Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Ls2TRi72ePQAJSKCM0dxbx6m6t8.roa
File:                     Ls2TRi72ePQAJSKCM0dxbx6m6t8.roa (raw, json)
Hash identifier:          kcbMRnHhazjQ8H33kDWEEiJXaJF8yRtXL5cyLCob3Os=
Subject key identifier:   2E:CD:93:46:2E:F6:78:F4:00:25:22:82:33:47:71:6F:1E:A6:EA:DF
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7952174B165FC2A266C8F59C10551ED
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Ls2TRi72ePQAJSKCM0dxbx6m6t8.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8325
IP address blocks:        193.233.50.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:21:74:b1:65:fc:2a:26:6c:8f:59:c1:05:51:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ecd93462ef678f4002522823347716f1ea6eadf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:77:e5:cd:bb:fe:62:74:60:68:bb:ed:f1:f9:
                    54:36:9a:9c:95:38:d5:3d:0f:5c:b0:cf:e8:c0:0b:
                    c5:a2:30:d9:63:a4:a4:b1:c3:ef:de:64:ba:9e:f9:
                    e8:27:fc:23:ce:e5:a6:a8:41:84:b6:f5:33:54:7c:
                    7b:fa:4d:c1:df:63:cf:17:28:a2:b2:6e:11:2c:0e:
                    86:8a:2f:55:52:b3:cf:a0:30:6a:bc:2f:b7:d8:ef:
                    3c:1f:5b:55:e0:c3:df:bc:c0:b5:a8:d9:fc:bc:fd:
                    ae:c2:48:5f:2c:ee:38:1f:df:ff:e4:1f:21:60:83:
                    f9:39:cc:25:0f:3f:f3:b7:af:84:09:4e:ec:c4:ff:
                    81:e4:ef:cc:ec:5d:3c:fa:ae:d2:33:10:9a:bb:84:
                    eb:d9:13:bd:ab:d8:c0:7c:06:ed:fb:db:7a:3a:9d:
                    c5:21:45:e1:f1:7f:1a:01:b3:22:ae:06:90:9c:ad:
                    1b:46:f4:be:74:4c:f7:d4:0b:be:a2:fb:ba:2d:0f:
                    ae:e3:79:81:95:e3:cc:63:e4:8b:1a:e7:f9:8b:41:
                    bd:4d:db:b1:48:47:98:72:10:d8:8c:95:6b:a0:a0:
                    93:1c:6b:31:59:dd:01:3d:48:3d:00:5c:15:3b:10:
                    84:4c:6d:cd:f1:38:fe:d5:b0:3d:da:87:5d:8b:b9:
                    62:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:CD:93:46:2E:F6:78:F4:00:25:22:82:33:47:71:6F:1E:A6:EA:DF
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Ls2TRi72ePQAJSKCM0dxbx6m6t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:2a:7b:a4:a2:84:fe:d7:7d:21:b1:60:81:49:9b:96:1b:47:
         67:3f:47:79:30:3c:9c:4a:87:36:ee:a5:bf:44:21:92:03:9b:
         b2:65:db:9b:3c:e1:1e:19:52:87:a6:d7:ac:8c:2c:f6:d8:e1:
         b3:c6:24:79:11:28:ce:b4:b7:d5:e1:f7:4c:62:d9:5a:82:2e:
         6d:64:63:29:8d:0e:2b:a4:b0:59:e7:ed:b7:e3:f0:f5:07:56:
         a5:71:89:20:b2:fe:67:2e:73:b9:d7:fc:4c:99:23:52:cb:3f:
         76:79:aa:41:9b:72:5d:7f:21:b2:be:3f:c6:eb:c1:45:56:9d:
         17:14:d3:16:92:1e:84:5c:7a:07:44:c3:79:f6:ee:9d:60:73:
         06:98:e7:53:c2:38:c8:12:c4:44:fc:4f:ba:c4:69:18:1d:b8:
         07:13:9c:b6:54:50:ae:5e:6b:f8:a8:83:45:3a:99:f9:67:70:
         86:59:29:7e:10:36:82:fd:c9:3b:6f:bc:6f:37:98:54:37:81:
         6c:1d:87:b2:b9:95:16:61:5d:d4:9e:88:f4:63:81:5a:e3:36:
         53:a4:79:5a:9b:6c:af:2d:12:69:57:9b:c9:9b:1f:41:4b:1c:
         68:3a:d6:74:26:f1:be:89:be:f5:80:66:7d:8f:20:34:9e:db:
         1b:04:c2:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSF0sWX8KiZsj1nBBVHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWNkOTM0NjJlZjY3OGY0MDAyNTIyODIzMzQ3NzE2ZjFlYTZlYWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3flzbv+YnRgaLvt8flUNpqclTjV
PQ9csM/owAvFojDZY6SkscPv3mS6nvnoJ/wjzuWmqEGEtvUzVHx7+k3B32PPFyii
sm4RLA6Gii9VUrPPoDBqvC+32O88H1tV4MPfvMC1qNn8vP2uwkhfLO44H9//5B8h
YIP5OcwlDz/zt6+ECU7sxP+B5O/M7F08+q7SMxCau4Tr2RO9q9jAfAbt+9t6Op3F
IUXh8X8aAbMirgaQnK0bRvS+dEz31Au+ovu6LQ+u43mBlePMY+SLGuf5i0G9Tdux
SEeYchDYjJVroKCTHGsxWd0BPUg9AFwVOxCETG3N8Tj+1bA92oddi7liDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7Nk0Yu9nj0ACUigjNHcW8epurfMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvTHMyVFJpNzJlUFFBSlNLQ00wZHhieDZtNnQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwekyMA0G
CSqGSIb3DQEBCwUAA4IBAQAfKnukooT+130hsWCBSZuWG0dnP0d5MDycSoc27qW/
RCGSA5uyZdubPOEeGVKHptesjCz22OGzxiR5ESjOtLfV4fdMYtlagi5tZGMpjQ4r
pLBZ5+234/D1B1alcYkgsv5nLnO51/xMmSNSyz92eapBm3JdfyGyvj/G68FFVp0X
FNMWkh6EXHoHRMN59u6dYHMGmOdTwjjIEsRE/E+6xGkYHbgHE5y2VFCuXmv4qINF
Opn5Z3CGWSl+EDaC/ck7b7xvN5hUN4FsHYeyuZUWYV3Unoj0Y4Fa4zZTpHlam2yv
LRJpV5vJmx9BSxxoOtZ0JvG+ib71gGZ9jyA0ntsbBMKN
-----END CERTIFICATE-----