Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/674408-4163-4e7e-aab9-42ef33a26e66/1/i65zrl1ONa5vAOLXuUOapRU3fc0.roa
File:                     i65zrl1ONa5vAOLXuUOapRU3fc0.roa (raw, json)
Hash identifier:          xsWAYZeKrdH/Dqq9LXvJQiyeB80671ZePIrTq7KvFeg=
Subject key identifier:   8B:AE:73:AE:5D:4E:35:AE:6F:00:E2:D7:B9:43:9A:A5:15:37:7D:CD
Certificate issuer:       /CN=c83c4c9d2fce61665165c05a101e815047b64f6a
Certificate serial:       018D88DA093F1AB0B37C53DD82410004A568
Authority key identifier: C8:3C:4C:9D:2F:CE:61:66:51:65:C0:5A:10:1E:81:50:47:B6:4F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yDxMnS_OYWZRZcBaEB6BUEe2T2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/674408-4163-4e7e-aab9-42ef33a26e66/1/i65zrl1ONa5vAOLXuUOapRU3fc0.roa
Signing time:             Thu 08 Feb 2024 13:13:26 +0000
ROA not before:           Thu 08 Feb 2024 13:13:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197717
IP address blocks:        193.200.54.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/674408-4163-4e7e-aab9-42ef33a26e66/1/yDxMnS_OYWZRZcBaEB6BUEe2T2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/674408-4163-4e7e-aab9-42ef33a26e66/1/yDxMnS_OYWZRZcBaEB6BUEe2T2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yDxMnS_OYWZRZcBaEB6BUEe2T2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:da:09:3f:1a:b0:b3:7c:53:dd:82:41:00:04:a5:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c83c4c9d2fce61665165c05a101e815047b64f6a
        Validity
            Not Before: Feb  8 13:13:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bae73ae5d4e35ae6f00e2d7b9439aa515377dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d1:ce:39:16:d4:02:b1:c2:a0:2b:dc:ea:f6:
                    c9:c8:d3:bf:29:21:a3:ee:45:49:ed:79:77:d6:b1:
                    c4:d7:20:30:aa:ed:a4:7c:de:a7:db:17:a4:89:0e:
                    6c:7a:02:e2:6e:ee:af:79:ac:d6:84:62:7e:6c:61:
                    f0:7a:7e:ae:ec:31:b9:f1:14:a4:26:20:81:c7:ae:
                    86:20:9f:15:3d:78:73:fd:0e:b4:0d:a1:05:a0:06:
                    08:33:90:66:a9:d0:36:88:16:b5:6a:b4:af:27:02:
                    ef:41:03:21:75:2d:f9:31:fd:b8:95:df:1e:a2:af:
                    19:51:df:c4:f4:4b:17:22:9a:43:7b:f4:11:d0:4e:
                    55:a9:e8:30:81:f6:7c:ea:fc:95:f3:03:d8:60:1e:
                    8f:72:ba:7e:f6:00:78:1b:e7:e7:9d:9c:f9:da:89:
                    be:2f:be:6b:32:fd:b9:b5:2a:48:f0:9f:df:00:60:
                    a5:32:13:a0:a3:29:3a:a8:26:a4:3b:9c:74:e9:b4:
                    10:18:e7:69:af:34:8f:a6:7c:9f:4d:5d:64:c6:01:
                    5e:11:c8:b9:e4:4e:df:76:42:88:42:af:78:11:42:
                    00:da:2b:58:46:68:fb:41:88:20:18:12:eb:9f:57:
                    95:d2:28:a5:48:a7:9e:d5:3a:6e:56:e2:a4:77:ea:
                    4d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AE:73:AE:5D:4E:35:AE:6F:00:E2:D7:B9:43:9A:A5:15:37:7D:CD
            X509v3 Authority Key Identifier:
                keyid:C8:3C:4C:9D:2F:CE:61:66:51:65:C0:5A:10:1E:81:50:47:B6:4F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yDxMnS_OYWZRZcBaEB6BUEe2T2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/674408-4163-4e7e-aab9-42ef33a26e66/1/i65zrl1ONa5vAOLXuUOapRU3fc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/674408-4163-4e7e-aab9-42ef33a26e66/1/yDxMnS_OYWZRZcBaEB6BUEe2T2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:0c:a9:02:cf:48:89:33:aa:26:56:36:77:09:d8:36:46:88:
         2d:30:cd:8a:4e:dd:81:e8:25:e2:e7:7d:93:cb:f8:17:10:b9:
         d5:46:d4:9c:ea:11:4a:ae:f0:17:5e:f9:be:4f:b3:30:6c:c3:
         4f:7d:96:62:16:8d:bf:c3:8a:7c:1d:dc:4e:ba:6b:bc:32:23:
         60:43:df:b9:4b:82:3a:64:20:1d:8f:7c:cd:f7:c7:77:cb:a3:
         8e:7d:e0:d1:e7:95:c3:99:12:61:e0:80:5b:61:a9:79:c6:ab:
         7a:6b:7e:cf:0b:ee:a7:b4:6a:c1:7f:fe:f1:2b:a0:93:c2:12:
         df:c1:d8:90:f9:f9:7b:fc:ce:e7:ff:a1:10:1f:cc:9c:57:6b:
         39:5a:02:8f:23:2b:d1:9a:ba:21:c7:f0:53:01:6b:0b:5a:ac:
         de:bb:34:5c:7f:5f:29:8b:9c:3c:42:79:59:80:7b:fe:a9:8d:
         8a:d4:38:66:13:de:a3:34:1d:d0:3e:07:52:31:bb:d7:6a:0d:
         a5:45:d9:2a:4b:7d:f0:e6:05:37:d7:2b:c0:6e:be:f8:4b:14:
         66:4b:c6:7b:e8:10:54:96:64:f4:88:c6:7e:7a:4d:e5:b5:04:
         3c:d4:a1:c3:9b:ee:6e:16:f6:8d:a8:30:70:95:2d:0c:80:09:
         a5:9c:03:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2I2gk/GrCzfFPdgkEABKVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4M2M0YzlkMmZjZTYxNjY1MTY1YzA1YTEwMWU4MTUwNDdi
NjRmNmEwHhcNMjQwMjA4MTMxMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFlNzNhZTVkNGUzNWFlNmYwMGUyZDdiOTQzOWFhNTE1Mzc3ZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9HOORbUArHCoCvc6vbJyNO/KSGj
7kVJ7Xl31rHE1yAwqu2kfN6n2xekiQ5segLibu6veazWhGJ+bGHwen6u7DG58RSk
JiCBx66GIJ8VPXhz/Q60DaEFoAYIM5BmqdA2iBa1arSvJwLvQQMhdS35Mf24ld8e
oq8ZUd/E9EsXIppDe/QR0E5VqegwgfZ86vyV8wPYYB6Pcrp+9gB4G+fnnZz52om+
L75rMv25tSpI8J/fAGClMhOgoyk6qCakO5x06bQQGOdprzSPpnyfTV1kxgFeEci5
5E7fdkKIQq94EUIA2itYRmj7QYggGBLrn1eV0iilSKee1TpuVuKkd+pN9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuuc65dTjWubwDi17lDmqUVN33NMB8GA1UdIwQY
MBaAFMg8TJ0vzmFmUWXAWhAegVBHtk9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUR4TW5TX09ZV1pSWmNCYUVCNkJVRWUyVDJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NzQ0MDgtNDE2My00ZTdlLWFhYjkt
NDJlZjMzYTI2ZTY2LzEvaTY1enJsMU9OYTV2QU9MWHVVT2FwUlUzZmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NzQ0MDgtNDE2My00ZTdlLWFhYjktNDJlZjMzYTI2ZTY2
LzEveUR4TW5TX09ZV1pSWmNCYUVCNkJVRWUyVDJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcg2MA0G
CSqGSIb3DQEBCwUAA4IBAQCCDKkCz0iJM6omVjZ3Cdg2RogtMM2KTt2B6CXi532T
y/gXELnVRtSc6hFKrvAXXvm+T7MwbMNPfZZiFo2/w4p8HdxOumu8MiNgQ9+5S4I6
ZCAdj3zN98d3y6OOfeDR55XDmRJh4IBbYal5xqt6a37PC+6ntGrBf/7xK6CTwhLf
wdiQ+fl7/M7n/6EQH8ycV2s5WgKPIyvRmrohx/BTAWsLWqzeuzRcf18pi5w8QnlZ
gHv+qY2K1DhmE96jNB3QPgdSMbvXag2lRdkqS33w5gU31yvAbr74SxRmS8Z76BBU
lmT0iMZ+ek3ltQQ81KHDm+5uFvaNqDBwlS0MgAmlnAN4
-----END CERTIFICATE-----