Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/XujUZrII2x3zDc17mtA5J9DL3Tw.roa
File:                     XujUZrII2x3zDc17mtA5J9DL3Tw.roa (raw, json)
Hash identifier:          tMezirIJ7mwPeEOa8a6RekdwHK7mnOHQcGq/E/bvIKc=
Subject key identifier:   5E:E8:D4:66:B2:08:DB:1D:F3:0D:CD:7B:9A:D0:39:27:D0:CB:DD:3C
Certificate issuer:       /CN=3763c7106a5f2640162e7980583eab5bd8008c45
Certificate serial:       018CC5DC27721617728D394DBF5E4D0FDEE0
Authority key identifier: 37:63:C7:10:6A:5F:26:40:16:2E:79:80:58:3E:AB:5B:D8:00:8C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N2PHEGpfJkAWLnmAWD6rW9gAjEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/XujUZrII2x3zDc17mtA5J9DL3Tw.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.5.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/N2PHEGpfJkAWLnmAWD6rW9gAjEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/N2PHEGpfJkAWLnmAWD6rW9gAjEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N2PHEGpfJkAWLnmAWD6rW9gAjEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:27:72:16:17:72:8d:39:4d:bf:5e:4d:0f:de:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3763c7106a5f2640162e7980583eab5bd8008c45
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ee8d466b208db1df30dcd7b9ad03927d0cbdd3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:e7:2a:32:c4:c3:68:ea:fd:87:39:dc:6b:
                    0a:96:35:79:24:fb:e9:f6:c7:3b:c8:6b:ed:9f:66:
                    90:be:4b:2e:a7:13:a2:01:3b:81:e5:55:3f:d5:03:
                    96:79:d6:56:e6:8a:d2:44:73:ab:fe:70:d0:63:00:
                    1c:02:a3:51:95:95:2f:6b:0e:9c:8f:61:a5:85:a9:
                    4f:0c:5c:f2:97:40:8c:b7:22:45:ca:49:ea:82:db:
                    ba:d2:ca:8c:81:50:e7:84:fb:97:73:1d:c2:44:40:
                    5e:a6:87:ba:f2:9f:21:33:23:9c:f9:dd:1e:27:ad:
                    f8:d9:c2:22:f9:b3:9b:c6:03:ed:18:24:df:6d:27:
                    b2:21:35:e2:80:ed:3a:08:23:12:61:40:5a:5e:ed:
                    51:cb:f9:98:9d:f6:61:c6:cf:19:2f:a1:98:2b:48:
                    a6:e5:b6:9c:7d:fd:68:70:56:e1:b8:02:06:ca:df:
                    68:ab:7e:36:85:be:0b:d6:f4:21:8e:da:be:27:71:
                    7c:c9:10:ce:d4:b7:69:b0:34:e0:2d:3d:8c:e4:74:
                    f3:63:85:7a:c3:98:19:06:83:58:af:c5:bc:2f:ef:
                    37:46:21:d7:4d:39:76:06:69:ad:0c:95:71:ce:af:
                    24:0d:69:28:f5:3e:70:30:f7:cd:d4:8a:68:db:01:
                    c8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E8:D4:66:B2:08:DB:1D:F3:0D:CD:7B:9A:D0:39:27:D0:CB:DD:3C
            X509v3 Authority Key Identifier:
                keyid:37:63:C7:10:6A:5F:26:40:16:2E:79:80:58:3E:AB:5B:D8:00:8C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N2PHEGpfJkAWLnmAWD6rW9gAjEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/XujUZrII2x3zDc17mtA5J9DL3Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/N2PHEGpfJkAWLnmAWD6rW9gAjEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:99:ae:25:e7:5f:c5:1e:7f:58:a2:07:d7:21:d6:7b:0a:6c:
         44:0a:cd:39:43:8b:a1:5d:41:14:ab:cd:9b:dd:b2:01:c7:67:
         3e:b1:0a:54:c7:73:4b:7b:13:37:23:51:52:ff:70:6f:e0:94:
         16:ad:2d:10:0d:4a:25:d7:a1:37:60:9b:62:98:21:c3:ee:c3:
         7a:9d:c7:dc:aa:db:14:87:92:48:67:f2:8b:82:af:1e:81:4f:
         a6:0d:55:4a:fe:ce:ca:cf:f9:eb:8d:65:85:15:5b:b6:40:9b:
         21:f7:e6:05:8e:2b:b0:2f:55:05:1e:e7:5c:68:14:6a:f6:68:
         13:45:02:35:4a:d7:2f:16:57:79:a0:33:0e:8e:7a:d3:b3:76:
         e9:a1:d2:0f:73:f3:6e:ac:19:74:67:d2:df:d6:6b:f4:de:f1:
         1d:58:3e:9a:60:fc:1b:6f:e5:3e:09:76:86:61:f8:54:17:ca:
         53:39:bb:da:f2:8a:18:93:a3:dc:3a:29:72:42:b4:1e:4e:e6:
         b9:a5:39:4b:0a:aa:78:33:45:8f:c2:20:92:45:22:95:30:89:
         12:8d:79:72:85:fe:3f:21:52:71:6d:ad:47:b7:ee:46:c2:e1:
         e2:8e:95:44:f1:51:6c:75:5d:67:c5:bc:f7:b4:e1:46:c5:b0:
         fc:d8:b0:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CdyFhdyjTlNv15ND97gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NjNjNzEwNmE1ZjI2NDAxNjJlNzk4MDU4M2VhYjViZDgw
MDhjNDUwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWU4ZDQ2NmIyMDhkYjFkZjMwZGNkN2I5YWQwMzkyN2QwY2JkZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6vnKjLEw2jq/Yc53GsKljV5JPvp
9sc7yGvtn2aQvksupxOiATuB5VU/1QOWedZW5orSRHOr/nDQYwAcAqNRlZUvaw6c
j2GlhalPDFzyl0CMtyJFyknqgtu60sqMgVDnhPuXcx3CREBepoe68p8hMyOc+d0e
J6342cIi+bObxgPtGCTfbSeyITXigO06CCMSYUBaXu1Ry/mYnfZhxs8ZL6GYK0im
5bacff1ocFbhuAIGyt9oq342hb4L1vQhjtq+J3F8yRDO1LdpsDTgLT2M5HTzY4V6
w5gZBoNYr8W8L+83RiHXTTl2BmmtDJVxzq8kDWko9T5wMPfN1Ipo2wHIzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7o1GayCNsd8w3Ne5rQOSfQy908MB8GA1UdIwQY
MBaAFDdjxxBqXyZAFi55gFg+q1vYAIxFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjJQSEVHcGZKa0FXTG5tQVdENnJXOWdBakVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zMzU0MWEtZjlhYy00NzVhLWIyOTct
ODhhMGU0NTBhMTdiLzEvWHVqVVpySUkyeDN6RGMxN210QTVKOURMM1R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zMzU0MWEtZjlhYy00NzVhLWIyOTctODhhMGU0NTBhMTdi
LzEvTjJQSEVHcGZKa0FXTG5tQVdENnJXOWdBakVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQWQMA0G
CSqGSIb3DQEBCwUAA4IBAQCcma4l51/FHn9YogfXIdZ7CmxECs05Q4uhXUEUq82b
3bIBx2c+sQpUx3NLexM3I1FS/3Bv4JQWrS0QDUol16E3YJtimCHD7sN6ncfcqtsU
h5JIZ/KLgq8egU+mDVVK/s7Kz/nrjWWFFVu2QJsh9+YFjiuwL1UFHudcaBRq9mgT
RQI1StcvFld5oDMOjnrTs3bpodIPc/NurBl0Z9Lf1mv03vEdWD6aYPwbb+U+CXaG
YfhUF8pTObva8ooYk6PcOilyQrQeTua5pTlLCqp4M0WPwiCSRSKVMIkSjXlyhf4/
IVJxba1Ht+5GwuHijpVE8VFsdV1nxbz3tOFGxbD82LD9
-----END CERTIFICATE-----