Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/XlHNHZoIv4kxq10GhIYVMz233Ik.roa
File:                     XlHNHZoIv4kxq10GhIYVMz233Ik.roa (raw, json)
Hash identifier:          DlYk1ZpUF7LbPl8Yhq7dai0BpCZ7pAsjFWhgtfkkBUw=
Subject key identifier:   5E:51:CD:1D:9A:08:BF:89:31:AB:5D:06:84:86:15:33:3D:B7:DC:89
Certificate issuer:       /CN=d10e38b0b7a33ef3a16e15433402987d6d678da1
Certificate serial:       018CC6B7EE7404C5FCC8C41EF7DF02A9AC85
Authority key identifier: D1:0E:38:B0:B7:A3:3E:F3:A1:6E:15:43:34:02:98:7D:6D:67:8D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Q44sLejPvOhbhVDNAKYfW1njaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/XlHNHZoIv4kxq10GhIYVMz233Ik.roa
Signing time:             Mon 01 Jan 2024 20:29:51 +0000
ROA not before:           Mon 01 Jan 2024 20:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15847
IP address blocks:        195.20.198.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/0Q44sLejPvOhbhVDNAKYfW1njaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/0Q44sLejPvOhbhVDNAKYfW1njaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Q44sLejPvOhbhVDNAKYfW1njaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ee:74:04:c5:fc:c8:c4:1e:f7:df:02:a9:ac:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d10e38b0b7a33ef3a16e15433402987d6d678da1
        Validity
            Not Before: Jan  1 20:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e51cd1d9a08bf8931ab5d06848615333db7dc89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:29:ee:f4:fc:e5:4b:da:4c:ca:df:45:47:94:
                    d7:96:d9:86:41:84:cd:66:17:93:ed:56:39:ca:ce:
                    94:e4:3f:ae:a1:b1:4b:5d:c7:70:4c:7f:c3:92:b7:
                    95:ee:1f:74:b8:4f:0f:81:8e:0a:b2:a2:55:50:dc:
                    a8:7f:20:52:9c:26:9a:fe:8c:57:01:32:08:c8:a6:
                    5d:1d:de:a3:a5:2c:df:1f:cb:65:15:9e:78:ac:df:
                    fa:1f:10:36:be:f7:11:29:db:41:21:d7:ca:d7:94:
                    ea:83:a0:e2:a4:ee:30:e9:7b:27:7c:24:fa:08:f6:
                    fb:a3:98:a1:5a:b1:7b:24:96:bc:f4:be:86:f1:af:
                    04:8a:1b:63:3e:41:88:7f:45:aa:fd:c1:38:f1:1d:
                    d8:9c:3e:9f:bd:97:ac:6f:d1:d2:ea:2e:ec:02:f2:
                    84:57:b8:38:f7:ce:a2:d1:44:d2:15:3e:11:cd:eb:
                    a4:64:5f:09:fa:05:05:99:5b:4e:29:82:52:de:b4:
                    3b:cb:8d:8a:e4:47:37:1f:33:9e:3f:9b:94:04:21:
                    95:38:f8:d2:20:67:ac:38:79:7c:9d:94:ff:c5:75:
                    c5:fe:7a:92:e8:28:0f:32:82:15:3a:7e:9c:17:ba:
                    b1:64:87:10:30:ef:10:f0:ff:af:65:15:58:40:85:
                    ed:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:51:CD:1D:9A:08:BF:89:31:AB:5D:06:84:86:15:33:3D:B7:DC:89
            X509v3 Authority Key Identifier:
                keyid:D1:0E:38:B0:B7:A3:3E:F3:A1:6E:15:43:34:02:98:7D:6D:67:8D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Q44sLejPvOhbhVDNAKYfW1njaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/XlHNHZoIv4kxq10GhIYVMz233Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/0Q44sLejPvOhbhVDNAKYfW1njaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:fd:d7:26:e2:72:a8:57:53:3f:35:c9:d4:d0:b8:1c:fb:f8:
         53:30:79:ae:7d:9e:b3:56:7c:01:67:c2:af:1e:c8:08:fe:bf:
         e9:42:e6:34:39:8b:cf:8d:c8:99:d2:11:cd:7e:55:21:cf:c0:
         10:27:9f:55:5d:d7:c3:55:a7:75:09:e3:80:cc:64:ab:c9:23:
         ea:f9:30:84:ea:41:ab:54:7d:77:61:41:bb:3c:67:0c:ab:df:
         d3:98:84:39:0a:3f:51:33:89:15:ea:d0:68:a5:d3:fe:74:b5:
         be:e4:84:3c:a1:7d:97:0a:c9:e0:eb:3f:7e:1b:e1:60:59:7f:
         f9:ea:c0:93:ee:5c:eb:91:93:41:42:23:30:05:a4:a3:5e:2c:
         75:c8:35:5f:a4:3a:96:58:39:dc:58:59:20:21:cb:87:ed:d5:
         bb:a7:a9:38:28:66:cd:88:3c:b5:bf:f3:e3:90:17:06:fa:8a:
         88:95:76:83:a8:2a:f1:c2:06:cb:13:83:a2:90:72:54:8f:c1:
         e3:ee:c3:79:f1:3f:cf:f5:b5:9f:f9:49:1f:02:b0:93:ac:5d:
         40:4f:2b:f8:a1:b6:14:81:62:e9:9b:b9:42:54:39:9a:38:08:
         3c:bf:f8:b6:67:63:25:11:9c:ab:f6:5f:e5:98:e0:b0:c2:40:
         ea:c7:4f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+50BMX8yMQe998CqayFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMGUzOGIwYjdhMzNlZjNhMTZlMTU0MzM0MDI5ODdkNmQ2
NzhkYTEwHhcNMjQwMTAxMjAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUxY2QxZDlhMDhiZjg5MzFhYjVkMDY4NDg2MTUzMzNkYjdkYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkinu9PzlS9pMyt9FR5TXltmGQYTN
ZheT7VY5ys6U5D+uobFLXcdwTH/DkreV7h90uE8PgY4KsqJVUNyofyBSnCaa/oxX
ATIIyKZdHd6jpSzfH8tlFZ54rN/6HxA2vvcRKdtBIdfK15Tqg6DipO4w6XsnfCT6
CPb7o5ihWrF7JJa89L6G8a8EihtjPkGIf0Wq/cE48R3YnD6fvZesb9HS6i7sAvKE
V7g4986i0UTSFT4RzeukZF8J+gUFmVtOKYJS3rQ7y42K5Ec3HzOeP5uUBCGVOPjS
IGesOHl8nZT/xXXF/nqS6CgPMoIVOn6cF7qxZIcQMO8Q8P+vZRVYQIXtKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5RzR2aCL+JMatdBoSGFTM9t9yJMB8GA1UdIwQY
MBaAFNEOOLC3oz7zoW4VQzQCmH1tZ42hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFE0NHNMZWpQdk9oYmhWRE5BS1lmVzFuamFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8zZmEwOWEtZTg3NC00ZjM0LWJmNDUt
MmMwZWRhNzA2NjZhLzEvWGxITkhab0l2NGt4cTEwR2hJWVZNejIzM0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8zZmEwOWEtZTg3NC00ZjM0LWJmNDUtMmMwZWRhNzA2NjZh
LzEvMFE0NHNMZWpQdk9oYmhWRE5BS1lmVzFuamFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxTGMA0G
CSqGSIb3DQEBCwUAA4IBAQB1/dcm4nKoV1M/NcnU0Lgc+/hTMHmufZ6zVnwBZ8Kv
HsgI/r/pQuY0OYvPjciZ0hHNflUhz8AQJ59VXdfDVad1CeOAzGSrySPq+TCE6kGr
VH13YUG7PGcMq9/TmIQ5Cj9RM4kV6tBopdP+dLW+5IQ8oX2XCsng6z9+G+FgWX/5
6sCT7lzrkZNBQiMwBaSjXix1yDVfpDqWWDncWFkgIcuH7dW7p6k4KGbNiDy1v/Pj
kBcG+oqIlXaDqCrxwgbLE4OikHJUj8Hj7sN58T/P9bWf+UkfArCTrF1ATyv4obYU
gWLpm7lCVDmaOAg8v/i2Z2MlEZyr9l/lmOCwwkDqx09X
-----END CERTIFICATE-----