Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/cStwZflaXYZGOSa9DF3z_sehlEU.roa
File:                     cStwZflaXYZGOSa9DF3z_sehlEU.roa (raw, json)
Hash identifier:          euvCorwljusVJ25opKJkdciruVT0nXitvwPEuNzhElc=
Subject key identifier:   71:2B:70:65:F9:5A:5D:86:46:39:26:BD:0C:5D:F3:FE:C7:A1:94:45
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC50E2E82B82B0173991FA7DEE7CC9
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/cStwZflaXYZGOSa9DF3z_sehlEU.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208626
IP address blocks:        193.232.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:50:e2:e8:2b:82:b0:17:39:91:fa:7d:ee:7c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=712b7065f95a5d86463926bd0c5df3fec7a19445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e3:26:3e:33:12:50:93:c4:0c:ef:f8:a5:e0:
                    f1:01:a7:b5:8a:f0:2f:7c:34:93:5f:cb:77:3d:1e:
                    f4:87:27:3e:49:a2:5f:0d:2c:3f:af:b3:c1:2b:11:
                    ed:c5:bb:52:0b:fb:fa:bd:04:2d:97:59:36:2e:95:
                    65:67:d5:ee:6f:a2:45:2b:1c:1b:c2:f1:bc:bb:eb:
                    ff:09:86:88:e6:37:31:d1:87:be:ee:93:a6:42:b3:
                    ff:57:69:a5:cb:96:60:5d:f3:eb:4a:86:ea:89:92:
                    f0:1d:08:8a:68:16:77:ad:91:8b:5d:d7:9f:48:87:
                    e4:75:52:07:a8:65:97:49:0c:55:c4:fb:aa:17:38:
                    b3:b4:58:e9:1d:97:66:8b:4b:97:12:18:1a:60:7d:
                    7e:68:33:46:20:74:9f:b7:aa:70:76:2a:ff:a3:96:
                    f9:47:d6:58:d2:c8:cd:6c:21:a1:d7:9c:db:47:60:
                    1b:80:b5:44:48:d0:a2:75:e9:00:f5:58:20:2e:7a:
                    e2:a2:1b:04:a3:22:df:4b:df:2b:96:1e:dc:47:0a:
                    03:4f:98:33:ae:6e:ad:10:55:00:4b:25:72:2a:30:
                    1c:80:1a:1b:8f:01:70:7b:08:be:72:f9:62:6e:a5:
                    4c:7c:95:c2:bb:32:0d:78:20:77:e9:e7:01:9d:d6:
                    84:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:2B:70:65:F9:5A:5D:86:46:39:26:BD:0C:5D:F3:FE:C7:A1:94:45
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/cStwZflaXYZGOSa9DF3z_sehlEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:5a:36:e0:bf:84:34:53:c6:82:a7:71:ff:06:d1:ad:28:64:
         9d:5f:f3:70:6e:e5:69:9a:fb:51:90:f5:a4:40:f3:b6:5f:33:
         4b:dc:b3:55:61:d8:f8:8c:3a:26:3b:6f:aa:b0:56:7d:77:c5:
         d3:03:4c:f0:7a:51:2d:85:ce:e9:5a:95:2d:e7:70:d5:94:40:
         26:ac:87:ca:e9:62:7f:62:da:e3:7d:17:8a:ff:94:55:a2:f5:
         95:f1:12:d5:00:a9:0b:1f:b6:63:06:7e:55:31:58:f0:49:d5:
         33:d3:e6:79:c4:17:9a:c5:19:6d:64:fd:09:af:5c:70:d8:8b:
         66:d4:dc:45:97:b4:fc:ce:b3:a1:8d:51:e7:57:51:1e:f5:d8:
         62:d5:74:98:1a:d1:56:32:45:3d:c1:d2:e5:74:ba:46:d0:9c:
         87:90:1c:2e:d1:79:b1:44:32:fc:79:16:f5:fe:36:d9:f7:28:
         e9:10:e1:ef:e4:05:80:78:9c:8c:55:f7:9b:80:db:0b:00:ca:
         d3:23:15:8c:6b:f0:36:e3:64:85:89:5d:db:b8:ed:84:b0:bd:
         eb:1c:e6:be:58:08:02:af:c5:73:26:8a:98:27:b7:73:8c:e8:
         b5:8e:c5:72:e7:fa:65:66:53:c8:0b:38:bd:a4:5c:82:e1:0c:
         dd:90:7c:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FDi6CuCsBc5kfp97nzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTJiNzA2NWY5NWE1ZDg2NDYzOTI2YmQwYzVkZjNmZWM3YTE5NDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOMmPjMSUJPEDO/4peDxAae1ivAv
fDSTX8t3PR70hyc+SaJfDSw/r7PBKxHtxbtSC/v6vQQtl1k2LpVlZ9Xub6JFKxwb
wvG8u+v/CYaI5jcx0Ye+7pOmQrP/V2mly5ZgXfPrSobqiZLwHQiKaBZ3rZGLXdef
SIfkdVIHqGWXSQxVxPuqFziztFjpHZdmi0uXEhgaYH1+aDNGIHSft6pwdir/o5b5
R9ZY0sjNbCGh15zbR2AbgLVESNCidekA9VggLnriohsEoyLfS98rlh7cRwoDT5gz
rm6tEFUASyVyKjAcgBobjwFwewi+cvlibqVMfJXCuzINeCB36ecBndaESQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHErcGX5Wl2GRjkmvQxd8/7HoZRFMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvY1N0d1pmbGFYWVpHT1NhOURGM3pfc2VobEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweg1MA0G
CSqGSIb3DQEBCwUAA4IBAQCEWjbgv4Q0U8aCp3H/BtGtKGSdX/NwbuVpmvtRkPWk
QPO2XzNL3LNVYdj4jDomO2+qsFZ9d8XTA0zwelEthc7pWpUt53DVlEAmrIfK6WJ/
YtrjfReK/5RVovWV8RLVAKkLH7ZjBn5VMVjwSdUz0+Z5xBeaxRltZP0Jr1xw2Itm
1NxFl7T8zrOhjVHnV1Ee9dhi1XSYGtFWMkU9wdLldLpG0JyHkBwu0XmxRDL8eRb1
/jbZ9yjpEOHv5AWAeJyMVfebgNsLAMrTIxWMa/A242SFiV3buO2EsL3rHOa+WAgC
r8VzJoqYJ7dzjOi1jsVy5/plZlPICzi9pFyC4QzdkHxV
-----END CERTIFICATE-----