Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/tEzX6oZOyCT1bNistdjmNz7xdyU.roa
File:                     tEzX6oZOyCT1bNistdjmNz7xdyU.roa (raw, json)
Hash identifier:          EiTZAfoT9A5tb4R20BFFeAs+Axp/ZDUf9JrvcfDwmfk=
Subject key identifier:   B4:4C:D7:EA:86:4E:C8:24:F5:6C:D8:AC:B5:D8:E6:37:3E:F1:77:25
Certificate issuer:       /CN=5be5f1953e031d279864f3c3beff0bc675a00ee4
Certificate serial:       018CC9BC75AE8E17F3C0ED5765E7B395435B
Authority key identifier: 5B:E5:F1:95:3E:03:1D:27:98:64:F3:C3:BE:FF:0B:C6:75:A0:0E:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/tEzX6oZOyCT1bNistdjmNz7xdyU.roa
Signing time:             Tue 02 Jan 2024 10:33:40 +0000
ROA not before:           Tue 02 Jan 2024 10:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212640
IP address blocks:        193.163.54.0/24 maxlen: 24
                          2a10:6b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:75:ae:8e:17:f3:c0:ed:57:65:e7:b3:95:43:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5be5f1953e031d279864f3c3beff0bc675a00ee4
        Validity
            Not Before: Jan  2 10:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44cd7ea864ec824f56cd8acb5d8e6373ef17725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e3:5e:13:86:17:49:ab:7d:28:8a:74:72:17:
                    85:61:3e:05:fc:ee:0e:c1:3a:c9:10:2d:3d:7f:c9:
                    d5:df:85:75:71:9d:9c:c2:c6:00:2b:79:3f:8e:5e:
                    84:69:6c:c2:e9:04:e0:61:5e:6a:1f:63:9a:6f:db:
                    18:0b:d9:44:9b:84:f6:3a:64:41:fd:5c:ad:d3:ea:
                    5e:c3:43:dd:ab:47:51:6d:96:c4:25:fc:58:ea:fd:
                    77:57:fe:73:c9:cb:40:a0:ee:d4:b9:0d:2f:88:79:
                    ef:c6:ea:ce:7f:51:5a:03:ac:cd:a0:d0:30:56:28:
                    0f:e0:9b:69:38:c8:89:cb:85:25:eb:c9:d7:18:eb:
                    ee:4f:41:0e:53:aa:8a:ab:ec:35:34:4d:43:dd:71:
                    f9:99:bd:32:7e:94:6d:87:a4:27:b4:fd:b2:6f:76:
                    73:d0:fb:e6:1f:4e:31:e0:f0:4c:4a:30:c5:5c:a2:
                    41:72:bd:13:76:29:b4:f0:39:18:60:f3:a4:b8:7e:
                    72:15:2b:3a:68:f6:25:44:93:82:db:ac:2d:58:c4:
                    25:a9:91:55:7c:b5:cd:30:7f:d1:68:4b:bb:f1:81:
                    e0:8a:a8:03:dc:cb:26:cb:f6:7d:b5:11:f8:c5:29:
                    7f:77:f9:d3:b6:12:b6:37:92:85:82:2f:e9:f6:70:
                    fb:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4C:D7:EA:86:4E:C8:24:F5:6C:D8:AC:B5:D8:E6:37:3E:F1:77:25
            X509v3 Authority Key Identifier:
                keyid:5B:E5:F1:95:3E:03:1D:27:98:64:F3:C3:BE:FF:0B:C6:75:A0:0E:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/tEzX6oZOyCT1bNistdjmNz7xdyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.54.0/24
                IPv6:
                  2a10:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:24:6b:cd:e6:bf:42:46:4b:33:db:cd:2f:bf:df:c8:70:a1:
         7f:0e:89:48:5d:fb:7c:95:74:7e:34:2e:97:68:2f:3a:5a:45:
         b8:90:bc:74:af:70:73:93:8d:00:73:b5:a1:d5:3d:bb:27:0a:
         e2:c5:3d:fe:2e:65:83:7e:41:c0:2a:9d:51:e9:94:35:a4:79:
         3a:c3:c3:12:4f:14:bf:c4:e2:81:7f:50:f7:cd:77:fd:87:1a:
         2a:ae:18:ee:e4:ff:63:1a:0d:5d:3d:a1:da:a1:e3:90:f5:e1:
         78:92:f0:d8:cc:fb:dd:2e:06:59:77:0b:69:62:bc:77:f3:9d:
         d9:1a:f1:92:24:3e:07:c6:72:b5:52:f8:8f:3a:b9:64:8f:2f:
         3a:97:e4:26:e4:34:c7:5a:a3:3a:df:73:eb:15:c8:30:e8:ad:
         cd:ca:c3:bc:fa:46:29:9c:a4:a5:bd:4d:21:db:b6:55:9a:2c:
         5d:7d:e9:3c:bd:ef:dd:24:86:29:62:b8:a9:42:1b:96:0b:21:
         b3:03:72:b4:70:35:e1:43:2a:bd:d6:e2:41:4d:0d:c0:14:49:
         06:de:80:f3:b4:63:42:79:e6:be:6e:c5:57:37:28:3e:5d:f6:
         6d:72:a3:ed:9a:55:73:41:27:cf:f7:1e:26:d7:10:d3:ca:00:
         ad:22:3b:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvHWujhfzwO1XZeezlUNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZTVmMTk1M2UwMzFkMjc5ODY0ZjNjM2JlZmYwYmM2NzVh
MDBlZTQwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRjZDdlYTg2NGVjODI0ZjU2Y2Q4YWNiNWQ4ZTYzNzNlZjE3NzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+NeE4YXSat9KIp0cheFYT4F/O4O
wTrJEC09f8nV34V1cZ2cwsYAK3k/jl6EaWzC6QTgYV5qH2Oab9sYC9lEm4T2OmRB
/Vyt0+pew0Pdq0dRbZbEJfxY6v13V/5zyctAoO7UuQ0viHnvxurOf1FaA6zNoNAw
VigP4JtpOMiJy4Ul68nXGOvuT0EOU6qKq+w1NE1D3XH5mb0yfpRth6QntP2yb3Zz
0PvmH04x4PBMSjDFXKJBcr0Tdim08DkYYPOkuH5yFSs6aPYlRJOC26wtWMQlqZFV
fLXNMH/RaEu78YHgiqgD3Msmy/Z9tRH4xSl/d/nTthK2N5KFgi/p9nD7LQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLRM1+qGTsgk9WzYrLXY5jc+8XclMB8GA1UdIwQY
MBaAFFvl8ZU+Ax0nmGTzw77/C8Z1oA7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1YeGxUNERIU2VZWlBQRHZ2OEx4bldnRHVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jZTEyY2EtYWI3ZS00ODU0LWJjNjct
OGM2MDBlYWU3ZDgwLzEvdEV6WDZvWk95Q1QxYk5pc3Rkam1Oejd4ZHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jZTEyY2EtYWI3ZS00ODU0LWJjNjctOGM2MDBlYWU3ZDgw
LzEvVy1YeGxUNERIU2VZWlBQRHZ2OEx4bldnRHVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaM2MA0E
AgACMAcDBQMqEGtAMA0GCSqGSIb3DQEBCwUAA4IBAQCFJGvN5r9CRksz280vv9/I
cKF/DolIXft8lXR+NC6XaC86WkW4kLx0r3Bzk40Ac7Wh1T27JwrixT3+LmWDfkHA
Kp1R6ZQ1pHk6w8MSTxS/xOKBf1D3zXf9hxoqrhju5P9jGg1dPaHaoeOQ9eF4kvDY
zPvdLgZZdwtpYrx3853ZGvGSJD4HxnK1UviPOrlkjy86l+Qm5DTHWqM633PrFcgw
6K3NysO8+kYpnKSlvU0h27ZVmixdfek8ve/dJIYpYripQhuWCyGzA3K0cDXhQyq9
1uJBTQ3AFEkG3oDztGNCeea+bsVXNyg+XfZtcqPtmlVzQSfP9x4m1xDTygCtIjvw
-----END CERTIFICATE-----