Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/x_nXdxMZJgOshm49DcGaHIgQLb0.roa
File:                     x_nXdxMZJgOshm49DcGaHIgQLb0.roa (raw, json)
Hash identifier:          1MhiEP40F9/cSkg805Y/X8V289I/vJ9Bjk06JVk/lWM=
Subject key identifier:   C7:F9:D7:77:13:19:26:03:AC:86:6E:3D:0D:C1:9A:1C:88:10:2D:BD
Certificate issuer:       /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial:       018CC801D9AB8624F026431DE25D78F20E8B
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/x_nXdxMZJgOshm49DcGaHIgQLb0.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49463
IP address blocks:        213.215.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d9:ab:86:24:f0:26:43:1d:e2:5d:78:f2:0e:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7f9d77713192603ac866e3d0dc19a1c88102dbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a8:0d:e5:5a:69:8b:d2:b8:7e:94:bd:32:67:
                    5b:51:73:f4:2c:14:f2:d7:7b:4c:cc:80:c1:c3:27:
                    37:a0:1a:b7:16:cf:e4:ce:a0:08:06:50:6d:33:b5:
                    9d:17:0f:ed:98:82:3a:61:37:d5:e1:c6:15:64:c6:
                    20:73:b2:2e:c9:d5:f9:14:12:26:69:d4:2a:bd:a4:
                    6c:e0:5e:d2:a5:2f:a5:53:cd:56:ee:08:19:b0:70:
                    f0:c2:56:b2:a3:5c:d7:a5:f5:13:0a:27:ae:10:bc:
                    8c:a8:e7:e1:b3:fa:63:9e:58:c0:8b:2e:1b:53:82:
                    16:4a:7e:20:fa:66:9e:c5:ee:86:aa:15:0c:22:03:
                    e1:5c:9d:3d:d5:f1:2f:81:b2:24:d2:92:3e:77:db:
                    7c:79:04:d9:45:b9:e4:e3:68:28:0f:d2:41:65:c2:
                    18:6d:49:5c:d4:00:1d:41:6e:08:b8:03:40:db:3d:
                    14:65:80:16:ec:e4:f1:57:77:d2:a0:d0:40:6f:f3:
                    73:06:87:b5:7e:f1:7c:ab:0d:d2:86:50:43:6c:8e:
                    23:ff:58:98:33:b6:87:fd:7f:47:2e:49:3c:e3:42:
                    03:a0:8a:ae:3f:28:9d:61:1a:a0:47:ca:c6:56:ff:
                    58:1b:82:fc:82:1a:10:86:5f:aa:b6:d6:29:09:d3:
                    0e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F9:D7:77:13:19:26:03:AC:86:6E:3D:0D:C1:9A:1C:88:10:2D:BD
            X509v3 Authority Key Identifier:
                keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/x_nXdxMZJgOshm49DcGaHIgQLb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.215.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:4d:93:15:6a:8c:28:9a:c4:15:26:c2:a9:62:8c:5b:d0:75:
         21:87:4d:79:5d:3f:fe:80:66:dd:c3:78:19:84:d6:ff:5b:4a:
         7e:8a:b0:e0:d2:01:e9:bf:e4:b8:eb:ce:b4:68:aa:95:6e:e3:
         18:ba:4c:0b:e7:3a:fb:38:b0:d7:d4:3d:a8:33:d2:40:81:e7:
         5f:95:b9:f1:78:84:5a:eb:f9:b0:5a:88:17:8c:f5:58:57:77:
         3d:04:64:92:43:60:a1:cc:6b:82:cf:06:b5:97:ce:f0:5b:91:
         a1:36:af:96:e5:fc:6e:40:9d:78:5f:97:20:f9:89:15:b1:e9:
         96:95:07:eb:c7:60:9f:81:57:d4:09:0c:5d:ee:b7:11:16:a6:
         48:a3:fa:60:db:a1:e7:87:3b:aa:01:ce:ea:36:af:80:4d:5e:
         c6:e6:1c:f0:b8:cb:93:66:c5:71:2c:9b:d7:b4:a4:44:76:4e:
         f0:20:4e:05:d5:0a:2d:6e:54:7a:9c:7f:f6:8d:e1:8d:93:af:
         b2:3f:aa:04:9f:b0:b8:ce:cb:8e:07:3a:1a:40:35:01:3a:d2:
         81:28:1a:56:a6:03:cb:64:cd:d3:a5:36:45:f4:b4:5d:9b:4e:
         d3:33:0c:de:cb:1a:ae:71:44:4c:34:94:2a:17:d6:aa:f6:dc:
         71:c1:80:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdmrhiTwJkMd4l148g6LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTJjZTMxMDk0ODBhZWU3YjNmZDI4NDZlYzhmODY0Njg4
NWNkYmEwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y5ZDc3NzEzMTkyNjAzYWM4NjZlM2QwZGMxOWExYzg4MTAyZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKgN5Vppi9K4fpS9MmdbUXP0LBTy
13tMzIDBwyc3oBq3Fs/kzqAIBlBtM7WdFw/tmII6YTfV4cYVZMYgc7IuydX5FBIm
adQqvaRs4F7SpS+lU81W7ggZsHDwwlayo1zXpfUTCieuELyMqOfhs/pjnljAiy4b
U4IWSn4g+maexe6GqhUMIgPhXJ091fEvgbIk0pI+d9t8eQTZRbnk42goD9JBZcIY
bUlc1AAdQW4IuANA2z0UZYAW7OTxV3fSoNBAb/NzBoe1fvF8qw3ShlBDbI4j/1iY
M7aH/X9HLkk840IDoIquPyidYRqgR8rGVv9YG4L8ghoQhl+qttYpCdMOXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf513cTGSYDrIZuPQ3BmhyIEC29MB8GA1UdIwQY
MBaAFKfizjEJSAruez/ShG7I+GRohc26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEt
NzgxOGE4OTQ1NmNiLzEveF9uWGR4TVpKZ09zaG00OURjR2FISWdRTGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEtNzgxOGE4OTQ1NmNi
LzEvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1dccMA0G
CSqGSIb3DQEBCwUAA4IBAQAATZMVaowomsQVJsKpYoxb0HUhh015XT/+gGbdw3gZ
hNb/W0p+irDg0gHpv+S46860aKqVbuMYukwL5zr7OLDX1D2oM9JAgedflbnxeIRa
6/mwWogXjPVYV3c9BGSSQ2ChzGuCzwa1l87wW5GhNq+W5fxuQJ14X5cg+YkVsemW
lQfrx2CfgVfUCQxd7rcRFqZIo/pg26HnhzuqAc7qNq+ATV7G5hzwuMuTZsVxLJvX
tKREdk7wIE4F1QotblR6nH/2jeGNk6+yP6oEn7C4zsuOBzoaQDUBOtKBKBpWpgPL
ZM3TpTZF9LRdm07TMwzeyxqucURMNJQqF9aq9txxwYDZ
-----END CERTIFICATE-----