Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/xQXkDI5rGk93kBMVBtYCbax-ViU.roa
File:                     xQXkDI5rGk93kBMVBtYCbax-ViU.roa (raw, json)
Hash identifier:          jUlu18IctuGyWNBZ9XLMw4Cfh1BYUfI7uhr29/t1GbY=
Subject key identifier:   C5:05:E4:0C:8E:6B:1A:4F:77:90:13:15:06:D6:02:6D:AC:7E:56:25
Certificate issuer:       /CN=c25cb7132c19f7d51f002ed4ad811aecf5b20f57
Certificate serial:       018CC86F047C0F0DBCA12221103E97B7EAE5
Authority key identifier: C2:5C:B7:13:2C:19:F7:D5:1F:00:2E:D4:AD:81:1A:EC:F5:B2:0F:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/xQXkDI5rGk93kBMVBtYCbax-ViU.roa
Signing time:             Tue 02 Jan 2024 04:29:27 +0000
ROA not before:           Tue 02 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48584
IP address blocks:        193.68.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 13:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:04:7c:0f:0d:bc:a1:22:21:10:3e:97:b7:ea:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c25cb7132c19f7d51f002ed4ad811aecf5b20f57
        Validity
            Not Before: Jan  2 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c505e40c8e6b1a4f7790131506d6026dac7e5625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:75:e6:8f:37:ea:a3:85:57:6b:39:cc:57:64:
                    53:7e:ff:5a:2e:89:b0:02:9a:a6:76:f3:d1:95:d2:
                    07:0e:09:0e:38:d6:87:92:85:5b:5f:82:07:90:38:
                    f7:70:af:50:fb:d6:6b:d7:7f:94:7e:63:d7:32:f2:
                    7b:e4:20:ed:ae:f9:91:3b:41:86:16:8a:5a:7b:5f:
                    07:96:c6:9b:b8:19:01:b1:ec:1c:b6:2b:c5:c8:76:
                    b7:8b:63:cf:f3:71:e1:2a:c5:c1:86:8b:1b:49:02:
                    d5:d8:4a:87:d0:45:25:f5:db:ca:c7:c7:65:03:66:
                    3f:33:d2:5e:6f:a0:1b:1d:1f:5b:62:b6:8a:9a:4b:
                    77:be:62:29:1d:f5:6f:6a:86:15:66:ce:46:0f:29:
                    a7:3f:dc:f8:4d:cf:98:c4:b7:69:d8:ab:47:1a:b5:
                    3d:1b:a9:3b:f4:bd:bf:1d:8b:2a:bb:73:33:85:7c:
                    1d:72:64:71:bd:d5:71:2a:a8:8e:dc:22:22:22:5b:
                    b3:b6:69:07:0a:4d:1f:b7:a2:f1:bb:44:bb:ef:68:
                    b4:20:7c:6a:e2:be:27:13:29:6a:4c:e7:ae:a6:32:
                    dc:e0:db:c2:18:74:0c:ad:dd:45:b0:12:f4:ff:10:
                    0b:3c:4a:ba:aa:48:e0:8e:2e:98:31:04:2d:41:17:
                    e7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:05:E4:0C:8E:6B:1A:4F:77:90:13:15:06:D6:02:6D:AC:7E:56:25
            X509v3 Authority Key Identifier:
                keyid:C2:5C:B7:13:2C:19:F7:D5:1F:00:2E:D4:AD:81:1A:EC:F5:B2:0F:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/xQXkDI5rGk93kBMVBtYCbax-ViU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.68.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:fa:ad:ae:b6:95:0b:2b:46:9f:fa:29:58:d3:32:d3:a1:c5:
         58:48:c9:1d:7c:a6:8b:d6:0e:f5:6b:f0:b3:c6:5f:3d:f5:bd:
         44:78:cc:d9:f1:58:6b:19:83:82:0f:3a:d5:72:ce:73:f4:44:
         4a:08:97:a7:24:1f:c8:d3:e4:8b:db:d1:9b:42:36:31:d5:20:
         81:e9:7d:48:38:4d:6d:33:5d:c3:d0:f7:66:eb:a3:67:20:89:
         08:f4:26:ef:cb:de:90:ab:e7:cd:76:b1:35:e0:81:e3:29:c3:
         a2:09:57:d8:66:7c:de:46:35:04:8f:09:c6:e6:95:f8:73:f5:
         aa:83:0f:e6:b6:66:80:31:97:6e:22:ff:bc:a3:f9:9d:3e:38:
         77:cb:c2:94:02:f2:b2:d2:52:d8:29:a1:69:fa:99:4c:19:26:
         e9:4f:b0:d9:05:8d:88:bb:57:de:01:c1:31:fa:e1:1b:72:92:
         20:e9:7c:36:bf:4e:5c:29:b8:04:eb:30:a1:ac:26:bf:49:e1:
         10:9e:5a:27:2e:e6:a7:2d:1e:66:ed:8d:5f:d1:cc:54:cb:d4:
         36:fb:e7:2c:33:84:b2:b9:2e:04:34:c6:82:d1:25:9f:1f:d9:
         2f:46:96:0b:e4:94:1f:29:dd:75:8c:f0:5f:f9:e1:de:b0:67:
         9c:8d:77:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwR8Dw28oSIhED6Xt+rlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNWNiNzEzMmMxOWY3ZDUxZjAwMmVkNGFkODExYWVjZjVi
MjBmNTcwHhcNMjQwMTAyMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTA1ZTQwYzhlNmIxYTRmNzc5MDEzMTUwNmQ2MDI2ZGFjN2U1NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnXmjzfqo4VXaznMV2RTfv9aLomw
ApqmdvPRldIHDgkOONaHkoVbX4IHkDj3cK9Q+9Zr13+UfmPXMvJ75CDtrvmRO0GG
Fopae18HlsabuBkBsewctivFyHa3i2PP83HhKsXBhosbSQLV2EqH0EUl9dvKx8dl
A2Y/M9Jeb6AbHR9bYraKmkt3vmIpHfVvaoYVZs5GDymnP9z4Tc+YxLdp2KtHGrU9
G6k79L2/HYsqu3MzhXwdcmRxvdVxKqiO3CIiIluztmkHCk0ft6Lxu0S772i0IHxq
4r4nEylqTOeupjLc4NvCGHQMrd1FsBL0/xALPEq6qkjgji6YMQQtQRfnyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUF5AyOaxpPd5ATFQbWAm2sflYlMB8GA1UdIwQY
MBaAFMJctxMsGffVHwAu1K2BGuz1sg9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2x5M0V5d1o5OVVmQUM3VXJZRWE3UFd5RDFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9iMjcyMDMtOWQ0OC00OWE1LWFmMjUt
NDlkNDBhMTNjYmMyLzEveFFYa0RJNXJHazkza0JNVkJ0WUNiYXgtVmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9iMjcyMDMtOWQ0OC00OWE1LWFmMjUtNDlkNDBhMTNjYmMy
LzEvd2x5M0V5d1o5OVVmQUM3VXJZRWE3UFd5RDFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwURyMA0G
CSqGSIb3DQEBCwUAA4IBAQB8+q2utpULK0af+ilY0zLTocVYSMkdfKaL1g71a/Cz
xl899b1EeMzZ8VhrGYOCDzrVcs5z9ERKCJenJB/I0+SL29GbQjYx1SCB6X1IOE1t
M13D0Pdm66NnIIkI9Cbvy96Qq+fNdrE14IHjKcOiCVfYZnzeRjUEjwnG5pX4c/Wq
gw/mtmaAMZduIv+8o/mdPjh3y8KUAvKy0lLYKaFp+plMGSbpT7DZBY2Iu1feAcEx
+uEbcpIg6Xw2v05cKbgE6zChrCa/SeEQnlonLuanLR5m7Y1f0cxUy9Q2++csM4Sy
uS4ENMaC0SWfH9kvRpYL5JQfKd11jPBf+eHesGecjXeG
-----END CERTIFICATE-----