Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/R_5DVscDvdbmWY3aPC52OCms-So.roa
File:                     R_5DVscDvdbmWY3aPC52OCms-So.roa (raw, json)
Hash identifier:          dQJzchK6UpEBiXX1kvVAIDP4XPziRkrh9Rmt2oI626E=
Subject key identifier:   47:FE:43:56:C7:03:BD:D6:E6:59:8D:DA:3C:2E:76:38:29:AC:F9:2A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7952A4668C31B71CB90DF277058D536
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/R_5DVscDvdbmWY3aPC52OCms-So.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        193.233.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2a:46:68:c3:1b:71:cb:90:df:27:70:58:d5:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47fe4356c703bdd6e6598dda3c2e763829acf92a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e5:0a:c0:7c:f0:0e:0d:38:5e:6f:a2:24:f8:
                    71:f2:ea:68:1a:f6:03:60:29:09:c0:c9:6c:93:28:
                    f7:d0:de:dd:a0:3f:7e:0d:7e:48:1f:5f:4a:e2:b4:
                    9e:c5:a9:a0:ef:e9:f3:ed:be:c4:c6:e4:bb:b2:a5:
                    c3:28:9a:f1:f1:8f:b1:86:94:82:ca:d1:cc:84:50:
                    68:66:d7:cc:0c:aa:28:ac:69:cd:17:20:cc:3a:62:
                    0a:a9:f3:1d:b7:55:ca:f3:dd:c5:6b:5e:60:50:03:
                    18:fd:bf:98:d4:90:6a:bd:bb:78:a1:09:4c:d9:e1:
                    60:b9:58:4e:fb:65:47:ef:4a:e2:a7:99:44:8a:5b:
                    51:cd:6c:b1:56:85:ff:6e:ce:37:37:c7:49:26:8b:
                    d6:c6:c1:fb:2f:d9:02:81:4a:83:23:d4:a4:06:80:
                    3b:4a:69:8f:90:1e:c0:c6:12:cf:b0:f3:54:0d:b6:
                    6a:6d:0f:7d:0f:8e:6f:68:95:2f:fa:f2:a1:82:08:
                    59:ff:4a:cb:fd:cc:4b:3d:e8:dc:91:5d:dd:71:57:
                    f2:f9:b5:1a:80:61:a7:be:37:b4:fb:64:05:80:f8:
                    ee:dc:de:18:da:fb:85:66:fa:e7:c2:1d:3b:e3:ab:
                    9e:f1:96:f3:e1:39:19:f5:23:2b:47:a9:1b:07:50:
                    e5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FE:43:56:C7:03:BD:D6:E6:59:8D:DA:3C:2E:76:38:29:AC:F9:2A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/R_5DVscDvdbmWY3aPC52OCms-So.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:f8:90:df:2d:23:db:05:7d:74:31:bb:a6:8a:e8:d5:a0:58:
         d7:af:c8:10:82:d9:ff:dc:41:06:46:90:03:d8:44:26:84:d7:
         6d:41:96:68:9b:cd:78:16:6a:27:77:c4:38:a7:5b:8d:c5:e0:
         30:67:f0:e6:3c:e4:37:99:92:d9:bc:38:fe:9a:1f:51:fb:86:
         6d:06:f7:48:18:a6:95:39:7f:2e:48:32:42:72:47:b0:c9:1f:
         e6:a9:67:4c:91:cc:4b:67:7a:01:b6:17:01:ab:39:97:e8:2f:
         3c:25:37:c8:6a:4f:9e:54:07:de:2d:50:7b:fc:83:34:4c:e2:
         7e:33:c5:61:a0:ee:57:3f:69:97:05:c5:2e:67:93:c9:06:c2:
         6c:b6:f9:f2:3e:68:59:a1:14:38:58:13:8b:da:38:7f:53:59:
         5e:d5:6e:74:09:cc:4f:aa:1a:74:28:4b:44:23:53:fe:80:9e:
         a8:9a:ca:d2:87:29:56:d2:5e:a5:e5:1a:90:32:f8:38:27:1e:
         54:8b:41:6b:8b:81:d5:26:e9:60:ad:9e:8d:c0:57:23:65:05:
         d0:72:09:46:50:a8:17:c9:4b:13:77:b4:29:96:3a:88:4f:57:
         fc:2f:28:7d:62:aa:90:8c:63:9c:cb:78:6f:ce:3f:4e:fe:c1:
         12:e5:f1:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSpGaMMbccuQ3ydwWNU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2ZlNDM1NmM3MDNiZGQ2ZTY1OThkZGEzYzJlNzYzODI5YWNmOTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+UKwHzwDg04Xm+iJPhx8upoGvYD
YCkJwMlskyj30N7doD9+DX5IH19K4rSexamg7+nz7b7ExuS7sqXDKJrx8Y+xhpSC
ytHMhFBoZtfMDKoorGnNFyDMOmIKqfMdt1XK893Fa15gUAMY/b+Y1JBqvbt4oQlM
2eFguVhO+2VH70rip5lEiltRzWyxVoX/bs43N8dJJovWxsH7L9kCgUqDI9SkBoA7
SmmPkB7AxhLPsPNUDbZqbQ99D45vaJUv+vKhgghZ/0rL/cxLPejckV3dcVfy+bUa
gGGnvje0+2QFgPju3N4Y2vuFZvrnwh0746ue8Zbz4TkZ9SMrR6kbB1DlOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEf+Q1bHA73W5lmN2jwudjgprPkqMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUl81RFZzY0R2ZGJtV1kzYVBDNTJPQ21zLVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelXMA0G
CSqGSIb3DQEBCwUAA4IBAQAc+JDfLSPbBX10MbumiujVoFjXr8gQgtn/3EEGRpAD
2EQmhNdtQZZom814Fmond8Q4p1uNxeAwZ/DmPOQ3mZLZvDj+mh9R+4ZtBvdIGKaV
OX8uSDJCckewyR/mqWdMkcxLZ3oBthcBqzmX6C88JTfIak+eVAfeLVB7/IM0TOJ+
M8VhoO5XP2mXBcUuZ5PJBsJstvnyPmhZoRQ4WBOL2jh/U1le1W50CcxPqhp0KEtE
I1P+gJ6omsrShylW0l6l5RqQMvg4Jx5Ui0Fri4HVJulgrZ6NwFcjZQXQcglGUKgX
yUsTd7QpljqIT1f8Lyh9YqqQjGOcy3hvzj9O/sES5fE0
-----END CERTIFICATE-----