Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1XT4_juIeJYgqvcgYoBT_Ql6EkQ.roa
File:                     1XT4_juIeJYgqvcgYoBT_Ql6EkQ.roa (raw, json)
Hash identifier:          b8MfcKIHqSYEbeUujLJd5bq45AE+yTTcyiy4O4Sqt20=
Subject key identifier:   D5:74:F8:FE:3B:88:78:96:20:AA:F7:20:62:80:53:FD:09:7A:12:44
Certificate issuer:       /CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
Certificate serial:       018CC8DE3D4725E22BE07DA21299CEB66CF1
Authority key identifier: D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1XT4_juIeJYgqvcgYoBT_Ql6EkQ.roa
Signing time:             Tue 02 Jan 2024 06:30:57 +0000
ROA not before:           Tue 02 Jan 2024 06:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212093
IP address blocks:        178.237.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:3d:47:25:e2:2b:e0:7d:a2:12:99:ce:b6:6c:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
        Validity
            Not Before: Jan  2 06:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d574f8fe3b88789620aaf720628053fd097a1244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a8:1f:34:91:e9:08:b3:8c:c7:4e:33:ec:81:
                    4e:15:41:32:85:ba:65:22:a9:96:14:7e:11:a8:b5:
                    4a:6c:89:68:a3:e6:29:bc:06:29:7e:d0:51:63:4a:
                    ff:3f:22:00:44:71:ea:7c:3a:87:70:8f:79:22:4b:
                    a3:33:e9:aa:42:33:7c:c5:84:8b:e5:f2:77:4f:16:
                    4f:09:f0:1c:49:56:48:a7:ac:fb:3f:d6:6c:a5:cb:
                    92:d8:3c:87:ec:13:5b:83:0b:23:c0:31:1b:f0:dd:
                    df:11:34:85:1d:94:94:3c:86:7f:06:9e:7f:52:4f:
                    9b:e4:8d:74:2c:a0:bb:19:0c:f0:a4:69:42:2c:92:
                    32:d6:d9:e9:74:8e:e8:d6:7c:de:ec:15:08:fc:27:
                    de:89:78:6c:b2:db:47:71:ab:c4:96:e9:00:6c:fb:
                    32:ff:50:66:a2:fc:00:d5:4c:91:b3:30:6f:8a:8a:
                    03:5b:db:40:28:7e:73:7f:3a:20:70:06:d3:6c:b3:
                    8f:97:93:78:0a:9a:6a:90:d9:fa:7b:79:b3:e9:b0:
                    4b:08:7a:e7:fa:72:e5:c9:6e:1b:9e:ff:54:b4:4a:
                    cb:77:af:b0:3b:0e:36:9c:71:9e:e6:4a:40:b1:11:
                    20:fa:c3:71:ca:4c:86:13:1e:be:0a:5a:38:cd:aa:
                    ec:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:74:F8:FE:3B:88:78:96:20:AA:F7:20:62:80:53:FD:09:7A:12:44
            X509v3 Authority Key Identifier:
                keyid:D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1XT4_juIeJYgqvcgYoBT_Ql6EkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:fe:da:8d:93:2c:8e:68:d5:3f:52:60:5d:58:5a:9d:54:90:
         9c:ff:ba:ae:78:69:f8:8a:d4:55:09:37:33:6e:d1:b8:3e:5b:
         da:51:95:86:a9:a6:b2:e6:88:34:e7:a0:85:06:93:7e:27:59:
         fd:b5:a5:ad:16:28:c7:ea:c5:14:f3:d3:ac:ae:61:f8:d0:1e:
         70:63:31:a6:18:3e:1c:31:5a:f0:35:b4:25:60:98:35:ae:f5:
         1b:df:7d:7b:cb:8e:06:50:8c:12:67:35:f6:bc:fd:1c:bd:75:
         c1:aa:6c:29:1a:03:05:cc:db:b0:38:05:6d:d5:1f:e1:74:2d:
         67:15:90:1d:19:09:e7:42:b3:14:41:53:d6:05:1b:6f:35:07:
         92:3b:4a:b3:ac:0f:fd:c1:d4:f1:f1:29:9b:fa:13:16:3c:0d:
         95:5d:b0:dd:fa:82:a2:1a:4d:60:27:0a:ad:74:cd:be:36:9f:
         8c:ed:eb:4a:ae:22:ea:12:7b:05:22:9c:22:bc:53:fa:05:ac:
         96:d4:74:8d:04:c5:fd:91:b9:b7:e9:e9:5f:8b:e3:a0:4f:bb:
         eb:94:e1:83:9e:4b:a8:bc:6d:4f:c0:d6:d8:5c:42:da:0c:da:
         91:be:ee:0a:eb:b0:7c:60:c3:30:41:75:9e:3a:89:63:73:35:
         c1:09:fc:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3j1HJeIr4H2iEpnOtmzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OTkyMmNhOGQxMzlhNGQwM2Q2ZDU3Y2JjODE3N2RjMDVm
ZWI5ZWMwHhcNMjQwMTAyMDYzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc0ZjhmZTNiODg3ODk2MjBhYWY3MjA2MjgwNTNmZDA5N2ExMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAragfNJHpCLOMx04z7IFOFUEyhbpl
IqmWFH4RqLVKbIloo+YpvAYpftBRY0r/PyIARHHqfDqHcI95IkujM+mqQjN8xYSL
5fJ3TxZPCfAcSVZIp6z7P9ZspcuS2DyH7BNbgwsjwDEb8N3fETSFHZSUPIZ/Bp5/
Uk+b5I10LKC7GQzwpGlCLJIy1tnpdI7o1nze7BUI/CfeiXhssttHcavElukAbPsy
/1BmovwA1UyRszBviooDW9tAKH5zfzogcAbTbLOPl5N4CppqkNn6e3mz6bBLCHrn
+nLlyW4bnv9UtErLd6+wOw42nHGe5kpAsREg+sNxykyGEx6+Clo4zars9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV0+P47iHiWIKr3IGKAU/0JehJEMB8GA1UdIwQY
MBaAFNSZIsqNE5pNA9bVfLyBd9wF/rnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUt
ZThiNjBhMmRkNmI0LzEvMVhUNF9qdUllSllncXZjZ1lvQlRfUWw2RWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUtZThiNjBhMmRkNmI0
LzEvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu3NMA0G
CSqGSIb3DQEBCwUAA4IBAQAW/tqNkyyOaNU/UmBdWFqdVJCc/7queGn4itRVCTcz
btG4PlvaUZWGqaay5og056CFBpN+J1n9taWtFijH6sUU89OsrmH40B5wYzGmGD4c
MVrwNbQlYJg1rvUb3317y44GUIwSZzX2vP0cvXXBqmwpGgMFzNuwOAVt1R/hdC1n
FZAdGQnnQrMUQVPWBRtvNQeSO0qzrA/9wdTx8Smb+hMWPA2VXbDd+oKiGk1gJwqt
dM2+Np+M7etKriLqEnsFIpwivFP6BayW1HSNBMX9kbm36elfi+OgT7vrlOGDnkuo
vG1PwNbYXELaDNqRvu4K67B8YMMwQXWeOoljczXBCfx3
-----END CERTIFICATE-----