Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/KXbhOXTCcDs4lXmlvvnw9UHfSkc.roa
File:                     KXbhOXTCcDs4lXmlvvnw9UHfSkc.roa (raw, json)
Hash identifier:          XRmUhXEP+xbsO75Yn0Wg2iRbEBzrLS4nU1h4ZFhk1ZQ=
Subject key identifier:   29:76:E1:39:74:C2:70:3B:38:95:79:A5:BE:F9:F0:F5:41:DF:4A:47
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500E3C86B371460CCB7F4338A083D95
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/KXbhOXTCcDs4lXmlvvnw9UHfSkc.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212396
IP address blocks:        193.228.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 11:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e3:c8:6b:37:14:60:cc:b7:f4:33:8a:08:3d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2976e13974c2703b389579a5bef9f0f541df4a47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:54:b2:24:be:f1:f3:43:e8:9a:25:6d:10:b2:
                    a2:95:58:5f:48:ed:28:24:a1:fa:97:52:8c:6a:b5:
                    2b:df:00:70:0a:d2:d0:43:76:8c:c3:9d:a8:78:09:
                    8b:53:42:1c:ad:3e:64:c9:15:ee:a0:f7:bf:8c:29:
                    30:e5:13:c4:a3:3e:90:b6:fa:f2:6d:b6:67:d3:69:
                    88:47:09:11:c8:e4:41:8f:87:d0:8d:c1:00:a5:aa:
                    86:13:f0:3d:8c:03:f0:4d:86:38:e4:5c:b0:f1:dd:
                    8f:f6:9c:3a:96:b1:a7:7a:2f:81:03:cc:ba:66:fc:
                    e4:f0:8a:a2:4d:f0:d1:e9:7e:37:80:ea:e8:77:ba:
                    ea:92:40:7c:83:d3:57:e0:56:7f:a4:3e:da:af:57:
                    9d:84:45:7c:f8:33:15:9a:26:a5:83:f1:cf:9b:8c:
                    c2:41:13:3c:46:27:08:6b:92:8f:b4:ca:3e:5b:d9:
                    ec:33:8d:20:2e:a0:9e:ce:cd:b0:56:f3:9d:d8:4e:
                    62:3b:7d:53:ad:a9:fb:43:4c:a4:a7:78:cc:c2:19:
                    bc:3c:53:75:3b:7f:d8:f6:d1:65:48:c0:a8:39:7f:
                    4e:bf:92:55:27:d5:f4:7c:19:0c:da:8b:03:e1:2e:
                    2f:15:55:0a:69:80:b6:a4:20:53:c4:34:81:ca:4c:
                    fb:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:76:E1:39:74:C2:70:3B:38:95:79:A5:BE:F9:F0:F5:41:DF:4A:47
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/KXbhOXTCcDs4lXmlvvnw9UHfSkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:d6:b2:90:4c:5d:e4:d7:61:92:d2:7d:e5:12:b8:dc:7e:5b:
         24:89:40:51:4e:f9:0d:a8:7c:8c:77:32:da:f7:01:b6:eb:fc:
         1d:ab:59:66:1b:12:f5:5f:0e:d5:05:30:93:cd:f6:68:e1:01:
         f3:26:f2:3c:ff:2f:b7:aa:36:3c:ef:0c:ce:01:fe:9b:35:5b:
         08:43:47:45:f4:07:8d:29:8e:6b:7d:66:07:87:ac:3c:c6:48:
         41:f2:56:72:1f:9c:ad:57:35:b6:73:62:82:8a:dc:3a:f6:90:
         47:7f:8c:6e:b5:f4:f4:20:33:97:3d:e3:91:7c:d0:49:9a:6d:
         40:ed:f0:e2:c7:9f:51:33:83:a1:c4:14:aa:04:4d:f4:eb:92:
         8a:bd:76:fc:d9:a0:87:4b:1b:7f:56:0e:30:52:be:13:9e:12:
         88:28:ec:c0:22:c3:c6:ae:6c:9e:e6:c9:3d:17:32:75:24:a7:
         45:45:0e:07:85:b4:5d:16:7b:04:d8:cc:7c:f1:a0:7b:7e:3b:
         1a:86:6e:cb:cc:9e:b3:94:0d:7a:34:de:e8:49:00:f4:61:31:
         59:cf:f6:17:db:16:d5:2c:79:a3:7f:d2:da:60:1c:7e:57:b4:
         9a:65:05:22:02:24:d5:62:62:03:4a:3a:09:93:21:17:d1:e1:
         2b:4e:ef:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOPIazcUYMy39DOKCD2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc2ZTEzOTc0YzI3MDNiMzg5NTc5YTViZWY5ZjBmNTQxZGY0YTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVSyJL7x80PomiVtELKilVhfSO0o
JKH6l1KMarUr3wBwCtLQQ3aMw52oeAmLU0IcrT5kyRXuoPe/jCkw5RPEoz6Qtvry
bbZn02mIRwkRyORBj4fQjcEApaqGE/A9jAPwTYY45Fyw8d2P9pw6lrGnei+BA8y6
Zvzk8IqiTfDR6X43gOrod7rqkkB8g9NX4FZ/pD7ar1edhEV8+DMVmialg/HPm4zC
QRM8RicIa5KPtMo+W9nsM40gLqCezs2wVvOd2E5iO31Tran7Q0ykp3jMwhm8PFN1
O3/Y9tFlSMCoOX9Ov5JVJ9X0fBkM2osD4S4vFVUKaYC2pCBTxDSBykz7/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCl24Tl0wnA7OJV5pb758PVB30pHMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvS1hiaE9YVENjRHM0bFhtbHZ2bnc5VUhmU2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweThMA0G
CSqGSIb3DQEBCwUAA4IBAQB61rKQTF3k12GS0n3lErjcflskiUBRTvkNqHyMdzLa
9wG26/wdq1lmGxL1Xw7VBTCTzfZo4QHzJvI8/y+3qjY87wzOAf6bNVsIQ0dF9AeN
KY5rfWYHh6w8xkhB8lZyH5ytVzW2c2KCitw69pBHf4xutfT0IDOXPeORfNBJmm1A
7fDix59RM4OhxBSqBE3065KKvXb82aCHSxt/Vg4wUr4TnhKIKOzAIsPGrmye5sk9
FzJ1JKdFRQ4HhbRdFnsE2Mx88aB7fjsahm7LzJ6zlA16NN7oSQD0YTFZz/YX2xbV
LHmjf9LaYBx+V7SaZQUiAiTVYmIDSjoJkyEX0eErTu8z
-----END CERTIFICATE-----