Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/23b148-e0dd-4fa6-af44-613017886e8b/1/X7YcN4xhTQ4E9clL-_V2-PY3ABI.roa
File:                     X7YcN4xhTQ4E9clL-_V2-PY3ABI.roa (raw, json)
Hash identifier:          txWh//nWmVcmMg+JpzE3u/hgl6RE/WL4d2r5JjLXEX8=
Subject key identifier:   5F:B6:1C:37:8C:61:4D:0E:04:F5:C9:4B:FB:F5:76:F8:F6:37:00:12
Certificate issuer:       /CN=b911c7edbf1d3cc4fb075381a37f76256b87285d
Certificate serial:       018CC3B71C9608B117EC003FC075515CD224
Authority key identifier: B9:11:C7:ED:BF:1D:3C:C4:FB:07:53:81:A3:7F:76:25:6B:87:28:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRHH7b8dPMT7B1OBo392JWuHKF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/23b148-e0dd-4fa6-af44-613017886e8b/1/X7YcN4xhTQ4E9clL-_V2-PY3ABI.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25101
IP address blocks:        193.111.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/23b148-e0dd-4fa6-af44-613017886e8b/1/uRHH7b8dPMT7B1OBo392JWuHKF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/23b148-e0dd-4fa6-af44-613017886e8b/1/uRHH7b8dPMT7B1OBo392JWuHKF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRHH7b8dPMT7B1OBo392JWuHKF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1c:96:08:b1:17:ec:00:3f:c0:75:51:5c:d2:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b911c7edbf1d3cc4fb075381a37f76256b87285d
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fb61c378c614d0e04f5c94bfbf576f8f6370012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f8:a7:a7:52:66:6e:82:b0:bb:e6:94:bb:6f:
                    e0:b3:34:68:e2:0c:86:19:ab:69:c0:6e:3f:fc:10:
                    c7:0b:bd:19:c7:7d:87:9b:5b:d7:46:ca:06:27:33:
                    e7:a5:82:9c:5f:3e:9a:54:26:3a:be:0a:03:f0:3f:
                    1d:95:64:b1:4f:84:3a:ce:ac:50:43:65:5a:26:1f:
                    39:77:b3:1e:e0:4e:dc:8f:23:93:42:3e:28:aa:44:
                    bb:7a:6b:e1:58:3f:9e:f3:ec:99:27:ef:26:3d:2d:
                    a5:da:a7:b2:28:9f:e4:80:c5:ec:49:cd:d5:c3:de:
                    10:46:92:d3:2b:e0:9f:a1:ed:a1:15:33:f7:8b:0d:
                    17:48:3f:80:ac:a8:0f:33:a7:f5:c0:19:89:1a:48:
                    cc:02:85:1f:a3:40:47:4a:1b:c2:17:03:cd:fa:20:
                    2e:6d:82:e9:ed:bb:78:d2:d4:a1:89:ee:3e:71:44:
                    e2:0c:dc:f3:05:cb:ca:64:4e:ea:5d:cc:ea:b3:40:
                    0c:02:cd:f7:a0:80:b8:cb:25:24:e1:bb:9e:be:fb:
                    f9:de:22:9f:77:02:60:84:b8:2e:21:1f:86:46:23:
                    01:98:fb:3e:dd:a0:f2:57:1b:84:76:0b:7d:a2:cd:
                    56:ed:b3:2e:b4:54:4b:a8:02:21:34:db:f0:0e:4c:
                    a3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B6:1C:37:8C:61:4D:0E:04:F5:C9:4B:FB:F5:76:F8:F6:37:00:12
            X509v3 Authority Key Identifier:
                keyid:B9:11:C7:ED:BF:1D:3C:C4:FB:07:53:81:A3:7F:76:25:6B:87:28:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRHH7b8dPMT7B1OBo392JWuHKF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/23b148-e0dd-4fa6-af44-613017886e8b/1/X7YcN4xhTQ4E9clL-_V2-PY3ABI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/23b148-e0dd-4fa6-af44-613017886e8b/1/uRHH7b8dPMT7B1OBo392JWuHKF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:f3:8b:94:3a:ff:9f:6b:4b:59:e1:a2:34:9a:95:f5:e4:f0:
         63:0a:26:35:b2:6b:f7:a6:81:6f:56:af:3f:68:c3:b0:ff:71:
         e6:70:58:cd:4a:00:04:40:db:28:39:0e:7e:4f:d4:8c:c6:01:
         d1:a1:bc:f0:94:df:73:de:a8:7c:49:ef:d5:cd:26:a7:c1:12:
         a7:27:1e:65:96:12:b5:1d:b1:b5:b1:e0:e5:8a:7b:ef:fd:78:
         8b:31:d6:83:a9:d7:be:6c:4f:01:a2:ab:be:d8:d6:36:ef:b9:
         75:ef:ad:bc:8e:d4:36:2d:d9:f8:bd:21:54:69:d7:7b:b9:ed:
         5a:b4:e9:5e:a7:0e:ad:31:d6:7a:1b:03:32:a7:b2:76:33:6e:
         aa:9f:0b:34:f0:13:9b:8f:fb:40:91:af:ac:6a:3d:1e:2b:03:
         e5:e7:d5:e5:28:90:25:dc:e4:c2:2b:66:26:90:12:93:d6:e7:
         e9:e3:f0:48:ab:8d:49:2b:de:4c:aa:d4:c9:19:79:7c:06:ad:
         19:e7:8e:a8:62:77:23:94:bc:09:59:de:15:f5:42:46:bc:44:
         f2:b5:ab:cc:21:f4:04:cd:92:c9:a0:08:57:6f:57:dd:f6:5e:
         02:d3:eb:a9:b7:11:bf:ca:ce:a8:b8:42:ef:b0:9a:8e:34:9b:
         ea:0c:af:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxyWCLEX7AA/wHVRXNIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTFjN2VkYmYxZDNjYzRmYjA3NTM4MWEzN2Y3NjI1NmI4
NzI4NWQwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmI2MWMzNzhjNjE0ZDBlMDRmNWM5NGJmYmY1NzZmOGY2MzcwMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvinp1JmboKwu+aUu2/gszRo4gyG
GatpwG4//BDHC70Zx32Hm1vXRsoGJzPnpYKcXz6aVCY6vgoD8D8dlWSxT4Q6zqxQ
Q2VaJh85d7Me4E7cjyOTQj4oqkS7emvhWD+e8+yZJ+8mPS2l2qeyKJ/kgMXsSc3V
w94QRpLTK+Cfoe2hFTP3iw0XSD+ArKgPM6f1wBmJGkjMAoUfo0BHShvCFwPN+iAu
bYLp7bt40tShie4+cUTiDNzzBcvKZE7qXczqs0AMAs33oIC4yyUk4buevvv53iKf
dwJghLguIR+GRiMBmPs+3aDyVxuEdgt9os1W7bMutFRLqAIhNNvwDkyjfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+2HDeMYU0OBPXJS/v1dvj2NwASMB8GA1UdIwQY
MBaAFLkRx+2/HTzE+wdTgaN/diVrhyhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJISDdiOGRQTVQ3QjFPQm8zOTJKV3VIS0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8yM2IxNDgtZTBkZC00ZmE2LWFmNDQt
NjEzMDE3ODg2ZThiLzEvWDdZY040eGhUUTRFOWNsTC1fVjItUFkzQUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8yM2IxNDgtZTBkZC00ZmE2LWFmNDQtNjEzMDE3ODg2ZThi
LzEvdVJISDdiOGRQTVQ3QjFPQm8zOTJKV3VIS0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW/tMA0G
CSqGSIb3DQEBCwUAA4IBAQBu84uUOv+fa0tZ4aI0mpX15PBjCiY1smv3poFvVq8/
aMOw/3HmcFjNSgAEQNsoOQ5+T9SMxgHRobzwlN9z3qh8Se/VzSanwRKnJx5llhK1
HbG1seDlinvv/XiLMdaDqde+bE8Boqu+2NY277l17628jtQ2Ldn4vSFUadd7ue1a
tOlepw6tMdZ6GwMyp7J2M26qnws08BObj/tAka+saj0eKwPl59XlKJAl3OTCK2Ym
kBKT1ufp4/BIq41JK95MqtTJGXl8Bq0Z546oYncjlLwJWd4V9UJGvETytavMIfQE
zZLJoAhXb1fd9l4C0+uptxG/ys6ouELvsJqONJvqDK8v
-----END CERTIFICATE-----