Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1e444e-1c9c-41b7-a371-d2b23a355eda/1/xRLcxCY78ZXkT-imFV-d_9EOfEU.roa
File:                     xRLcxCY78ZXkT-imFV-d_9EOfEU.roa (raw, json)
Hash identifier:          7EnY32gxDrSwa3e2/ezt6oBcGWwuzlYjRAzKPz9Uze8=
Subject key identifier:   C5:12:DC:C4:26:3B:F1:95:E4:4F:E8:A6:15:5F:9D:FF:D1:0E:7C:45
Certificate issuer:       /CN=05a08fb9af4d6cafccfae3b28ec6ed49c423efc6
Certificate serial:       018CC793478ECA03668C6AB7540EC1B3FF92
Authority key identifier: 05:A0:8F:B9:AF:4D:6C:AF:CC:FA:E3:B2:8E:C6:ED:49:C4:23:EF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BaCPua9NbK_M-uOyjsbtScQj78Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1e444e-1c9c-41b7-a371-d2b23a355eda/1/xRLcxCY78ZXkT-imFV-d_9EOfEU.roa
Signing time:             Tue 02 Jan 2024 00:29:27 +0000
ROA not before:           Tue 02 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211702
IP address blocks:        193.163.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/1e444e-1c9c-41b7-a371-d2b23a355eda/1/BaCPua9NbK_M-uOyjsbtScQj78Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/1e444e-1c9c-41b7-a371-d2b23a355eda/1/BaCPua9NbK_M-uOyjsbtScQj78Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BaCPua9NbK_M-uOyjsbtScQj78Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:47:8e:ca:03:66:8c:6a:b7:54:0e:c1:b3:ff:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05a08fb9af4d6cafccfae3b28ec6ed49c423efc6
        Validity
            Not Before: Jan  2 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c512dcc4263bf195e44fe8a6155f9dffd10e7c45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c8:ef:61:1d:af:06:21:a7:82:91:64:c6:19:
                    d0:48:0d:30:05:e9:93:7b:f7:8d:21:76:1d:81:4f:
                    9a:36:27:9d:57:b7:f8:af:53:fb:50:6a:8d:d3:6f:
                    48:9e:26:08:ab:86:af:5c:cb:0f:41:3e:56:b4:5c:
                    6f:d0:c3:9b:2a:17:d6:b7:d0:a7:b8:c7:b5:98:56:
                    b8:5f:59:d4:06:6e:0f:48:ab:9b:bd:4c:05:b1:e8:
                    34:c4:49:03:8e:ac:63:0d:3d:03:1a:79:c0:b3:36:
                    0e:91:81:4c:53:59:96:bd:6a:d3:5e:b5:e8:4f:8b:
                    97:31:8e:fa:78:68:8e:cd:7d:03:2e:8b:19:54:78:
                    1f:3c:6c:d5:65:ca:e3:0b:6d:d1:9a:11:9e:ba:ba:
                    96:75:c7:ce:2c:d2:f6:b7:1e:b2:48:d2:00:d9:79:
                    25:66:a0:ec:44:67:cf:5c:f7:b4:37:a1:8e:62:c1:
                    8f:88:8a:d6:2b:48:cd:ba:15:88:16:84:82:fa:2e:
                    e7:f0:b8:e8:38:2d:0b:69:a7:c7:0f:8e:a8:1e:4c:
                    ba:45:82:3d:34:3d:98:9a:f2:2f:d5:ec:f7:af:fa:
                    83:38:0e:b5:84:bc:45:58:9d:66:1c:21:36:5b:58:
                    84:cd:0b:12:ab:c2:ff:f2:88:a8:7c:d0:b7:27:22:
                    2d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:12:DC:C4:26:3B:F1:95:E4:4F:E8:A6:15:5F:9D:FF:D1:0E:7C:45
            X509v3 Authority Key Identifier:
                keyid:05:A0:8F:B9:AF:4D:6C:AF:CC:FA:E3:B2:8E:C6:ED:49:C4:23:EF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BaCPua9NbK_M-uOyjsbtScQj78Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1e444e-1c9c-41b7-a371-d2b23a355eda/1/xRLcxCY78ZXkT-imFV-d_9EOfEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1e444e-1c9c-41b7-a371-d2b23a355eda/1/BaCPua9NbK_M-uOyjsbtScQj78Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:2a:08:60:4b:9d:03:10:69:17:af:8e:ca:5d:ce:b3:8e:3c:
         d4:4f:a6:da:33:26:ef:17:fd:89:66:a4:70:6f:f8:86:f1:65:
         3e:83:1e:46:76:77:37:6c:1c:4b:7f:ac:76:b3:ae:a1:14:71:
         f8:cf:58:53:d2:3b:ab:7c:49:13:20:0b:ba:79:b1:a0:27:58:
         10:8a:c3:00:e4:70:0c:4a:85:46:5d:44:a8:e1:8b:7e:b1:68:
         f4:5a:34:27:72:66:e2:12:65:86:36:2c:73:02:77:59:7d:12:
         10:b3:c4:01:ea:42:5a:97:32:2d:fb:20:64:8d:e9:14:34:91:
         14:6c:08:b8:19:1a:98:85:89:d7:ff:c8:e1:57:97:f2:73:82:
         ba:f5:6d:e7:75:53:57:1b:ea:4e:b7:14:e3:3d:de:a5:dc:b4:
         08:9e:dd:50:fc:2b:6a:55:72:a9:c1:94:da:71:ce:e8:f7:50:
         8e:34:7c:34:59:da:ad:db:e0:49:f9:7f:9e:c9:23:79:94:f6:
         15:fb:42:b7:5c:9e:ab:a9:6c:ea:3a:a8:72:58:19:95:d2:90:
         85:29:c2:3c:44:b9:38:9e:3e:e4:20:9b:84:b7:46:d5:fc:21:
         ce:ad:b5:c8:0e:3d:45:ed:d5:5e:be:44:d5:57:aa:71:fb:5b:
         2e:a6:61:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk0eOygNmjGq3VA7Bs/+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YTA4ZmI5YWY0ZDZjYWZjY2ZhZTNiMjhlYzZlZDQ5YzQy
M2VmYzYwHhcNMjQwMTAyMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTEyZGNjNDI2M2JmMTk1ZTQ0ZmU4YTYxNTVmOWRmZmQxMGU3YzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMjvYR2vBiGngpFkxhnQSA0wBemT
e/eNIXYdgU+aNiedV7f4r1P7UGqN029IniYIq4avXMsPQT5WtFxv0MObKhfWt9Cn
uMe1mFa4X1nUBm4PSKubvUwFseg0xEkDjqxjDT0DGnnAszYOkYFMU1mWvWrTXrXo
T4uXMY76eGiOzX0DLosZVHgfPGzVZcrjC23RmhGeurqWdcfOLNL2tx6ySNIA2Xkl
ZqDsRGfPXPe0N6GOYsGPiIrWK0jNuhWIFoSC+i7n8LjoOC0LaafHD46oHky6RYI9
ND2YmvIv1ez3r/qDOA61hLxFWJ1mHCE2W1iEzQsSq8L/8oiofNC3JyItDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUS3MQmO/GV5E/ophVfnf/RDnxFMB8GA1UdIwQY
MBaAFAWgj7mvTWyvzPrjso7G7UnEI+/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmFDUHVhOU5iS19NLXVPeWpzYnRTY1FqNzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xZTQ0NGUtMWM5Yy00MWI3LWEzNzEt
ZDJiMjNhMzU1ZWRhLzEveFJMY3hDWTc4WlhrVC1pbUZWLWRfOUVPZkVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xZTQ0NGUtMWM5Yy00MWI3LWEzNzEtZDJiMjNhMzU1ZWRh
LzEvQmFDUHVhOU5iS19NLXVPeWpzYnRTY1FqNzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaOQMA0G
CSqGSIb3DQEBCwUAA4IBAQCVKghgS50DEGkXr47KXc6zjjzUT6baMybvF/2JZqRw
b/iG8WU+gx5Gdnc3bBxLf6x2s66hFHH4z1hT0jurfEkTIAu6ebGgJ1gQisMA5HAM
SoVGXUSo4Yt+sWj0WjQncmbiEmWGNixzAndZfRIQs8QB6kJalzIt+yBkjekUNJEU
bAi4GRqYhYnX/8jhV5fyc4K69W3ndVNXG+pOtxTjPd6l3LQInt1Q/CtqVXKpwZTa
cc7o91CONHw0Wdqt2+BJ+X+eySN5lPYV+0K3XJ6rqWzqOqhyWBmV0pCFKcI8RLk4
nj7kIJuEt0bV/CHOrbXIDj1F7dVevkTVV6px+1supmFS
-----END CERTIFICATE-----