Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/xWEwdOIJiHkO0kjek2ThCqf7wmw.roa
File:                     xWEwdOIJiHkO0kjek2ThCqf7wmw.roa (raw, json)
Hash identifier:          7f7oUywGcN9qnSiUt7BQI5MsSKlBv1AJR8nU2YbAzlk=
Subject key identifier:   C5:61:30:74:E2:09:88:79:0E:D2:48:DE:93:64:E1:0A:A7:FB:C2:6C
Certificate issuer:       /CN=ccd35790830ce7469a94c59b2e2ccbbf5e36d13f
Certificate serial:       018CC7268D56F2AFA33806306CB1A71F68AB
Authority key identifier: CC:D3:57:90:83:0C:E7:46:9A:94:C5:9B:2E:2C:CB:BF:5E:36:D1:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNNXkIMM50aalMWbLizLv1420T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/xWEwdOIJiHkO0kjek2ThCqf7wmw.roa
Signing time:             Mon 01 Jan 2024 22:30:41 +0000
ROA not before:           Mon 01 Jan 2024 22:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.47.187.0/24 maxlen: 24
                          193.200.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/zNNXkIMM50aalMWbLizLv1420T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/zNNXkIMM50aalMWbLizLv1420T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNNXkIMM50aalMWbLizLv1420T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:8d:56:f2:af:a3:38:06:30:6c:b1:a7:1f:68:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd35790830ce7469a94c59b2e2ccbbf5e36d13f
        Validity
            Not Before: Jan  1 22:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5613074e20988790ed248de9364e10aa7fbc26c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:db:25:6e:7c:31:d7:ec:6d:fc:46:6d:66:9c:
                    3a:59:6a:d5:ee:20:2d:f6:55:24:b1:b1:96:fe:c2:
                    10:a8:38:a3:7f:e6:39:6c:87:d5:1e:cf:d7:4b:32:
                    78:a3:73:fe:bb:9b:59:d3:a7:0e:9c:da:f9:1d:e9:
                    6f:59:55:84:48:d5:dd:1e:2b:b0:35:c1:51:5d:7c:
                    7a:bf:a0:8f:6a:61:97:f3:0f:34:b9:b8:82:ec:24:
                    63:41:fb:7b:2c:36:52:67:66:58:98:b3:3c:5e:02:
                    fe:f9:67:3a:60:8b:7e:08:ee:6b:80:2f:e7:9a:9a:
                    3f:9e:f7:b1:88:d0:59:3d:43:34:62:d1:7e:b8:79:
                    a5:56:5b:8e:a9:e3:e1:22:ec:95:47:0d:0c:7b:3e:
                    44:65:c5:98:73:41:7b:fd:f6:51:9d:e3:19:4c:40:
                    ba:fe:4c:5b:36:68:b9:4e:5e:bb:c5:30:f0:e4:25:
                    fc:20:c1:6c:88:8d:a2:a4:6a:5e:83:df:eb:49:80:
                    59:ef:7f:47:d2:1a:3b:2c:30:27:13:8b:38:77:f3:
                    0b:a1:ba:c3:6c:55:b7:37:1d:9c:85:ce:34:26:de:
                    37:c7:32:2f:c3:4d:97:82:0e:5b:6c:08:5b:73:55:
                    25:bc:cc:77:f7:34:6e:2c:54:56:ee:6b:e8:3e:91:
                    82:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:61:30:74:E2:09:88:79:0E:D2:48:DE:93:64:E1:0A:A7:FB:C2:6C
            X509v3 Authority Key Identifier:
                keyid:CC:D3:57:90:83:0C:E7:46:9A:94:C5:9B:2E:2C:CB:BF:5E:36:D1:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNNXkIMM50aalMWbLizLv1420T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/xWEwdOIJiHkO0kjek2ThCqf7wmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1fcb59-405e-40c3-a630-c5d13e88e4de/1/zNNXkIMM50aalMWbLizLv1420T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.187.0/24
                  193.200.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:78:67:d2:0b:f8:ee:4e:3a:15:d1:31:a0:b9:c4:5e:23:a7:
         50:64:41:e0:a8:87:e2:b3:6c:7b:19:b4:6d:04:99:51:38:1b:
         da:0b:94:c7:13:fe:06:ed:5a:e9:da:24:c5:26:56:e2:c3:4d:
         2e:36:6d:f1:e3:ad:51:9c:1c:14:6d:de:c3:8e:a3:76:b0:ba:
         90:0f:f1:7b:20:6b:d2:39:e1:4c:23:c5:57:59:6b:60:8a:dd:
         b9:c5:f5:2d:02:e7:92:6c:0f:a7:8b:a1:14:bc:a3:98:10:e0:
         1e:75:25:f3:d4:c9:5a:6f:ec:a7:c5:3e:8f:df:8a:52:69:21:
         92:99:cc:77:23:f3:7c:f2:bc:cb:fd:21:3c:27:d6:b7:a1:4b:
         b6:5f:4f:07:36:4c:ae:bf:70:b7:94:87:cb:30:9a:4c:d6:be:
         fb:0e:ba:43:66:b6:ed:3d:7d:51:6e:63:23:59:f2:00:32:ca:
         4f:8a:dc:52:b1:ac:f8:ee:ab:bc:c3:83:9c:03:08:e8:eb:e2:
         25:8d:ef:66:2b:48:e4:20:62:93:f4:f1:9e:f4:9a:a2:46:7b:
         77:33:b4:cb:7e:e7:1f:01:d3:1a:cd:cb:1f:c7:46:ad:49:6b:
         ea:94:f7:a5:da:60:fd:ef:43:ec:ac:f0:b2:74:77:6f:dd:4d:
         9a:89:08:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJo1W8q+jOAYwbLGnH2irMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDM1NzkwODMwY2U3NDY5YTk0YzU5YjJlMmNjYmJmNWUz
NmQxM2YwHhcNMjQwMTAxMjIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTYxMzA3NGUyMDk4ODc5MGVkMjQ4ZGU5MzY0ZTEwYWE3ZmJjMjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9slbnwx1+xt/EZtZpw6WWrV7iAt
9lUksbGW/sIQqDijf+Y5bIfVHs/XSzJ4o3P+u5tZ06cOnNr5HelvWVWESNXdHiuw
NcFRXXx6v6CPamGX8w80ubiC7CRjQft7LDZSZ2ZYmLM8XgL++Wc6YIt+CO5rgC/n
mpo/nvexiNBZPUM0YtF+uHmlVluOqePhIuyVRw0Mez5EZcWYc0F7/fZRneMZTEC6
/kxbNmi5Tl67xTDw5CX8IMFsiI2ipGpeg9/rSYBZ739H0ho7LDAnE4s4d/MLobrD
bFW3Nx2chc40Jt43xzIvw02Xgg5bbAhbc1UlvMx39zRuLFRW7mvoPpGCWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMVhMHTiCYh5DtJI3pNk4Qqn+8JsMB8GA1UdIwQY
MBaAFMzTV5CDDOdGmpTFmy4sy79eNtE/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5OWGtJTU01MGFhbE1XYkxpekx2MTQyMFQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8xZmNiNTktNDA1ZS00MGMzLWE2MzAt
YzVkMTNlODhlNGRlLzEveFdFd2RPSUppSGtPMGtqZWsyVGhDcWY3d213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8xZmNiNTktNDA1ZS00MGMzLWE2MzAtYzVkMTNlODhlNGRl
LzEvek5OWGtJTU01MGFhbE1XYkxpekx2MTQyMFQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwS+7AwQA
wcicMA0GCSqGSIb3DQEBCwUAA4IBAQDTeGfSC/juTjoV0TGgucReI6dQZEHgqIfi
s2x7GbRtBJlROBvaC5THE/4G7Vrp2iTFJlbiw00uNm3x461RnBwUbd7DjqN2sLqQ
D/F7IGvSOeFMI8VXWWtgit25xfUtAueSbA+ni6EUvKOYEOAedSXz1Mlab+ynxT6P
34pSaSGSmcx3I/N88rzL/SE8J9a3oUu2X08HNkyuv3C3lIfLMJpM1r77DrpDZrbt
PX1RbmMjWfIAMspPitxSsaz47qu8w4OcAwjo6+Ilje9mK0jkIGKT9PGe9JqiRnt3
M7TLfucfAdMazcsfx0atSWvqlPel2mD970PsrPCydHdv3U2aiQgI
-----END CERTIFICATE-----