Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/0b53BOz8rB8id026TK8RNfo9IhM.roa
File:                     0b53BOz8rB8id026TK8RNfo9IhM.roa (raw, json)
Hash identifier:          fsX6Vpn3Wxz4Nrvr+BbuElx8Z56UMVVOUzuYe2BNJdE=
Subject key identifier:   D1:BE:77:04:EC:FC:AC:1F:22:77:4D:BA:4C:AF:11:35:FA:3D:22:13
Certificate issuer:       /CN=95ea283635cb3bd1523a85ddc9caf530568d2f81
Certificate serial:       018CC4251467A214F6F43CF623F1E013CC44
Authority key identifier: 95:EA:28:36:35:CB:3B:D1:52:3A:85:DD:C9:CA:F5:30:56:8D:2F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/leooNjXLO9FSOoXdycr1MFaNL4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/0b53BOz8rB8id026TK8RNfo9IhM.roa
Signing time:             Mon 01 Jan 2024 08:30:13 +0000
ROA not before:           Mon 01 Jan 2024 08:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24920
IP address blocks:        193.111.122.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/leooNjXLO9FSOoXdycr1MFaNL4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/leooNjXLO9FSOoXdycr1MFaNL4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/leooNjXLO9FSOoXdycr1MFaNL4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:14:67:a2:14:f6:f4:3c:f6:23:f1:e0:13:cc:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95ea283635cb3bd1523a85ddc9caf530568d2f81
        Validity
            Not Before: Jan  1 08:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1be7704ecfcac1f22774dba4caf1135fa3d2213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5e:3e:c4:a0:91:18:f6:6a:53:92:3f:9a:29:
                    0f:b8:27:c3:b4:9b:e6:07:8c:d9:5e:d6:20:1e:af:
                    6d:83:b3:18:f3:93:03:1b:e6:79:c0:e5:df:3a:4d:
                    05:c8:ea:cf:ef:cc:33:f5:e3:c6:1a:70:8f:4e:86:
                    03:aa:8c:f9:40:8f:91:3b:08:91:0e:3b:50:27:34:
                    84:a1:f6:c4:b7:cd:9f:38:47:f2:a9:cf:21:35:0d:
                    b4:10:d8:f2:ee:7e:05:0a:ed:a8:9c:63:ba:08:0f:
                    d4:22:cd:e3:4c:2c:aa:b2:15:39:5c:89:67:83:68:
                    94:c8:44:54:4b:a8:37:37:85:2c:2f:e0:8b:5a:1b:
                    d2:69:e3:63:ca:8d:d8:b8:9a:d4:b5:14:75:25:e1:
                    e0:a8:83:05:6d:70:0a:a3:69:6b:01:a8:8d:c2:6a:
                    8b:ae:ed:4b:5c:20:c6:d9:96:67:d4:bf:52:86:31:
                    36:33:49:55:36:85:99:97:dc:ec:4d:f2:5b:52:6d:
                    c1:ce:bb:0e:25:1f:65:3a:4d:7a:2c:d4:f0:c5:96:
                    d3:09:99:da:30:bf:ec:8a:e1:83:8e:34:e8:9d:22:
                    2b:76:57:93:a6:c7:77:37:f0:6f:d4:40:b3:b9:39:
                    a8:34:c6:41:3f:c2:3d:4f:5b:3e:1f:e6:a4:90:b6:
                    02:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:BE:77:04:EC:FC:AC:1F:22:77:4D:BA:4C:AF:11:35:FA:3D:22:13
            X509v3 Authority Key Identifier:
                keyid:95:EA:28:36:35:CB:3B:D1:52:3A:85:DD:C9:CA:F5:30:56:8D:2F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/leooNjXLO9FSOoXdycr1MFaNL4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/0b53BOz8rB8id026TK8RNfo9IhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/leooNjXLO9FSOoXdycr1MFaNL4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:0c:8d:37:1f:18:73:7f:b7:27:69:40:9d:43:31:db:17:fd:
         37:72:9c:1d:f4:05:42:80:7d:59:45:eb:5a:62:39:96:28:f3:
         2c:e7:28:fd:6f:16:62:22:37:13:96:43:d7:59:79:bd:fa:09:
         50:df:ac:6c:ae:59:c6:f1:eb:4d:bd:41:b1:cb:3e:31:e6:b7:
         7d:b6:b4:63:14:c7:9b:65:e0:d9:b1:9d:91:f5:2d:78:48:10:
         64:cd:a0:81:6b:f8:c4:b9:db:a0:e5:b3:c0:df:78:3c:6d:70:
         58:73:7d:f7:2b:71:aa:c6:8e:31:7f:6d:91:dd:d7:e7:07:ce:
         86:cd:c5:b6:0c:ec:6e:a0:27:f7:8d:1d:15:19:1d:84:33:99:
         1d:87:c8:c0:98:e9:34:9a:2d:21:3e:af:8b:eb:70:3a:0a:5b:
         99:24:5f:b7:e0:a6:32:60:58:61:6c:72:07:bd:a6:4c:65:e5:
         2b:c3:4a:41:fc:55:d1:d8:12:41:e0:6b:6b:cd:8a:58:fe:a0:
         f5:35:1d:49:e8:43:59:ef:ee:87:9f:b0:c3:66:c8:9d:22:0d:
         e1:cc:40:d3:6e:e6:92:45:c2:4f:9d:84:7e:bc:f1:6e:9a:c2:
         c4:f9:03:b9:3b:66:0a:9d:01:50:5e:17:97:82:10:e7:4e:9c:
         3d:6f:e9:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRRnohT29Dz2I/HgE8xEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZWEyODM2MzVjYjNiZDE1MjNhODVkZGM5Y2FmNTMwNTY4
ZDJmODEwHhcNMjQwMTAxMDgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWJlNzcwNGVjZmNhYzFmMjI3NzRkYmE0Y2FmMTEzNWZhM2QyMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhV4+xKCRGPZqU5I/mikPuCfDtJvm
B4zZXtYgHq9tg7MY85MDG+Z5wOXfOk0FyOrP78wz9ePGGnCPToYDqoz5QI+ROwiR
DjtQJzSEofbEt82fOEfyqc8hNQ20ENjy7n4FCu2onGO6CA/UIs3jTCyqshU5XIln
g2iUyERUS6g3N4UsL+CLWhvSaeNjyo3YuJrUtRR1JeHgqIMFbXAKo2lrAaiNwmqL
ru1LXCDG2ZZn1L9ShjE2M0lVNoWZl9zsTfJbUm3BzrsOJR9lOk16LNTwxZbTCZna
ML/siuGDjjTonSIrdleTpsd3N/Bv1ECzuTmoNMZBP8I9T1s+H+akkLYCfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNG+dwTs/KwfIndNukyvETX6PSITMB8GA1UdIwQY
MBaAFJXqKDY1yzvRUjqF3cnK9TBWjS+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGVvb05qWExPOUZTT29YZHljcjFNRmFOTDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81YjQ2YmItMGFmNC00N2Q2LWE0Yjgt
N2JhMjY4NmVhNTE4LzEvMGI1M0JPejhyQjhpZDAyNlRLOFJOZm85SWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81YjQ2YmItMGFmNC00N2Q2LWE0YjgtN2JhMjY4NmVhNTE4
LzEvbGVvb05qWExPOUZTT29YZHljcjFNRmFOTDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW96MA0G
CSqGSIb3DQEBCwUAA4IBAQBwDI03Hxhzf7cnaUCdQzHbF/03cpwd9AVCgH1ZReta
YjmWKPMs5yj9bxZiIjcTlkPXWXm9+glQ36xsrlnG8etNvUGxyz4x5rd9trRjFMeb
ZeDZsZ2R9S14SBBkzaCBa/jEudug5bPA33g8bXBYc333K3Gqxo4xf22R3dfnB86G
zcW2DOxuoCf3jR0VGR2EM5kdh8jAmOk0mi0hPq+L63A6CluZJF+34KYyYFhhbHIH
vaZMZeUrw0pB/FXR2BJB4GtrzYpY/qD1NR1J6ENZ7+6Hn7DDZsidIg3hzEDTbuaS
RcJPnYR+vPFumsLE+QO5O2YKnQFQXheXghDnTpw9b+mP
-----END CERTIFICATE-----