Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/xbMJxtENRmxvDkjqGFqtngN1JnE.roa
File:                     xbMJxtENRmxvDkjqGFqtngN1JnE.roa (raw, json)
Hash identifier:          CnTaSodvo/ZXBhYZupDrJoiWg+pjhybYe+zP9RQOvYc=
Subject key identifier:   C5:B3:09:C6:D1:0D:46:6C:6F:0E:48:EA:18:5A:AD:9E:03:75:26:71
Certificate issuer:       /CN=e3d0a84bab3def41d6aaa9028de7a475d32d12bd
Certificate serial:       018CC795033555A5FADB5DF2E27362BD3568
Authority key identifier: E3:D0:A8:4B:AB:3D:EF:41:D6:AA:A9:02:8D:E7:A4:75:D3:2D:12:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49CoS6s970HWqqkCjeekddMtEr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/xbMJxtENRmxvDkjqGFqtngN1JnE.roa
Signing time:             Tue 02 Jan 2024 00:31:20 +0000
ROA not before:           Tue 02 Jan 2024 00:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        185.238.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/49CoS6s970HWqqkCjeekddMtEr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/49CoS6s970HWqqkCjeekddMtEr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49CoS6s970HWqqkCjeekddMtEr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:03:35:55:a5:fa:db:5d:f2:e2:73:62:bd:35:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d0a84bab3def41d6aaa9028de7a475d32d12bd
        Validity
            Not Before: Jan  2 00:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5b309c6d10d466c6f0e48ea185aad9e03752671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:52:2e:6c:03:a2:ad:ad:9f:d4:87:55:92:29:
                    ec:8f:ae:48:e6:04:9d:da:c3:0d:8a:0d:3e:03:74:
                    12:8d:b6:73:22:ed:be:62:00:28:27:b7:cc:4d:00:
                    cd:85:fa:75:18:f2:a4:63:26:65:f3:8a:3e:7d:04:
                    20:04:49:7a:b0:8a:95:d0:77:8b:50:ab:4e:6d:43:
                    ac:b0:3a:42:29:81:29:34:45:d3:2e:29:ad:16:20:
                    6b:b9:57:42:07:41:f8:9c:b0:62:02:15:23:73:02:
                    76:dd:fc:ac:80:c4:4d:9e:ff:75:1d:df:6c:0e:9e:
                    e7:e7:a7:a0:7b:fe:cb:ab:cd:b0:a7:22:b0:5e:b4:
                    f6:de:ae:4d:2d:fc:40:f2:12:79:d5:ea:db:fe:3c:
                    de:3b:28:bc:77:f0:6f:0d:34:0f:e4:8b:c9:97:2d:
                    89:0c:f8:03:1b:ca:45:43:46:e4:49:22:4e:df:df:
                    47:0e:14:65:68:c0:f3:05:0f:55:ff:e4:55:05:6a:
                    f0:e5:f5:b6:b9:bd:3d:3e:72:ed:c9:6f:c0:7b:4c:
                    f8:e5:86:78:68:3c:9d:f7:52:0c:78:31:0c:61:93:
                    d5:0c:de:13:88:e9:d5:91:9d:5a:8f:7d:93:12:87:
                    ba:17:92:9a:d8:b4:d7:7d:5a:31:0f:a6:ed:25:9a:
                    cd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:B3:09:C6:D1:0D:46:6C:6F:0E:48:EA:18:5A:AD:9E:03:75:26:71
            X509v3 Authority Key Identifier:
                keyid:E3:D0:A8:4B:AB:3D:EF:41:D6:AA:A9:02:8D:E7:A4:75:D3:2D:12:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49CoS6s970HWqqkCjeekddMtEr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/xbMJxtENRmxvDkjqGFqtngN1JnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/49CoS6s970HWqqkCjeekddMtEr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:d5:63:02:47:08:77:82:0f:40:13:5b:2c:94:7e:91:58:1d:
         11:0d:3b:cb:02:9c:35:f1:e3:2d:6f:2f:d8:e4:7b:8e:3d:c3:
         fa:b9:a1:a6:86:ec:2c:8c:be:b7:c3:1c:4d:5e:26:25:87:7b:
         5f:94:67:aa:50:3b:17:37:11:21:83:b0:99:4a:cb:74:e5:17:
         4a:ec:9b:ae:b4:8b:af:bf:2e:99:9e:c6:0e:31:30:ce:e8:f8:
         9d:31:47:64:35:29:60:e5:95:d7:c5:de:a0:51:2b:4b:4c:03:
         4a:2e:7f:90:0f:e2:fd:04:41:a4:01:fe:35:a3:71:94:81:94:
         3c:aa:fb:2f:73:59:58:67:a5:41:18:80:5e:91:45:0c:df:46:
         24:e7:0b:b2:e3:11:8f:7f:4e:bd:63:88:72:f9:dc:eb:8e:38:
         ea:b3:d7:eb:35:11:43:9f:ef:01:24:a6:6a:5e:e5:7a:80:9f:
         2a:e0:97:5d:26:77:8b:13:94:c1:75:d1:d9:51:70:38:f4:eb:
         f7:be:07:29:5c:1e:83:08:f4:44:b8:a6:ed:64:67:fe:5e:07:
         bd:51:08:ba:ea:77:08:aa:30:f1:a2:41:c3:6c:b4:5d:f2:f9:
         59:51:24:4a:00:3a:1e:d5:fc:d6:ab:f3:56:42:47:a2:99:49:
         75:6a:49:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQM1VaX6213y4nNivTVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDBhODRiYWIzZGVmNDFkNmFhYTkwMjhkZTdhNDc1ZDMy
ZDEyYmQwHhcNMjQwMTAyMDAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIzMDljNmQxMGQ0NjZjNmYwZTQ4ZWExODVhYWQ5ZTAzNzUyNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVIubAOira2f1IdVkinsj65I5gSd
2sMNig0+A3QSjbZzIu2+YgAoJ7fMTQDNhfp1GPKkYyZl84o+fQQgBEl6sIqV0HeL
UKtObUOssDpCKYEpNEXTLimtFiBruVdCB0H4nLBiAhUjcwJ23fysgMRNnv91Hd9s
Dp7n56ege/7Lq82wpyKwXrT23q5NLfxA8hJ51erb/jzeOyi8d/BvDTQP5IvJly2J
DPgDG8pFQ0bkSSJO399HDhRlaMDzBQ9V/+RVBWrw5fW2ub09PnLtyW/Ae0z45YZ4
aDyd91IMeDEMYZPVDN4TiOnVkZ1aj32TEoe6F5Ka2LTXfVoxD6btJZrNewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWzCcbRDUZsbw5I6hharZ4DdSZxMB8GA1UdIwQY
MBaAFOPQqEurPe9B1qqpAo3npHXTLRK9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlDb1M2czk3MEhXcXFrQ2plZWtkZE10RXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jYjUxZjUtYTg0My00OWM0LTlmMTkt
MTBlYjhhZGZlYTdlLzEveGJNSnh0RU5SbXh2RGtqcUdGcXRuZ04xSm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jYjUxZjUtYTg0My00OWM0LTlmMTktMTBlYjhhZGZlYTdl
LzEvNDlDb1M2czk3MEhXcXFrQ2plZWtkZE10RXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6NMA0G
CSqGSIb3DQEBCwUAA4IBAQCU1WMCRwh3gg9AE1sslH6RWB0RDTvLApw18eMtby/Y
5HuOPcP6uaGmhuwsjL63wxxNXiYlh3tflGeqUDsXNxEhg7CZSst05RdK7JuutIuv
vy6ZnsYOMTDO6PidMUdkNSlg5ZXXxd6gUStLTANKLn+QD+L9BEGkAf41o3GUgZQ8
qvsvc1lYZ6VBGIBekUUM30Yk5wuy4xGPf069Y4hy+dzrjjjqs9frNRFDn+8BJKZq
XuV6gJ8q4JddJneLE5TBddHZUXA49Ov3vgcpXB6DCPREuKbtZGf+Xge9UQi66ncI
qjDxokHDbLRd8vlZUSRKADoe1fzWq/NWQkeimUl1akkX
-----END CERTIFICATE-----