Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/xfLShV_4ps7PvP3npIh-z2Fl20c.roa
File:                     xfLShV_4ps7PvP3npIh-z2Fl20c.roa (raw, json)
Hash identifier:          E7/e+bumFiHfd8GP9Zg7I6+e6bM519SbNRb97Co5rcU=
Subject key identifier:   C5:F2:D2:85:5F:F8:A6:CE:CF:BC:FD:E7:A4:88:7E:CF:61:65:DB:47
Certificate issuer:       /CN=509c8f32a1f4281f71463895d543c7179cf7f959
Certificate serial:       018CC3B695BDEAAA042420CB2027089F44E5
Authority key identifier: 50:9C:8F:32:A1:F4:28:1F:71:46:38:95:D5:43:C7:17:9C:F7:F9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/xfLShV_4ps7PvP3npIh-z2Fl20c.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209999
IP address blocks:        193.41.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:95:bd:ea:aa:04:24:20:cb:20:27:08:9f:44:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509c8f32a1f4281f71463895d543c7179cf7f959
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5f2d2855ff8a6cecfbcfde7a4887ecf6165db47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0b:82:db:34:0d:c3:0f:aa:35:0e:35:9d:d5:
                    eb:05:6e:8e:77:0b:91:cb:c7:30:d0:43:a1:56:dd:
                    81:b6:f8:a5:96:55:96:a5:5c:7e:2f:a0:a6:68:c0:
                    21:ee:17:d2:46:fa:51:f3:ff:53:33:27:61:df:6d:
                    bc:83:dc:59:86:2c:03:27:a9:4a:05:27:6e:19:a2:
                    be:a8:81:17:d5:d1:59:48:62:49:0d:cc:85:ac:80:
                    78:98:4b:54:1d:3b:4f:e7:23:78:c6:a9:a5:59:f3:
                    5f:20:90:36:dc:0a:56:6d:a9:fd:7a:45:4f:e3:ab:
                    00:af:0d:34:1d:46:53:04:2b:98:62:64:5b:65:62:
                    e6:a7:67:55:72:76:96:0f:be:1c:1b:20:02:38:18:
                    5c:ad:bb:e2:5c:99:6b:a6:1e:86:cc:12:03:29:8b:
                    0d:59:58:76:af:59:d2:cc:17:69:5a:2a:07:1c:d8:
                    e1:50:09:3d:32:f8:22:d3:d3:94:99:e1:fa:1e:3e:
                    b8:52:be:42:82:73:85:5e:53:b9:af:c0:d8:21:a6:
                    1c:8c:15:40:a0:61:07:47:22:1d:a1:a1:14:0d:54:
                    f2:41:dd:30:11:11:e2:ef:ef:04:d5:c9:22:fc:0d:
                    e8:ae:f2:4a:a3:69:3d:b2:95:8e:05:66:5c:2e:10:
                    bc:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F2:D2:85:5F:F8:A6:CE:CF:BC:FD:E7:A4:88:7E:CF:61:65:DB:47
            X509v3 Authority Key Identifier:
                keyid:50:9C:8F:32:A1:F4:28:1F:71:46:38:95:D5:43:C7:17:9C:F7:F9:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/xfLShV_4ps7PvP3npIh-z2Fl20c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:bf:92:bf:4f:42:ae:b3:09:ad:a6:92:66:dd:12:96:8d:5a:
         29:75:6c:2c:47:68:86:5d:83:f1:b7:aa:3b:05:fc:b9:a1:aa:
         3a:13:45:fa:c7:d7:78:68:1f:7e:bd:67:86:79:0b:ff:56:de:
         87:da:95:74:24:6e:fa:89:f5:49:20:52:bc:d4:ed:38:41:14:
         8e:2c:de:89:5a:5a:a3:4b:c3:91:51:79:ff:22:7c:e6:bc:62:
         8d:d1:e6:31:80:a2:68:de:d6:77:dd:0a:1b:e7:38:ca:b6:26:
         3f:9e:30:23:09:1b:06:59:6a:ac:31:92:9f:fc:89:42:da:4e:
         db:4e:eb:3f:2a:24:76:bf:a2:3b:f0:ae:cb:16:60:5e:36:32:
         e5:63:a6:ee:df:3a:92:e6:86:38:0e:6c:95:22:4f:84:09:99:
         3b:37:cf:7c:c0:d6:81:a9:b6:11:93:6d:a6:4d:de:ab:f4:6d:
         3d:ef:90:07:02:f9:12:fc:23:7e:cb:ff:d2:ab:d2:6f:81:58:
         11:a1:24:c0:78:ab:0b:a1:d5:e8:b5:ba:7d:f6:6d:74:56:df:
         1d:7e:22:5f:27:82:f3:e2:49:58:b4:0d:b4:b2:38:9c:e3:64:
         ae:5b:a6:fe:14:d0:5f:c0:ce:65:6b:9b:22:34:2c:23:6a:44:
         67:06:79:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtpW96qoEJCDLICcIn0TlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWM4ZjMyYTFmNDI4MWY3MTQ2Mzg5NWQ1NDNjNzE3OWNm
N2Y5NTkwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWYyZDI4NTVmZjhhNmNlY2ZiY2ZkZTdhNDg4N2VjZjYxNjVkYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAuC2zQNww+qNQ41ndXrBW6OdwuR
y8cw0EOhVt2BtvilllWWpVx+L6CmaMAh7hfSRvpR8/9TMydh3228g9xZhiwDJ6lK
BSduGaK+qIEX1dFZSGJJDcyFrIB4mEtUHTtP5yN4xqmlWfNfIJA23ApWban9ekVP
46sArw00HUZTBCuYYmRbZWLmp2dVcnaWD74cGyACOBhcrbviXJlrph6GzBIDKYsN
WVh2r1nSzBdpWioHHNjhUAk9Mvgi09OUmeH6Hj64Ur5CgnOFXlO5r8DYIaYcjBVA
oGEHRyIdoaEUDVTyQd0wERHi7+8E1cki/A3orvJKo2k9spWOBWZcLhC8kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXy0oVf+KbOz7z956SIfs9hZdtHMB8GA1UdIwQY
MBaAFFCcjzKh9CgfcUY4ldVDxxec9/lZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp5UE1xSDBLQjl4UmppVjFVUEhGNXozLVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZjBhN2QtZGNjZC00N2NlLWIyMWQt
MTQ4MDljOTM4Yjc2LzEveGZMU2hWXzRwczdQdlAzbnBJaC16MkZsMjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZjBhN2QtZGNjZC00N2NlLWIyMWQtMTQ4MDljOTM4Yjc2
LzEvVUp5UE1xSDBLQjl4UmppVjFVUEhGNXozLVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSk4MA0G
CSqGSIb3DQEBCwUAA4IBAQBiv5K/T0KuswmtppJm3RKWjVopdWwsR2iGXYPxt6o7
Bfy5oao6E0X6x9d4aB9+vWeGeQv/Vt6H2pV0JG76ifVJIFK81O04QRSOLN6JWlqj
S8ORUXn/InzmvGKN0eYxgKJo3tZ33Qob5zjKtiY/njAjCRsGWWqsMZKf/IlC2k7b
Tus/KiR2v6I78K7LFmBeNjLlY6bu3zqS5oY4DmyVIk+ECZk7N898wNaBqbYRk22m
Td6r9G0975AHAvkS/CN+y//Sq9JvgVgRoSTAeKsLodXotbp99m10Vt8dfiJfJ4Lz
4klYtA20sjic42SuW6b+FNBfwM5la5siNCwjakRnBnmL
-----END CERTIFICATE-----