Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/cea886-4678-46cd-bea0-b5e188174755/1/X23RLgomPUl-KX1l8ThleqqE13Y.roa
File:                     X23RLgomPUl-KX1l8ThleqqE13Y.roa (raw, json)
Hash identifier:          AS1Eq4WDsiTpp4QdhZuatWaXxdxs7XsxvE7viAai3Js=
Subject key identifier:   5F:6D:D1:2E:0A:26:3D:49:7E:29:7D:65:F1:38:65:7A:AA:84:D7:76
Certificate issuer:       /CN=dbcab601ebb26d579ea87acfffb763ce81c98131
Certificate serial:       018CC801BAD946DB07B97CFC88357DFA7FAD
Authority key identifier: DB:CA:B6:01:EB:B2:6D:57:9E:A8:7A:CF:FF:B7:63:CE:81:C9:81:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28q2AeuybVeeqHrP_7djzoHJgTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/cea886-4678-46cd-bea0-b5e188174755/1/X23RLgomPUl-KX1l8ThleqqE13Y.roa
Signing time:             Tue 02 Jan 2024 02:30:05 +0000
ROA not before:           Tue 02 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34294
IP address blocks:        194.146.68.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/cea886-4678-46cd-bea0-b5e188174755/1/28q2AeuybVeeqHrP_7djzoHJgTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/cea886-4678-46cd-bea0-b5e188174755/1/28q2AeuybVeeqHrP_7djzoHJgTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28q2AeuybVeeqHrP_7djzoHJgTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ba:d9:46:db:07:b9:7c:fc:88:35:7d:fa:7f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbcab601ebb26d579ea87acfffb763ce81c98131
        Validity
            Not Before: Jan  2 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f6dd12e0a263d497e297d65f138657aaa84d776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c7:ac:f9:a8:ee:ee:d6:b8:cd:da:74:c4:78:
                    ba:82:73:30:a9:91:3c:8c:4d:4e:9b:61:c0:0d:42:
                    bf:3d:8d:31:22:59:7f:dc:01:e5:2e:bb:2d:a4:ae:
                    0d:9a:34:f9:0e:99:d3:19:e1:07:af:b1:24:73:c8:
                    2e:19:61:08:55:05:1c:ec:ad:e2:89:2c:6e:23:90:
                    6e:01:ff:3a:2e:2b:f7:e4:0e:26:91:29:f9:25:04:
                    64:99:31:5a:f8:e4:98:74:5e:89:36:a1:c3:bd:04:
                    3c:49:9f:97:24:bf:90:fc:9d:7d:e3:cf:87:ac:44:
                    b8:07:98:8d:36:3b:1e:ce:86:29:25:c5:85:91:97:
                    8e:20:0c:a6:f7:40:2b:60:db:77:39:12:fd:5d:27:
                    dd:ac:8c:e7:8c:48:c8:97:dc:67:46:11:06:96:43:
                    26:4d:cb:ec:0c:e8:81:b0:8b:6a:95:23:5f:91:1d:
                    76:4f:d5:92:33:be:65:61:a4:ef:79:53:f7:a4:b7:
                    45:32:63:d8:40:25:36:89:1c:03:4b:04:74:f1:6b:
                    82:08:0c:bf:b3:66:47:15:37:b8:d9:00:cb:f8:e5:
                    f0:50:f4:9e:14:fc:c1:1d:9c:73:0c:7f:ad:ee:f3:
                    83:f4:d9:a6:6c:e6:bb:69:a6:ca:63:80:de:3d:a7:
                    52:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6D:D1:2E:0A:26:3D:49:7E:29:7D:65:F1:38:65:7A:AA:84:D7:76
            X509v3 Authority Key Identifier:
                keyid:DB:CA:B6:01:EB:B2:6D:57:9E:A8:7A:CF:FF:B7:63:CE:81:C9:81:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28q2AeuybVeeqHrP_7djzoHJgTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cea886-4678-46cd-bea0-b5e188174755/1/X23RLgomPUl-KX1l8ThleqqE13Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cea886-4678-46cd-bea0-b5e188174755/1/28q2AeuybVeeqHrP_7djzoHJgTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:1e:4f:42:68:f7:bb:aa:cf:ec:b0:31:f8:25:2f:8e:e6:71:
         53:ce:64:e9:10:4c:fe:5f:0a:f2:2b:fe:8c:99:d3:30:f9:ee:
         41:f4:3f:90:47:5f:77:ec:c7:79:fb:5f:7d:e2:8e:32:4f:3a:
         96:69:6d:e9:55:93:ca:7e:c2:60:e1:7e:ba:91:5e:81:e8:45:
         ff:ad:f2:fa:f6:00:aa:2f:05:ef:03:7b:6e:57:cd:dd:e0:5b:
         f7:a2:97:87:d6:25:c0:69:95:6e:7f:fb:f3:f8:84:1d:32:06:
         37:8f:03:fc:ab:a7:dd:de:7b:3a:d4:89:38:94:5c:59:75:89:
         e9:3d:4b:9c:bc:61:28:ce:fa:25:c2:4a:c3:f3:c1:55:f5:57:
         a8:8a:a7:e0:e3:69:4c:2b:ef:52:88:0f:20:16:eb:8e:95:b8:
         25:33:5c:2c:37:d0:65:d6:7f:d6:17:eb:77:a9:5d:fb:c6:6b:
         f1:15:69:c2:db:ba:25:5b:1c:6b:07:43:d4:d8:06:ed:ac:5e:
         22:10:81:8e:9a:59:99:0d:39:e2:2c:a8:94:a3:c9:c6:1f:21:
         d7:b7:3c:7d:cd:1e:78:bf:2a:9b:f5:95:09:e6:d1:53:1a:4e:
         37:e1:02:6f:19:e3:2a:26:85:55:2d:1a:39:d2:2f:18:bc:4f:
         cd:87:89:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbrZRtsHuXz8iDV9+n+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2FiNjAxZWJiMjZkNTc5ZWE4N2FjZmZmYjc2M2NlODFj
OTgxMzEwHhcNMjQwMTAyMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjZkZDEyZTBhMjYzZDQ5N2UyOTdkNjVmMTM4NjU3YWFhODRkNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwces+aju7ta4zdp0xHi6gnMwqZE8
jE1Om2HADUK/PY0xIll/3AHlLrstpK4NmjT5DpnTGeEHr7Ekc8guGWEIVQUc7K3i
iSxuI5BuAf86Liv35A4mkSn5JQRkmTFa+OSYdF6JNqHDvQQ8SZ+XJL+Q/J1948+H
rES4B5iNNjsezoYpJcWFkZeOIAym90ArYNt3ORL9XSfdrIznjEjIl9xnRhEGlkMm
TcvsDOiBsItqlSNfkR12T9WSM75lYaTveVP3pLdFMmPYQCU2iRwDSwR08WuCCAy/
s2ZHFTe42QDL+OXwUPSeFPzBHZxzDH+t7vOD9NmmbOa7aabKY4DePadSiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9t0S4KJj1Jfil9ZfE4ZXqqhNd2MB8GA1UdIwQY
MBaAFNvKtgHrsm1Xnqh6z/+3Y86ByYExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhxMkFldXliVmVlcUhyUF83ZGp6b0hKZ1RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jZWE4ODYtNDY3OC00NmNkLWJlYTAt
YjVlMTg4MTc0NzU1LzEvWDIzUkxnb21QVWwtS1gxbDhUaGxlcXFFMTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jZWE4ODYtNDY3OC00NmNkLWJlYTAtYjVlMTg4MTc0NzU1
LzEvMjhxMkFldXliVmVlcUhyUF83ZGp6b0hKZ1RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpJEMA0G
CSqGSIb3DQEBCwUAA4IBAQBtHk9CaPe7qs/ssDH4JS+O5nFTzmTpEEz+XwryK/6M
mdMw+e5B9D+QR1937Md5+1994o4yTzqWaW3pVZPKfsJg4X66kV6B6EX/rfL69gCq
LwXvA3tuV83d4Fv3opeH1iXAaZVuf/vz+IQdMgY3jwP8q6fd3ns61Ik4lFxZdYnp
PUucvGEozvolwkrD88FV9Veoiqfg42lMK+9SiA8gFuuOlbglM1wsN9Bl1n/WF+t3
qV37xmvxFWnC27olWxxrB0PU2AbtrF4iEIGOmlmZDTniLKiUo8nGHyHXtzx9zR54
vyqb9ZUJ5tFTGk434QJvGeMqJoVVLRo50i8YvE/Nh4ke
-----END CERTIFICATE-----