Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/XT7pxl0XeqWY4EIu323lqOFyajQ.roa
File:                     XT7pxl0XeqWY4EIu323lqOFyajQ.roa (raw, json)
Hash identifier:          v6CcO680o+dEuo4/HU23Er/feIYHprbSPNAcD2AkyLc=
Subject key identifier:   5D:3E:E9:C6:5D:17:7A:A5:98:E0:42:2E:DF:6D:E5:A8:E1:72:6A:34
Certificate issuer:       /CN=82b136e6820d94f03b1c5d71eee3d4b22191528f
Certificate serial:       018DF540E9092E0B5C588EFE9C3964B12EE5
Authority key identifier: 82:B1:36:E6:82:0D:94:F0:3B:1C:5D:71:EE:E3:D4:B2:21:91:52:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/XT7pxl0XeqWY4EIu323lqOFyajQ.roa
Signing time:             Thu 29 Feb 2024 14:24:48 +0000
ROA not before:           Thu 29 Feb 2024 14:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215514
IP address blocks:        193.56.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:40:e9:09:2e:0b:5c:58:8e:fe:9c:39:64:b1:2e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82b136e6820d94f03b1c5d71eee3d4b22191528f
        Validity
            Not Before: Feb 29 14:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d3ee9c65d177aa598e0422edf6de5a8e1726a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d2:26:66:ad:e1:ba:f9:b7:1c:99:12:69:86:
                    4d:bb:1c:9f:e3:a3:02:a5:dc:5c:65:60:8c:93:7b:
                    c7:18:94:8c:92:72:8b:f8:8a:15:6d:93:cc:c0:f7:
                    31:ed:81:f3:c0:af:6f:0d:18:85:d9:de:65:11:fd:
                    dc:78:04:80:cf:5e:62:e1:8c:ac:77:7d:2b:0e:5f:
                    13:f9:9a:b9:90:46:43:e7:93:34:fc:00:5e:e2:b1:
                    d6:99:be:45:3e:01:1b:6f:7c:30:1c:28:f8:7f:96:
                    42:31:52:03:69:b0:26:09:a0:f5:77:41:8f:1b:02:
                    0d:29:de:1e:ac:c8:92:57:f0:f5:38:07:ab:99:b4:
                    84:24:6e:09:42:af:31:be:25:8e:1c:c6:df:20:56:
                    9a:5e:36:2b:c8:4b:64:68:c4:4c:2f:d4:dd:e1:02:
                    79:75:c4:4d:35:c1:26:e9:e9:7f:82:73:cf:7d:f1:
                    9c:1d:45:8f:19:98:60:0d:a1:dd:3b:e3:ec:04:23:
                    08:26:1f:e4:19:61:00:90:74:a2:be:92:ec:48:13:
                    8a:76:07:55:43:15:bd:a1:bb:74:ba:b8:1a:05:d2:
                    33:c7:83:28:6a:f9:32:e7:e0:11:89:42:c8:96:bd:
                    17:1f:ca:75:9d:9c:bb:90:ac:d2:d5:a8:1b:26:d0:
                    bc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3E:E9:C6:5D:17:7A:A5:98:E0:42:2E:DF:6D:E5:A8:E1:72:6A:34
            X509v3 Authority Key Identifier:
                keyid:82:B1:36:E6:82:0D:94:F0:3B:1C:5D:71:EE:E3:D4:B2:21:91:52:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/XT7pxl0XeqWY4EIu323lqOFyajQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:4e:72:21:a7:01:65:2d:8e:ee:ea:90:eb:cd:2b:de:75:9a:
         67:83:3f:4a:7c:05:8b:23:8b:b2:c6:20:e0:de:4e:19:52:c2:
         3c:8f:32:ad:81:d1:cb:aa:34:12:58:6c:8a:7c:80:29:25:17:
         db:7d:7b:82:03:cf:a6:11:a5:a0:9b:78:b0:06:18:d8:79:a8:
         24:d7:fb:26:ed:a7:b9:32:dc:9a:c8:8f:a4:94:4c:67:35:2d:
         16:30:4e:84:50:7c:dd:ab:37:7c:76:9b:d5:90:f9:19:66:19:
         3d:c9:1d:b2:a2:5c:d4:43:bf:e6:ae:f0:91:0c:17:b4:0c:26:
         bc:e9:89:3a:ba:5b:02:b6:ad:4d:ac:60:08:ba:30:13:83:d6:
         3e:32:4b:b5:4c:b8:ee:2c:91:5d:d8:4e:0a:86:5e:ef:0f:3a:
         f2:3a:cf:f5:7a:c5:62:c2:1b:6f:8b:5f:37:1a:d6:a5:c7:49:
         80:54:84:d4:5c:a1:ed:22:3a:f1:8f:eb:06:a0:68:a8:3c:47:
         03:45:26:17:03:9e:a7:99:08:37:1c:19:c8:db:95:9d:50:31:
         b3:cd:95:95:24:86:9a:b6:96:e1:83:0c:8e:62:fa:d0:ba:4e:
         f5:39:53:56:93:e3:ca:d2:ca:eb:eb:78:9f:a2:49:cb:18:cb:
         f2:76:6a:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY31QOkJLgtcWI7+nDlksS7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYjEzNmU2ODIwZDk0ZjAzYjFjNWQ3MWVlZTNkNGIyMjE5
MTUyOGYwHhcNMjQwMjI5MTQyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNlZTljNjVkMTc3YWE1OThlMDQyMmVkZjZkZTVhOGUxNzI2YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdImZq3huvm3HJkSaYZNuxyf46MC
pdxcZWCMk3vHGJSMknKL+IoVbZPMwPcx7YHzwK9vDRiF2d5lEf3ceASAz15i4Yys
d30rDl8T+Zq5kEZD55M0/ABe4rHWmb5FPgEbb3wwHCj4f5ZCMVIDabAmCaD1d0GP
GwINKd4erMiSV/D1OAermbSEJG4JQq8xviWOHMbfIFaaXjYryEtkaMRML9Td4QJ5
dcRNNcEm6el/gnPPffGcHUWPGZhgDaHdO+PsBCMIJh/kGWEAkHSivpLsSBOKdgdV
QxW9obt0urgaBdIzx4Moavky5+ARiULIlr0XH8p1nZy7kKzS1agbJtC8rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0+6cZdF3qlmOBCLt9t5ajhcmo0MB8GA1UdIwQY
MBaAFIKxNuaCDZTwOxxdce7j1LIhkVKPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3JFMjVvSU5sUEE3SEYxeDd1UFVzaUdSVW84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMjExMmUtNGUxMy00M2QwLTllYjEt
MGRhM2NhYTkxNDI5LzEvWFQ3cHhsMFhlcVdZNEVJdTMyM2xxT0Z5YWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMjExMmUtNGUxMy00M2QwLTllYjEtMGRhM2NhYTkxNDI5
LzEvZ3JFMjVvSU5sUEE3SEYxeDd1UFVzaUdSVW84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTg/MA0G
CSqGSIb3DQEBCwUAA4IBAQAmTnIhpwFlLY7u6pDrzSvedZpngz9KfAWLI4uyxiDg
3k4ZUsI8jzKtgdHLqjQSWGyKfIApJRfbfXuCA8+mEaWgm3iwBhjYeagk1/sm7ae5
MtyayI+klExnNS0WME6EUHzdqzd8dpvVkPkZZhk9yR2yolzUQ7/mrvCRDBe0DCa8
6Yk6ulsCtq1NrGAIujATg9Y+Mku1TLjuLJFd2E4Khl7vDzryOs/1esViwhtvi183
Gtalx0mAVITUXKHtIjrxj+sGoGioPEcDRSYXA56nmQg3HBnI25WdUDGzzZWVJIaa
tpbhgwyOYvrQuk71OVNWk+PK0srr63ifoknLGMvydmpn
-----END CERTIFICATE-----