Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/e7ddfa-fbf6-4803-88c4-29838f4ac60e/1/SvUNVOctywIjGIqsURff5wcUrVU.roa
File:                     SvUNVOctywIjGIqsURff5wcUrVU.roa (raw, json)
Hash identifier:          Kb3INdUf5bZY/ULOcO6M+G+xfVHCesFI/aCcTWugG9A=
Subject key identifier:   4A:F5:0D:54:E7:2D:CB:02:23:18:8A:AC:51:17:DF:E7:07:14:AD:55
Certificate issuer:       /CN=cc1e73133375d9572b8cfca5c8b5f1fbbbdc9bb6
Certificate serial:       018CC5DBEC99DB92243B2DFCB83D0D5647F8
Authority key identifier: CC:1E:73:13:33:75:D9:57:2B:8C:FC:A5:C8:B5:F1:FB:BB:DC:9B:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zB5zEzN12VcrjPylyLXx-7vcm7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/e7ddfa-fbf6-4803-88c4-29838f4ac60e/1/SvUNVOctywIjGIqsURff5wcUrVU.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        194.0.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/e7ddfa-fbf6-4803-88c4-29838f4ac60e/1/zB5zEzN12VcrjPylyLXx-7vcm7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/e7ddfa-fbf6-4803-88c4-29838f4ac60e/1/zB5zEzN12VcrjPylyLXx-7vcm7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zB5zEzN12VcrjPylyLXx-7vcm7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ec:99:db:92:24:3b:2d:fc:b8:3d:0d:56:47:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1e73133375d9572b8cfca5c8b5f1fbbbdc9bb6
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4af50d54e72dcb0223188aac5117dfe70714ad55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:81:86:e6:79:15:8e:58:62:7a:ee:51:af:52:
                    98:bf:d0:70:50:87:e5:30:9e:ff:b4:80:07:89:19:
                    f1:b4:ff:b5:0c:44:89:a5:97:2b:f1:fd:5d:51:b7:
                    d6:f3:f0:dd:a1:2e:41:c6:ab:26:56:d9:6f:d5:bc:
                    11:6b:83:7e:f6:9d:89:12:dc:af:96:ec:ca:29:8c:
                    5f:2b:40:0e:d9:50:ed:af:65:14:c8:be:04:4b:08:
                    7a:39:0a:fa:c8:36:fa:c7:d5:fb:52:96:5b:88:7f:
                    be:08:6e:48:30:45:35:f0:9a:24:e7:ba:cf:e0:0c:
                    45:94:c5:0d:72:45:b4:ba:f2:e9:55:66:9a:3a:5a:
                    28:a8:ea:76:42:23:75:54:6f:fd:79:e0:02:12:0f:
                    1e:3a:70:af:33:dd:e3:58:ff:9b:0e:a4:5b:d9:ba:
                    a5:1a:f9:c1:42:0f:2f:60:c1:27:14:ad:b9:f7:af:
                    2a:c5:ee:41:b2:5a:c3:78:b4:7b:bf:c6:6b:ca:08:
                    59:27:92:25:9b:db:dd:6f:80:dd:51:d6:da:50:ea:
                    c8:72:e8:f0:33:48:08:1d:17:c5:39:70:3a:a7:13:
                    a3:bf:f6:2e:20:6b:b1:d4:63:af:35:36:12:85:8d:
                    13:e3:e3:8e:72:99:b1:a5:ed:e8:97:54:07:01:42:
                    84:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:F5:0D:54:E7:2D:CB:02:23:18:8A:AC:51:17:DF:E7:07:14:AD:55
            X509v3 Authority Key Identifier:
                keyid:CC:1E:73:13:33:75:D9:57:2B:8C:FC:A5:C8:B5:F1:FB:BB:DC:9B:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zB5zEzN12VcrjPylyLXx-7vcm7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7ddfa-fbf6-4803-88c4-29838f4ac60e/1/SvUNVOctywIjGIqsURff5wcUrVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7ddfa-fbf6-4803-88c4-29838f4ac60e/1/zB5zEzN12VcrjPylyLXx-7vcm7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e1:a4:ee:24:d6:a9:ba:c9:22:69:03:64:27:0f:44:92:ee:
         f1:a5:8a:b3:93:3b:96:ad:6b:13:92:5b:eb:49:dc:d3:ae:d8:
         5d:3b:b9:98:cb:85:b0:0c:33:3e:3b:14:39:c0:c2:87:e9:92:
         d1:d1:a9:9c:e0:fb:32:3f:ce:4a:63:3d:19:3c:cc:6f:e4:b8:
         a4:57:dd:f7:a2:1b:da:7a:f6:1c:e1:cc:c4:dd:4c:1d:17:03:
         d3:fc:bd:53:ae:89:1c:af:88:68:d5:7a:30:cc:3e:d6:32:0e:
         5f:1a:7c:7d:9b:d4:f4:00:d8:4d:25:7e:61:45:98:73:78:9f:
         66:d2:04:70:74:7b:05:ca:de:c5:39:47:b4:10:c9:12:cb:ac:
         47:89:89:04:98:44:04:fa:ef:b9:7a:20:a8:da:d8:32:9f:5d:
         d4:0b:23:fe:15:c7:8b:a0:e7:f4:f2:74:db:09:d5:fe:08:b8:
         13:10:a3:85:17:46:fd:72:9a:6d:66:e4:2e:3b:56:8a:64:79:
         21:05:b8:82:3f:4b:e6:7c:d1:7e:6b:bb:e8:d4:a8:f6:b4:f4:
         d3:ab:28:70:cf:20:fb:d3:99:b1:12:7a:9a:cb:70:61:1a:14:
         22:d7:11:8b:f9:ba:fe:36:3c:ad:a2:ad:41:eb:d1:57:3a:0f:
         24:2b:b7:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+yZ25IkOy38uD0NVkf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMWU3MzEzMzM3NWQ5NTcyYjhjZmNhNWM4YjVmMWZiYmJk
YzliYjYwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWY1MGQ1NGU3MmRjYjAyMjMxODhhYWM1MTE3ZGZlNzA3MTRhZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oGG5nkVjlhieu5Rr1KYv9BwUIfl
MJ7/tIAHiRnxtP+1DESJpZcr8f1dUbfW8/DdoS5BxqsmVtlv1bwRa4N+9p2JEtyv
luzKKYxfK0AO2VDtr2UUyL4ESwh6OQr6yDb6x9X7UpZbiH++CG5IMEU18Jok57rP
4AxFlMUNckW0uvLpVWaaOlooqOp2QiN1VG/9eeACEg8eOnCvM93jWP+bDqRb2bql
GvnBQg8vYMEnFK25968qxe5BslrDeLR7v8ZryghZJ5Ilm9vdb4DdUdbaUOrIcujw
M0gIHRfFOXA6pxOjv/YuIGux1GOvNTYShY0T4+OOcpmxpe3ol1QHAUKEYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEr1DVTnLcsCIxiKrFEX3+cHFK1VMB8GA1UdIwQY
MBaAFMwecxMzddlXK4z8pci18fu73Ju2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekI1ekV6TjEyVmNyalB5bHlMWHgtN3ZjbTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9lN2RkZmEtZmJmNi00ODAzLTg4YzQt
Mjk4MzhmNGFjNjBlLzEvU3ZVTlZPY3R5d0lqR0lxc1VSZmY1d2NVclZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9lN2RkZmEtZmJmNi00ODAzLTg4YzQtMjk4MzhmNGFjNjBl
LzEvekI1ekV6TjEyVmNyalB5bHlMWHgtN3ZjbTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCjMA0G
CSqGSIb3DQEBCwUAA4IBAQB64aTuJNapuskiaQNkJw9Eku7xpYqzkzuWrWsTklvr
SdzTrthdO7mYy4WwDDM+OxQ5wMKH6ZLR0amc4PsyP85KYz0ZPMxv5LikV933ohva
evYc4czE3UwdFwPT/L1Trokcr4ho1XowzD7WMg5fGnx9m9T0ANhNJX5hRZhzeJ9m
0gRwdHsFyt7FOUe0EMkSy6xHiYkEmEQE+u+5eiCo2tgyn13UCyP+FceLoOf08nTb
CdX+CLgTEKOFF0b9cpptZuQuO1aKZHkhBbiCP0vmfNF+a7vo1Kj2tPTTqyhwzyD7
05mxEnqay3BhGhQi1xGL+br+Njytoq1B69FXOg8kK7d7
-----END CERTIFICATE-----