Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/5689b0-af6d-4381-8992-90f6719e67b9/1/xRFuoUOKokXyq1-x5HAd_UoPSPQ.roa
File:                     xRFuoUOKokXyq1-x5HAd_UoPSPQ.roa (raw, json)
Hash identifier:          Lf6eVEBLY+mm2kggOw6hPFoiiRo+PGY7ItilsMbZVmk=
Subject key identifier:   C5:11:6E:A1:43:8A:A2:45:F2:AB:5F:B1:E4:70:1D:FD:4A:0F:48:F4
Certificate issuer:       /CN=985b50a10d2d58c67503eaaa701e510915dd5192
Certificate serial:       018DF3D68FFA1D653D743AB3271F66EC4CC1
Authority key identifier: 98:5B:50:A1:0D:2D:58:C6:75:03:EA:AA:70:1E:51:09:15:DD:51:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFtQoQ0tWMZ1A-qqcB5RCRXdUZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/5689b0-af6d-4381-8992-90f6719e67b9/1/xRFuoUOKokXyq1-x5HAd_UoPSPQ.roa
Signing time:             Thu 29 Feb 2024 07:49:01 +0000
ROA not before:           Thu 29 Feb 2024 07:49:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35585
IP address blocks:        194.24.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/5689b0-af6d-4381-8992-90f6719e67b9/1/mFtQoQ0tWMZ1A-qqcB5RCRXdUZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/5689b0-af6d-4381-8992-90f6719e67b9/1/mFtQoQ0tWMZ1A-qqcB5RCRXdUZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFtQoQ0tWMZ1A-qqcB5RCRXdUZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:d6:8f:fa:1d:65:3d:74:3a:b3:27:1f:66:ec:4c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=985b50a10d2d58c67503eaaa701e510915dd5192
        Validity
            Not Before: Feb 29 07:49:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5116ea1438aa245f2ab5fb1e4701dfd4a0f48f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:92:98:56:f4:94:47:56:d7:e7:8c:e9:52:d0:
                    56:05:87:e4:b5:de:df:4c:30:30:bd:04:24:4a:11:
                    c0:06:28:8f:03:68:d9:7b:89:34:0c:e3:83:17:79:
                    9c:4f:48:de:51:f6:d4:4f:d0:b5:05:ba:a8:88:27:
                    b4:ad:04:71:51:79:3c:10:06:49:8c:b8:c6:81:a8:
                    d0:2e:94:90:aa:fc:b0:d6:80:9b:72:87:20:f4:d5:
                    17:ec:d4:51:15:fa:a1:85:71:5c:24:ff:3f:7d:6a:
                    92:13:6c:c3:a4:f4:d7:4f:54:77:fb:d5:7f:16:a9:
                    50:00:72:ad:58:dc:6a:f0:8e:a9:7c:b4:a0:55:2b:
                    37:89:f3:8f:33:ac:8b:df:97:ca:9b:74:4c:cd:90:
                    32:06:b7:9d:ac:00:56:27:3b:e6:4e:af:c5:2a:a3:
                    e7:3c:b5:bc:f1:b9:7a:69:c7:82:3d:4a:e3:19:6c:
                    23:46:f3:7d:f4:39:dc:39:8f:01:4b:a3:c7:a2:40:
                    1f:d8:3d:2a:ab:8f:67:db:19:fc:fb:c4:cb:06:1f:
                    81:79:8b:00:bd:df:1c:87:2c:96:2f:69:85:10:32:
                    98:73:c4:04:bd:cd:a0:f9:dd:fb:eb:c4:5d:7a:46:
                    45:15:83:54:98:d6:e4:e3:b8:3b:0d:bc:be:be:04:
                    dd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:11:6E:A1:43:8A:A2:45:F2:AB:5F:B1:E4:70:1D:FD:4A:0F:48:F4
            X509v3 Authority Key Identifier:
                keyid:98:5B:50:A1:0D:2D:58:C6:75:03:EA:AA:70:1E:51:09:15:DD:51:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFtQoQ0tWMZ1A-qqcB5RCRXdUZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5689b0-af6d-4381-8992-90f6719e67b9/1/xRFuoUOKokXyq1-x5HAd_UoPSPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5689b0-af6d-4381-8992-90f6719e67b9/1/mFtQoQ0tWMZ1A-qqcB5RCRXdUZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:40:aa:40:9c:f2:52:db:4b:63:fa:4d:84:8a:a5:45:ca:9f:
         2a:c4:e8:bb:88:ed:85:73:4e:4c:ae:bb:05:fe:a1:10:03:d1:
         62:1a:3d:fe:1a:0d:43:ac:e7:df:c1:49:05:c8:9d:73:bf:df:
         af:ab:29:91:f6:c5:4a:66:85:f2:05:36:ef:9d:ee:d8:40:ed:
         08:e0:29:82:a5:54:88:45:51:97:52:92:1e:45:f0:f2:7a:da:
         b0:b0:56:a2:55:7f:e2:a8:68:76:e8:82:33:4b:f4:88:7e:26:
         af:fd:1f:f3:e7:63:18:c5:f4:27:bd:fc:e6:97:6c:27:ca:b5:
         30:ef:15:ef:fe:59:af:4c:3f:ea:dd:2e:1b:5f:78:4a:fa:0a:
         b6:53:6e:44:bf:1e:7c:4c:48:7b:29:b7:50:93:6b:b5:c3:94:
         dd:76:7e:67:ef:72:d0:4d:a3:c4:84:4a:24:7f:be:08:d2:7b:
         41:d1:27:b2:4b:6f:86:dc:ac:5f:bb:de:bd:d4:55:d1:46:dc:
         e9:89:65:33:1c:eb:50:17:1c:ed:2e:53:a5:78:02:da:ca:49:
         e2:b1:c3:62:a7:f1:61:eb:ea:d0:d2:e0:cd:bd:61:82:aa:d7:
         b6:04:21:07:91:a0:c0:14:ba:07:41:3b:2e:ec:9f:00:b2:89:
         34:5f:56:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3z1o/6HWU9dDqzJx9m7EzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NWI1MGExMGQyZDU4YzY3NTAzZWFhYTcwMWU1MTA5MTVk
ZDUxOTIwHhcNMjQwMjI5MDc0OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTExNmVhMTQzOGFhMjQ1ZjJhYjVmYjFlNDcwMWRmZDRhMGY0OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJKYVvSUR1bX54zpUtBWBYfktd7f
TDAwvQQkShHABiiPA2jZe4k0DOODF3mcT0jeUfbUT9C1BbqoiCe0rQRxUXk8EAZJ
jLjGgajQLpSQqvyw1oCbcocg9NUX7NRRFfqhhXFcJP8/fWqSE2zDpPTXT1R3+9V/
FqlQAHKtWNxq8I6pfLSgVSs3ifOPM6yL35fKm3RMzZAyBredrABWJzvmTq/FKqPn
PLW88bl6aceCPUrjGWwjRvN99DncOY8BS6PHokAf2D0qq49n2xn8+8TLBh+BeYsA
vd8chyyWL2mFEDKYc8QEvc2g+d3768RdekZFFYNUmNbk47g7Dby+vgTdgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMURbqFDiqJF8qtfseRwHf1KD0j0MB8GA1UdIwQY
MBaAFJhbUKENLVjGdQPqqnAeUQkV3VGSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZ0UW9RMHRXTVoxQS1xcWNCNVJDUlhkVVpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81Njg5YjAtYWY2ZC00MzgxLTg5OTIt
OTBmNjcxOWU2N2I5LzEveFJGdW9VT0tva1h5cTEteDVIQWRfVW9QU1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81Njg5YjAtYWY2ZC00MzgxLTg5OTItOTBmNjcxOWU2N2I5
LzEvbUZ0UW9RMHRXTVoxQS1xcWNCNVJDUlhkVVpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwhiuMA0G
CSqGSIb3DQEBCwUAA4IBAQCoQKpAnPJS20tj+k2EiqVFyp8qxOi7iO2Fc05MrrsF
/qEQA9FiGj3+Gg1DrOffwUkFyJ1zv9+vqymR9sVKZoXyBTbvne7YQO0I4CmCpVSI
RVGXUpIeRfDyetqwsFaiVX/iqGh26IIzS/SIfiav/R/z52MYxfQnvfzml2wnyrUw
7xXv/lmvTD/q3S4bX3hK+gq2U25Evx58TEh7KbdQk2u1w5Tddn5n73LQTaPEhEok
f74I0ntB0SeyS2+G3Kxfu9691FXRRtzpiWUzHOtQFxztLlOleALaykniscNip/Fh
6+rQ0uDNvWGCqte2BCEHkaDAFLoHQTsu7J8Asok0X1aL
-----END CERTIFICATE-----