Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/xDEUDLuVNtWO7N4Ug_p4rt0fOds.roa
File:                     xDEUDLuVNtWO7N4Ug_p4rt0fOds.roa (raw, json)
Hash identifier:          fuuXRRqQTnjE2HWqyqXdd9e9V13lPC+nPP7au7xybgM=
Subject key identifier:   C4:31:14:0C:BB:95:36:D5:8E:EC:DE:14:83:FA:78:AE:DD:1F:39:DB
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018F5EED3C0A19813111DE80D4312D5ECB3C
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/xDEUDLuVNtWO7N4Ug_p4rt0fOds.roa
Signing time:             Thu 09 May 2024 19:55:56 +0000
ROA not before:           Thu 09 May 2024 19:55:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215009
IP address blocks:        193.34.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5e:ed:3c:0a:19:81:31:11:de:80:d4:31:2d:5e:cb:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: May  9 19:55:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c431140cbb9536d58eecde1483fa78aedd1f39db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:37:c9:57:4e:8e:d9:02:77:70:5b:77:46:98:
                    6e:23:a9:fa:91:f6:b7:5f:32:fa:e1:2c:45:fb:0a:
                    d2:d6:c5:03:e4:45:e0:2e:e1:c4:bd:4b:80:d4:f2:
                    b4:2f:aa:12:96:55:35:95:fd:06:17:15:a9:0a:b3:
                    27:b1:32:c3:26:eb:ae:17:51:1a:08:65:af:37:2f:
                    41:84:95:d1:68:68:da:a8:29:ff:e7:bb:e9:12:02:
                    e2:ab:72:6b:5a:aa:1d:57:5a:43:c1:fb:1a:69:0a:
                    62:d6:ce:77:18:73:da:54:3b:5b:a9:4e:4d:76:60:
                    22:fb:52:d2:c9:cb:c7:3e:12:2a:da:1b:55:7d:9b:
                    34:ce:46:1d:e8:ae:6a:e1:4a:db:40:f6:dc:49:b2:
                    39:ff:14:65:39:c8:66:38:74:41:bc:92:fb:0d:94:
                    48:15:ea:6a:c4:98:05:b4:f9:23:98:aa:e4:3c:1b:
                    92:7b:4c:6a:f5:f1:7e:da:c2:65:61:05:da:11:fb:
                    4f:2c:53:1e:09:56:cd:02:1b:b2:d6:93:65:14:6e:
                    8c:70:17:57:4a:d5:d6:37:5a:f5:cb:3f:d5:ef:2f:
                    d1:f7:e2:b9:d8:8f:77:10:0a:b0:dc:24:7c:a6:74:
                    94:1b:ee:86:4b:d5:13:48:9c:5d:88:07:a7:23:f6:
                    ad:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:31:14:0C:BB:95:36:D5:8E:EC:DE:14:83:FA:78:AE:DD:1F:39:DB
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/xDEUDLuVNtWO7N4Ug_p4rt0fOds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:a7:f4:dc:75:38:a0:78:d4:b0:c7:16:a0:90:80:54:eb:20:
         4f:93:ff:ed:c1:34:4c:ad:58:c6:ae:96:e2:89:1c:e2:09:ab:
         17:dc:79:4f:3b:13:a5:17:e4:51:56:74:59:ce:30:7e:01:9f:
         7a:5c:bc:04:53:89:c8:e5:bf:d0:74:7d:79:23:7e:ad:e3:10:
         35:fa:05:c8:96:e9:e2:a9:fc:62:ef:94:fd:f1:85:e6:f1:03:
         6a:93:b5:18:f0:20:29:05:39:2e:73:9b:97:61:fe:56:83:c7:
         5f:16:2c:34:5a:4b:d7:65:b2:34:57:42:36:ba:f3:a2:b9:8b:
         ee:c3:be:ee:95:3e:b1:58:f4:92:8a:4d:d2:e1:df:b8:62:5a:
         10:9f:82:bb:c2:02:18:9b:57:8c:67:95:cf:e4:40:ad:88:2b:
         44:8d:10:8f:9d:97:25:ff:19:c8:5a:31:0b:d8:99:e0:b4:f3:
         b5:66:cc:9f:10:41:82:3c:f1:d4:90:4f:cb:ad:a3:0f:c7:81:
         de:7a:c2:3f:0f:db:62:f0:0c:94:1b:26:ea:5e:cf:c1:f5:4c:
         b2:56:40:d0:8c:73:9c:3c:2f:9c:1d:c5:78:26:21:d9:31:3b:
         30:88:9a:fd:d4:de:8e:c8:ac:3a:06:4d:cb:be:bc:76:41:15:
         db:68:06:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9e7TwKGYExEd6A1DEtXss8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwNTA5MTk1NTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDMxMTQwY2JiOTUzNmQ1OGVlY2RlMTQ4M2ZhNzhhZWRkMWYzOWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjfJV06O2QJ3cFt3RphuI6n6kfa3
XzL64SxF+wrS1sUD5EXgLuHEvUuA1PK0L6oSllU1lf0GFxWpCrMnsTLDJuuuF1Ea
CGWvNy9BhJXRaGjaqCn/57vpEgLiq3JrWqodV1pDwfsaaQpi1s53GHPaVDtbqU5N
dmAi+1LSycvHPhIq2htVfZs0zkYd6K5q4UrbQPbcSbI5/xRlOchmOHRBvJL7DZRI
FepqxJgFtPkjmKrkPBuSe0xq9fF+2sJlYQXaEftPLFMeCVbNAhuy1pNlFG6McBdX
StXWN1r1yz/V7y/R9+K52I93EAqw3CR8pnSUG+6GS9UTSJxdiAenI/atkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQxFAy7lTbVjuzeFIP6eK7dHznbMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEveERFVURMdVZOdFdPN040VWdfcDRydDBmT2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSIxMA0G
CSqGSIb3DQEBCwUAA4IBAQChp/TcdTigeNSwxxagkIBU6yBPk//twTRMrVjGrpbi
iRziCasX3HlPOxOlF+RRVnRZzjB+AZ96XLwEU4nI5b/QdH15I36t4xA1+gXIluni
qfxi75T98YXm8QNqk7UY8CApBTkuc5uXYf5Wg8dfFiw0WkvXZbI0V0I2uvOiuYvu
w77ulT6xWPSSik3S4d+4YloQn4K7wgIYm1eMZ5XP5ECtiCtEjRCPnZcl/xnIWjEL
2JngtPO1ZsyfEEGCPPHUkE/LraMPx4HeesI/D9ti8AyUGybqXs/B9UyyVkDQjHOc
PC+cHcV4JiHZMTswiJr91N6OyKw6Bk3Lvrx2QRXbaAZl
-----END CERTIFICATE-----