Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/acda5e-4d2d-4f86-a17b-5b493aa07268/1/RauWIj58c4UpxDKxLTJCEEAxkpE.roa
File:                     RauWIj58c4UpxDKxLTJCEEAxkpE.roa (raw, json)
Hash identifier:          aTCw/6EDu21zvqSXFFQCc9oljB3cmV+ddzW2r3mHbrw=
Subject key identifier:   45:AB:96:22:3E:7C:73:85:29:C4:32:B1:2D:32:42:10:40:31:92:91
Certificate issuer:       /CN=0bc71df16dd0b47cd0af971f14d1dca6d8206bb1
Certificate serial:       018CC801C72948B41A0CB4EDB53DAC8A7EB1
Authority key identifier: 0B:C7:1D:F1:6D:D0:B4:7C:D0:AF:97:1F:14:D1:DC:A6:D8:20:6B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C8cd8W3QtHzQr5cfFNHcptgga7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/acda5e-4d2d-4f86-a17b-5b493aa07268/1/RauWIj58c4UpxDKxLTJCEEAxkpE.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31369
IP address blocks:        193.25.162.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/acda5e-4d2d-4f86-a17b-5b493aa07268/1/C8cd8W3QtHzQr5cfFNHcptgga7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/acda5e-4d2d-4f86-a17b-5b493aa07268/1/C8cd8W3QtHzQr5cfFNHcptgga7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C8cd8W3QtHzQr5cfFNHcptgga7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c7:29:48:b4:1a:0c:b4:ed:b5:3d:ac:8a:7e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bc71df16dd0b47cd0af971f14d1dca6d8206bb1
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45ab96223e7c738529c432b12d32421040319291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fa:8f:b0:7c:53:95:42:4c:a4:84:fd:4a:52:
                    e9:3e:a6:89:ed:b2:78:da:11:ef:c1:c1:f7:ff:15:
                    33:71:84:86:52:86:3b:a0:ec:87:d3:98:fc:fb:04:
                    df:53:df:28:09:f1:17:0c:8a:8b:6c:91:8f:07:b8:
                    e8:e1:fa:cb:1f:04:d4:97:01:22:df:e5:c2:2f:fc:
                    b3:70:2d:40:ac:d0:a5:63:2b:59:98:27:00:39:d3:
                    5e:57:10:1e:87:77:33:f5:ed:d5:04:a1:41:6a:9c:
                    fb:3b:6e:d4:9e:55:6b:80:eb:82:f8:75:72:8f:75:
                    b6:ec:19:ca:65:fe:97:0b:b9:88:3d:51:03:34:6b:
                    d0:be:b3:62:9b:f3:1b:00:a2:4d:66:90:b9:e4:f2:
                    d3:b9:8c:61:31:83:cd:09:dc:66:05:1c:18:60:b7:
                    3e:08:6f:5e:1e:8a:7c:ec:67:22:8e:57:54:7b:6c:
                    be:8b:ba:03:79:4f:76:07:3b:c0:fc:7f:25:02:2b:
                    52:28:18:7c:96:4f:10:ef:6d:f4:1c:c1:fd:65:7e:
                    73:95:f2:52:f6:8c:da:76:b3:c3:32:60:3f:2a:02:
                    82:33:5c:0b:51:c6:84:01:7d:15:4b:55:77:47:10:
                    80:25:4e:2b:6d:cc:57:4e:75:45:f7:15:06:1b:16:
                    2b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AB:96:22:3E:7C:73:85:29:C4:32:B1:2D:32:42:10:40:31:92:91
            X509v3 Authority Key Identifier:
                keyid:0B:C7:1D:F1:6D:D0:B4:7C:D0:AF:97:1F:14:D1:DC:A6:D8:20:6B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C8cd8W3QtHzQr5cfFNHcptgga7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/acda5e-4d2d-4f86-a17b-5b493aa07268/1/RauWIj58c4UpxDKxLTJCEEAxkpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/acda5e-4d2d-4f86-a17b-5b493aa07268/1/C8cd8W3QtHzQr5cfFNHcptgga7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:34:6c:7d:ec:b1:4c:50:1c:a0:2a:ee:6a:d3:e4:23:58:a2:
         8a:12:97:77:dc:01:80:71:ff:28:80:6f:fa:de:d5:15:21:46:
         7d:3b:f5:b6:c0:ab:90:8e:de:4b:41:86:9f:2a:54:df:f7:82:
         77:75:61:b3:f5:ce:97:42:ab:f8:22:a2:f4:02:80:d9:60:12:
         ba:2d:30:89:44:33:d3:73:87:7d:e1:3a:81:93:bd:dd:a5:10:
         b9:9c:fa:e4:5d:6d:73:b2:32:dc:1a:52:a1:d8:2b:61:5a:49:
         a5:27:32:52:9d:09:28:31:05:e0:4f:25:81:a5:b7:16:6d:9c:
         48:63:75:7c:de:e4:cb:2a:0d:bc:4c:94:1f:31:c5:fe:20:f5:
         d9:1b:15:0a:fd:40:ab:6a:05:a8:08:c3:ba:5f:48:4a:60:ba:
         7d:db:86:80:78:23:10:47:b4:cf:6c:11:79:39:bc:d0:a4:ff:
         8a:cf:cf:a7:fb:67:c3:45:af:27:1f:a7:d0:30:fc:55:fa:13:
         37:4a:37:59:bc:0b:cd:6c:66:cd:e3:90:f8:a8:de:d5:cd:cf:
         fe:25:8e:68:c8:01:fb:aa:8a:6d:af:c6:88:8e:99:33:98:89:
         79:dd:00:71:61:43:78:e1:be:33:2b:5d:7f:9a:39:b0:6e:7f:
         1f:4f:07:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAccpSLQaDLTttT2sin6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYzcxZGYxNmRkMGI0N2NkMGFmOTcxZjE0ZDFkY2E2ZDgy
MDZiYjEwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWFiOTYyMjNlN2M3Mzg1MjljNDMyYjEyZDMyNDIxMDQwMzE5MjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/qPsHxTlUJMpIT9SlLpPqaJ7bJ4
2hHvwcH3/xUzcYSGUoY7oOyH05j8+wTfU98oCfEXDIqLbJGPB7jo4frLHwTUlwEi
3+XCL/yzcC1ArNClYytZmCcAOdNeVxAeh3cz9e3VBKFBapz7O27UnlVrgOuC+HVy
j3W27BnKZf6XC7mIPVEDNGvQvrNim/MbAKJNZpC55PLTuYxhMYPNCdxmBRwYYLc+
CG9eHop87GcijldUe2y+i7oDeU92BzvA/H8lAitSKBh8lk8Q7230HMH9ZX5zlfJS
9ozadrPDMmA/KgKCM1wLUcaEAX0VS1V3RxCAJU4rbcxXTnVF9xUGGxYrFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWrliI+fHOFKcQysS0yQhBAMZKRMB8GA1UdIwQY
MBaAFAvHHfFt0LR80K+XHxTR3KbYIGuxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzhjZDhXM1F0SHpRcjVjZkZOSGNwdGdnYTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9hY2RhNWUtNGQyZC00Zjg2LWExN2It
NWI0OTNhYTA3MjY4LzEvUmF1V0lqNThjNFVweERLeExUSkNFRUF4a3BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9hY2RhNWUtNGQyZC00Zjg2LWExN2ItNWI0OTNhYTA3MjY4
LzEvQzhjZDhXM1F0SHpRcjVjZkZOSGNwdGdnYTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRmiMA0G
CSqGSIb3DQEBCwUAA4IBAQCLNGx97LFMUBygKu5q0+QjWKKKEpd33AGAcf8ogG/6
3tUVIUZ9O/W2wKuQjt5LQYafKlTf94J3dWGz9c6XQqv4IqL0AoDZYBK6LTCJRDPT
c4d94TqBk73dpRC5nPrkXW1zsjLcGlKh2CthWkmlJzJSnQkoMQXgTyWBpbcWbZxI
Y3V83uTLKg28TJQfMcX+IPXZGxUK/UCragWoCMO6X0hKYLp924aAeCMQR7TPbBF5
ObzQpP+Kz8+n+2fDRa8nH6fQMPxV+hM3SjdZvAvNbGbN45D4qN7Vzc/+JY5oyAH7
qoptr8aIjpkzmIl53QBxYUN44b4zK11/mjmwbn8fTwcA
-----END CERTIFICATE-----