Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/XtwzjMfLTh3zgP5MOrPRIBWbl6s.roa
File:                     XtwzjMfLTh3zgP5MOrPRIBWbl6s.roa (raw, json)
Hash identifier:          NXyOWqhPODiuZ+amGMr7eEnBUX2UxLlOxT5uPNw24Sw=
Subject key identifier:   5E:DC:33:8C:C7:CB:4E:1D:F3:80:FE:4C:3A:B3:D1:20:15:9B:97:AB
Certificate issuer:       /CN=327557cf22629d058a5114965b2f9df8ef4db690
Certificate serial:       018CC50018FD6AFB10481B079D4442D6CAE4
Authority key identifier: 32:75:57:CF:22:62:9D:05:8A:51:14:96:5B:2F:9D:F8:EF:4D:B6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MnVXzyJinQWKURSWWy-d-O9NtpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/XtwzjMfLTh3zgP5MOrPRIBWbl6s.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15623
IP address blocks:        193.42.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/MnVXzyJinQWKURSWWy-d-O9NtpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/MnVXzyJinQWKURSWWy-d-O9NtpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MnVXzyJinQWKURSWWy-d-O9NtpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:18:fd:6a:fb:10:48:1b:07:9d:44:42:d6:ca:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=327557cf22629d058a5114965b2f9df8ef4db690
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5edc338cc7cb4e1df380fe4c3ab3d120159b97ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:87:fe:92:68:e4:4f:86:24:7a:e4:ae:28:03:
                    c5:0f:d1:33:3e:d4:ed:22:37:af:ae:75:b2:d8:43:
                    28:a2:9c:3c:89:22:6e:df:41:73:ee:49:e8:d2:71:
                    89:20:4b:93:6e:04:0b:8d:1f:60:27:d9:fa:7a:04:
                    73:ba:51:8e:0d:7e:5a:a1:ce:ce:20:f7:61:95:d2:
                    7b:38:ce:24:63:f4:32:5e:2a:61:a0:bb:82:33:55:
                    eb:18:17:45:66:ae:f8:80:13:e1:c1:8c:e8:1d:6d:
                    80:ba:1c:d6:39:a3:73:20:97:60:53:55:e0:c7:18:
                    5c:33:2f:a5:1a:c3:5b:c1:70:d4:c3:00:31:d1:d5:
                    8f:9a:ec:ef:dc:fc:b4:5d:4a:8d:11:15:7a:9c:a1:
                    41:94:92:a7:64:66:17:ef:d4:8d:1a:b3:34:13:8d:
                    93:ef:a6:9d:56:d5:a1:ca:1e:ac:81:77:85:25:08:
                    1a:13:51:d8:e7:61:66:4c:20:5c:9c:8f:19:47:8f:
                    c6:5d:b3:dd:79:9f:6b:67:6a:50:1e:d9:7d:8e:ed:
                    ef:28:e0:ae:bc:9b:cf:4c:ef:06:0f:43:49:ee:49:
                    f5:e8:d8:37:23:b4:d7:3e:35:19:3e:ae:21:89:22:
                    62:29:4a:88:eb:72:30:c9:d9:5d:38:c8:fb:ac:33:
                    bb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:DC:33:8C:C7:CB:4E:1D:F3:80:FE:4C:3A:B3:D1:20:15:9B:97:AB
            X509v3 Authority Key Identifier:
                keyid:32:75:57:CF:22:62:9D:05:8A:51:14:96:5B:2F:9D:F8:EF:4D:B6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MnVXzyJinQWKURSWWy-d-O9NtpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/XtwzjMfLTh3zgP5MOrPRIBWbl6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/MnVXzyJinQWKURSWWy-d-O9NtpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:a4:b7:df:32:83:35:7a:a2:b9:14:94:0d:7f:82:ca:34:86:
         88:28:d6:5f:e5:c7:e3:f2:fb:dd:4d:86:6b:41:48:d2:e6:39:
         a3:0c:15:67:e1:71:9e:6d:9a:ad:23:a6:f3:62:29:31:73:9c:
         5f:04:9e:71:09:fb:ef:b2:11:ce:92:f0:b4:d9:cf:dc:05:73:
         2c:84:a1:4d:5b:55:92:7e:09:29:6f:0c:0e:a0:f1:0b:6b:dc:
         5d:08:1b:6c:17:4f:6b:7f:4a:cf:f4:a5:62:eb:d8:e6:3e:3e:
         a4:d9:69:ae:03:74:f2:a0:6f:64:50:82:9e:c8:6b:ab:bd:ca:
         86:c2:92:db:2f:bb:92:3a:0a:a4:f9:d4:ae:45:7a:a5:ca:a0:
         c4:c6:55:2a:f1:d2:0d:56:c8:b1:bc:7a:95:f6:b8:07:3a:89:
         ec:5c:5c:d3:85:f7:7b:be:c1:46:c0:8f:50:04:60:3a:b1:c0:
         7a:33:81:27:95:c0:39:01:cf:42:ca:bb:4f:cc:27:04:2c:39:
         83:f1:06:2e:95:1c:b4:cb:12:ec:b0:51:a3:9a:e9:b8:54:17:
         ef:23:6b:2c:98:59:84:b1:41:82:99:0a:93:7b:25:73:84:4d:
         eb:d5:83:74:ad:fd:c8:f4:c5:4d:73:7a:71:9c:05:17:8f:ff:
         1f:5c:05:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABj9avsQSBsHnURC1srkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNzU1N2NmMjI2MjlkMDU4YTUxMTQ5NjViMmY5ZGY4ZWY0
ZGI2OTAwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWRjMzM4Y2M3Y2I0ZTFkZjM4MGZlNGMzYWIzZDEyMDE1OWI5N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIf+kmjkT4YkeuSuKAPFD9EzPtTt
IjevrnWy2EMoopw8iSJu30Fz7kno0nGJIEuTbgQLjR9gJ9n6egRzulGODX5aoc7O
IPdhldJ7OM4kY/QyXiphoLuCM1XrGBdFZq74gBPhwYzoHW2AuhzWOaNzIJdgU1Xg
xxhcMy+lGsNbwXDUwwAx0dWPmuzv3Py0XUqNERV6nKFBlJKnZGYX79SNGrM0E42T
76adVtWhyh6sgXeFJQgaE1HY52FmTCBcnI8ZR4/GXbPdeZ9rZ2pQHtl9ju3vKOCu
vJvPTO8GD0NJ7kn16Ng3I7TXPjUZPq4hiSJiKUqI63IwydldOMj7rDO7yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7cM4zHy04d84D+TDqz0SAVm5erMB8GA1UdIwQY
MBaAFDJ1V88iYp0FilEUllsvnfjvTbaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW5WWHp5SmluUVdLVVJTV1d5LWQtTzlOdHBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85Y2ZmM2QtMTE2OC00MTFjLWEwNjUt
ZmQ3MjViODI1MjkxLzEvWHR3empNZkxUaDN6Z1A1TU9yUFJJQldibDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85Y2ZmM2QtMTE2OC00MTFjLWEwNjUtZmQ3MjViODI1Mjkx
LzEvTW5WWHp5SmluUVdLVVJTV1d5LWQtTzlOdHBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSqSMA0G
CSqGSIb3DQEBCwUAA4IBAQDQpLffMoM1eqK5FJQNf4LKNIaIKNZf5cfj8vvdTYZr
QUjS5jmjDBVn4XGebZqtI6bzYikxc5xfBJ5xCfvvshHOkvC02c/cBXMshKFNW1WS
fgkpbwwOoPELa9xdCBtsF09rf0rP9KVi69jmPj6k2WmuA3TyoG9kUIKeyGurvcqG
wpLbL7uSOgqk+dSuRXqlyqDExlUq8dINVsixvHqV9rgHOonsXFzThfd7vsFGwI9Q
BGA6scB6M4EnlcA5Ac9CyrtPzCcELDmD8QYulRy0yxLssFGjmum4VBfvI2ssmFmE
sUGCmQqTeyVzhE3r1YN0rf3I9MVNc3pxnAUXj/8fXAUU
-----END CERTIFICATE-----