Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/rBoYOfDUflg6CV4O9oJox9MD7Go.roa
File:                     rBoYOfDUflg6CV4O9oJox9MD7Go.roa (raw, json)
Hash identifier:          nif254dmyTloUvZihbQoqk0MMu8o1dMUn8kUPLrCcbw=
Subject key identifier:   AC:1A:18:39:F0:D4:7E:58:3A:09:5E:0E:F6:82:68:C7:D3:03:EC:6A
Certificate issuer:       /CN=e718670cc2810e4d18153b6e4e78413c1cf4ef8f
Certificate serial:       018CC8013F629E19405867CACCCEE6FA1F98
Authority key identifier: E7:18:67:0C:C2:81:0E:4D:18:15:3B:6E:4E:78:41:3C:1C:F4:EF:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/rBoYOfDUflg6CV4O9oJox9MD7Go.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35328
IP address blocks:        195.68.234.0/23 maxlen: 23
                          195.68.234.0/24 maxlen: 24
                          195.68.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3f:62:9e:19:40:58:67:ca:cc:ce:e6:fa:1f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e718670cc2810e4d18153b6e4e78413c1cf4ef8f
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac1a1839f0d47e583a095e0ef68268c7d303ec6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:88:f7:69:77:dd:f2:b5:10:7b:2b:9e:ef:02:
                    28:ce:17:21:06:71:85:c3:40:f7:fd:27:0a:a6:98:
                    6b:f8:fd:e6:35:18:9c:7d:52:13:2a:8f:33:1b:35:
                    95:fc:3c:e7:25:06:c8:c9:10:35:ab:37:8f:ab:da:
                    b9:23:9d:8c:de:6e:24:18:f6:75:fd:24:32:71:a4:
                    92:ea:7c:13:5b:a5:cb:19:ad:84:a6:91:ba:13:88:
                    1e:a3:e4:ea:4b:19:51:0f:20:a3:f6:a7:27:59:19:
                    5d:8f:b2:33:26:08:02:00:f3:58:af:6f:d9:d2:f3:
                    bc:e4:1d:f7:b5:37:e4:4e:c2:5a:1a:33:62:70:4b:
                    55:3f:44:70:e0:29:9f:5f:7d:3d:25:60:c0:d1:e8:
                    56:f0:a8:a4:9b:9e:e2:c7:d4:b9:a1:69:43:cb:58:
                    c7:c5:de:c4:58:be:9e:1d:f8:1a:87:ae:d9:a4:d6:
                    31:46:b3:8e:c8:6f:df:51:a8:9e:a7:0e:47:a6:0c:
                    a2:b7:14:24:83:b4:79:d0:39:73:6a:1a:6f:c7:cc:
                    34:b0:81:27:26:75:38:02:73:89:33:b9:7e:65:c3:
                    4c:3c:f1:89:69:1f:d7:f7:5e:cf:a5:92:41:2a:c1:
                    fa:88:03:fc:73:0b:e8:30:be:a4:f5:e3:91:aa:7b:
                    df:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:1A:18:39:F0:D4:7E:58:3A:09:5E:0E:F6:82:68:C7:D3:03:EC:6A
            X509v3 Authority Key Identifier:
                keyid:E7:18:67:0C:C2:81:0E:4D:18:15:3B:6E:4E:78:41:3C:1C:F4:EF:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/rBoYOfDUflg6CV4O9oJox9MD7Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.68.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e8:8d:f2:4c:50:02:d0:10:b4:12:0a:fd:66:de:b1:03:c9:bf:
         49:c7:cb:09:f1:23:bd:b8:ff:64:58:04:69:ed:1b:1e:c5:ae:
         be:cc:99:0b:10:cc:ab:aa:66:dc:ae:42:5c:2b:e0:a6:81:99:
         81:84:dd:71:c0:46:6b:62:e7:68:a3:ef:3e:a2:4a:51:e8:b6:
         98:20:13:b6:67:73:4f:e0:f1:68:58:33:10:0d:9c:da:e3:93:
         a5:40:e4:a0:75:11:7d:ee:ec:b7:e4:14:8f:5b:51:38:00:e0:
         5c:55:76:68:4d:2d:fe:87:da:95:b8:75:2f:e9:9f:73:ed:17:
         17:74:0d:fa:11:6a:07:80:2a:8e:74:1c:96:34:eb:56:ef:a8:
         61:3e:d2:c6:0b:eb:ce:6c:cb:33:0c:37:05:a6:f8:0c:2d:ec:
         bc:2e:79:0d:79:87:36:9d:d4:e1:1a:fe:36:3a:b7:c6:cb:78:
         1a:a6:b5:51:dc:bc:99:81:d9:b0:fc:b9:23:0a:b9:90:48:9d:
         17:60:fd:ef:2f:34:51:d8:35:75:f7:60:78:44:bc:af:70:57:
         41:3a:87:2e:de:f5:25:ec:e3:22:c6:6c:d5:46:7e:47:cb:64:
         12:e4:b6:e2:ab:65:47:06:e1:5c:c4:13:4b:95:ab:45:90:1c:
         85:04:05:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAT9inhlAWGfKzM7m+h+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTg2NzBjYzI4MTBlNGQxODE1M2I2ZTRlNzg0MTNjMWNm
NGVmOGYwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzFhMTgzOWYwZDQ3ZTU4M2EwOTVlMGVmNjgyNjhjN2QzMDNlYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIj3aXfd8rUQeyue7wIozhchBnGF
w0D3/ScKpphr+P3mNRicfVITKo8zGzWV/DznJQbIyRA1qzePq9q5I52M3m4kGPZ1
/SQycaSS6nwTW6XLGa2EppG6E4geo+TqSxlRDyCj9qcnWRldj7IzJggCAPNYr2/Z
0vO85B33tTfkTsJaGjNicEtVP0Rw4CmfX309JWDA0ehW8Kikm57ix9S5oWlDy1jH
xd7EWL6eHfgah67ZpNYxRrOOyG/fUaiepw5HpgyitxQkg7R50Dlzahpvx8w0sIEn
JnU4AnOJM7l+ZcNMPPGJaR/X917PpZJBKsH6iAP8cwvoML6k9eORqnvfiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwaGDnw1H5YOgleDvaCaMfTA+xqMB8GA1UdIwQY
MBaAFOcYZwzCgQ5NGBU7bk54QTwc9O+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhobkRNS0JEazBZRlR0dVRuaEJQQnowNzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lNWM3ZTYtYTU3Yi00YzU3LWI1YTUt
NThhYzA1ZjRkOTU0LzEvckJvWU9mRFVmbGc2Q1Y0TzlvSm94OU1EN0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lNWM3ZTYtYTU3Yi00YzU3LWI1YTUtNThhYzA1ZjRkOTU0
LzEvNXhobkRNS0JEazBZRlR0dVRuaEJQQnowNzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0TqMA0G
CSqGSIb3DQEBCwUAA4IBAQDojfJMUALQELQSCv1m3rEDyb9Jx8sJ8SO9uP9kWARp
7Rsexa6+zJkLEMyrqmbcrkJcK+CmgZmBhN1xwEZrYudoo+8+okpR6LaYIBO2Z3NP
4PFoWDMQDZza45OlQOSgdRF97uy35BSPW1E4AOBcVXZoTS3+h9qVuHUv6Z9z7RcX
dA36EWoHgCqOdByWNOtW76hhPtLGC+vObMszDDcFpvgMLey8LnkNeYc2ndThGv42
OrfGy3gaprVR3LyZgdmw/LkjCrmQSJ0XYP3vLzRR2DV192B4RLyvcFdBOocu3vUl
7OMixmzVRn5Hy2QS5Lbiq2VHBuFcxBNLlatFkByFBAXp
-----END CERTIFICATE-----