Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/Xlu6SL0BxvrzSTpJ9ImdLxbgtE8.roa
File:                     Xlu6SL0BxvrzSTpJ9ImdLxbgtE8.roa (raw, json)
Hash identifier:          t8KX+qRHM54JTSi9BRh4Du+JLQByGXdlj9uORbh9pyI=
Subject key identifier:   5E:5B:BA:48:BD:01:C6:FA:F3:49:3A:49:F4:89:9D:2F:16:E0:B4:4F
Certificate issuer:       /CN=4ca13bdea54f76b8a85712afdb615186b33838c1
Certificate serial:       018CC49355B2E4BE8AEFF631DB6AA961314F
Authority key identifier: 4C:A1:3B:DE:A5:4F:76:B8:A8:57:12:AF:DB:61:51:86:B3:38:38:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/Xlu6SL0BxvrzSTpJ9ImdLxbgtE8.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47309
IP address blocks:        194.8.90.0/23 maxlen: 23
                          130.0.20.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:55:b2:e4:be:8a:ef:f6:31:db:6a:a9:61:31:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca13bdea54f76b8a85712afdb615186b33838c1
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e5bba48bd01c6faf3493a49f4899d2f16e0b44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3b:ff:5b:ed:09:33:97:04:82:50:73:57:e1:
                    b8:5c:20:7e:4c:c8:c2:ce:19:40:e8:15:fa:4d:20:
                    4c:a0:8b:61:45:44:4b:f3:e0:0f:fd:f0:f6:fb:59:
                    5a:a9:54:54:48:ea:9d:21:18:59:53:96:ac:f9:b1:
                    d0:07:f8:3f:99:c9:16:af:32:c0:e3:f6:e7:b7:47:
                    61:0c:1b:4f:dc:79:35:98:61:04:c0:91:2c:8d:43:
                    d6:02:6c:5f:d2:26:fd:39:42:22:29:cf:23:c2:a9:
                    f7:e1:b9:2b:f9:80:a0:3c:07:17:ee:ae:30:c6:c6:
                    df:fb:3b:82:51:54:0b:03:1a:e7:20:3b:eb:5c:09:
                    54:99:41:b7:bb:b7:00:a2:9a:51:bd:0a:e1:cb:b0:
                    77:ab:6a:24:2e:15:ec:66:ab:bf:72:77:95:7c:2f:
                    be:69:bd:29:99:e2:d1:97:ae:f1:4c:31:a6:79:b1:
                    57:51:99:91:7b:85:e3:0f:7c:66:19:36:cd:82:39:
                    f0:69:e9:c1:0b:ec:e5:87:eb:04:b3:29:90:73:01:
                    ac:7f:fa:d5:bd:e6:4d:e4:2c:90:3b:52:8f:7b:86:
                    96:f0:11:da:12:19:63:41:ea:29:8a:1c:57:2d:8e:
                    da:ec:a5:2b:45:c0:9b:de:7a:96:7a:6f:6c:4c:46:
                    4b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:5B:BA:48:BD:01:C6:FA:F3:49:3A:49:F4:89:9D:2F:16:E0:B4:4F
            X509v3 Authority Key Identifier:
                keyid:4C:A1:3B:DE:A5:4F:76:B8:A8:57:12:AF:DB:61:51:86:B3:38:38:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKE73qVPdrioVxKv22FRhrM4OME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/Xlu6SL0BxvrzSTpJ9ImdLxbgtE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c62d13-7f03-4d19-8b46-fc91433d367d/1/TKE73qVPdrioVxKv22FRhrM4OME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.0.20.0/23
                  194.8.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:b8:00:94:78:15:30:5f:15:39:97:8b:c5:3c:7f:70:48:fe:
         f6:21:51:3f:12:d7:cd:ac:0b:fd:3a:34:00:6c:64:58:b2:ac:
         b5:81:46:cb:98:c1:59:d2:9a:ae:ad:ea:44:bf:57:ab:95:19:
         59:a5:85:ae:2f:88:58:e7:79:6c:e8:4d:d5:51:8c:4d:3d:4a:
         51:9e:60:bb:b9:fe:e9:06:c1:ed:84:dd:c2:e4:b1:f5:fa:fe:
         7f:bc:75:dd:0d:23:e0:9e:9d:65:13:36:37:39:ff:76:ff:4c:
         fd:5c:91:18:02:e7:80:72:5d:62:6e:43:73:5a:05:59:7b:31:
         e1:dd:97:01:3d:3f:b6:76:a7:06:9c:98:d4:e2:29:c3:5b:f8:
         1d:e3:45:f0:59:b1:16:72:a9:03:65:58:e9:8d:fc:c0:7b:9a:
         1a:c9:08:91:07:b6:8f:7a:7c:cb:ec:97:62:31:ab:e7:c5:53:
         58:a4:53:74:98:26:6a:bf:ad:f3:81:61:d8:74:8d:c3:3c:2c:
         f5:39:21:34:79:1e:9b:08:8a:a1:22:93:65:f2:94:bf:f5:ac:
         39:5e:8e:fa:e0:f3:52:cd:3b:00:83:f2:24:74:cc:80:3a:d7:
         38:67:a3:4f:52:eb:d4:0a:3d:ad:c7:46:d5:ee:0a:d4:7e:bf:
         92:af:38:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk1Wy5L6K7/Yx22qpYTFPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTEzYmRlYTU0Zjc2YjhhODU3MTJhZmRiNjE1MTg2YjMz
ODM4YzEwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTViYmE0OGJkMDFjNmZhZjM0OTNhNDlmNDg5OWQyZjE2ZTBiNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDv/W+0JM5cEglBzV+G4XCB+TMjC
zhlA6BX6TSBMoIthRURL8+AP/fD2+1laqVRUSOqdIRhZU5as+bHQB/g/mckWrzLA
4/bnt0dhDBtP3Hk1mGEEwJEsjUPWAmxf0ib9OUIiKc8jwqn34bkr+YCgPAcX7q4w
xsbf+zuCUVQLAxrnIDvrXAlUmUG3u7cAoppRvQrhy7B3q2okLhXsZqu/cneVfC++
ab0pmeLRl67xTDGmebFXUZmRe4XjD3xmGTbNgjnwaenBC+zlh+sEsymQcwGsf/rV
veZN5CyQO1KPe4aW8BHaEhljQeopihxXLY7a7KUrRcCb3nqWem9sTEZLBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF5buki9Acb680k6SfSJnS8W4LRPMB8GA1UdIwQY
MBaAFEyhO96lT3a4qFcSr9thUYazODjBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtFNzNxVlBkcmlvVnhLdjIyRlJock00T01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNjJkMTMtN2YwMy00ZDE5LThiNDYt
ZmM5MTQzM2QzNjdkLzEvWGx1NlNMMEJ4dnJ6U1RwSjlJbWRMeGJndEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNjJkMTMtN2YwMy00ZDE5LThiNDYtZmM5MTQzM2QzNjdk
LzEvVEtFNzNxVlBkcmlvVnhLdjIyRlJock00T01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBggAUAwQB
wghaMA0GCSqGSIb3DQEBCwUAA4IBAQBtuACUeBUwXxU5l4vFPH9wSP72IVE/EtfN
rAv9OjQAbGRYsqy1gUbLmMFZ0pqurepEv1erlRlZpYWuL4hY53ls6E3VUYxNPUpR
nmC7uf7pBsHthN3C5LH1+v5/vHXdDSPgnp1lEzY3Of92/0z9XJEYAueAcl1ibkNz
WgVZezHh3ZcBPT+2dqcGnJjU4inDW/gd40XwWbEWcqkDZVjpjfzAe5oayQiRB7aP
enzL7JdiMavnxVNYpFN0mCZqv63zgWHYdI3DPCz1OSE0eR6bCIqhIpNl8pS/9aw5
Xo764PNSzTsAg/IkdMyAOtc4Z6NPUuvUCj2tx0bV7grUfr+SrzgR
-----END CERTIFICATE-----