Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/7f8f76-0d9d-46af-9bea-47e4e274cf64/1/XWx_F0uP15kBb0N3r6bW-XfEcOY.roa
File:                     XWx_F0uP15kBb0N3r6bW-XfEcOY.roa (raw, json)
Hash identifier:          fRZMyS6SWMFeQpNDD71QijiHBW1lpLJSGhL6HbxE1IY=
Subject key identifier:   5D:6C:7F:17:4B:8F:D7:99:01:6F:43:77:AF:A6:D6:F9:77:C4:70:E6
Certificate issuer:       /CN=baa5aea6f180a9a8ad984535ed2e64bcfcb3fe1a
Certificate serial:       018CC349484882E2DE23C244399593651FD9
Authority key identifier: BA:A5:AE:A6:F1:80:A9:A8:AD:98:45:35:ED:2E:64:BC:FC:B3:FE:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqWupvGAqaitmEU17S5kvPyz_ho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/7f8f76-0d9d-46af-9bea-47e4e274cf64/1/XWx_F0uP15kBb0N3r6bW-XfEcOY.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210104
IP address blocks:        193.105.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/7f8f76-0d9d-46af-9bea-47e4e274cf64/1/uqWupvGAqaitmEU17S5kvPyz_ho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/7f8f76-0d9d-46af-9bea-47e4e274cf64/1/uqWupvGAqaitmEU17S5kvPyz_ho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqWupvGAqaitmEU17S5kvPyz_ho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:48:48:82:e2:de:23:c2:44:39:95:93:65:1f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa5aea6f180a9a8ad984535ed2e64bcfcb3fe1a
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d6c7f174b8fd799016f4377afa6d6f977c470e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:58:b2:b3:ea:30:b0:4e:c7:82:3e:ff:48:cd:
                    c7:c0:34:50:55:bb:dd:55:6c:c5:c2:3d:35:10:91:
                    fe:a0:5f:1f:1b:9a:6b:84:2d:97:c2:df:44:15:db:
                    11:03:66:de:4f:03:7f:b0:b7:6b:53:e7:1e:fd:01:
                    26:dd:02:2d:0f:69:7c:d0:b0:90:9f:f5:3c:e6:41:
                    4e:82:6c:48:f8:60:a8:42:c4:07:46:8a:56:30:22:
                    a4:f9:0d:5d:48:05:c4:fb:68:6a:fa:3f:01:31:95:
                    44:9d:99:77:3d:c6:71:28:7a:7f:53:d7:63:00:51:
                    96:63:b2:25:ee:71:7a:94:8f:55:b9:73:ae:0a:5a:
                    ee:ee:81:8b:7b:8b:3c:d4:44:9e:2b:de:91:01:65:
                    c2:7a:94:58:ec:68:dc:08:06:af:f1:ca:37:8b:c0:
                    a0:cf:86:eb:39:89:49:7d:d5:a4:04:4e:1e:ec:9a:
                    5c:26:29:cf:60:ba:99:8e:68:ae:e5:72:f5:b1:fa:
                    c9:91:f2:36:90:94:02:1f:b9:43:75:16:dd:13:85:
                    ab:2f:87:02:a5:ae:09:3c:37:80:da:da:dd:e9:28:
                    b4:5e:90:67:b3:ab:2c:02:7b:c0:ea:52:b0:97:60:
                    c9:e3:2c:a6:80:b8:2d:6c:b3:4a:d8:48:ca:c7:0b:
                    fa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:6C:7F:17:4B:8F:D7:99:01:6F:43:77:AF:A6:D6:F9:77:C4:70:E6
            X509v3 Authority Key Identifier:
                keyid:BA:A5:AE:A6:F1:80:A9:A8:AD:98:45:35:ED:2E:64:BC:FC:B3:FE:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqWupvGAqaitmEU17S5kvPyz_ho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/7f8f76-0d9d-46af-9bea-47e4e274cf64/1/XWx_F0uP15kBb0N3r6bW-XfEcOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/7f8f76-0d9d-46af-9bea-47e4e274cf64/1/uqWupvGAqaitmEU17S5kvPyz_ho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ad:0c:78:4a:a3:ac:c5:c4:ee:cf:79:fc:a7:1c:8f:e4:5b:
         3f:ec:bd:d9:ce:d4:85:4f:64:ce:c9:45:48:9f:80:80:d2:f9:
         5c:55:8e:80:6d:0f:c8:7a:89:64:55:a5:27:bd:24:7c:8b:21:
         6b:c6:e4:de:c7:3e:bb:15:75:c2:d4:01:dd:73:30:44:34:d1:
         20:1a:88:7e:51:a5:95:7b:43:e3:7e:43:78:98:22:dc:08:e0:
         43:0e:07:2b:a3:11:67:76:cb:08:bd:63:8d:1c:c1:e0:37:dd:
         5c:8c:d6:67:be:84:36:7a:4b:6b:03:27:6c:9e:29:84:ee:f9:
         9b:c2:14:12:75:51:bf:19:b5:12:ae:ef:8d:1d:ab:c9:e8:6e:
         3b:8b:4c:0d:d5:fd:58:fa:61:b1:8f:6d:72:6d:ac:e5:0d:3a:
         a9:2d:10:f4:f2:fd:fb:ef:5a:73:bf:f8:dc:c4:b2:6c:8a:13:
         29:f5:26:38:b3:aa:cd:d7:06:a3:30:70:b2:7c:ae:5f:e6:47:
         1e:44:d3:af:9a:e5:55:02:41:cc:71:0f:0c:5e:41:dc:c8:45:
         69:2d:2d:c6:d7:15:bb:01:45:cf:33:d4:45:d1:04:27:49:2b:
         ea:65:5c:60:46:c9:86:43:e7:ee:35:0c:6d:8b:bd:8b:26:59:
         2a:57:df:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUhIguLeI8JEOZWTZR/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTVhZWE2ZjE4MGE5YThhZDk4NDUzNWVkMmU2NGJjZmNi
M2ZlMWEwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDZjN2YxNzRiOGZkNzk5MDE2ZjQzNzdhZmE2ZDZmOTc3YzQ3MGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApViys+owsE7Hgj7/SM3HwDRQVbvd
VWzFwj01EJH+oF8fG5prhC2Xwt9EFdsRA2beTwN/sLdrU+ce/QEm3QItD2l80LCQ
n/U85kFOgmxI+GCoQsQHRopWMCKk+Q1dSAXE+2hq+j8BMZVEnZl3PcZxKHp/U9dj
AFGWY7Il7nF6lI9VuXOuClru7oGLe4s81ESeK96RAWXCepRY7GjcCAav8co3i8Cg
z4brOYlJfdWkBE4e7JpcJinPYLqZjmiu5XL1sfrJkfI2kJQCH7lDdRbdE4WrL4cC
pa4JPDeA2trd6Si0XpBns6ssAnvA6lKwl2DJ4yymgLgtbLNK2EjKxwv6cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1sfxdLj9eZAW9Dd6+m1vl3xHDmMB8GA1UdIwQY
MBaAFLqlrqbxgKmorZhFNe0uZLz8s/4aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFXdXB2R0FxYWl0bUVVMTdTNWt2UHl6X2hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS83ZjhmNzYtMGQ5ZC00NmFmLTliZWEt
NDdlNGUyNzRjZjY0LzEvWFd4X0YwdVAxNWtCYjBOM3I2YlctWGZFY09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS83ZjhmNzYtMGQ5ZC00NmFmLTliZWEtNDdlNGUyNzRjZjY0
LzEvdXFXdXB2R0FxYWl0bUVVMTdTNWt2UHl6X2hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlTMA0G
CSqGSIb3DQEBCwUAA4IBAQALrQx4SqOsxcTuz3n8pxyP5Fs/7L3ZztSFT2TOyUVI
n4CA0vlcVY6AbQ/IeolkVaUnvSR8iyFrxuTexz67FXXC1AHdczBENNEgGoh+UaWV
e0PjfkN4mCLcCOBDDgcroxFndssIvWONHMHgN91cjNZnvoQ2ektrAydsnimE7vmb
whQSdVG/GbUSru+NHavJ6G47i0wN1f1Y+mGxj21ybazlDTqpLRD08v3771pzv/jc
xLJsihMp9SY4s6rN1wajMHCyfK5f5kceRNOvmuVVAkHMcQ8MXkHcyEVpLS3G1xW7
AUXPM9RF0QQnSSvqZVxgRsmGQ+fuNQxti72LJlkqV9/E
-----END CERTIFICATE-----