Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/XIC6iaKMAlhkMWQgMFyAgYzC4Yg.roa
File:                     XIC6iaKMAlhkMWQgMFyAgYzC4Yg.roa (raw, json)
Hash identifier:          gPgreth+qH93oXYYuT2C8Lx1T1p3HAqKwlSaUgyL12o=
Subject key identifier:   5C:80:BA:89:A2:8C:02:58:64:31:64:20:30:5C:80:81:8C:C2:E1:88
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E36282632E78F852017DEEB36100F
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/XIC6iaKMAlhkMWQgMFyAgYzC4Yg.roa
Signing time:             Tue 02 Jan 2024 08:33:15 +0000
ROA not before:           Tue 02 Jan 2024 08:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47355
IP address blocks:        93.191.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:36:28:26:32:e7:8f:85:20:17:de:eb:36:10:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c80ba89a28c025864316420305c80818cc2e188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f1:8e:d5:f4:a3:9a:5d:96:4a:c3:9e:67:a0:
                    e3:e5:a4:a5:e4:fb:74:ba:44:39:2b:c5:bf:08:20:
                    be:56:fc:9a:a4:5c:6d:d9:14:ee:3a:21:27:13:0a:
                    ef:0d:62:52:29:49:63:2b:da:6c:17:22:73:15:6b:
                    fd:ec:d8:0b:96:ae:52:76:39:4f:a3:a1:60:ed:47:
                    1b:dd:70:9c:bc:52:20:03:00:6d:97:bf:25:ab:58:
                    2e:1f:6c:59:0f:f0:de:95:fc:2d:8b:e6:7c:b0:28:
                    fe:59:67:1d:83:45:dc:ea:6c:c5:4f:6d:90:0f:93:
                    e5:2f:91:8a:30:81:e7:7d:5f:05:44:93:74:f7:4f:
                    2e:87:41:e3:c2:1e:6b:95:5d:6d:47:bf:58:f8:39:
                    cc:11:94:fe:92:7c:98:e0:ee:ae:97:69:41:ed:01:
                    98:13:13:b8:09:08:5e:44:8d:10:ff:da:92:42:80:
                    f4:a7:57:39:33:fc:12:07:ed:f1:da:37:3b:e9:40:
                    30:99:eb:28:72:91:99:28:ee:c7:85:30:05:43:9e:
                    ef:70:25:c1:a5:77:1e:ce:05:26:eb:d1:88:eb:62:
                    fd:28:ca:08:7a:a7:3b:8c:0d:f8:1a:1f:64:fa:df:
                    3c:df:be:b6:1b:ec:9b:b4:60:84:11:3c:25:fe:87:
                    0a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:80:BA:89:A2:8C:02:58:64:31:64:20:30:5C:80:81:8C:C2:E1:88
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/XIC6iaKMAlhkMWQgMFyAgYzC4Yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:a5:dd:08:20:1e:af:68:90:d5:31:87:f7:7f:93:9d:29:78:
         02:7e:0d:7c:16:55:30:8d:37:69:06:8d:50:9b:6d:b3:a7:36:
         bb:da:cc:89:de:b0:6f:45:57:23:73:af:e9:99:79:f0:b8:e8:
         9c:c4:aa:a0:a4:08:e0:93:83:6f:ae:1c:36:28:19:41:42:d9:
         dc:12:57:6e:86:0e:82:67:13:be:f1:38:61:b8:39:ac:dd:90:
         cb:e3:e8:21:73:73:08:7a:4d:9b:37:32:e5:d5:f9:eb:d6:88:
         25:2b:4a:4d:a3:d3:27:f8:ba:73:6f:a9:e5:24:76:1b:30:ff:
         d2:74:d8:0f:19:b7:65:8f:22:8b:58:03:30:76:ff:a8:c2:cd:
         7a:c7:d6:c6:cf:e2:f3:6f:2d:3c:29:17:40:3a:e4:fa:49:8f:
         f4:2e:f8:80:c6:00:27:53:90:35:b5:ae:a0:5b:61:e6:af:bd:
         84:93:10:5c:a9:b4:2c:c7:f0:a8:2e:cb:2a:22:d5:99:eb:0e:
         18:78:6a:59:48:1b:3b:f1:ec:b0:36:e0:e3:68:06:6a:a1:52:
         e6:30:f2:d6:62:e1:92:24:8f:99:93:f8:b7:e3:42:c3:47:f2:
         62:e0:12:35:d2:d3:ae:ce:64:30:09:21:40:ab:5a:4c:c5:39:
         d8:27:37:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjYoJjLnj4UgF97rNhAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzgwYmE4OWEyOGMwMjU4NjQzMTY0MjAzMDVjODA4MThjYzJlMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5fGO1fSjml2WSsOeZ6Dj5aSl5Pt0
ukQ5K8W/CCC+VvyapFxt2RTuOiEnEwrvDWJSKUljK9psFyJzFWv97NgLlq5SdjlP
o6Fg7Ucb3XCcvFIgAwBtl78lq1guH2xZD/Delfwti+Z8sCj+WWcdg0Xc6mzFT22Q
D5PlL5GKMIHnfV8FRJN0908uh0Hjwh5rlV1tR79Y+DnMEZT+knyY4O6ul2lB7QGY
ExO4CQheRI0Q/9qSQoD0p1c5M/wSB+3x2jc76UAwmesocpGZKO7HhTAFQ57vcCXB
pXcezgUm69GI62L9KMoIeqc7jA34Gh9k+t883762G+ybtGCEETwl/ocKAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyAuomijAJYZDFkIDBcgIGMwuGIMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvWElDNmlhS01BbGhrTVdRZ01GeUFnWXpDNFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXb9QMA0G
CSqGSIb3DQEBCwUAA4IBAQB6pd0IIB6vaJDVMYf3f5OdKXgCfg18FlUwjTdpBo1Q
m22zpza72syJ3rBvRVcjc6/pmXnwuOicxKqgpAjgk4Nvrhw2KBlBQtncElduhg6C
ZxO+8ThhuDms3ZDL4+ghc3MIek2bNzLl1fnr1oglK0pNo9Mn+Lpzb6nlJHYbMP/S
dNgPGbdljyKLWAMwdv+ows16x9bGz+Lzby08KRdAOuT6SY/0LviAxgAnU5A1ta6g
W2Hmr72EkxBcqbQsx/CoLssqItWZ6w4YeGpZSBs78eywNuDjaAZqoVLmMPLWYuGS
JI+Zk/i340LDR/Ji4BI10tOuzmQwCSFAq1pMxTnYJzfU
-----END CERTIFICATE-----