Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/xzV5QzNg67zlCtWVOU-CdicjYT4.roa
File:                     xzV5QzNg67zlCtWVOU-CdicjYT4.roa (raw, json)
Hash identifier:          WgxchXpn9jN9lV9ZkKlabxzibG/aLmIyTsDTURGNfk8=
Subject key identifier:   C7:35:79:43:33:60:EB:BC:E5:0A:D5:95:39:4F:82:76:27:23:61:3E
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC793568F83F0B626D3E86F642DDD54DE
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/xzV5QzNg67zlCtWVOU-CdicjYT4.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56876
IP address blocks:        194.233.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:56:8f:83:f0:b6:26:d3:e8:6f:64:2d:dd:54:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c73579433360ebbce50ad595394f82762723613e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a8:63:90:cd:e9:f9:f7:8f:72:7c:f1:86:cc:
                    8f:4d:12:33:62:48:8e:b6:91:fe:91:6a:7f:6f:c2:
                    ed:a9:b7:5c:db:ce:ca:5f:4c:9b:ab:26:95:b3:2f:
                    73:e5:83:07:46:90:ca:da:ac:6d:d0:54:e6:b8:20:
                    3d:dd:8b:92:6d:85:5c:16:b7:3c:66:a1:6c:6f:82:
                    77:cd:29:d0:60:5e:cc:c3:0c:ca:18:fd:af:f8:ae:
                    eb:28:8e:cb:94:2b:ea:84:e9:fc:43:b8:dd:b3:47:
                    51:e5:9f:95:07:a8:29:18:4a:30:cd:23:e2:78:92:
                    30:e9:96:df:28:be:de:fe:97:a6:5c:a0:42:4f:0e:
                    6f:8f:47:44:c5:80:c6:3a:a5:82:d3:ac:56:bd:e7:
                    35:62:ae:34:08:81:31:e4:30:3e:59:82:46:5d:c6:
                    45:f3:fe:b2:c4:19:38:f9:42:64:5b:da:12:0a:c2:
                    8e:51:8f:e6:47:38:ae:83:0b:1a:e5:4b:a2:4e:e8:
                    6c:dd:f7:4b:23:1a:eb:69:0f:c0:a2:b0:18:5b:7f:
                    df:3b:7a:d1:8f:6d:3f:9b:40:1d:d5:f7:d3:26:38:
                    b1:8d:a2:7d:9c:f7:47:de:51:c9:34:16:f5:0d:50:
                    db:38:b8:ee:f8:13:2e:5d:a4:dc:34:8b:31:98:37:
                    fd:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:35:79:43:33:60:EB:BC:E5:0A:D5:95:39:4F:82:76:27:23:61:3E
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/xzV5QzNg67zlCtWVOU-CdicjYT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.233.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:f4:eb:cc:3f:dd:5b:e2:b6:3f:5f:bd:f3:ac:29:5c:b8:90:
         9b:9f:b4:68:35:88:6b:bf:bb:7a:6f:d6:3e:c7:a2:4b:ea:c4:
         7c:53:7d:bf:97:24:d2:c7:a5:25:05:5b:22:30:7e:6a:21:3f:
         2a:0b:ab:83:76:0b:d3:5f:e6:ee:1d:9a:99:9a:e7:a3:08:1e:
         78:1a:a7:43:f3:8a:4f:2f:99:d2:f7:d8:84:ae:80:b5:5c:a4:
         b3:d5:8e:18:0e:24:ce:3e:f3:2d:77:f3:31:f0:81:44:c3:48:
         65:f1:c5:e6:98:bc:4b:6e:c7:cd:bb:60:95:ba:f6:fe:0e:ea:
         df:14:4f:46:68:c1:38:87:bd:cf:e1:11:92:ec:a9:00:b3:e8:
         45:9e:3f:f3:bf:ed:0e:42:2d:4a:fe:0f:2b:0d:1c:a9:76:a0:
         8d:60:c3:e7:de:7c:cf:f7:e7:29:e5:71:3e:5d:1a:87:4e:19:
         fe:55:19:cd:2b:d3:f7:35:d1:a7:f1:0a:15:e6:b1:11:8b:8e:
         cd:26:f2:6c:34:aa:5b:05:d9:97:01:63:8a:e0:6d:6a:64:07:
         62:7c:a8:a0:c6:68:ac:76:2d:a3:ee:61:e0:0f:60:ed:96:9f:
         1d:3d:04:7d:58:66:b5:f1:37:10:71:84:c5:56:81:1b:5a:d7:
         d8:10:ef:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1aPg/C2JtPob2Qt3VTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM1Nzk0MzMzNjBlYmJjZTUwYWQ1OTUzOTRmODI3NjI3MjM2MTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArahjkM3p+fePcnzxhsyPTRIzYkiO
tpH+kWp/b8Ltqbdc287KX0ybqyaVsy9z5YMHRpDK2qxt0FTmuCA93YuSbYVcFrc8
ZqFsb4J3zSnQYF7MwwzKGP2v+K7rKI7LlCvqhOn8Q7jds0dR5Z+VB6gpGEowzSPi
eJIw6ZbfKL7e/pemXKBCTw5vj0dExYDGOqWC06xWvec1Yq40CIEx5DA+WYJGXcZF
8/6yxBk4+UJkW9oSCsKOUY/mRziugwsa5UuiTuhs3fdLIxrraQ/AorAYW3/fO3rR
j20/m0Ad1ffTJjixjaJ9nPdH3lHJNBb1DVDbOLju+BMuXaTcNIsxmDf9LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc1eUMzYOu85QrVlTlPgnYnI2E+MB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEveHpWNVF6Tmc2N3psQ3RXVk9VLUNkaWNqWVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwukAMA0G
CSqGSIb3DQEBCwUAA4IBAQCA9OvMP91b4rY/X73zrClcuJCbn7RoNYhrv7t6b9Y+
x6JL6sR8U32/lyTSx6UlBVsiMH5qIT8qC6uDdgvTX+buHZqZmuejCB54GqdD84pP
L5nS99iEroC1XKSz1Y4YDiTOPvMtd/Mx8IFEw0hl8cXmmLxLbsfNu2CVuvb+Durf
FE9GaME4h73P4RGS7KkAs+hFnj/zv+0OQi1K/g8rDRypdqCNYMPn3nzP9+cp5XE+
XRqHThn+VRnNK9P3NdGn8QoV5rERi47NJvJsNKpbBdmXAWOK4G1qZAdifKigxmis
di2j7mHgD2Dtlp8dPQR9WGa18TcQcYTFVoEbWtfYEO9y
-----END CERTIFICATE-----