Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/XSzUVIGQIMcfp7Jo7T5OCeSulVo.roa
File:                     XSzUVIGQIMcfp7Jo7T5OCeSulVo.roa (raw, json)
Hash identifier:          wz7pp3Uu8QCTYCVxnghFDs9J2ZPyBB5acBpQc1wnRgU=
Subject key identifier:   5D:2C:D4:54:81:90:20:C7:1F:A7:B2:68:ED:3E:4E:09:E4:AE:95:5A
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BB53F5E76945E7C2B6DE0A16F87FB
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/XSzUVIGQIMcfp7Jo7T5OCeSulVo.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24724
IP address blocks:        193.111.37.0/24 maxlen: 24
                          193.111.38.0/24 maxlen: 24
                          212.91.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b5:3f:5e:76:94:5e:7c:2b:6d:e0:a1:6f:87:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d2cd454819020c71fa7b268ed3e4e09e4ae955a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:62:99:88:48:25:ad:ba:d8:4a:d5:61:de:75:
                    cc:b4:fb:d9:6a:90:0d:0a:fa:bb:8b:42:d9:68:ba:
                    61:00:cd:4a:fb:89:da:bb:51:03:d0:a1:b0:db:ba:
                    6b:ba:5e:3e:8a:80:a5:07:18:09:df:31:6d:63:e7:
                    1b:e1:fb:f6:0a:49:d6:0b:2f:b0:67:03:37:5b:54:
                    71:3c:f3:83:33:74:a4:6b:b7:ef:73:6d:e1:e0:e6:
                    4e:56:ef:10:87:8f:52:58:94:b7:8f:b8:8b:27:d7:
                    be:43:58:82:64:10:f6:67:b2:59:77:51:c6:09:68:
                    e2:21:f9:47:e5:0f:a5:8b:34:c3:7c:b0:63:80:05:
                    81:f5:3b:48:4b:b9:58:3e:0b:97:f2:b5:cf:d2:d4:
                    6e:e4:03:f9:d7:bc:c3:5d:52:ab:f0:ed:28:5b:b5:
                    1b:53:19:6b:7d:82:ad:75:32:ae:9d:fd:30:0f:8f:
                    7a:7e:fb:47:a1:06:e6:47:5c:9d:89:eb:e4:89:61:
                    de:b8:86:7c:c5:14:69:cd:18:a6:ed:35:81:92:b6:
                    06:a0:b1:53:2c:1e:3c:24:93:93:87:54:12:de:7c:
                    3d:43:59:3b:c2:0b:d7:21:e5:23:59:e0:27:10:e6:
                    21:6f:38:5d:7d:a2:d6:55:8a:41:42:9f:f8:e8:04:
                    9f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:2C:D4:54:81:90:20:C7:1F:A7:B2:68:ED:3E:4E:09:E4:AE:95:5A
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/XSzUVIGQIMcfp7Jo7T5OCeSulVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.37.0-193.111.38.255
                  212.91.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:88:78:b2:10:71:11:3f:06:03:eb:70:3e:e5:ed:83:d2:60:
         83:23:2f:a4:02:fe:91:65:aa:24:d1:1f:48:51:74:cc:e3:07:
         a2:d6:ea:26:b3:e5:88:6a:7d:2e:af:d1:bb:88:4d:0f:05:45:
         44:8e:90:48:1d:b7:66:de:13:5a:c3:84:c5:69:0f:a0:f2:86:
         77:85:d7:86:5c:91:cb:2d:69:5d:74:99:6b:d0:cf:d5:2f:c4:
         d4:61:10:4e:a0:97:05:86:16:95:30:8b:1e:c8:84:c5:ed:ff:
         f5:ff:bb:2c:8d:b5:b6:50:89:59:40:7a:b3:70:5c:ad:69:00:
         4d:ad:3d:b6:0c:a0:f4:e5:4d:58:87:7c:61:ec:cc:fd:78:71:
         ef:b3:7f:8c:c9:06:ae:0e:e4:43:87:bf:2b:96:bd:5f:24:79:
         28:d7:d2:ff:45:a5:9f:93:7d:a1:b2:8a:3e:80:ca:e2:b9:0f:
         c2:5d:b8:74:9c:06:4a:e5:42:cc:59:49:65:9a:39:91:de:de:
         8d:24:dd:61:ef:09:b2:5b:88:db:b7:e6:eb:81:d3:29:21:a9:
         b2:0d:f3:3e:db:b0:69:ba:2a:f1:20:e5:e8:8d:17:e8:c7:8d:
         70:35:4e:22:11:6f:05:24:0f:d0:76:02:f7:d9:fe:db:db:3c:
         9a:ea:b7:da
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKK7U/XnaUXnwrbeChb4f7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDJjZDQ1NDgxOTAyMGM3MWZhN2IyNjhlZDNlNGUwOWU0YWU5NTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGKZiEglrbrYStVh3nXMtPvZapAN
Cvq7i0LZaLphAM1K+4nau1ED0KGw27prul4+ioClBxgJ3zFtY+cb4fv2CknWCy+w
ZwM3W1RxPPODM3Ska7fvc23h4OZOVu8Qh49SWJS3j7iLJ9e+Q1iCZBD2Z7JZd1HG
CWjiIflH5Q+lizTDfLBjgAWB9TtIS7lYPguX8rXP0tRu5AP517zDXVKr8O0oW7Ub
UxlrfYKtdTKunf0wD496fvtHoQbmR1ydievkiWHeuIZ8xRRpzRim7TWBkrYGoLFT
LB48JJOTh1QS3nw9Q1k7wgvXIeUjWeAnEOYhbzhdfaLWVYpBQp/46ASf/wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFF0s1FSBkCDHH6eyaO0+TgnkrpVaMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvWFN6VVZJR1FJTWNmcDdKbzdUNU9DZVN1bFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADBbyUD
BADBbyYDBAHUWwgwDQYJKoZIhvcNAQELBQADggEBABGIeLIQcRE/BgPrcD7l7YPS
YIMjL6QC/pFlqiTRH0hRdMzjB6LW6iaz5YhqfS6v0buITQ8FRUSOkEgdt2beE1rD
hMVpD6DyhneF14ZckcstaV10mWvQz9UvxNRhEE6glwWGFpUwix7IhMXt//X/uyyN
tbZQiVlAerNwXK1pAE2tPbYMoPTlTViHfGHszP14ce+zf4zJBq4O5EOHvyuWvV8k
eSjX0v9FpZ+TfaGyij6AyuK5D8JduHScBkrlQsxZSWWaOZHe3o0k3WHvCbJbiNu3
5uuB0ykhqbIN8z7bsGm6KvEg5eiNF+jHjXA1TiIRbwUkD9B2AvfZ/tvbPJrqt9o=
-----END CERTIFICATE-----