Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/c2f69f-ee8e-475a-9079-ca51fb30eddf/1/Xp5XuZbP_jCpVuN0kY4nFUGO_DU.roa
File:                     Xp5XuZbP_jCpVuN0kY4nFUGO_DU.roa (raw, json)
Hash identifier:          30upucB40oaZWwp2X1nl8+vyYAckcsaqpi7hgxLspoM=
Subject key identifier:   5E:9E:57:B9:96:CF:FE:30:A9:56:E3:74:91:8E:27:15:41:8E:FC:35
Certificate issuer:       /CN=f354e520e7bb7e13f532cecf05a82d2b797952a2
Certificate serial:       018CC348D01EC565E74CA773D6693D5E7201
Authority key identifier: F3:54:E5:20:E7:BB:7E:13:F5:32:CE:CF:05:A8:2D:2B:79:79:52:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/81TlIOe7fhP1Ms7PBagtK3l5UqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/c2f69f-ee8e-475a-9079-ca51fb30eddf/1/Xp5XuZbP_jCpVuN0kY4nFUGO_DU.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28725
IP address blocks:        194.50.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/c2f69f-ee8e-475a-9079-ca51fb30eddf/1/81TlIOe7fhP1Ms7PBagtK3l5UqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/c2f69f-ee8e-475a-9079-ca51fb30eddf/1/81TlIOe7fhP1Ms7PBagtK3l5UqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/81TlIOe7fhP1Ms7PBagtK3l5UqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d0:1e:c5:65:e7:4c:a7:73:d6:69:3d:5e:72:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f354e520e7bb7e13f532cecf05a82d2b797952a2
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e9e57b996cffe30a956e374918e2715418efc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:16:31:87:69:e0:7a:d5:8f:33:d4:ed:a0:13:
                    49:39:7e:65:d1:65:5f:2b:4c:a4:4d:f3:ed:f1:fa:
                    99:fd:66:df:06:e3:b9:51:45:63:c1:af:de:f5:05:
                    0f:92:db:21:2f:cb:11:b2:6a:61:52:ba:1a:5a:f1:
                    78:28:24:4d:5c:a9:38:b3:d3:9d:45:0d:ca:9b:61:
                    50:fc:a3:95:5c:d1:51:6d:db:fa:50:a9:e8:30:c5:
                    18:73:33:48:25:3e:43:4c:e4:fd:42:3b:be:4e:10:
                    9d:3e:c8:50:41:55:f6:f0:b0:02:6c:ef:8d:98:72:
                    a3:d2:cf:55:7a:f7:e4:a0:83:5d:3e:c0:ee:f4:a7:
                    92:f1:fb:08:53:56:53:1b:d4:8b:fb:09:30:dc:1f:
                    9c:38:c1:36:64:e8:1b:b0:08:23:74:91:fd:00:84:
                    f4:21:67:8d:6b:c5:08:0c:09:af:56:8b:b8:2b:98:
                    a5:97:1d:15:5f:af:9f:f3:20:0a:fb:cc:e0:b0:dc:
                    f5:54:7e:bf:45:6b:23:22:31:5c:ff:a1:0d:ef:1e:
                    59:c0:33:89:18:ba:54:6f:14:f4:5b:6f:81:d8:01:
                    a8:f1:6d:c6:13:9c:0c:d8:33:aa:46:7b:d7:10:b0:
                    b7:74:9f:5a:96:56:5d:19:0b:9a:96:b2:cc:c4:48:
                    fc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9E:57:B9:96:CF:FE:30:A9:56:E3:74:91:8E:27:15:41:8E:FC:35
            X509v3 Authority Key Identifier:
                keyid:F3:54:E5:20:E7:BB:7E:13:F5:32:CE:CF:05:A8:2D:2B:79:79:52:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/81TlIOe7fhP1Ms7PBagtK3l5UqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c2f69f-ee8e-475a-9079-ca51fb30eddf/1/Xp5XuZbP_jCpVuN0kY4nFUGO_DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c2f69f-ee8e-475a-9079-ca51fb30eddf/1/81TlIOe7fhP1Ms7PBagtK3l5UqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:7d:fe:da:a0:30:43:a3:95:ca:e7:b6:35:05:12:44:45:d6:
         e3:50:c7:b4:8e:5c:a7:55:14:d1:1b:77:d0:ab:2d:0a:9d:cf:
         af:a7:f7:89:ab:31:4f:67:b5:0e:0a:67:b4:34:d4:66:b4:17:
         b1:dc:31:f8:c5:ae:4f:bd:e2:72:74:85:79:69:bd:55:9e:e4:
         6c:49:f0:53:e7:6c:2c:cb:a3:98:f4:fb:c8:04:74:fc:51:cb:
         55:cb:d9:04:4f:f3:6f:c5:da:ac:63:d5:38:b3:b1:a4:f9:f1:
         f0:43:b3:e1:fd:51:62:74:de:f6:ff:6d:7a:43:30:28:92:db:
         71:f3:38:99:2b:e5:ab:9b:82:5d:57:8e:26:82:00:33:9c:42:
         cc:ba:d1:6a:c4:e0:f6:d4:d6:64:bc:ca:5a:37:51:22:a3:76:
         a6:f1:a6:bd:a1:52:44:50:f1:86:a1:79:db:8b:29:26:a8:53:
         25:9e:d6:10:27:a2:0b:4d:db:c0:4f:ed:0f:cb:77:0a:44:c5:
         ae:0c:68:b9:64:c5:1b:fe:45:6c:36:bd:3e:9e:fa:aa:d0:61:
         d4:17:39:f9:b9:f2:38:af:5c:9e:0b:c0:80:b1:7c:0a:fb:af:
         de:82:8f:8b:b9:26:fd:8c:c3:fa:b0:6c:41:f7:50:59:5b:18:
         67:f1:f3:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNAexWXnTKdz1mk9XnIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNTRlNTIwZTdiYjdlMTNmNTMyY2VjZjA1YTgyZDJiNzk3
OTUyYTIwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTllNTdiOTk2Y2ZmZTMwYTk1NmUzNzQ5MThlMjcxNTQxOGVmYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxYxh2ngetWPM9TtoBNJOX5l0WVf
K0ykTfPt8fqZ/WbfBuO5UUVjwa/e9QUPktshL8sRsmphUroaWvF4KCRNXKk4s9Od
RQ3Km2FQ/KOVXNFRbdv6UKnoMMUYczNIJT5DTOT9Qju+ThCdPshQQVX28LACbO+N
mHKj0s9VevfkoINdPsDu9KeS8fsIU1ZTG9SL+wkw3B+cOME2ZOgbsAgjdJH9AIT0
IWeNa8UIDAmvVou4K5illx0VX6+f8yAK+8zgsNz1VH6/RWsjIjFc/6EN7x5ZwDOJ
GLpUbxT0W2+B2AGo8W3GE5wM2DOqRnvXELC3dJ9allZdGQualrLMxEj8mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6eV7mWz/4wqVbjdJGOJxVBjvw1MB8GA1UdIwQY
MBaAFPNU5SDnu34T9TLOzwWoLSt5eVKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODFUbElPZTdmaFAxTXM3UEJhZ3RLM2w1VXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9jMmY2OWYtZWU4ZS00NzVhLTkwNzkt
Y2E1MWZiMzBlZGRmLzEvWHA1WHVaYlBfakNwVnVOMGtZNG5GVUdPX0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9jMmY2OWYtZWU4ZS00NzVhLTkwNzktY2E1MWZiMzBlZGRm
LzEvODFUbElPZTdmaFAxTXM3UEJhZ3RLM2w1VXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjJAMA0G
CSqGSIb3DQEBCwUAA4IBAQBAff7aoDBDo5XK57Y1BRJERdbjUMe0jlynVRTRG3fQ
qy0Knc+vp/eJqzFPZ7UOCme0NNRmtBex3DH4xa5PveJydIV5ab1VnuRsSfBT52ws
y6OY9PvIBHT8UctVy9kET/NvxdqsY9U4s7Gk+fHwQ7Ph/VFidN72/216QzAokttx
8ziZK+Wrm4JdV44mggAznELMutFqxOD21NZkvMpaN1Eio3am8aa9oVJEUPGGoXnb
iykmqFMlntYQJ6ILTdvAT+0Py3cKRMWuDGi5ZMUb/kVsNr0+nvqq0GHUFzn5ufI4
r1yeC8CAsXwK+6/ego+LuSb9jMP6sGxB91BZWxhn8fMi
-----END CERTIFICATE-----