Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/0ef6de-b3f1-4430-8b49-114ffc20f9aa/1/XH2TX0aX7JErOl6drYYdh8S-WxM.roa
File:                     XH2TX0aX7JErOl6drYYdh8S-WxM.roa (raw, json)
Hash identifier:          Ug8150MoxV3FmzoyRuNTFq8/LJYcdQ8Tx+D+WMNR85c=
Subject key identifier:   5C:7D:93:5F:46:97:EC:91:2B:3A:5E:9D:AD:86:1D:87:C4:BE:5B:13
Certificate issuer:       /CN=1d6d9ccb02715849b3a1ecbcd34b6887f649940f
Certificate serial:       018CC349191D02DA981B5C48DB34D6AFE628
Authority key identifier: 1D:6D:9C:CB:02:71:58:49:B3:A1:EC:BC:D3:4B:68:87:F6:49:94:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HW2cywJxWEmzoey800toh_ZJlA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/0ef6de-b3f1-4430-8b49-114ffc20f9aa/1/XH2TX0aX7JErOl6drYYdh8S-WxM.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.141.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/0ef6de-b3f1-4430-8b49-114ffc20f9aa/1/HW2cywJxWEmzoey800toh_ZJlA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/0ef6de-b3f1-4430-8b49-114ffc20f9aa/1/HW2cywJxWEmzoey800toh_ZJlA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HW2cywJxWEmzoey800toh_ZJlA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:19:1d:02:da:98:1b:5c:48:db:34:d6:af:e6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d6d9ccb02715849b3a1ecbcd34b6887f649940f
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c7d935f4697ec912b3a5e9dad861d87c4be5b13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b3:fd:64:19:fb:94:5b:16:eb:f0:f1:8c:10:
                    b8:e6:6a:d8:95:14:44:c2:22:38:0e:c5:71:60:d3:
                    92:7c:94:13:e8:43:28:0d:3e:3c:a2:05:b8:5c:a0:
                    93:bb:4d:e6:10:79:92:40:82:0a:b4:d9:1c:65:f0:
                    e2:61:2c:36:df:4a:c2:66:bd:f6:9e:72:9b:57:e5:
                    0c:31:94:a1:40:c4:d8:c6:cc:ca:e8:f0:9c:21:d9:
                    c8:fd:c2:c8:f8:a1:28:0c:d4:10:ad:d1:e2:48:bd:
                    7a:3f:d2:61:5f:0b:b7:4a:c9:a8:5b:32:b4:a5:0e:
                    3c:a4:91:96:26:8b:6f:3e:29:90:69:3a:01:66:98:
                    18:a9:c1:95:f9:71:42:17:d1:65:af:05:b6:8a:d3:
                    49:ac:cd:02:99:21:b1:20:e6:19:c6:85:b8:28:57:
                    67:41:96:1d:02:b3:2b:24:15:9e:98:67:a9:e0:39:
                    9d:11:ac:90:ec:00:95:c6:40:a6:08:80:b6:5a:76:
                    f7:d7:bd:5a:1b:28:2d:22:55:80:6f:12:b3:52:60:
                    ea:dc:68:f5:e1:66:8b:7b:a9:6b:6d:1c:f2:bd:a4:
                    d6:d7:c9:95:99:8c:b3:f1:41:7d:6f:21:ce:8b:6c:
                    66:e3:94:60:c0:1a:0d:ba:fe:ab:9b:4d:77:a3:de:
                    3a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7D:93:5F:46:97:EC:91:2B:3A:5E:9D:AD:86:1D:87:C4:BE:5B:13
            X509v3 Authority Key Identifier:
                keyid:1D:6D:9C:CB:02:71:58:49:B3:A1:EC:BC:D3:4B:68:87:F6:49:94:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HW2cywJxWEmzoey800toh_ZJlA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/0ef6de-b3f1-4430-8b49-114ffc20f9aa/1/XH2TX0aX7JErOl6drYYdh8S-WxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/0ef6de-b3f1-4430-8b49-114ffc20f9aa/1/HW2cywJxWEmzoey800toh_ZJlA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:96:52:c6:92:14:22:80:3c:b0:dc:4b:47:f4:12:e0:69:71:
         c0:ee:18:f5:d6:45:b0:77:45:e7:b9:c3:7d:d6:63:51:b7:97:
         38:bd:e7:b2:31:e2:c6:79:6e:4a:30:85:88:25:11:19:cb:7e:
         bc:ae:69:c1:6d:d3:0c:29:64:22:ec:e0:d6:e9:58:5e:9c:2a:
         d8:89:ad:22:bb:31:a4:73:b3:74:fd:63:c6:f0:09:5b:eb:86:
         df:0c:d5:bc:0a:9a:4b:2e:83:5d:bf:41:cc:ec:9c:5c:6f:30:
         0e:cd:11:45:dc:e3:c6:78:2a:94:6d:fa:ad:3b:40:51:35:31:
         03:01:cc:58:c7:53:16:20:b9:88:78:e1:63:55:a7:c8:98:bd:
         ff:7e:36:0f:46:cc:fe:fd:de:87:71:0c:d9:35:b2:28:9b:cc:
         4d:d1:62:96:7a:35:b2:4e:74:87:00:c8:0d:f3:ad:66:74:15:
         8f:d5:01:35:30:ca:5b:bd:00:36:61:d6:fb:52:7c:0f:e2:83:
         d9:3a:52:09:a4:e9:e3:29:00:71:d0:be:59:05:01:66:61:37:
         68:34:e0:e6:23:35:89:30:ec:6c:81:c5:f8:c0:a7:74:ae:41:
         52:b5:6f:63:16:34:52:f1:d1:93:c2:b6:a1:4a:c4:f0:40:32:
         62:9c:d3:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRkdAtqYG1xI2zTWr+YoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNmQ5Y2NiMDI3MTU4NDliM2ExZWNiY2QzNGI2ODg3ZjY0
OTk0MGYwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdkOTM1ZjQ2OTdlYzkxMmIzYTVlOWRhZDg2MWQ4N2M0YmU1YjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7P9ZBn7lFsW6/DxjBC45mrYlRRE
wiI4DsVxYNOSfJQT6EMoDT48ogW4XKCTu03mEHmSQIIKtNkcZfDiYSw230rCZr32
nnKbV+UMMZShQMTYxszK6PCcIdnI/cLI+KEoDNQQrdHiSL16P9JhXwu3SsmoWzK0
pQ48pJGWJotvPimQaToBZpgYqcGV+XFCF9FlrwW2itNJrM0CmSGxIOYZxoW4KFdn
QZYdArMrJBWemGep4DmdEayQ7ACVxkCmCIC2Wnb3171aGygtIlWAbxKzUmDq3Gj1
4WaLe6lrbRzyvaTW18mVmYyz8UF9byHOi2xm45RgwBoNuv6rm013o946hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx9k19Gl+yRKzpena2GHYfEvlsTMB8GA1UdIwQY
MBaAFB1tnMsCcVhJs6HsvNNLaIf2SZQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFcyY3l3SnhXRW16b2V5ODAwdG9oX1pKbEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8wZWY2ZGUtYjNmMS00NDMwLThiNDkt
MTE0ZmZjMjBmOWFhLzEvWEgyVFgwYVg3SkVyT2w2ZHJZWWRoOFMtV3hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8wZWY2ZGUtYjNmMS00NDMwLThiNDktMTE0ZmZjMjBmOWFh
LzEvSFcyY3l3SnhXRW16b2V5ODAwdG9oX1pKbEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY2LMA0G
CSqGSIb3DQEBCwUAA4IBAQA9llLGkhQigDyw3EtH9BLgaXHA7hj11kWwd0XnucN9
1mNRt5c4veeyMeLGeW5KMIWIJREZy368rmnBbdMMKWQi7ODW6VhenCrYia0iuzGk
c7N0/WPG8Alb64bfDNW8CppLLoNdv0HM7JxcbzAOzRFF3OPGeCqUbfqtO0BRNTED
AcxYx1MWILmIeOFjVafImL3/fjYPRsz+/d6HcQzZNbIom8xN0WKWejWyTnSHAMgN
861mdBWP1QE1MMpbvQA2Ydb7UnwP4oPZOlIJpOnjKQBx0L5ZBQFmYTdoNODmIzWJ
MOxsgcX4wKd0rkFStW9jFjRS8dGTwrahSsTwQDJinNPV
-----END CERTIFICATE-----