Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/KXezRoFRDaACEhVG5e99QdkFVUE.roa
File:                     KXezRoFRDaACEhVG5e99QdkFVUE.roa (raw, json)
Hash identifier:          97l6XF0A33u/hw3FO9QqEgbIu6uz1LD2DRE+NF2pHVI=
Subject key identifier:   29:77:B3:46:81:51:0D:A0:02:12:15:46:E5:EF:7D:41:D9:05:55:41
Certificate issuer:       /CN=f8cfdc0e5edb1cc323f9344fe2827c793e95ac6f
Certificate serial:       018CC5011A5E8C53601F495378072FECF47B
Authority key identifier: F8:CF:DC:0E:5E:DB:1C:C3:23:F9:34:4F:E2:82:7C:79:3E:95:AC:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/KXezRoFRDaACEhVG5e99QdkFVUE.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        194.113.20.0/23 maxlen: 24
                          2001:678:b38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1a:5e:8c:53:60:1f:49:53:78:07:2f:ec:f4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8cfdc0e5edb1cc323f9344fe2827c793e95ac6f
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2977b34681510da002121546e5ef7d41d9055541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2b:51:e8:b6:80:06:2f:30:d7:4d:80:d3:ef:
                    5b:2b:36:00:50:93:fc:74:7d:90:50:2d:bc:a6:77:
                    27:5c:4f:74:50:d9:d4:28:79:61:19:88:86:c1:c0:
                    86:43:d5:e9:2d:ad:27:8c:81:50:e8:76:a9:a7:e7:
                    df:82:f5:30:35:bf:43:9e:58:62:71:44:4a:f3:b6:
                    e5:c9:c0:d3:a6:33:80:11:a5:eb:fb:ed:f7:41:2d:
                    6f:d4:2a:8e:4f:f4:01:12:7c:f1:44:8e:c1:c1:a6:
                    b9:f3:04:58:37:e4:c3:c5:c6:26:13:8b:ae:82:94:
                    9b:6b:c7:c9:8a:22:ed:75:76:70:be:46:1c:a7:d8:
                    74:ae:b9:3f:68:56:e5:e5:2b:46:b3:47:56:5e:91:
                    23:2e:67:f6:a8:60:ce:97:3b:d8:b3:75:d4:95:d1:
                    5b:8c:47:da:2f:50:b0:41:b3:f4:cc:08:e1:b1:33:
                    5d:64:87:54:b9:c3:03:6d:65:37:38:47:d8:d4:6d:
                    ff:da:d6:bc:3e:8d:10:99:58:b2:91:b4:f0:d1:cf:
                    91:ad:2e:b2:d1:11:d7:d8:ba:ea:18:6e:6a:75:b0:
                    86:e6:b7:a9:85:bb:19:6f:6b:6c:ff:1e:ad:f4:83:
                    23:1f:4b:49:6f:02:b9:ad:cb:f0:f1:01:cd:74:72:
                    d7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:77:B3:46:81:51:0D:A0:02:12:15:46:E5:EF:7D:41:D9:05:55:41
            X509v3 Authority Key Identifier:
                keyid:F8:CF:DC:0E:5E:DB:1C:C3:23:F9:34:4F:E2:82:7C:79:3E:95:AC:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/KXezRoFRDaACEhVG5e99QdkFVUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.20.0/23
                IPv6:
                  2001:678:b38::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:6b:62:1d:14:3b:49:e6:9e:3d:49:21:f0:06:d5:c6:2f:40:
         45:9c:44:c0:dc:26:d0:6f:09:57:62:51:3d:c5:29:15:eb:04:
         a1:6b:d2:56:80:05:e5:8e:9c:a5:b8:b8:a7:73:ba:b8:ad:9f:
         79:43:84:d7:59:54:23:bf:fc:4f:b2:5d:21:d9:92:76:d0:5f:
         69:d1:cf:5a:a7:67:7d:6e:2b:24:76:45:99:e1:e6:ef:ff:76:
         5e:7c:f9:6a:d3:2f:26:e0:ec:ee:fe:16:b8:a4:0a:f3:46:0e:
         b2:32:81:3d:f1:5b:a9:e8:10:e5:5d:25:80:91:31:74:fe:a7:
         e1:96:0e:ce:c0:90:92:87:68:56:bd:5a:c1:44:d5:f9:6b:14:
         3e:97:68:39:d5:5a:80:98:3a:52:ca:4b:f6:e5:b8:26:c6:d8:
         59:27:0d:08:ac:70:b4:e9:04:19:2c:47:0a:6d:bf:f2:9f:cb:
         19:3a:67:80:4f:2e:c3:a7:42:3d:96:73:cc:82:10:21:07:54:
         f0:df:65:d5:a0:da:3e:c0:ed:ac:a8:0f:66:43:2e:75:5d:78:
         fd:a3:68:91:ff:ac:24:6e:92:53:88:ea:4f:8d:e3:a0:e7:21:
         53:5e:b1:7f:e6:46:ce:b5:4c:4a:4e:70:58:04:28:59:14:fb:
         0f:b9:dc:15
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzFARpejFNgH0lTeAcv7PR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Y2ZkYzBlNWVkYjFjYzMyM2Y5MzQ0ZmUyODI3Yzc5M2U5
NWFjNmYwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc3YjM0NjgxNTEwZGEwMDIxMjE1NDZlNWVmN2Q0MWQ5MDU1NTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtytR6LaABi8w102A0+9bKzYAUJP8
dH2QUC28pncnXE90UNnUKHlhGYiGwcCGQ9XpLa0njIFQ6Happ+ffgvUwNb9Dnlhi
cURK87blycDTpjOAEaXr++33QS1v1CqOT/QBEnzxRI7Bwaa58wRYN+TDxcYmE4uu
gpSba8fJiiLtdXZwvkYcp9h0rrk/aFbl5StGs0dWXpEjLmf2qGDOlzvYs3XUldFb
jEfaL1CwQbP0zAjhsTNdZIdUucMDbWU3OEfY1G3/2ta8Po0QmViykbTw0c+RrS6y
0RHX2LrqGG5qdbCG5rephbsZb2ts/x6t9IMjH0tJbwK5rcvw8QHNdHLX3QIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFCl3s0aBUQ2gAhIVRuXvfUHZBVVBMB8GA1UdIwQY
MBaAFPjP3A5e2xzDI/k0T+KCfHk+laxvMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1NX2NEbDdiSE1Nai1UUlA0b0o4ZVQ2VnJHOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvZWRhOGVmLTM2ZDMtNDVkNC05MTFl
LTVmYTkwYzEzZTFiNy8xL0tYZXpSb0ZSRGFBQ0VoVkc1ZTk5UWRrRlZVRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTcvZWRhOGVmLTM2ZDMtNDVkNC05MTFlLTVmYTkwYzEzZTFi
Ny8xLzEtTV9jRGw3YkhNTWotVFJQNG9KOGVUNlZyRzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAHCcRQw
DwQCAAIwCQMHACABBngLODANBgkqhkiG9w0BAQsFAAOCAQEAVGtiHRQ7SeaePUkh
8AbVxi9ARZxEwNwm0G8JV2JRPcUpFesEoWvSVoAF5Y6cpbi4p3O6uK2feUOE11lU
I7/8T7JdIdmSdtBfadHPWqdnfW4rJHZFmeHm7/92Xnz5atMvJuDs7v4WuKQK80YO
sjKBPfFbqegQ5V0lgJExdP6n4ZYOzsCQkodoVr1awUTV+WsUPpdoOdVagJg6UspL
9uW4JsbYWScNCKxwtOkEGSxHCm2/8p/LGTpngE8uw6dCPZZzzIIQIQdU8N9l1aDa
PsDtrKgPZkMudV14/aNokf+sJG6SU4jqT43joOchU16xf+ZGzrVMSk5wWAQoWRT7
D7ncFQ==
-----END CERTIFICATE-----