Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XT-MFYJEHnMgvOdLiHJ0tEAcFdM.roa
File:                     XT-MFYJEHnMgvOdLiHJ0tEAcFdM.roa (raw, json)
Hash identifier:          dlxAug94cTIP0+0DlKfHWl7CX9aHVm++f/agH8S3oCA=
Subject key identifier:   5D:3F:8C:15:82:44:1E:73:20:BC:E7:4B:88:72:74:B4:40:1C:15:D3
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420684F2515C00F28EF60566A366BFC8D
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XT-MFYJEHnMgvOdLiHJ0tEAcFdM.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203337
IP address blocks:        193.233.157.0/24 maxlen: 24
                          193.233.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4f:25:15:c0:0f:28:ef:60:56:6a:36:6b:fc:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d3f8c1582441e7320bce74b887274b4401c15d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:39:0c:a5:37:5b:15:66:42:69:de:6a:46:31:
                    5c:2b:5c:ee:c2:3b:1b:76:f0:ab:30:22:d8:35:d9:
                    7a:32:66:d1:a0:66:96:d8:74:04:75:9b:3a:42:6b:
                    d4:db:c3:3d:a3:eb:1c:73:e3:82:8c:72:45:24:d1:
                    eb:1c:b2:25:96:24:3b:21:59:7a:ae:d9:12:72:f2:
                    3f:e4:92:e0:ad:b9:80:38:d3:27:49:08:ca:5b:28:
                    cd:62:82:91:60:5c:35:e0:73:cf:0d:de:4e:ab:8f:
                    a6:ad:31:63:56:43:4e:b5:a2:ed:77:78:1d:48:f2:
                    c4:78:be:3d:46:c5:46:f1:64:56:9b:61:dc:bc:51:
                    67:7b:f9:44:26:86:f5:34:85:ac:2d:4f:a4:16:10:
                    88:43:1c:8a:79:b0:ab:bb:86:cd:39:d6:b8:4d:b7:
                    86:7c:69:66:70:7b:46:8c:47:a8:0e:b5:d1:02:66:
                    d1:9b:8a:46:8a:e4:49:59:e3:a2:aa:23:bb:b2:2b:
                    33:08:94:81:2a:19:9f:cc:60:6e:05:f8:e3:83:10:
                    db:b1:6d:5f:83:3d:81:30:79:41:75:a4:83:d1:cf:
                    c3:40:a6:b1:fc:c5:3f:ae:29:d5:11:c6:c3:01:44:
                    0e:9a:1d:e8:fe:53:0c:41:fc:e2:3a:3d:0b:f6:45:
                    ac:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3F:8C:15:82:44:1E:73:20:BC:E7:4B:88:72:74:B4:40:1C:15:D3
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XT-MFYJEHnMgvOdLiHJ0tEAcFdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.157.0-193.233.158.255

    Signature Algorithm: sha256WithRSAEncryption
         8d:2d:ae:32:9a:00:51:bf:b2:54:6a:7a:a8:4a:9e:4e:45:d1:
         ef:ad:fe:9b:c8:a9:a4:53:e1:31:2d:c0:a9:17:6e:a0:b1:d7:
         92:87:e8:45:cc:8c:7c:38:27:df:e5:0e:c1:d0:d4:ab:3b:8f:
         95:2f:09:5a:62:d2:0e:37:38:cb:0a:d9:f7:e6:85:bb:30:4b:
         ab:64:4c:ea:c1:2f:70:a9:18:be:78:74:dd:3c:64:29:2c:2d:
         ea:5e:3c:77:7b:ec:5b:72:3b:e9:df:bf:08:e4:39:4e:a2:1b:
         e5:6e:6c:0d:30:f9:74:cd:2c:c3:61:8f:d1:49:f9:3b:2b:e9:
         6e:20:90:9d:79:81:c9:3f:d7:0a:a9:00:ca:b0:4a:4c:75:1e:
         2e:f0:38:cf:ce:98:2c:aa:50:0d:84:e7:59:16:72:4b:57:92:
         e3:d6:ec:2a:a7:a8:83:ee:60:76:44:46:f9:f9:91:31:f9:b2:
         a0:59:17:e0:2f:8d:33:a7:c7:b1:d1:b6:ab:a2:e0:ea:bb:3b:
         30:42:16:ba:c8:b3:5c:ed:31:0f:36:6f:97:a9:5d:45:02:43:
         ec:ed:6c:dc:61:74:8f:7c:f5:9d:cb:af:da:1a:46:34:50:63:
         c5:23:48:45:4b:e7:7a:d6:bb:4d:eb:7a:b8:98:a3:88:14:a5:
         20:f0:0e:c2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgaE8lFcAPKO9gVmo2a/yNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNmOGMxNTgyNDQxZTczMjBiY2U3NGI4ODcyNzRiNDQwMWMxNWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zkMpTdbFWZCad5qRjFcK1zuwjsb
dvCrMCLYNdl6MmbRoGaW2HQEdZs6QmvU28M9o+scc+OCjHJFJNHrHLIlliQ7IVl6
rtkScvI/5JLgrbmAONMnSQjKWyjNYoKRYFw14HPPDd5Oq4+mrTFjVkNOtaLtd3gd
SPLEeL49RsVG8WRWm2HcvFFne/lEJob1NIWsLU+kFhCIQxyKebCru4bNOda4TbeG
fGlmcHtGjEeoDrXRAmbRm4pGiuRJWeOiqiO7siszCJSBKhmfzGBuBfjjgxDbsW1f
gz2BMHlBdaSD0c/DQKax/MU/rinVEcbDAUQOmh3o/lMMQfziOj0L9kWsNQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF0/jBWCRB5zILznS4hydLRAHBXTMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvWFQtTUZZSkVIbk1ndk9kTGlISjB0RUFjRmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADB6Z0D
BADB6Z4wDQYJKoZIhvcNAQELBQADggEBAI0trjKaAFG/slRqeqhKnk5F0e+t/pvI
qaRT4TEtwKkXbqCx15KH6EXMjHw4J9/lDsHQ1Ks7j5UvCVpi0g43OMsK2ffmhbsw
S6tkTOrBL3CpGL54dN08ZCksLepePHd77FtyO+nfvwjkOU6iG+VubA0w+XTNLMNh
j9FJ+Tsr6W4gkJ15gck/1wqpAMqwSkx1Hi7wOM/OmCyqUA2E51kWcktXkuPW7Cqn
qIPuYHZERvn5kTH5sqBZF+AvjTOnx7HRtqui4Oq7OzBCFrrIs1ztMQ82b5epXUUC
Q+ztbNxhdI989Z3Lr9oaRjRQY8UjSEVL53rWu03reriYo4gUpSDwDsI=
-----END CERTIFICATE-----