Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/bOxBSbCy_hnNNrD7DVyr3Zs2CAo.roa
File:                     bOxBSbCy_hnNNrD7DVyr3Zs2CAo.roa (raw, json)
Hash identifier:          Y43iqZCaUd6cVdsiWHVFaCyzO9TNlnUCH9iGl6IInhs=
Subject key identifier:   6C:EC:41:49:B0:B2:FE:19:CD:36:B0:FB:0D:5C:AB:DD:9B:36:08:0A
Certificate issuer:       /CN=1da81713853c9b18d410d4ff3099ab668e69b3f5
Certificate serial:       018CC49366A7428EDC0D3D6609375D8D9EF9
Authority key identifier: 1D:A8:17:13:85:3C:9B:18:D4:10:D4:FF:30:99:AB:66:8E:69:B3:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/bOxBSbCy_hnNNrD7DVyr3Zs2CAo.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.131.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:66:a7:42:8e:dc:0d:3d:66:09:37:5d:8d:9e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1da81713853c9b18d410d4ff3099ab668e69b3f5
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cec4149b0b2fe19cd36b0fb0d5cabdd9b36080a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a0:bd:2a:7d:8d:b9:60:e9:a8:f6:d8:3b:ff:
                    84:86:f9:98:79:45:13:da:1e:3e:9b:77:ab:18:ac:
                    34:39:53:a7:bd:80:d8:63:17:2c:69:fb:09:cd:42:
                    d3:2a:3f:3f:7c:22:f8:7f:3d:a5:d6:0e:17:7f:f2:
                    ba:aa:c8:38:d9:d9:43:ae:d7:c0:96:99:bb:44:b0:
                    bd:6b:fa:2c:b8:7d:9a:aa:39:dd:40:a4:a3:1e:c0:
                    5e:e1:3c:c4:86:75:6b:1f:9c:6e:72:17:1d:f4:13:
                    3b:7f:6a:a7:ed:fc:96:5e:c1:90:f6:04:ed:95:fa:
                    0f:55:78:7c:ae:5b:a2:c9:06:a3:3d:dd:e0:05:dd:
                    5b:00:d3:f3:d8:52:8d:f7:e1:bd:06:d6:a6:f9:6d:
                    49:8d:1d:17:11:10:c4:be:af:44:bc:d1:bd:6b:47:
                    75:cf:9d:80:35:ee:1c:ee:35:09:4e:77:e3:09:a6:
                    30:5c:64:de:f1:3e:2c:c5:30:f6:a4:cd:f4:2f:35:
                    4a:4d:3c:6e:11:d5:f9:af:66:23:75:e4:fc:31:d9:
                    43:46:0c:c6:06:d3:e2:06:2f:23:0e:3c:61:a4:8a:
                    a8:20:fe:5f:74:40:07:26:7e:bf:39:bb:16:94:c5:
                    a3:40:3e:e1:07:c7:96:5c:07:4b:ff:b2:58:f6:63:
                    2c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:EC:41:49:B0:B2:FE:19:CD:36:B0:FB:0D:5C:AB:DD:9B:36:08:0A
            X509v3 Authority Key Identifier:
                keyid:1D:A8:17:13:85:3C:9B:18:D4:10:D4:FF:30:99:AB:66:8E:69:B3:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HagXE4U8mxjUENT_MJmrZo5ps_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/bOxBSbCy_hnNNrD7DVyr3Zs2CAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d29fe7-8c22-4aaa-b8d6-660f39f64316/1/HagXE4U8mxjUENT_MJmrZo5ps_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.131.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:a0:b6:bb:b0:96:28:cd:73:b4:5f:72:38:43:dc:53:95:8f:
         46:eb:5b:a5:6f:4e:5b:f9:9c:31:7b:c2:7d:6c:fb:32:7b:fd:
         27:6c:1f:6b:ef:58:a9:c9:78:a3:f6:29:b7:d8:a1:5c:8d:c2:
         cf:c7:0f:c3:be:50:03:db:d4:ba:07:88:0d:1d:ac:d7:df:62:
         a6:fb:9a:ea:0a:b6:8a:2a:2c:16:44:9d:26:a2:02:33:30:e8:
         26:c9:e0:d8:ce:13:05:68:bf:c9:91:73:8e:1f:59:04:c6:08:
         6b:30:cf:e7:a4:81:5a:79:75:ba:66:d7:14:ce:68:15:f3:3e:
         95:05:8e:15:9e:71:52:46:f5:0b:78:88:4d:e5:94:7a:a2:9c:
         dc:32:5d:85:82:75:c1:d3:d7:d4:a5:77:58:63:dc:fb:23:88:
         31:4d:ac:03:e1:b3:aa:c6:bb:0c:03:c4:ab:57:58:28:e7:89:
         5e:ef:eb:c4:0b:3f:d3:8f:bb:4f:4e:c6:95:02:f0:e6:37:1c:
         f6:72:11:0e:7d:1c:4e:46:cc:cf:87:ce:d7:87:2e:38:0d:a2:
         aa:44:94:c7:1d:2c:c1:89:17:81:8f:b3:2f:b6:ae:56:46:05:
         5c:cf:f3:b0:b2:87:62:ce:2e:31:f6:69:73:04:84:5d:ca:33:
         dc:f7:fd:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2anQo7cDT1mCTddjZ75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYTgxNzEzODUzYzliMThkNDEwZDRmZjMwOTlhYjY2OGU2
OWIzZjUwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2VjNDE0OWIwYjJmZTE5Y2QzNmIwZmIwZDVjYWJkZDliMzYwODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKC9Kn2NuWDpqPbYO/+EhvmYeUUT
2h4+m3erGKw0OVOnvYDYYxcsafsJzULTKj8/fCL4fz2l1g4Xf/K6qsg42dlDrtfA
lpm7RLC9a/osuH2aqjndQKSjHsBe4TzEhnVrH5xuchcd9BM7f2qn7fyWXsGQ9gTt
lfoPVXh8rluiyQajPd3gBd1bANPz2FKN9+G9Btam+W1JjR0XERDEvq9EvNG9a0d1
z52ANe4c7jUJTnfjCaYwXGTe8T4sxTD2pM30LzVKTTxuEdX5r2YjdeT8MdlDRgzG
BtPiBi8jDjxhpIqoIP5fdEAHJn6/ObsWlMWjQD7hB8eWXAdL/7JY9mMsoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzsQUmwsv4ZzTaw+w1cq92bNggKMB8GA1UdIwQY
MBaAFB2oFxOFPJsY1BDU/zCZq2aOabP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFnWEU0VThteGpVRU5UX01KbXJabzVwc19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9kMjlmZTctOGMyMi00YWFhLWI4ZDYt
NjYwZjM5ZjY0MzE2LzEvYk94QlNiQ3lfaG5OTnJEN0RWeXIzWnMyQ0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9kMjlmZTctOGMyMi00YWFhLWI4ZDYtNjYwZjM5ZjY0MzE2
LzEvSGFnWEU0VThteGpVRU5UX01KbXJabzVwc19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwYNyMA0G
CSqGSIb3DQEBCwUAA4IBAQCMoLa7sJYozXO0X3I4Q9xTlY9G61ulb05b+Zwxe8J9
bPsye/0nbB9r71ipyXij9im32KFcjcLPxw/DvlAD29S6B4gNHazX32Km+5rqCraK
KiwWRJ0mogIzMOgmyeDYzhMFaL/JkXOOH1kExghrMM/npIFaeXW6ZtcUzmgV8z6V
BY4VnnFSRvULeIhN5ZR6opzcMl2FgnXB09fUpXdYY9z7I4gxTawD4bOqxrsMA8Sr
V1go54le7+vECz/Tj7tPTsaVAvDmNxz2chEOfRxORszPh87Xhy44DaKqRJTHHSzB
iReBj7Mvtq5WRgVcz/Owsodizi4x9mlzBIRdyjPc9/1m
-----END CERTIFICATE-----