Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/3e23d7-a3b7-416f-8810-1efa7cf773a0/1/xz0VRfxp-n7XcS2L28jX-ONn7Hk.roa
File:                     xz0VRfxp-n7XcS2L28jX-ONn7Hk.roa (raw, json)
Hash identifier:          ch0dwz/fQ7pZW8H2aa8erVn/P94gSAH7hH0MOqcE6Tc=
Subject key identifier:   C7:3D:15:45:FC:69:FA:7E:D7:71:2D:8B:DB:C8:D7:F8:E3:67:EC:79
Certificate issuer:       /CN=5ea68c853810d0320b156844f29317701b58610d
Certificate serial:       018CC802F6BB9554E948248D734F0FE513F6
Authority key identifier: 5E:A6:8C:85:38:10:D0:32:0B:15:68:44:F2:93:17:70:1B:58:61:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XqaMhTgQ0DILFWhE8pMXcBtYYQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/3e23d7-a3b7-416f-8810-1efa7cf773a0/1/xz0VRfxp-n7XcS2L28jX-ONn7Hk.roa
Signing time:             Tue 02 Jan 2024 02:31:26 +0000
ROA not before:           Tue 02 Jan 2024 02:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41901
IP address blocks:        194.169.231.0/24 maxlen: 24
                          194.34.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/3e23d7-a3b7-416f-8810-1efa7cf773a0/1/XqaMhTgQ0DILFWhE8pMXcBtYYQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/3e23d7-a3b7-416f-8810-1efa7cf773a0/1/XqaMhTgQ0DILFWhE8pMXcBtYYQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XqaMhTgQ0DILFWhE8pMXcBtYYQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f6:bb:95:54:e9:48:24:8d:73:4f:0f:e5:13:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ea68c853810d0320b156844f29317701b58610d
        Validity
            Not Before: Jan  2 02:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c73d1545fc69fa7ed7712d8bdbc8d7f8e367ec79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f9:48:54:aa:e1:25:1e:ef:86:a2:00:76:df:
                    12:db:f7:12:ea:26:90:f6:66:09:c5:fc:21:c2:83:
                    6d:2a:5f:7d:93:5f:c4:67:e8:e6:1f:e8:e1:f4:bc:
                    5d:29:ac:85:62:45:26:00:83:ef:d4:67:cd:1b:4d:
                    b0:19:d6:1d:ef:50:9e:da:94:af:db:24:e9:68:02:
                    a8:00:ea:ea:6b:c3:3e:ae:19:0d:9e:0d:93:68:70:
                    11:e0:ad:9c:01:7a:96:0e:ab:9d:b1:67:47:ed:50:
                    41:57:99:5d:9c:18:e6:5d:24:97:63:9f:27:03:e5:
                    53:cc:b6:d2:02:9d:15:18:44:fd:5d:70:dc:57:45:
                    f0:4e:46:fa:ca:50:af:4b:23:4a:5d:ed:43:24:62:
                    c6:83:86:17:df:a9:3e:94:6a:7e:f2:7f:45:9a:88:
                    ac:b8:c5:40:ca:ce:b9:f4:d6:9f:12:c3:71:ca:11:
                    7b:e2:4b:fe:d4:60:62:7c:90:9a:87:63:a9:b1:2e:
                    e9:cd:3e:c2:bd:4b:c6:f9:4f:74:8f:f9:7e:c5:84:
                    d4:1c:ff:2d:da:2c:24:c5:3c:7b:6f:83:c4:55:71:
                    29:2f:bd:ab:9d:46:29:6f:65:dc:b0:d1:65:97:df:
                    b5:de:c1:9c:84:11:e7:42:7e:9e:bc:30:de:f9:cb:
                    cb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:3D:15:45:FC:69:FA:7E:D7:71:2D:8B:DB:C8:D7:F8:E3:67:EC:79
            X509v3 Authority Key Identifier:
                keyid:5E:A6:8C:85:38:10:D0:32:0B:15:68:44:F2:93:17:70:1B:58:61:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XqaMhTgQ0DILFWhE8pMXcBtYYQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/3e23d7-a3b7-416f-8810-1efa7cf773a0/1/xz0VRfxp-n7XcS2L28jX-ONn7Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/3e23d7-a3b7-416f-8810-1efa7cf773a0/1/XqaMhTgQ0DILFWhE8pMXcBtYYQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.12.0/24
                  194.169.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:4a:7c:ac:3d:e6:ac:99:1c:65:84:21:5b:98:d8:98:a0:22:
         b0:03:0c:00:25:1d:fc:10:7d:2c:fd:5b:34:ff:77:a6:8b:e9:
         e5:aa:2a:17:47:c5:56:0b:e1:66:a1:31:59:6a:a3:cc:07:43:
         bc:3f:ad:55:59:d8:9b:69:54:2e:f7:04:50:30:b2:39:da:29:
         6c:a7:5a:b0:53:c1:94:96:1c:ac:1a:88:5b:7c:a7:bd:6e:36:
         a9:1b:19:c2:9b:6c:b5:d7:e7:e4:40:b3:2a:d3:7f:eb:d3:c4:
         5b:ce:2d:d7:d4:ef:b7:e1:82:bd:79:12:67:f7:30:12:0b:67:
         a0:c5:55:30:f6:58:f0:22:5a:62:81:ef:76:b0:d5:ac:51:2c:
         c8:74:77:92:fc:75:49:4b:e6:4f:e5:5a:08:fe:84:84:91:f4:
         66:cf:d9:98:21:02:b6:00:98:fc:9d:e9:27:fb:9d:1c:09:a1:
         69:56:48:8d:1c:88:b1:53:12:93:00:23:72:23:fd:c5:48:7e:
         58:ab:04:7e:e3:d8:72:d5:90:30:01:29:d5:ee:c5:a8:62:35:
         e6:21:89:1e:6c:ba:43:77:8f:7c:89:7d:be:d2:7b:bb:74:7b:
         c7:93:31:c9:06:4b:70:55:e0:0b:29:05:28:67:60:b8:17:4e:
         45:cd:3c:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAva7lVTpSCSNc08P5RP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYTY4Yzg1MzgxMGQwMzIwYjE1Njg0NGYyOTMxNzcwMWI1
ODYxMGQwHhcNMjQwMTAyMDIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzNkMTU0NWZjNjlmYTdlZDc3MTJkOGJkYmM4ZDdmOGUzNjdlYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/lIVKrhJR7vhqIAdt8S2/cS6iaQ
9mYJxfwhwoNtKl99k1/EZ+jmH+jh9LxdKayFYkUmAIPv1GfNG02wGdYd71Ce2pSv
2yTpaAKoAOrqa8M+rhkNng2TaHAR4K2cAXqWDqudsWdH7VBBV5ldnBjmXSSXY58n
A+VTzLbSAp0VGET9XXDcV0XwTkb6ylCvSyNKXe1DJGLGg4YX36k+lGp+8n9Fmois
uMVAys659NafEsNxyhF74kv+1GBifJCah2OpsS7pzT7CvUvG+U90j/l+xYTUHP8t
2iwkxTx7b4PEVXEpL72rnUYpb2XcsNFll9+13sGchBHnQn6evDDe+cvLNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMc9FUX8afp+13Eti9vI1/jjZ+x5MB8GA1UdIwQY
MBaAFF6mjIU4ENAyCxVoRPKTF3AbWGENMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHFhTWhUZ1EwRElMRldoRThwTVhjQnRZWVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8zZTIzZDctYTNiNy00MTZmLTg4MTAt
MWVmYTdjZjc3M2EwLzEveHowVlJmeHAtbjdYY1MyTDI4algtT05uN0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8zZTIzZDctYTNiNy00MTZmLTg4MTAtMWVmYTdjZjc3M2Ew
LzEvWHFhTWhUZ1EwRElMRldoRThwTVhjQnRZWVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiIMAwQA
wqnnMA0GCSqGSIb3DQEBCwUAA4IBAQB+SnysPeasmRxlhCFbmNiYoCKwAwwAJR38
EH0s/Vs0/3emi+nlqioXR8VWC+FmoTFZaqPMB0O8P61VWdibaVQu9wRQMLI52ils
p1qwU8GUlhysGohbfKe9bjapGxnCm2y11+fkQLMq03/r08Rbzi3X1O+34YK9eRJn
9zASC2egxVUw9ljwIlpige92sNWsUSzIdHeS/HVJS+ZP5VoI/oSEkfRmz9mYIQK2
AJj8nekn+50cCaFpVkiNHIixUxKTACNyI/3FSH5YqwR+49hy1ZAwASnV7sWoYjXm
IYkebLpDd498iX2+0nu7dHvHkzHJBktwVeALKQUoZ2C4F05FzTxI
-----END CERTIFICATE-----