Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XI0MVKb0wcSoXv4--RmbnEpM8EQ.roa
File:                     XI0MVKb0wcSoXv4--RmbnEpM8EQ.roa (raw, json)
Hash identifier:          qK56C0uxJ2WbAo3zituCjNp08K3JDK42v22dxdLqYNs=
Subject key identifier:   5C:8D:0C:54:A6:F4:C1:C4:A8:5E:FE:3E:F9:19:9B:9C:4A:4C:F0:44
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E17FFDE50AD03F7C37B883BBF66F7
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XI0MVKb0wcSoXv4--RmbnEpM8EQ.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205775
IP address blocks:        178.19.46.0/24 maxlen: 24
                          178.19.45.0/24 maxlen: 24
                          178.19.35.0/24 maxlen: 24
                          178.19.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:17:ff:de:50:ad:03:f7:c3:7b:88:3b:bf:66:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c8d0c54a6f4c1c4a85efe3ef9199b9c4a4cf044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4c:a0:f5:71:be:92:44:7b:84:65:60:67:f4:
                    b8:7b:dc:8c:29:69:af:8e:78:04:a1:ab:b4:0c:bc:
                    af:b7:73:18:06:3f:6c:71:14:9b:3f:50:46:23:99:
                    9a:aa:76:f6:5c:6c:33:18:d4:c7:d9:12:17:03:ea:
                    e1:52:2d:1f:12:9b:e4:ae:cc:b4:a5:60:95:c9:62:
                    41:a4:0e:cd:5b:5d:ee:22:d0:c4:83:a4:94:08:61:
                    5e:08:9e:72:2c:99:bb:db:fd:5c:30:cd:b4:b1:ee:
                    43:91:b3:b4:e3:ac:f0:82:ed:52:9b:af:d2:5a:9c:
                    d9:52:b7:9c:46:ad:cd:e3:91:9e:4c:a7:1c:e6:a0:
                    19:28:3a:96:1c:db:cc:a2:51:9e:92:50:f1:9c:7c:
                    9c:8f:6d:ad:6c:3d:3a:7f:68:49:b0:d2:25:92:06:
                    0f:1e:8e:ca:75:c1:0f:4c:5b:0f:a2:c4:9c:5f:76:
                    82:27:8a:c3:b4:75:ea:bd:d7:2c:60:a2:15:26:72:
                    c2:10:49:28:d2:ae:0c:a8:f6:ff:bf:f1:58:b6:37:
                    85:27:f7:f6:ed:1c:5e:96:19:27:22:f1:0f:44:6c:
                    16:83:f5:44:a4:5f:59:2d:a2:80:f1:f5:4d:d7:bd:
                    99:d7:0e:2d:d3:49:88:e0:02:77:f4:a7:38:76:5d:
                    15:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8D:0C:54:A6:F4:C1:C4:A8:5E:FE:3E:F9:19:9B:9C:4A:4C:F0:44
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/XI0MVKb0wcSoXv4--RmbnEpM8EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.34.0/23
                  178.19.45.0-178.19.46.255

    Signature Algorithm: sha256WithRSAEncryption
         4e:0c:64:4e:66:99:8f:d4:d6:f5:1e:b1:1b:30:08:3a:ba:ed:
         c6:18:7f:db:e1:16:fd:f1:c9:b9:cc:f9:3e:89:42:12:f9:7f:
         79:48:4a:44:68:53:3e:b2:ef:4f:01:f2:93:3b:cd:cf:86:b5:
         07:cb:02:20:77:94:60:a9:6a:d1:52:17:b9:7a:c1:c6:06:6d:
         04:f0:ff:09:7b:52:02:a2:d2:e7:da:92:45:2d:10:a8:ab:29:
         70:73:95:e3:c4:2b:f9:78:be:e6:a5:5a:69:58:28:9f:ef:fc:
         0c:1b:0e:8e:6b:6f:60:97:e0:52:74:79:b1:8b:99:61:13:0d:
         3b:c1:83:9b:64:16:68:a9:b8:29:a0:6e:86:16:18:63:e1:95:
         f7:a7:c8:30:e0:e2:8f:23:ae:1c:15:70:7e:96:4a:ba:5e:d4:
         06:50:c3:d6:f2:f8:56:cf:30:04:48:00:55:f5:8b:0a:a6:9d:
         45:15:84:df:60:37:a0:4e:2c:d1:67:c3:a1:6a:87:f7:1b:43:
         cf:f0:7f:b0:d9:46:d1:b3:62:c0:76:60:c7:f4:cf:34:99:e6:
         eb:ce:0e:4c:75:97:6a:4e:b2:35:a9:03:b2:79:19:2e:72:a3:
         22:68:fd:90:f3:af:be:3d:f4:63:6c:06:be:89:6e:40:a0:4e:
         b0:39:ac:bf
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFbhf/3lCtA/fDe4g7v2b3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhkMGM1NGE2ZjRjMWM0YTg1ZWZlM2VmOTE5OWI5YzRhNGNmMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUyg9XG+kkR7hGVgZ/S4e9yMKWmv
jngEoau0DLyvt3MYBj9scRSbP1BGI5maqnb2XGwzGNTH2RIXA+rhUi0fEpvkrsy0
pWCVyWJBpA7NW13uItDEg6SUCGFeCJ5yLJm72/1cMM20se5DkbO046zwgu1Sm6/S
WpzZUrecRq3N45GeTKcc5qAZKDqWHNvMolGeklDxnHycj22tbD06f2hJsNIlkgYP
Ho7KdcEPTFsPosScX3aCJ4rDtHXqvdcsYKIVJnLCEEko0q4MqPb/v/FYtjeFJ/f2
7RxelhknIvEPRGwWg/VEpF9ZLaKA8fVN172Z1w4t00mI4AJ39Kc4dl0VcwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFyNDFSm9MHEqF7+PvkZm5xKTPBEMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWEkwTVZLYjB3Y1NvWHY0LS1SbWJuRXBNOEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBshMiMAwD
BACyEy0DBACyEy4wDQYJKoZIhvcNAQELBQADggEBAE4MZE5mmY/U1vUesRswCDq6
7cYYf9vhFv3xybnM+T6JQhL5f3lISkRoUz6y708B8pM7zc+GtQfLAiB3lGCpatFS
F7l6wcYGbQTw/wl7UgKi0ufakkUtEKirKXBzlePEK/l4vualWmlYKJ/v/AwbDo5r
b2CX4FJ0ebGLmWETDTvBg5tkFmipuCmgboYWGGPhlfenyDDg4o8jrhwVcH6WSrpe
1AZQw9by+FbPMARIAFX1iwqmnUUVhN9gN6BOLNFnw6Fqh/cbQ8/wf7DZRtGzYsB2
YMf0zzSZ5uvODkx1l2pOsjWpA7J5GS5yoyJo/ZDzr7499GNsBr6JbkCgTrA5rL8=
-----END CERTIFICATE-----