Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/xEs-YhJvANpj1HlEo6Z_xHeLdfM.roa
File:                     xEs-YhJvANpj1HlEo6Z_xHeLdfM.roa (raw, json)
Hash identifier:          Tjaoo0LdZNhM4eOHP59cv1CiZuZmN9BgGtbSLRyJlG4=
Subject key identifier:   C4:4B:3E:62:12:6F:00:DA:63:D4:79:44:A3:A6:7F:C4:77:8B:75:F3
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018EE8FAACCFA42B4E3A736AFEECDC78CC4B
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/xEs-YhJvANpj1HlEo6Z_xHeLdfM.roa
Signing time:             Tue 16 Apr 2024 22:15:25 +0000
ROA not before:           Tue 16 Apr 2024 22:15:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215151
IP address blocks:        185.83.202.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e8:fa:ac:cf:a4:2b:4e:3a:73:6a:fe:ec:dc:78:cc:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Apr 16 22:15:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c44b3e62126f00da63d47944a3a67fc4778b75f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6c:5b:99:0a:0f:14:26:86:3c:33:af:3a:68:
                    3a:00:c7:c9:91:85:63:68:a4:1f:9e:b6:3a:65:8c:
                    22:a8:fd:38:f4:f7:13:c5:c8:e6:b9:a8:4d:fd:46:
                    fb:d4:37:df:b8:dc:5f:53:fb:1c:4d:00:77:14:59:
                    02:a2:3d:b3:c0:08:26:00:95:ee:ea:a3:4a:2b:2e:
                    ae:56:c8:d4:42:1f:b7:f3:3a:ee:7d:ff:1b:f8:7e:
                    db:94:7a:87:d4:04:de:79:28:6a:ff:87:91:30:f1:
                    0a:7f:6d:c7:9e:d2:41:7d:0c:ab:b7:bc:92:b7:a9:
                    aa:e9:01:a4:e0:e2:cd:ed:09:1e:eb:c0:5b:36:8f:
                    42:eb:ca:fb:b5:6c:bd:f8:32:4b:33:0e:6e:68:2e:
                    d5:77:19:a4:8e:d7:d3:f8:e7:da:d1:fc:af:93:71:
                    38:e0:de:d6:74:9f:85:46:af:0d:09:32:ae:ad:03:
                    61:4e:85:0f:15:05:9c:e1:47:38:5a:a2:7c:85:c3:
                    75:54:89:99:aa:32:87:ef:0f:bb:f1:09:4e:6e:95:
                    ba:ba:c6:6f:d8:31:5c:e5:af:f5:b5:04:fd:02:1e:
                    41:ac:4f:a1:94:67:7e:56:3c:67:55:93:10:0a:b9:
                    bc:d9:4d:2a:10:34:da:5f:97:c6:66:22:95:4c:71:
                    25:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:4B:3E:62:12:6F:00:DA:63:D4:79:44:A3:A6:7F:C4:77:8B:75:F3
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/xEs-YhJvANpj1HlEo6Z_xHeLdfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:ea:e9:98:33:66:9f:77:c5:f2:e3:c3:f8:6c:37:a1:f1:c4:
         c6:59:1a:cf:7a:70:94:4a:db:f7:b6:0d:d0:df:37:7f:92:2c:
         d3:55:1e:71:84:fc:a0:9e:53:bf:f0:3f:c2:10:67:d9:34:99:
         e1:26:c2:ab:53:b2:0c:3b:ed:3b:ba:5a:92:33:05:96:60:04:
         c7:55:df:8f:3d:9b:4b:9d:bf:81:55:77:81:9f:d8:e4:4c:10:
         70:97:3d:af:8f:b1:27:58:e6:f1:70:90:85:7e:ea:a4:d6:69:
         e2:78:85:6f:41:27:4f:07:33:fa:3b:6e:68:ff:b3:06:88:9e:
         c8:eb:67:12:4c:e9:89:6f:f8:75:79:55:39:fc:6e:e6:aa:8b:
         5f:8b:61:14:eb:e2:09:7f:d4:93:da:19:d1:98:37:75:74:02:
         0f:da:69:7f:fc:ec:3d:e1:9a:c0:da:18:6c:a5:2b:94:67:fc:
         af:d1:43:ec:f5:5d:92:9a:df:55:81:54:1c:b9:f0:5f:59:16:
         8a:4f:2a:29:54:c4:96:ce:16:df:b7:43:cd:47:6d:cf:1c:6a:
         c6:ff:6f:9f:0d:a4:47:e8:c6:8d:07:a0:c4:1f:41:25:eb:f8:
         d7:23:4e:be:16:2e:c5:84:31:6c:fc:9f:f4:dd:cd:71:06:4f:
         12:0e:5e:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7o+qzPpCtOOnNq/uzceMxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwNDE2MjIxNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRiM2U2MjEyNmYwMGRhNjNkNDc5NDRhM2E2N2ZjNDc3OGI3NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWxbmQoPFCaGPDOvOmg6AMfJkYVj
aKQfnrY6ZYwiqP049PcTxcjmuahN/Ub71DffuNxfU/scTQB3FFkCoj2zwAgmAJXu
6qNKKy6uVsjUQh+38zruff8b+H7blHqH1ATeeShq/4eRMPEKf23HntJBfQyrt7yS
t6mq6QGk4OLN7Qke68BbNo9C68r7tWy9+DJLMw5uaC7VdxmkjtfT+Ofa0fyvk3E4
4N7WdJ+FRq8NCTKurQNhToUPFQWc4Uc4WqJ8hcN1VImZqjKH7w+78QlObpW6usZv
2DFc5a/1tQT9Ah5BrE+hlGd+VjxnVZMQCrm82U0qEDTaX5fGZiKVTHElpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRLPmISbwDaY9R5RKOmf8R3i3XzMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEveEVzLVloSnZBTnBqMUhsRW82Wl94SGVMZGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVPKMA0G
CSqGSIb3DQEBCwUAA4IBAQBl6umYM2afd8Xy48P4bDeh8cTGWRrPenCUStv3tg3Q
3zd/kizTVR5xhPygnlO/8D/CEGfZNJnhJsKrU7IMO+07ulqSMwWWYATHVd+PPZtL
nb+BVXeBn9jkTBBwlz2vj7EnWObxcJCFfuqk1mnieIVvQSdPBzP6O25o/7MGiJ7I
62cSTOmJb/h1eVU5/G7mqotfi2EU6+IJf9ST2hnRmDd1dAIP2ml//Ow94ZrA2hhs
pSuUZ/yv0UPs9V2Smt9VgVQcufBfWRaKTyopVMSWzhbft0PNR23PHGrG/2+fDaRH
6MaNB6DEH0El6/jXI06+Fi7FhDFs/J/03c1xBk8SDl7y
-----END CERTIFICATE-----