Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/xUkuY97eD_96fWp2RjiKfdSVp7Y.roa
File:                     xUkuY97eD_96fWp2RjiKfdSVp7Y.roa (raw, json)
Hash identifier:          QHT67rVVFE76A/TlvqCH+3ZVhWIa3DEq3JdK1lVfWrU=
Subject key identifier:   C5:49:2E:63:DE:DE:0F:FF:7A:7D:6A:76:46:38:8A:7D:D4:95:A7:B6
Certificate issuer:       /CN=33c5b0d7c0a9cd24b73cdcb92c8746e85a4a5b8f
Certificate serial:       018CC94E5C064FB2B3BB10A7998422C3B671
Authority key identifier: 33:C5:B0:D7:C0:A9:CD:24:B7:3C:DC:B9:2C:87:46:E8:5A:4A:5B:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/xUkuY97eD_96fWp2RjiKfdSVp7Y.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396073
IP address blocks:        195.149.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5c:06:4f:b2:b3:bb:10:a7:99:84:22:c3:b6:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c5b0d7c0a9cd24b73cdcb92c8746e85a4a5b8f
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5492e63dede0fff7a7d6a7646388a7dd495a7b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:85:92:27:5e:85:40:1a:7e:d8:56:f2:27:b3:
                    9b:6c:eb:30:bc:68:63:02:3c:85:60:97:20:6e:3f:
                    26:76:c7:46:7f:7f:7d:8a:1a:2b:bd:61:94:c9:68:
                    36:4d:e8:44:20:89:a0:96:6a:e9:05:78:f4:55:48:
                    b1:dd:ac:5e:30:bc:57:2c:83:e0:ff:11:fa:fe:e3:
                    c2:67:6c:07:86:67:7a:b9:15:74:92:01:e9:4e:30:
                    5f:a1:75:78:b2:14:ad:0f:9e:19:c8:a8:f4:10:4d:
                    ee:ba:2f:5f:a0:4d:6d:ad:1a:10:47:d4:6c:86:0c:
                    2e:6a:6a:7d:05:d2:89:c6:17:a0:b6:94:04:da:3e:
                    56:b7:02:b5:58:40:51:78:e3:76:d9:fb:eb:fa:cd:
                    dc:b5:ea:b7:59:7c:6d:f7:2c:c2:c7:2e:ee:0a:46:
                    de:37:fd:8d:98:e6:fb:d3:63:d2:a4:68:2f:70:08:
                    20:64:26:2e:5b:e1:31:dc:a2:98:1d:2a:08:42:21:
                    68:1f:b3:aa:f3:f1:47:43:47:b6:89:80:7f:b4:63:
                    33:59:ab:9e:79:86:4c:e8:98:06:16:f6:4d:d7:14:
                    3c:f8:9a:80:74:46:1d:ca:2a:19:56:00:99:50:79:
                    6a:1c:65:d1:6e:5d:6b:cc:ff:41:94:82:ee:a8:63:
                    23:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:49:2E:63:DE:DE:0F:FF:7A:7D:6A:76:46:38:8A:7D:D4:95:A7:B6
            X509v3 Authority Key Identifier:
                keyid:33:C5:B0:D7:C0:A9:CD:24:B7:3C:DC:B9:2C:87:46:E8:5A:4A:5B:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/xUkuY97eD_96fWp2RjiKfdSVp7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:42:6b:9d:41:ad:dc:1f:c0:e0:d7:92:51:36:6a:9f:19:66:
         87:b3:03:17:c3:a1:a1:1f:8a:90:93:46:33:9f:e7:38:1f:f3:
         d4:6f:80:64:b8:73:e9:df:92:29:7c:e5:cd:c0:3f:6e:dd:f1:
         5a:52:ae:26:b5:fa:a9:3a:40:a9:e0:2d:c4:b2:64:12:7b:d5:
         80:ee:98:13:50:43:66:da:79:01:25:fe:7d:8f:06:f8:09:71:
         72:84:22:15:85:86:3f:41:6c:27:08:cf:44:12:b4:75:d4:d2:
         1c:c9:0b:d9:2a:77:37:12:3e:fa:4f:54:30:47:01:5b:fa:39:
         59:55:59:a7:08:7e:6c:65:d4:57:33:5e:1e:f1:5d:55:a1:ab:
         b8:16:db:d8:59:fa:d4:99:ee:1b:d9:03:44:ee:7f:77:21:3f:
         f8:47:f9:4d:d9:3e:1b:b6:d5:41:b5:f1:34:8f:e7:9b:0b:25:
         4e:89:c6:cd:c3:d4:ac:51:18:dc:ba:04:ce:52:ed:bb:41:e4:
         0a:31:35:79:ff:62:57:f2:48:74:13:3a:99:36:25:65:80:a8:
         1f:2f:9f:b0:a3:3f:7e:a8:f9:e6:0e:f5:d5:c6:54:a1:ff:63:
         01:a5:59:21:38:ed:3f:2e:8f:97:cd:15:79:4f:d6:ac:89:36:
         1c:57:8a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlwGT7KzuxCnmYQiw7ZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzViMGQ3YzBhOWNkMjRiNzNjZGNiOTJjODc0NmU4NWE0
YTViOGYwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQ5MmU2M2RlZGUwZmZmN2E3ZDZhNzY0NjM4OGE3ZGQ0OTVhN2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IWSJ16FQBp+2FbyJ7ObbOswvGhj
AjyFYJcgbj8mdsdGf399ihorvWGUyWg2TehEIImglmrpBXj0VUix3axeMLxXLIPg
/xH6/uPCZ2wHhmd6uRV0kgHpTjBfoXV4shStD54ZyKj0EE3uui9foE1trRoQR9Rs
hgwuamp9BdKJxhegtpQE2j5WtwK1WEBReON22fvr+s3cteq3WXxt9yzCxy7uCkbe
N/2NmOb702PSpGgvcAggZCYuW+Ex3KKYHSoIQiFoH7Oq8/FHQ0e2iYB/tGMzWaue
eYZM6JgGFvZN1xQ8+JqAdEYdyioZVgCZUHlqHGXRbl1rzP9BlILuqGMj3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMVJLmPe3g//en1qdkY4in3Ulae2MB8GA1UdIwQY
MBaAFDPFsNfAqc0ktzzcuSyHRuhaSluPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThXdzE4Q3B6U1MzUE55NUxJZEc2RnBLVzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yNTgxZjQtODQxMC00YTQzLTkxODYt
MGZhYjIyNjllYThlLzEveFVrdVk5N2VEXzk2ZldwMlJqaUtmZFNWcDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yNTgxZjQtODQxMC00YTQzLTkxODYtMGZhYjIyNjllYThl
LzEvTThXdzE4Q3B6U1MzUE55NUxJZEc2RnBLVzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VrMA0G
CSqGSIb3DQEBCwUAA4IBAQDKQmudQa3cH8Dg15JRNmqfGWaHswMXw6GhH4qQk0Yz
n+c4H/PUb4BkuHPp35IpfOXNwD9u3fFaUq4mtfqpOkCp4C3EsmQSe9WA7pgTUENm
2nkBJf59jwb4CXFyhCIVhYY/QWwnCM9EErR11NIcyQvZKnc3Ej76T1QwRwFb+jlZ
VVmnCH5sZdRXM14e8V1Voau4FtvYWfrUme4b2QNE7n93IT/4R/lN2T4bttVBtfE0
j+ebCyVOicbNw9SsURjcugTOUu27QeQKMTV5/2JX8kh0EzqZNiVlgKgfL5+woz9+
qPnmDvXVxlSh/2MBpVkhOO0/Lo+XzRV5T9asiTYcV4o7
-----END CERTIFICATE-----