Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/XNlhcLkLDurD8O7vESTK-nzs2Yw.roa
File:                     XNlhcLkLDurD8O7vESTK-nzs2Yw.roa (raw, json)
Hash identifier:          iOznDb8OFv5UyI15UM2/OaQUDebPbBS2HTjA6EN6A/Q=
Subject key identifier:   5C:D9:61:70:B9:0B:0E:EA:C3:F0:EE:EF:11:24:CA:FA:7C:EC:D9:8C
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       018CC5010A149D710D444BA3136E841CEC7D
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/XNlhcLkLDurD8O7vESTK-nzs2Yw.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205097
IP address blocks:        195.114.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0a:14:9d:71:0d:44:4b:a3:13:6e:84:1c:ec:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cd96170b90b0eeac3f0eeef1124cafa7cecd98c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f5:3e:a1:0d:48:83:eb:4f:f0:a0:00:53:b0:
                    19:6a:ee:47:a0:aa:11:ca:3d:dc:3f:ab:04:43:22:
                    cd:f4:e0:3b:8b:3f:e8:7f:7b:37:45:90:e5:b1:8a:
                    25:bd:0c:3e:2c:ba:cc:3b:de:be:f1:1f:e9:f4:b7:
                    ae:9f:86:9e:98:d8:e1:0b:b1:c7:31:bc:ec:67:de:
                    70:c4:c0:e8:79:18:d2:f0:7a:b8:79:fb:83:3a:1b:
                    05:3d:b4:b2:e8:fc:86:b3:b2:5e:e7:6c:3c:84:7e:
                    c2:11:b8:da:2c:79:df:e4:79:d7:52:e3:df:bb:d9:
                    5c:52:c7:e7:98:7f:27:59:5a:1e:12:ee:49:5d:81:
                    98:d9:14:65:88:34:9c:e4:e5:02:f0:0a:84:d6:08:
                    62:a8:c1:67:0c:50:c4:bb:f2:e4:c7:be:91:b3:a5:
                    ee:9e:b0:f8:9d:fc:1d:12:6d:75:56:d0:49:1d:00:
                    3b:88:7b:91:cc:77:06:89:72:f9:d1:b4:7f:82:b5:
                    d9:3d:d2:b0:13:49:7b:e4:c1:b5:02:9f:70:26:a7:
                    a8:88:b3:73:8e:14:9b:77:a9:c3:f8:c5:82:14:50:
                    fd:0f:76:d6:ca:90:5d:63:47:8c:e6:a4:17:63:ce:
                    ea:8d:bd:cb:9b:f2:8d:ce:8a:90:ab:58:57:09:52:
                    dc:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D9:61:70:B9:0B:0E:EA:C3:F0:EE:EF:11:24:CA:FA:7C:EC:D9:8C
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/XNlhcLkLDurD8O7vESTK-nzs2Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c0:d9:68:78:d2:a1:a0:99:21:d7:87:2f:48:07:0c:21:c7:
         8a:67:90:f2:0c:70:65:0c:af:6b:7b:25:f4:14:38:3a:d7:ab:
         c6:f8:3e:f3:f8:a5:6b:14:d0:fa:9b:89:42:ad:e6:35:22:92:
         0d:d4:66:1f:26:d8:18:9b:d9:bf:13:18:e0:c8:5c:6e:2a:a2:
         19:61:16:65:62:c9:77:8f:57:6c:96:9e:16:7d:8b:f4:96:eb:
         bc:24:d1:e9:2a:98:23:54:36:d4:37:b6:81:82:28:c6:8a:5e:
         ce:b9:33:1c:d5:35:cd:c9:0f:d5:08:db:62:8e:32:ff:58:60:
         a5:d9:03:74:94:14:e1:44:45:3e:a7:fd:3e:bd:e7:40:26:2d:
         01:8a:7b:65:34:bf:26:50:43:5f:67:ad:64:ee:a4:31:c5:70:
         db:10:37:9c:36:b3:c1:9a:be:61:c7:3e:ac:53:a6:71:2c:13:
         99:82:71:3d:ec:39:22:2a:6b:47:67:ee:39:31:78:91:ea:df:
         8e:84:cb:85:85:76:d8:01:cd:58:70:fa:3d:d1:7a:cb:95:df:
         b1:19:50:f8:1c:6e:d5:d9:c3:76:1a:fb:13:6b:0b:00:91:66:
         6e:10:29:7e:a8:0d:d7:53:6c:3c:d5:0a:8c:0a:f3:a7:45:4f:
         46:88:0f:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQoUnXENREujE26EHOx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Q5NjE3MGI5MGIwZWVhYzNmMGVlZWYxMTI0Y2FmYTdjZWNkOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPU+oQ1Ig+tP8KAAU7AZau5HoKoR
yj3cP6sEQyLN9OA7iz/of3s3RZDlsYolvQw+LLrMO96+8R/p9Leun4aemNjhC7HH
MbzsZ95wxMDoeRjS8Hq4efuDOhsFPbSy6PyGs7Je52w8hH7CEbjaLHnf5HnXUuPf
u9lcUsfnmH8nWVoeEu5JXYGY2RRliDSc5OUC8AqE1ghiqMFnDFDEu/Lkx76Rs6Xu
nrD4nfwdEm11VtBJHQA7iHuRzHcGiXL50bR/grXZPdKwE0l75MG1Ap9wJqeoiLNz
jhSbd6nD+MWCFFD9D3bWypBdY0eM5qQXY87qjb3Lm/KNzoqQq1hXCVLc9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzZYXC5Cw7qw/Du7xEkyvp87NmMMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvWE5saGNMa0xEdXJEOE83dkVTVEstbnpzMll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KCMA0G
CSqGSIb3DQEBCwUAA4IBAQBAwNloeNKhoJkh14cvSAcMIceKZ5DyDHBlDK9reyX0
FDg616vG+D7z+KVrFND6m4lCreY1IpIN1GYfJtgYm9m/ExjgyFxuKqIZYRZlYsl3
j1dslp4WfYv0luu8JNHpKpgjVDbUN7aBgijGil7OuTMc1TXNyQ/VCNtijjL/WGCl
2QN0lBThREU+p/0+vedAJi0BintlNL8mUENfZ61k7qQxxXDbEDecNrPBmr5hxz6s
U6ZxLBOZgnE97DkiKmtHZ+45MXiR6t+OhMuFhXbYAc1YcPo90XrLld+xGVD4HG7V
2cN2GvsTawsAkWZuECl+qA3XU2w81QqMCvOnRU9GiA/W
-----END CERTIFICATE-----