Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/448c85-a966-4df2-98e4-a5a5ad06eb43/1/lEXlTYgc1VivLY8DRNAz_sz89Bw.roa
File:                     lEXlTYgc1VivLY8DRNAz_sz89Bw.roa (raw, json)
Hash identifier:          CiPmwSFuqQy+UuaJiDK6CkaDyZSY8qHcd7zI7jlyf2s=
Subject key identifier:   94:45:E5:4D:88:1C:D5:58:AF:2D:8F:03:44:D0:33:FE:CC:FC:F4:1C
Certificate issuer:       /CN=5e9b9bed8f8d3d579bb0552e4fc4b81986861e64
Certificate serial:       018CC8DF11E9608B1DB163983901F8CF8A7C
Authority key identifier: 5E:9B:9B:ED:8F:8D:3D:57:9B:B0:55:2E:4F:C4:B8:19:86:86:1E:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xpub7Y-NPVebsFUuT8S4GYaGHmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/448c85-a966-4df2-98e4-a5a5ad06eb43/1/lEXlTYgc1VivLY8DRNAz_sz89Bw.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24836
IP address blocks:        193.111.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/448c85-a966-4df2-98e4-a5a5ad06eb43/1/Xpub7Y-NPVebsFUuT8S4GYaGHmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/448c85-a966-4df2-98e4-a5a5ad06eb43/1/Xpub7Y-NPVebsFUuT8S4GYaGHmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xpub7Y-NPVebsFUuT8S4GYaGHmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:11:e9:60:8b:1d:b1:63:98:39:01:f8:cf:8a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e9b9bed8f8d3d579bb0552e4fc4b81986861e64
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9445e54d881cd558af2d8f0344d033feccfcf41c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dc:41:3a:42:af:49:d6:63:e1:b1:c2:f2:e2:
                    88:29:63:2b:e9:c6:46:ac:25:b0:9b:2e:72:1a:9d:
                    52:41:f6:59:dc:55:4a:d2:f0:30:2d:93:19:87:20:
                    af:d3:97:b4:67:1d:39:d2:e1:93:ba:76:a0:f1:6d:
                    bd:21:e4:47:13:d8:63:76:93:3f:2f:f5:34:82:aa:
                    ce:b1:d7:51:82:f0:c0:28:ef:6e:fc:06:de:2f:64:
                    ed:3f:62:fa:dc:bc:09:6e:ec:a3:41:21:9c:49:b5:
                    df:40:d1:92:1e:e3:10:0d:79:ed:07:99:c2:6f:87:
                    dd:33:0b:ae:27:c8:26:e5:4f:13:00:51:48:8f:df:
                    6b:89:2a:82:6c:dc:c2:15:36:17:4d:f7:29:d8:05:
                    da:6f:78:d6:c0:23:38:43:c0:79:81:68:d7:ca:c0:
                    39:40:c8:23:6f:27:1e:d7:e8:8d:29:82:5b:b0:9d:
                    01:19:8c:b8:d9:ea:2d:1e:57:a6:3e:02:1e:60:82:
                    ad:4a:cf:7f:de:58:a0:5b:6c:f7:3c:3d:af:d5:e8:
                    77:ec:7e:b0:05:2e:b3:0d:65:fb:6d:44:b5:7d:5a:
                    68:36:c5:da:e2:d3:12:fb:13:36:d1:8d:9f:f0:80:
                    01:4a:48:6a:1f:4d:02:7b:5b:39:a0:31:d4:30:81:
                    34:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:45:E5:4D:88:1C:D5:58:AF:2D:8F:03:44:D0:33:FE:CC:FC:F4:1C
            X509v3 Authority Key Identifier:
                keyid:5E:9B:9B:ED:8F:8D:3D:57:9B:B0:55:2E:4F:C4:B8:19:86:86:1E:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xpub7Y-NPVebsFUuT8S4GYaGHmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/448c85-a966-4df2-98e4-a5a5ad06eb43/1/lEXlTYgc1VivLY8DRNAz_sz89Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/448c85-a966-4df2-98e4-a5a5ad06eb43/1/Xpub7Y-NPVebsFUuT8S4GYaGHmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:53:f1:cf:0d:fc:1e:50:ff:b2:84:a1:36:e5:79:df:6c:37:
         08:65:0f:a8:3f:98:19:a3:dd:41:ac:f7:ec:15:14:e2:a3:78:
         f6:3e:7b:c5:81:54:d1:a7:fc:d5:19:62:9f:ac:d4:d8:9b:9d:
         f2:f8:06:dc:c7:0e:71:1d:26:67:12:2f:6b:88:49:52:77:e1:
         0b:04:39:e2:b7:91:4d:e7:8e:1f:e1:f4:60:9d:c3:5c:60:7a:
         1f:29:db:bb:c9:85:b4:23:d0:49:72:ab:98:e8:7a:17:57:b6:
         d0:60:ac:43:dc:42:13:e0:cb:e0:e7:1a:b6:74:39:8a:71:9e:
         57:a1:c8:c3:cd:8d:9a:b6:5e:31:ca:f9:e6:a8:22:51:43:ca:
         9f:14:63:5e:e8:82:7a:6c:d6:7c:4a:d4:f7:2e:0e:51:f4:ec:
         80:b2:f9:52:61:92:e6:42:b6:3f:3a:64:1b:14:07:84:a3:23:
         2d:02:5a:a6:a2:5d:a0:63:74:0e:88:cd:89:0a:c8:8a:0c:aa:
         8b:4b:2d:ef:49:dd:2e:c0:60:a6:95:b5:0b:77:c2:0c:a1:25:
         aa:67:8c:6c:fc:76:c5:91:9d:af:4c:be:2e:9f:08:4d:02:fc:
         8f:60:40:02:90:1a:ca:3f:ab:bf:a5:c5:b0:99:70:6a:8c:c1:
         88:19:39:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xHpYIsdsWOYOQH4z4p8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOWI5YmVkOGY4ZDNkNTc5YmIwNTUyZTRmYzRiODE5ODY4
NjFlNjQwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQ1ZTU0ZDg4MWNkNTU4YWYyZDhmMDM0NGQwMzNmZWNjZmNmNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09xBOkKvSdZj4bHC8uKIKWMr6cZG
rCWwmy5yGp1SQfZZ3FVK0vAwLZMZhyCv05e0Zx050uGTunag8W29IeRHE9hjdpM/
L/U0gqrOsddRgvDAKO9u/AbeL2TtP2L63LwJbuyjQSGcSbXfQNGSHuMQDXntB5nC
b4fdMwuuJ8gm5U8TAFFIj99riSqCbNzCFTYXTfcp2AXab3jWwCM4Q8B5gWjXysA5
QMgjbyce1+iNKYJbsJ0BGYy42eotHlemPgIeYIKtSs9/3ligW2z3PD2v1eh37H6w
BS6zDWX7bUS1fVpoNsXa4tMS+xM20Y2f8IABSkhqH00Ce1s5oDHUMIE0xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRF5U2IHNVYry2PA0TQM/7M/PQcMB8GA1UdIwQY
MBaAFF6bm+2PjT1Xm7BVLk/EuBmGhh5kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHB1YjdZLU5QVmVic0ZVdVQ4UzRHWWFHSG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80NDhjODUtYTk2Ni00ZGYyLTk4ZTQt
YTVhNWFkMDZlYjQzLzEvbEVYbFRZZ2MxVml2TFk4RFJOQXpfc3o4OUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80NDhjODUtYTk2Ni00ZGYyLTk4ZTQtYTVhNWFkMDZlYjQz
LzEvWHB1YjdZLU5QVmVic0ZVdVQ4UzRHWWFHSG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW+jMA0G
CSqGSIb3DQEBCwUAA4IBAQCyU/HPDfweUP+yhKE25XnfbDcIZQ+oP5gZo91BrPfs
FRTio3j2PnvFgVTRp/zVGWKfrNTYm53y+Abcxw5xHSZnEi9riElSd+ELBDnit5FN
544f4fRgncNcYHofKdu7yYW0I9BJcquY6HoXV7bQYKxD3EIT4Mvg5xq2dDmKcZ5X
ocjDzY2atl4xyvnmqCJRQ8qfFGNe6IJ6bNZ8StT3Lg5R9OyAsvlSYZLmQrY/OmQb
FAeEoyMtAlqmol2gY3QOiM2JCsiKDKqLSy3vSd0uwGCmlbULd8IMoSWqZ4xs/HbF
kZ2vTL4unwhNAvyPYEACkBrKP6u/pcWwmXBqjMGIGTn2
-----END CERTIFICATE-----