Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/30cd87-f375-4b93-8d39-65d6ca3f49d8/1/X717aLsLlgnVlUzVlfB1ws7L4zs.roa
File:                     X717aLsLlgnVlUzVlfB1ws7L4zs.roa (raw, json)
Hash identifier:          gTPCXh6ROvOy5smU0nN+o5TkY8PXCrQjS5cokgafSJk=
Subject key identifier:   5F:BD:7B:68:BB:0B:96:09:D5:95:4C:D5:95:F0:75:C2:CE:CB:E3:3B
Certificate issuer:       /CN=69525a362e87705a1ec022d16560f276d59cee1d
Certificate serial:       018CC56EDB6354931C5D096D847F6DC611AC
Authority key identifier: 69:52:5A:36:2E:87:70:5A:1E:C0:22:D1:65:60:F2:76:D5:9C:EE:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVJaNi6HcFoewCLRZWDydtWc7h0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/30cd87-f375-4b93-8d39-65d6ca3f49d8/1/X717aLsLlgnVlUzVlfB1ws7L4zs.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21263
IP address blocks:        194.0.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/30cd87-f375-4b93-8d39-65d6ca3f49d8/1/aVJaNi6HcFoewCLRZWDydtWc7h0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/30cd87-f375-4b93-8d39-65d6ca3f49d8/1/aVJaNi6HcFoewCLRZWDydtWc7h0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVJaNi6HcFoewCLRZWDydtWc7h0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:db:63:54:93:1c:5d:09:6d:84:7f:6d:c6:11:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69525a362e87705a1ec022d16560f276d59cee1d
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fbd7b68bb0b9609d5954cd595f075c2cecbe33b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ab:15:c6:4b:54:60:0f:e4:c8:85:09:bb:32:
                    ff:2a:65:bd:33:23:52:04:a2:31:02:4c:11:54:a3:
                    fa:e8:55:5a:21:01:02:fb:92:51:0d:04:e5:a1:24:
                    b4:31:2e:69:aa:b9:37:1d:a8:a5:6a:4e:65:e2:68:
                    82:23:c5:66:1d:79:bb:e5:93:dc:fb:00:3f:d2:5f:
                    04:fd:39:8f:45:31:5c:09:cb:8c:2c:ed:b3:8a:67:
                    f0:62:15:8f:6d:85:4d:ea:20:76:a8:09:a2:67:74:
                    da:3f:e3:e7:86:df:f2:cb:3f:51:42:f3:64:36:55:
                    4b:f9:ce:9c:e7:02:10:d1:fc:63:eb:6b:c3:26:2e:
                    57:e7:7f:b7:62:58:cf:b0:7c:75:57:03:d6:2f:ba:
                    c8:89:cf:02:0e:71:24:dc:33:0e:b0:0b:71:5e:77:
                    08:25:85:68:aa:9c:1c:c0:85:53:8c:b6:7f:4c:f9:
                    09:3d:e7:32:25:7d:a9:18:e3:1c:17:78:ac:bd:ca:
                    0f:f1:84:19:09:00:dd:49:a2:75:2d:10:e5:83:85:
                    f3:d3:e1:db:b2:4b:26:5c:d4:2f:1d:2e:1e:5f:b2:
                    5c:c4:a4:07:f6:59:7f:1b:b0:f3:91:b1:ea:c0:c7:
                    85:8e:2a:44:c8:a6:82:9a:16:41:e5:50:2a:f3:8b:
                    88:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:BD:7B:68:BB:0B:96:09:D5:95:4C:D5:95:F0:75:C2:CE:CB:E3:3B
            X509v3 Authority Key Identifier:
                keyid:69:52:5A:36:2E:87:70:5A:1E:C0:22:D1:65:60:F2:76:D5:9C:EE:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVJaNi6HcFoewCLRZWDydtWc7h0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/30cd87-f375-4b93-8d39-65d6ca3f49d8/1/X717aLsLlgnVlUzVlfB1ws7L4zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/30cd87-f375-4b93-8d39-65d6ca3f49d8/1/aVJaNi6HcFoewCLRZWDydtWc7h0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:1c:e2:92:48:24:9d:bc:86:b1:28:16:44:10:fc:d4:b4:e1:
         7f:7f:e0:0c:44:8e:fe:ac:0e:6a:81:be:60:e1:83:38:5b:2e:
         65:a7:4e:88:30:e8:d0:80:86:65:c1:6e:9d:ab:f7:bb:13:51:
         7b:49:ff:3d:52:a9:ee:93:6b:80:d3:d3:91:8a:af:da:95:d3:
         2b:2e:63:aa:e5:c2:0e:98:f0:9b:b5:fd:6c:d2:b6:6b:49:f9:
         80:18:66:e9:e3:7b:3d:9f:44:ce:7a:5f:b5:a2:25:3d:91:a6:
         5c:1d:36:69:d9:65:5e:fe:2f:73:a3:b3:d3:74:95:69:18:bc:
         27:54:f1:3e:29:05:c7:55:ca:9b:45:11:2a:17:1f:af:0f:77:
         85:ea:0b:5b:27:01:82:3a:8a:5b:46:da:2c:47:96:7c:7d:40:
         a4:cc:71:e4:03:4b:1e:a8:58:44:ef:12:1c:6f:fa:7d:90:7f:
         12:b5:29:6e:83:ba:49:a9:53:37:c3:7c:b8:c8:82:ae:ec:a1:
         af:7e:06:75:ed:0a:73:78:ea:09:13:ad:5c:cf:d6:70:2d:c3:
         aa:fd:93:f9:8d:d8:fe:7e:57:9d:db:09:cf:28:40:fb:a9:e5:
         6d:a2:61:9b:45:ff:fc:67:0a:00:c4:d9:16:04:74:fc:ab:b6:
         9f:81:90:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbttjVJMcXQlthH9txhGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTI1YTM2MmU4NzcwNWExZWMwMjJkMTY1NjBmMjc2ZDU5
Y2VlMWQwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmJkN2I2OGJiMGI5NjA5ZDU5NTRjZDU5NWYwNzVjMmNlY2JlMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqsVxktUYA/kyIUJuzL/KmW9MyNS
BKIxAkwRVKP66FVaIQEC+5JRDQTloSS0MS5pqrk3Hailak5l4miCI8VmHXm75ZPc
+wA/0l8E/TmPRTFcCcuMLO2zimfwYhWPbYVN6iB2qAmiZ3TaP+Pnht/yyz9RQvNk
NlVL+c6c5wIQ0fxj62vDJi5X53+3YljPsHx1VwPWL7rIic8CDnEk3DMOsAtxXncI
JYVoqpwcwIVTjLZ/TPkJPecyJX2pGOMcF3isvcoP8YQZCQDdSaJ1LRDlg4Xz0+Hb
sksmXNQvHS4eX7JcxKQH9ll/G7DzkbHqwMeFjipEyKaCmhZB5VAq84uILwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+9e2i7C5YJ1ZVM1ZXwdcLOy+M7MB8GA1UdIwQY
MBaAFGlSWjYuh3BaHsAi0WVg8nbVnO4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZKYU5pNkhjRm9ld0NMUlpXRHlkdFdjN2gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8zMGNkODctZjM3NS00YjkzLThkMzkt
NjVkNmNhM2Y0OWQ4LzEvWDcxN2FMc0xsZ25WbFV6VmxmQjF3czdMNHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8zMGNkODctZjM3NS00YjkzLThkMzktNjVkNmNhM2Y0OWQ4
LzEvYVZKYU5pNkhjRm9ld0NMUlpXRHlkdFdjN2gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDcMA0G
CSqGSIb3DQEBCwUAA4IBAQCUHOKSSCSdvIaxKBZEEPzUtOF/f+AMRI7+rA5qgb5g
4YM4Wy5lp06IMOjQgIZlwW6dq/e7E1F7Sf89Uqnuk2uA09ORiq/aldMrLmOq5cIO
mPCbtf1s0rZrSfmAGGbp43s9n0TOel+1oiU9kaZcHTZp2WVe/i9zo7PTdJVpGLwn
VPE+KQXHVcqbRREqFx+vD3eF6gtbJwGCOopbRtosR5Z8fUCkzHHkA0seqFhE7xIc
b/p9kH8StSlug7pJqVM3w3y4yIKu7KGvfgZ17QpzeOoJE61cz9ZwLcOq/ZP5jdj+
fled2wnPKED7qeVtomGbRf/8ZwoAxNkWBHT8q7afgZDe
-----END CERTIFICATE-----