Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/c931bc-e90c-4aa9-917c-4a2567aa5fce/1/1dXjX5_rDnX8tiXG147qvWFUQsQ.roa
File:                     1dXjX5_rDnX8tiXG147qvWFUQsQ.roa (raw, json)
Hash identifier:          +lAOOv17hW2G+tHe0GGa4JbG18R9drFst1eaiBudqDw=
Subject key identifier:   D5:D5:E3:5F:9F:EB:0E:75:FC:B6:25:C6:D7:8E:EA:BD:61:54:42:C4
Certificate issuer:       /CN=7b94377f71a28799169ee5f2810d9f87cc6ad1b2
Certificate serial:       018CC5DC03CFC2AF2E9B39B0CE72026262A4
Authority key identifier: 7B:94:37:7F:71:A2:87:99:16:9E:E5:F2:81:0D:9F:87:CC:6A:D1:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5Q3f3Gih5kWnuXygQ2fh8xq0bI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/c931bc-e90c-4aa9-917c-4a2567aa5fce/1/1dXjX5_rDnX8tiXG147qvWFUQsQ.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        193.238.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/c931bc-e90c-4aa9-917c-4a2567aa5fce/1/e5Q3f3Gih5kWnuXygQ2fh8xq0bI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/c931bc-e90c-4aa9-917c-4a2567aa5fce/1/e5Q3f3Gih5kWnuXygQ2fh8xq0bI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5Q3f3Gih5kWnuXygQ2fh8xq0bI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:03:cf:c2:af:2e:9b:39:b0:ce:72:02:62:62:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b94377f71a28799169ee5f2810d9f87cc6ad1b2
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5d5e35f9feb0e75fcb625c6d78eeabd615442c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:81:53:fd:21:dd:36:d0:04:08:e5:07:76:27:
                    80:bd:24:f5:fe:ef:ce:c7:0a:af:93:aa:40:e9:66:
                    0d:ac:88:3f:ef:83:7a:24:c9:18:e0:d8:74:5c:4a:
                    41:7f:35:bf:cd:e2:2c:42:80:52:dc:53:df:3d:2a:
                    be:d9:a0:78:91:a8:aa:d5:21:78:80:af:62:63:6a:
                    c6:0f:f1:ff:73:bc:55:9a:d9:29:77:a4:bc:b5:0c:
                    cf:33:d3:9d:a5:f1:01:bc:dd:fa:8e:34:b1:69:41:
                    f8:b8:5d:03:45:4e:48:75:4c:f7:04:e2:54:27:e9:
                    36:00:b9:5e:29:0d:1c:21:78:0b:6b:69:a3:b2:fb:
                    8d:38:c1:e4:b6:a3:44:5c:ba:5d:80:ac:9c:16:ae:
                    a8:98:4c:9b:be:20:f5:16:7c:81:73:ab:ca:89:86:
                    a1:59:28:f7:2c:12:db:0a:94:f3:b6:55:5a:ac:61:
                    0e:96:52:b7:4b:6a:01:ab:9b:c3:cf:7d:49:f8:21:
                    c8:d3:b9:e4:96:13:fa:4e:f1:e1:d1:1b:4a:07:9b:
                    34:f5:d4:e7:eb:84:da:6f:27:e0:29:3c:cf:d2:af:
                    34:56:19:4f:97:b4:da:52:48:c9:7c:cc:ec:ee:03:
                    e0:c1:a1:b5:3b:77:75:92:ae:47:af:40:07:7c:56:
                    38:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D5:E3:5F:9F:EB:0E:75:FC:B6:25:C6:D7:8E:EA:BD:61:54:42:C4
            X509v3 Authority Key Identifier:
                keyid:7B:94:37:7F:71:A2:87:99:16:9E:E5:F2:81:0D:9F:87:CC:6A:D1:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5Q3f3Gih5kWnuXygQ2fh8xq0bI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c931bc-e90c-4aa9-917c-4a2567aa5fce/1/1dXjX5_rDnX8tiXG147qvWFUQsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c931bc-e90c-4aa9-917c-4a2567aa5fce/1/e5Q3f3Gih5kWnuXygQ2fh8xq0bI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:50:ad:06:28:33:70:17:da:70:9c:c9:da:a9:82:a5:64:d9:
         1d:80:6a:a6:48:4c:31:de:3e:dc:c7:0d:45:1e:53:10:fb:b8:
         38:2a:df:6f:36:01:97:cf:05:03:7d:d0:e7:a9:3b:8e:c1:b5:
         ff:01:52:96:12:0a:49:7f:3f:18:08:99:38:23:7b:19:e0:54:
         f1:2d:9f:a5:cd:62:ad:2d:ab:cb:05:69:ae:9c:f2:0b:63:68:
         30:eb:88:16:74:47:e4:ac:8a:55:6d:b8:80:41:a7:c0:21:77:
         7e:be:d7:55:36:1a:68:c2:e6:45:9a:0f:e6:6f:c4:9f:a7:1f:
         5e:98:fc:2d:7e:99:6c:91:24:0e:ed:49:94:5a:c0:6c:dc:16:
         ff:74:8f:65:ff:64:8a:8b:97:7f:f7:dd:9f:de:39:4d:3a:54:
         df:51:3f:4a:65:98:b6:09:7b:11:7c:b7:68:a4:55:98:f9:79:
         31:af:7d:c3:c5:f9:53:a8:ae:96:ad:78:e8:4e:f1:21:57:b7:
         d6:65:23:c9:04:4b:dd:8e:2c:a1:18:67:f9:80:4b:17:66:83:
         a7:09:c3:62:44:29:be:2f:ca:5b:66:91:70:8b:7e:3a:e5:89:
         78:44:df:26:a1:5b:49:b3:ff:89:4c:ad:df:bf:6b:da:31:ce:
         9a:ab:4b:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3APPwq8umzmwznICYmKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQzNzdmNzFhMjg3OTkxNjllZTVmMjgxMGQ5Zjg3Y2M2
YWQxYjIwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWQ1ZTM1ZjlmZWIwZTc1ZmNiNjI1YzZkNzhlZWFiZDYxNTQ0MmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IFT/SHdNtAECOUHdieAvST1/u/O
xwqvk6pA6WYNrIg/74N6JMkY4Nh0XEpBfzW/zeIsQoBS3FPfPSq+2aB4kaiq1SF4
gK9iY2rGD/H/c7xVmtkpd6S8tQzPM9OdpfEBvN36jjSxaUH4uF0DRU5IdUz3BOJU
J+k2ALleKQ0cIXgLa2mjsvuNOMHktqNEXLpdgKycFq6omEybviD1FnyBc6vKiYah
WSj3LBLbCpTztlVarGEOllK3S2oBq5vDz31J+CHI07nklhP6TvHh0RtKB5s09dTn
64TabyfgKTzP0q80VhlPl7TaUkjJfMzs7gPgwaG1O3d1kq5Hr0AHfFY48QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXV41+f6w51/LYlxteO6r1hVELEMB8GA1UdIwQY
MBaAFHuUN39xooeZFp7l8oENn4fMatGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVRM2YzR2loNWtXbnVYeWdRMmZoOHhxMGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9jOTMxYmMtZTkwYy00YWE5LTkxN2Mt
NGEyNTY3YWE1ZmNlLzEvMWRYalg1X3JEblg4dGlYRzE0N3F2V0ZVUXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9jOTMxYmMtZTkwYy00YWE5LTkxN2MtNGEyNTY3YWE1ZmNl
LzEvZTVRM2YzR2loNWtXbnVYeWdRMmZoOHhxMGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwe5YMA0G
CSqGSIb3DQEBCwUAA4IBAQCFUK0GKDNwF9pwnMnaqYKlZNkdgGqmSEwx3j7cxw1F
HlMQ+7g4Kt9vNgGXzwUDfdDnqTuOwbX/AVKWEgpJfz8YCJk4I3sZ4FTxLZ+lzWKt
LavLBWmunPILY2gw64gWdEfkrIpVbbiAQafAIXd+vtdVNhpowuZFmg/mb8Sfpx9e
mPwtfplskSQO7UmUWsBs3Bb/dI9l/2SKi5d/992f3jlNOlTfUT9KZZi2CXsRfLdo
pFWY+Xkxr33DxflTqK6WrXjoTvEhV7fWZSPJBEvdjiyhGGf5gEsXZoOnCcNiRCm+
L8pbZpFwi3465Yl4RN8moVtJs/+JTK3fv2vaMc6aq0tH
-----END CERTIFICATE-----