Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/3564e7-11d4-4d7a-8bcc-a953768fde2f/1/_zIlXljsi9BxoVmf9WdILAiyTPQ.roa
File:                     _zIlXljsi9BxoVmf9WdILAiyTPQ.roa (raw, json)
Hash identifier:          R34Q3li54s+ayOt5OXpxt9uj8CMaQK3WBNg/JLeSWTE=
Subject key identifier:   FF:32:25:5E:58:EC:8B:D0:71:A1:59:9F:F5:67:48:2C:08:B2:4C:F4
Certificate issuer:       /CN=1a4d0923ec10667760ad882e6af9a15699c05ef8
Certificate serial:       018CC3490B8F015A664E49BA2A70F10A5C36
Authority key identifier: 1A:4D:09:23:EC:10:66:77:60:AD:88:2E:6A:F9:A1:56:99:C0:5E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk0JI-wQZndgrYguavmhVpnAXvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/3564e7-11d4-4d7a-8bcc-a953768fde2f/1/_zIlXljsi9BxoVmf9WdILAiyTPQ.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41737
IP address blocks:        193.110.144.0/24 maxlen: 24
                          193.110.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/3564e7-11d4-4d7a-8bcc-a953768fde2f/1/Gk0JI-wQZndgrYguavmhVpnAXvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/3564e7-11d4-4d7a-8bcc-a953768fde2f/1/Gk0JI-wQZndgrYguavmhVpnAXvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk0JI-wQZndgrYguavmhVpnAXvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0b:8f:01:5a:66:4e:49:ba:2a:70:f1:0a:5c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4d0923ec10667760ad882e6af9a15699c05ef8
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff32255e58ec8bd071a1599ff567482c08b24cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:69:2e:33:d2:c9:c5:60:aa:51:55:c6:79:e4:
                    b3:77:e4:6b:d4:e5:c9:4b:a5:cb:86:9e:a2:95:e8:
                    75:e0:2a:5c:7e:9b:3c:aa:7b:d3:c0:d1:5b:f4:2c:
                    3a:ee:49:ab:32:35:17:e9:7d:1f:1a:6b:7a:9e:75:
                    6c:8c:36:5d:d1:78:80:89:e0:bc:bf:06:32:58:ea:
                    e8:04:c6:36:e3:93:ed:70:c5:b9:7c:00:f5:6d:9f:
                    d4:dd:01:c3:52:6a:57:52:69:9b:9b:99:1b:94:5c:
                    16:b8:d5:c7:aa:b4:b0:ca:26:27:57:13:21:7b:31:
                    16:9b:3d:4a:05:93:81:71:56:ce:42:04:59:99:4f:
                    1f:79:3b:42:ff:6e:20:e8:1d:9c:6c:08:21:f1:99:
                    f5:1b:42:f7:93:60:ed:5a:17:e2:74:72:f3:56:44:
                    e1:c2:2c:dc:82:12:fd:dd:b9:57:cd:c4:5e:2d:5f:
                    26:da:64:1a:4c:a4:10:dd:66:0d:f9:cc:03:9b:99:
                    d0:14:af:73:7a:14:8d:fd:42:f9:fb:0d:cd:35:ce:
                    ff:1b:dc:2c:a9:cf:6b:90:0a:70:d8:dd:ed:44:e0:
                    1d:d0:8f:51:4b:67:38:94:0a:71:82:37:aa:02:60:
                    5f:27:43:0e:af:5d:dd:bd:31:86:89:ac:90:7d:f0:
                    f9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:32:25:5E:58:EC:8B:D0:71:A1:59:9F:F5:67:48:2C:08:B2:4C:F4
            X509v3 Authority Key Identifier:
                keyid:1A:4D:09:23:EC:10:66:77:60:AD:88:2E:6A:F9:A1:56:99:C0:5E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk0JI-wQZndgrYguavmhVpnAXvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3564e7-11d4-4d7a-8bcc-a953768fde2f/1/_zIlXljsi9BxoVmf9WdILAiyTPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3564e7-11d4-4d7a-8bcc-a953768fde2f/1/Gk0JI-wQZndgrYguavmhVpnAXvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.144.0/24
                  193.110.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:23:62:f5:82:00:ac:78:56:62:72:54:c7:cc:8e:fb:7d:81:
         39:bb:f8:4f:4e:0f:a8:09:fd:65:d8:f8:17:c8:f5:b8:e1:75:
         fc:d9:79:e8:44:cc:60:46:0e:52:d0:ee:f8:26:bb:c8:f7:6a:
         e9:90:d3:64:e3:72:16:44:22:8c:dd:e5:1a:c4:aa:e6:58:eb:
         26:45:dd:40:28:d9:f8:55:2b:ff:bb:4b:6a:01:60:70:6c:63:
         9b:2a:d1:54:a9:71:9a:08:74:26:73:eb:e9:a3:4c:9f:d3:fc:
         3e:d6:b1:ca:31:3d:8d:9b:1a:03:68:70:53:33:d5:99:0a:a5:
         3f:ba:f9:49:d7:c4:8b:24:5b:36:9b:06:5b:82:7b:3b:1f:e3:
         63:22:52:f4:64:9f:b5:7e:b4:23:e7:3b:62:cf:c2:09:4e:c7:
         09:1b:7c:3f:58:1c:ad:c1:a0:95:6b:ee:a2:ba:96:12:86:50:
         35:d7:f2:c9:76:79:a3:6e:44:7c:e0:d8:5e:53:29:c5:20:3d:
         11:5f:7b:1b:35:13:30:b3:d5:a0:56:4f:e6:2f:f0:17:89:8b:
         a1:90:40:d3:29:d8:98:ad:6e:8d:31:2d:31:8f:84:39:92:52:
         b5:fd:a2:a1:fe:8e:0d:89:9a:9c:73:46:0a:92:c5:b5:9c:c8:
         13:aa:18:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSQuPAVpmTkm6KnDxClw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGQwOTIzZWMxMDY2Nzc2MGFkODgyZTZhZjlhMTU2OTlj
MDVlZjgwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjMyMjU1ZTU4ZWM4YmQwNzFhMTU5OWZmNTY3NDgyYzA4YjI0Y2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGkuM9LJxWCqUVXGeeSzd+Rr1OXJ
S6XLhp6ileh14Cpcfps8qnvTwNFb9Cw67kmrMjUX6X0fGmt6nnVsjDZd0XiAieC8
vwYyWOroBMY245PtcMW5fAD1bZ/U3QHDUmpXUmmbm5kblFwWuNXHqrSwyiYnVxMh
ezEWmz1KBZOBcVbOQgRZmU8feTtC/24g6B2cbAgh8Zn1G0L3k2DtWhfidHLzVkTh
wizcghL93blXzcReLV8m2mQaTKQQ3WYN+cwDm5nQFK9zehSN/UL5+w3NNc7/G9ws
qc9rkApw2N3tROAd0I9RS2c4lApxgjeqAmBfJ0MOr13dvTGGiayQffD5xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP8yJV5Y7IvQcaFZn/VnSCwIskz0MB8GA1UdIwQY
MBaAFBpNCSPsEGZ3YK2ILmr5oVaZwF74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2swSkktd1FabmRncllndWF2bWhWcG5BWHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8zNTY0ZTctMTFkNC00ZDdhLThiY2Mt
YTk1Mzc2OGZkZTJmLzEvX3pJbFhsanNpOUJ4b1ZtZjlXZElMQWl5VFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8zNTY0ZTctMTFkNC00ZDdhLThiY2MtYTk1Mzc2OGZkZTJm
LzEvR2swSkktd1FabmRncllndWF2bWhWcG5BWHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW6QAwQB
wW6oMA0GCSqGSIb3DQEBCwUAA4IBAQAaI2L1ggCseFZiclTHzI77fYE5u/hPTg+o
Cf1l2PgXyPW44XX82XnoRMxgRg5S0O74JrvI92rpkNNk43IWRCKM3eUaxKrmWOsm
Rd1AKNn4VSv/u0tqAWBwbGObKtFUqXGaCHQmc+vpo0yf0/w+1rHKMT2NmxoDaHBT
M9WZCqU/uvlJ18SLJFs2mwZbgns7H+NjIlL0ZJ+1frQj5ztiz8IJTscJG3w/WByt
waCVa+6iupYShlA11/LJdnmjbkR84NheUynFID0RX3sbNRMws9WgVk/mL/AXiYuh
kEDTKdiYrW6NMS0xj4Q5klK1/aKh/o4NiZqcc0YKksW1nMgTqhhL
-----END CERTIFICATE-----