Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/UsOgsZjJ70Drr2KbrJpxygto-GQ.roa
File:                     UsOgsZjJ70Drr2KbrJpxygto-GQ.roa (raw, json)
Hash identifier:          hcVdwFHLKxG4E9ctT2CxJkAD74BbmUjDCLmtUV8Gd7I=
Subject key identifier:   52:C3:A0:B1:98:C9:EF:40:EB:AF:62:9B:AC:9A:71:CA:0B:68:F8:64
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       018CC2DB068905F0456053712E0F36B9920C
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/UsOgsZjJ70Drr2KbrJpxygto-GQ.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25164
IP address blocks:        193.192.232.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:06:89:05:f0:45:60:53:71:2e:0f:36:b9:92:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52c3a0b198c9ef40ebaf629bac9a71ca0b68f864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:98:80:6d:e9:4a:71:42:e9:e2:da:4f:d8:6c:
                    55:05:dd:ec:ce:d0:e4:db:1d:9f:36:51:bc:7b:a3:
                    6a:35:37:ae:5b:c7:1f:43:23:ca:01:84:4c:f1:8c:
                    8e:eb:14:f8:7f:b4:60:33:21:42:55:62:58:ae:e6:
                    27:d3:e1:e0:05:f7:26:15:a9:19:d1:22:d0:f7:cf:
                    03:83:7a:ed:00:78:b7:97:52:76:05:f6:12:07:06:
                    1d:86:a2:35:a8:6f:ff:5b:73:67:1a:b0:05:7d:2d:
                    a8:d3:c9:9d:11:a4:65:d2:22:36:57:aa:72:f7:7a:
                    7c:12:34:5a:91:35:2b:a9:d2:a7:c1:6d:7a:8e:2a:
                    eb:b2:9b:ee:e9:6b:56:95:80:8a:19:38:b8:e3:31:
                    03:48:19:4c:48:49:2b:5f:ab:f3:f4:ee:42:d3:a8:
                    07:8b:e9:0f:25:62:3a:7c:18:54:66:a5:32:f1:63:
                    73:42:66:d5:07:c3:26:7b:46:08:03:d0:c2:98:2b:
                    02:fe:60:9e:83:70:86:da:fe:8c:57:c2:5f:b7:38:
                    be:e2:1b:d9:5f:cb:60:4f:1e:9d:45:cd:a4:82:fc:
                    3a:21:d2:b4:65:bb:1f:08:15:b4:20:7f:aa:58:c4:
                    82:3e:20:b8:17:58:a5:31:c0:52:f6:77:fe:8a:1d:
                    b9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C3:A0:B1:98:C9:EF:40:EB:AF:62:9B:AC:9A:71:CA:0B:68:F8:64
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/UsOgsZjJ70Drr2KbrJpxygto-GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:a7:9b:5f:7f:c3:e1:cd:fc:06:66:de:b5:8d:4f:38:82:8c:
         b4:50:17:e2:1b:62:5e:1c:52:91:62:70:d0:e1:f4:fb:1a:1b:
         ab:20:fa:8a:8e:ca:8c:80:14:c8:94:39:18:7d:65:7c:4b:8e:
         6e:ca:8f:49:a3:17:8f:e0:7e:68:39:a6:c2:c8:50:35:e2:e0:
         c0:66:78:31:8e:c0:18:fd:05:78:25:be:69:3c:a2:50:30:e5:
         b6:25:4f:de:af:f3:f9:30:ac:0d:87:62:b7:dd:b2:87:f0:13:
         4c:a9:d6:63:f4:c6:db:9b:79:b6:fd:ac:a0:94:19:46:4b:aa:
         ff:70:f5:fb:e2:b0:0c:b5:58:27:2a:a1:82:7a:c4:64:76:5f:
         81:8a:1a:cb:da:14:2a:66:6a:e7:b9:25:e6:17:32:50:7d:1d:
         b3:65:c6:68:e4:9a:7c:aa:11:b5:e7:b8:3f:ff:34:13:f8:1f:
         b4:d2:05:40:e4:b9:62:41:b0:3c:d6:43:b3:ab:f6:72:6d:14:
         77:95:2d:a0:68:73:45:bd:5e:0a:16:a9:00:76:f1:7c:c4:fd:
         9b:47:4a:2b:c3:70:a4:1d:4e:08:d5:12:0b:0b:70:10:58:0f:
         af:2e:19:5c:57:87:ab:5d:3f:2e:1d:f6:ad:8c:13:88:fb:35:
         af:93:f4:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2waJBfBFYFNxLg82uZIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWRiYzAwNDMzZTI5ZjJhZGViMDM4ZmVhMmZiZDcwNDhm
YjYzMmYwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmMzYTBiMTk4YzllZjQwZWJhZjYyOWJhYzlhNzFjYTBiNjhmODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJiAbelKcULp4tpP2GxVBd3sztDk
2x2fNlG8e6NqNTeuW8cfQyPKAYRM8YyO6xT4f7RgMyFCVWJYruYn0+HgBfcmFakZ
0SLQ988Dg3rtAHi3l1J2BfYSBwYdhqI1qG//W3NnGrAFfS2o08mdEaRl0iI2V6py
93p8EjRakTUrqdKnwW16jirrspvu6WtWlYCKGTi44zEDSBlMSEkrX6vz9O5C06gH
i+kPJWI6fBhUZqUy8WNzQmbVB8Mme0YIA9DCmCsC/mCeg3CG2v6MV8Jftzi+4hvZ
X8tgTx6dRc2kgvw6IdK0ZbsfCBW0IH+qWMSCPiC4F1ilMcBS9nf+ih25nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLDoLGYye9A669im6yaccoLaPhkMB8GA1UdIwQY
MBaAFBFdvABDPinyresDj+ovvXBI+2MvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTkt
MjI5YjRhZTc0MmRlLzEvVXNPZ3Naako3MERycjJLYnJKcHh5Z3RvLUdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTktMjI5YjRhZTc0MmRl
LzEvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcDoMA0G
CSqGSIb3DQEBCwUAA4IBAQA4p5tff8PhzfwGZt61jU84goy0UBfiG2JeHFKRYnDQ
4fT7GhurIPqKjsqMgBTIlDkYfWV8S45uyo9JoxeP4H5oOabCyFA14uDAZngxjsAY
/QV4Jb5pPKJQMOW2JU/er/P5MKwNh2K33bKH8BNMqdZj9Mbbm3m2/ayglBlGS6r/
cPX74rAMtVgnKqGCesRkdl+BihrL2hQqZmrnuSXmFzJQfR2zZcZo5Jp8qhG157g/
/zQT+B+00gVA5LliQbA81kOzq/ZybRR3lS2gaHNFvV4KFqkAdvF8xP2bR0orw3Ck
HU4I1RILC3AQWA+vLhlcV4erXT8uHfatjBOI+zWvk/Q0
-----END CERTIFICATE-----