Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/c5o6hMiUiGe8RFiriNHcSLXN-wY.roa
File:                     c5o6hMiUiGe8RFiriNHcSLXN-wY.roa (raw, json)
Hash identifier:          KX+vbmR5jyOOsczZGalzOUqS+awwpl3eeNlynKcxPeI=
Subject key identifier:   73:9A:3A:84:C8:94:88:67:BC:44:58:AB:88:D1:DC:48:B5:CD:FB:06
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC795244E33924ED8BF51C524243657DB
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/c5o6hMiUiGe8RFiriNHcSLXN-wY.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39770
IP address blocks:        193.233.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:24:4e:33:92:4e:d8:bf:51:c5:24:24:36:57:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=739a3a84c8948867bc4458ab88d1dc48b5cdfb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b4:73:76:50:ed:0d:b8:8e:5f:f8:cc:c7:66:
                    7c:f8:1f:09:7c:2f:ca:ca:c3:a3:d1:83:44:8a:45:
                    7b:9e:a6:9a:e7:0d:d6:3f:8d:f6:15:52:a0:3a:c8:
                    d6:5f:e8:b8:c5:82:e8:24:8c:e9:b0:5b:79:42:84:
                    2e:28:02:57:24:a5:b7:6b:b4:ec:3b:a1:f3:b2:6a:
                    6b:8a:a6:53:56:c4:9a:d1:e0:dd:1a:f4:15:f3:be:
                    cc:0b:9a:90:23:83:d8:cb:13:07:3b:cb:f1:07:9d:
                    c2:53:5d:0b:0a:c0:f6:df:91:2d:88:ff:b9:a9:3f:
                    03:48:da:fa:78:ee:a9:46:a1:a7:41:77:b6:b7:a6:
                    47:3b:db:46:ba:bf:e2:50:08:b7:66:98:60:43:28:
                    57:57:25:5f:5c:f1:35:6d:88:f1:5c:64:05:1a:01:
                    bd:14:00:40:0c:b3:bf:35:5f:1f:12:df:dc:98:5d:
                    61:db:c5:8f:e1:f7:5f:f4:6f:62:7c:05:98:57:c0:
                    cb:79:a8:be:05:64:12:19:bd:62:96:0c:b6:52:f5:
                    13:db:9e:db:57:c9:e4:51:e2:93:fe:a4:8b:4b:fd:
                    6e:0f:e4:b1:af:e2:c1:88:ea:0d:a8:bd:13:7f:47:
                    c6:3e:5b:37:a5:04:c0:7e:2c:9b:2c:2b:19:47:89:
                    bb:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:9A:3A:84:C8:94:88:67:BC:44:58:AB:88:D1:DC:48:B5:CD:FB:06
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/c5o6hMiUiGe8RFiriNHcSLXN-wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:08:22:30:78:5b:81:34:a6:98:bc:11:a5:8f:96:58:82:89:
         42:7c:2c:af:8b:ff:6b:ef:41:cb:a1:38:2f:7d:dd:f3:eb:a0:
         46:3a:0a:96:30:e8:3d:57:16:4a:e0:a8:5f:b1:2d:29:09:46:
         18:eb:ae:59:af:ba:cc:8b:ce:2a:27:41:fd:ba:81:56:26:f5:
         16:57:1f:29:f2:14:f3:2b:02:31:1a:d5:54:a9:15:cf:6d:82:
         2f:37:b9:b2:12:7d:0b:e3:7a:09:69:d6:08:70:83:4e:e5:ab:
         9d:d6:41:8d:ba:a8:ec:6c:ca:ec:78:8f:ba:16:96:2e:32:4b:
         89:f2:5e:75:22:8e:91:ff:1c:55:26:ab:a4:39:48:ec:b7:cf:
         4b:b3:4d:3d:a6:7f:95:69:72:10:3e:b9:8b:2e:37:8f:21:5c:
         53:e4:7a:bf:ea:18:a5:22:74:e6:e1:ba:e6:b8:b5:9b:97:53:
         63:b7:c0:c0:e2:cf:70:1d:ef:91:d6:59:e0:ec:26:86:cc:aa:
         25:d0:24:70:fb:b7:23:69:ab:3e:5f:18:25:63:48:e5:38:02:
         36:95:a5:88:8b:6a:bf:1c:98:a1:6b:b9:a2:03:2a:ec:35:a5:
         36:98:bb:4a:b4:7b:bb:1c:3e:31:70:0e:dd:a7:ae:dd:e6:6f:
         f7:6a:3e:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSROM5JO2L9RxSQkNlfbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzlhM2E4NGM4OTQ4ODY3YmM0NDU4YWI4OGQxZGM0OGI1Y2RmYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7RzdlDtDbiOX/jMx2Z8+B8JfC/K
ysOj0YNEikV7nqaa5w3WP432FVKgOsjWX+i4xYLoJIzpsFt5QoQuKAJXJKW3a7Ts
O6HzsmpriqZTVsSa0eDdGvQV877MC5qQI4PYyxMHO8vxB53CU10LCsD235EtiP+5
qT8DSNr6eO6pRqGnQXe2t6ZHO9tGur/iUAi3ZphgQyhXVyVfXPE1bYjxXGQFGgG9
FABADLO/NV8fEt/cmF1h28WP4fdf9G9ifAWYV8DLeai+BWQSGb1ilgy2UvUT257b
V8nkUeKT/qSLS/1uD+Sxr+LBiOoNqL0Tf0fGPls3pQTAfiybLCsZR4m7qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOaOoTIlIhnvERYq4jR3Ei1zfsGMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvYzVvNmhNaVVpR2U4UkZpcmlOSGNTTFhOLXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwelRMA0G
CSqGSIb3DQEBCwUAA4IBAQAsCCIweFuBNKaYvBGlj5ZYgolCfCyvi/9r70HLoTgv
fd3z66BGOgqWMOg9VxZK4KhfsS0pCUYY665Zr7rMi84qJ0H9uoFWJvUWVx8p8hTz
KwIxGtVUqRXPbYIvN7myEn0L43oJadYIcINO5aud1kGNuqjsbMrseI+6FpYuMkuJ
8l51Io6R/xxVJqukOUjst89Ls009pn+VaXIQPrmLLjePIVxT5Hq/6hilInTm4brm
uLWbl1Njt8DA4s9wHe+R1lng7CaGzKol0CRw+7cjaas+XxglY0jlOAI2laWIi2q/
HJiha7miAyrsNaU2mLtKtHu7HD4xcA7dp67d5m/3aj5g
-----END CERTIFICATE-----