9FCeZKfSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYt
NDZiZjc2MjYxOGU3LzEvc3p2Y1BKYlBQTEJUaE1yRzA0MDdDckxmaDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYtNDZiZjc2MjYxOGU3
LzEvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMApFEwDQYJ
KoZIhvcNAQELBQADggEBADfCv1y9CM3vhHuM15HP09IKYWvK8j49XY4Q1JU6GyuD
rx0Y5q2WTYl1D91MBptm7uAa+5AiWT0BBmNZUc4lRZymFVyiRckMg4TN7ivWMug+
KIyPFoZTnNNTg1n7QWNRyyuvtHbt/YR9SYTe7el59Ud5DmrX8l573txW2vjYg5+H
SmZGaYmTHePS/JmiWgh+hkPaVouUiozDqM0ZaWCJSr6Xz5gvqfybT6ufF7RDC7oz
zy421Dx17XmliMqyyZyn5xkW6BtCjv4Z0NTm54qgOtIvm4AropiBiV5k7uZWHfF7
hdq/cuRrXtANuiGHK8xNmx0QaFmGQypZw4H1fMGn1BQ=
-----END CERTIFICATE-----