Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/RQN0fjeGBo7G1zEHTU-Rh3qi66k.roa
File:                     RQN0fjeGBo7G1zEHTU-Rh3qi66k.roa (raw, json)
Hash identifier:          Y8OAnUPCFyb7X6pgiTnNaHMPfW7mNlIDVhN/UR/rGsE=
Subject key identifier:   45:03:74:7E:37:86:06:8E:C6:D7:31:07:4D:4F:91:87:7A:A2:EB:A9
Certificate issuer:       /CN=33a51d7ff02d21fac193ae4aed1f0c3956ce4515
Certificate serial:       018CC9BC254EE082A470674DFBE10E7996CC
Authority key identifier: 33:A5:1D:7F:F0:2D:21:FA:C1:93:AE:4A:ED:1F:0C:39:56:CE:45:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/RQN0fjeGBo7G1zEHTU-Rh3qi66k.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        194.53.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:25:4e:e0:82:a4:70:67:4d:fb:e1:0e:79:96:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33a51d7ff02d21fac193ae4aed1f0c3956ce4515
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4503747e3786068ec6d731074d4f91877aa2eba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:70:c9:72:8e:b7:2a:3a:70:38:28:a3:db:
                    3a:94:e5:cd:f5:16:2b:c3:5a:38:aa:da:03:65:68:
                    88:e5:ae:51:47:96:e9:a3:cd:b2:a1:63:4c:27:4e:
                    20:f0:d5:0f:31:51:68:54:ec:39:7f:91:dd:40:a2:
                    2d:13:f7:36:8e:bd:28:4c:69:69:f7:f4:6c:b1:55:
                    ad:cd:99:eb:f8:76:26:d8:fc:4c:13:6f:34:7c:21:
                    47:bc:c8:19:dc:f3:b9:65:5b:7a:41:a7:86:5f:4b:
                    09:1b:81:f1:a8:4c:b2:e8:b9:4f:fd:06:7e:75:7d:
                    f8:8c:ea:67:dc:df:95:6c:34:56:7a:32:c0:5c:c8:
                    00:d2:00:98:32:78:74:54:36:a4:eb:3a:22:d9:2e:
                    10:59:c8:04:f1:ac:51:d7:ce:0d:e1:1b:2b:11:87:
                    69:71:6a:9f:ec:a5:b7:18:b6:e1:ee:2f:e9:ee:fd:
                    a4:d2:8d:a9:d1:fd:06:be:0f:5e:35:d7:c7:54:5b:
                    d3:f8:14:ff:b6:0d:5b:b0:4b:9a:eb:fd:ac:be:d6:
                    f2:1a:ee:98:a5:4f:ee:ff:30:ad:84:68:5d:82:64:
                    3b:23:a7:9f:df:c4:da:fe:29:c5:c2:59:b0:ef:c8:
                    aa:25:ed:bc:d6:f1:5a:20:42:f8:67:a4:5d:f4:9a:
                    a3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:03:74:7E:37:86:06:8E:C6:D7:31:07:4D:4F:91:87:7A:A2:EB:A9
            X509v3 Authority Key Identifier:
                keyid:33:A5:1D:7F:F0:2D:21:FA:C1:93:AE:4A:ED:1F:0C:39:56:CE:45:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M6Udf_AtIfrBk65K7R8MOVbORRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/RQN0fjeGBo7G1zEHTU-Rh3qi66k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/518e42-ebae-4547-8b22-9b1e6a8e40f3/1/M6Udf_AtIfrBk65K7R8MOVbORRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:fa:49:2f:09:fd:d0:d3:68:4a:fb:d3:39:04:71:c4:a1:46:
         93:f1:fa:70:78:f4:73:c9:fd:21:b7:55:18:c3:bf:fe:89:c8:
         d4:8d:84:a2:b6:4a:57:bc:63:2f:f7:c3:06:45:10:02:ae:e6:
         17:0c:1d:cd:fd:70:f5:0c:1d:c7:d8:7a:8f:cb:68:7e:c4:ea:
         69:1b:d9:29:a6:eb:f4:43:12:7f:d1:56:1c:d3:dd:53:15:bd:
         20:8e:a2:32:fa:3d:d5:f5:3a:eb:ac:d4:1c:2f:74:75:5f:70:
         f8:7b:66:d5:ee:08:18:9a:e8:e4:4c:2d:98:0b:e3:ce:70:36:
         3e:b6:c8:4e:72:fa:62:c4:54:e2:e9:c1:02:e2:cc:92:f6:bc:
         a8:a6:21:1b:01:c2:f4:59:94:6b:9e:9b:c9:bd:2d:6d:a8:df:
         76:f0:71:a1:fb:28:12:9c:4f:d9:95:78:f4:19:b4:59:02:5a:
         22:da:a4:77:9e:74:27:80:0b:d5:3f:5c:69:26:df:ac:3f:2b:
         65:a7:cd:5f:91:10:ed:b9:84:ea:fe:5b:b6:08:02:86:9c:72:
         4e:2e:27:e3:62:2e:da:4f:8a:8a:fd:ad:ff:48:db:5d:73:5b:
         74:95:bd:4b:d1:97:03:dc:48:51:28:3a:fe:9a:34:c6:2b:21:
         ae:15:b6:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCVO4IKkcGdN++EOeZbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYTUxZDdmZjAyZDIxZmFjMTkzYWU0YWVkMWYwYzM5NTZj
ZTQ1MTUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTAzNzQ3ZTM3ODYwNjhlYzZkNzMxMDc0ZDRmOTE4NzdhYTJlYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9pwyXKOtyo6cDgoo9s6lOXN9RYr
w1o4qtoDZWiI5a5RR5bpo82yoWNMJ04g8NUPMVFoVOw5f5HdQKItE/c2jr0oTGlp
9/RssVWtzZnr+HYm2PxME280fCFHvMgZ3PO5ZVt6QaeGX0sJG4HxqEyy6LlP/QZ+
dX34jOpn3N+VbDRWejLAXMgA0gCYMnh0VDak6zoi2S4QWcgE8axR184N4RsrEYdp
cWqf7KW3GLbh7i/p7v2k0o2p0f0Gvg9eNdfHVFvT+BT/tg1bsEua6/2svtbyGu6Y
pU/u/zCthGhdgmQ7I6ef38Ta/inFwlmw78iqJe281vFaIEL4Z6Rd9Jqj7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUDdH43hgaOxtcxB01PkYd6ouupMB8GA1UdIwQY
MBaAFDOlHX/wLSH6wZOuSu0fDDlWzkUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTZVZGZfQXRJZnJCazY1SzdSOE1PVmJPUlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC81MThlNDItZWJhZS00NTQ3LThiMjIt
OWIxZTZhOGU0MGYzLzEvUlFOMGZqZUdCbzdHMXpFSFRVLVJoM3FpNjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC81MThlNDItZWJhZS00NTQ3LThiMjItOWIxZTZhOGU0MGYz
LzEvTTZVZGZfQXRJZnJCazY1SzdSOE1PVmJPUlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjUAMA0G
CSqGSIb3DQEBCwUAA4IBAQCO+kkvCf3Q02hK+9M5BHHEoUaT8fpwePRzyf0ht1UY
w7/+icjUjYSitkpXvGMv98MGRRACruYXDB3N/XD1DB3H2HqPy2h+xOppG9kppuv0
QxJ/0VYc091TFb0gjqIy+j3V9TrrrNQcL3R1X3D4e2bV7ggYmujkTC2YC+POcDY+
tshOcvpixFTi6cEC4syS9ryopiEbAcL0WZRrnpvJvS1tqN928HGh+ygSnE/ZlXj0
GbRZAloi2qR3nnQngAvVP1xpJt+sPytlp81fkRDtuYTq/lu2CAKGnHJOLifjYi7a
T4qK/a3/SNtdc1t0lb1L0ZcD3EhRKDr+mjTGKyGuFbYb
-----END CERTIFICATE-----