Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0ee11f-41b7-4ac9-9b16-d9eb8d57366c/1/XEk4OEe6dC_dLyYWMNkysigweWo.roa
File:                     XEk4OEe6dC_dLyYWMNkysigweWo.roa (raw, json)
Hash identifier:          lI2Lb3pU6MGtSPPokHno9CGg7qAH2kVxkjIQGP3sQPI=
Subject key identifier:   5C:49:38:38:47:BA:74:2F:DD:2F:26:16:30:D9:32:B2:28:30:79:6A
Certificate issuer:       /CN=0bcf721c71c8ae7caf706d9df3358b12d54b4d90
Certificate serial:       018CC5DC045858A92706E79CEB0A91F6B40C
Authority key identifier: 0B:CF:72:1C:71:C8:AE:7C:AF:70:6D:9D:F3:35:8B:12:D5:4B:4D:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C89yHHHIrnyvcG2d8zWLEtVLTZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/0ee11f-41b7-4ac9-9b16-d9eb8d57366c/1/XEk4OEe6dC_dLyYWMNkysigweWo.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        193.110.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/0ee11f-41b7-4ac9-9b16-d9eb8d57366c/1/C89yHHHIrnyvcG2d8zWLEtVLTZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/0ee11f-41b7-4ac9-9b16-d9eb8d57366c/1/C89yHHHIrnyvcG2d8zWLEtVLTZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C89yHHHIrnyvcG2d8zWLEtVLTZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:04:58:58:a9:27:06:e7:9c:eb:0a:91:f6:b4:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bcf721c71c8ae7caf706d9df3358b12d54b4d90
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c49383847ba742fdd2f261630d932b22830796a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:35:f8:0f:5d:08:2f:8e:4c:27:1d:8d:ba:85:
                    71:f8:6c:c7:bf:3b:74:c9:f8:c7:98:37:d2:fc:f4:
                    80:80:79:55:aa:2b:3c:fe:7b:f5:0f:a1:6e:54:19:
                    c0:d1:ba:bb:52:8a:15:1a:df:f2:8a:24:8b:b8:77:
                    a8:0e:a1:8d:6e:f2:77:4f:13:80:5f:15:6a:57:23:
                    26:a7:cb:1e:59:6f:b0:a3:11:8e:ef:61:0b:8a:99:
                    7d:64:ed:ff:52:ed:82:46:b0:ae:97:8b:8f:21:47:
                    13:6e:b1:33:87:02:d1:42:f3:cc:4f:a4:68:21:95:
                    a4:cb:b0:fd:60:aa:d9:c0:98:18:9d:70:d6:40:fe:
                    08:d9:d3:27:5d:09:54:2b:e2:8f:84:f9:11:b2:45:
                    97:7f:c4:69:12:66:1b:93:57:00:82:91:bb:ac:f2:
                    f0:3b:72:88:d3:cb:32:d7:1c:5d:1a:f6:5a:32:03:
                    74:01:43:35:ed:20:66:ad:5a:e8:59:81:37:32:cb:
                    44:b9:f6:8d:ab:91:0f:e6:b3:4c:6d:95:31:a2:5a:
                    48:c2:06:54:d8:a8:80:dc:96:76:3d:54:82:b6:79:
                    ae:09:ba:7f:a8:ba:7d:37:42:80:62:0c:04:a2:fa:
                    74:cc:20:ad:b9:0f:8b:e9:90:4e:c3:a9:fb:4f:d3:
                    27:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:49:38:38:47:BA:74:2F:DD:2F:26:16:30:D9:32:B2:28:30:79:6A
            X509v3 Authority Key Identifier:
                keyid:0B:CF:72:1C:71:C8:AE:7C:AF:70:6D:9D:F3:35:8B:12:D5:4B:4D:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C89yHHHIrnyvcG2d8zWLEtVLTZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0ee11f-41b7-4ac9-9b16-d9eb8d57366c/1/XEk4OEe6dC_dLyYWMNkysigweWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0ee11f-41b7-4ac9-9b16-d9eb8d57366c/1/C89yHHHIrnyvcG2d8zWLEtVLTZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:07:4c:a7:7e:5a:1b:da:1d:fc:0b:c6:1c:5b:8f:93:ff:a4:
         9e:7a:03:a6:04:f5:26:54:4f:04:13:3f:24:70:ef:7e:21:aa:
         06:8d:4e:58:87:5a:96:b4:e6:b5:a2:f1:72:5e:66:0d:b1:62:
         90:2a:bd:d4:2e:1e:a0:d7:b1:ab:8f:0b:d6:61:26:00:a4:ab:
         78:37:7b:1f:0d:9b:89:d2:bc:f5:81:b6:3b:f9:3e:ca:91:ee:
         36:d4:a9:37:62:b2:84:73:fe:6c:e0:25:a3:70:91:10:22:0c:
         48:c5:b9:63:80:0c:fb:bf:a4:fe:c1:1a:54:32:b0:dd:7b:7b:
         8c:e0:30:69:f7:5b:c2:be:ba:83:d2:10:6f:c3:41:11:c8:85:
         3a:11:e3:37:83:19:63:fe:17:75:0c:39:74:c9:f4:22:26:0b:
         ee:c1:3c:f9:29:cf:81:e0:5c:28:6a:5b:a3:2e:04:6c:86:f6:
         7a:c6:53:a9:e6:4b:9d:68:b7:81:ed:96:ed:41:fc:b5:a9:4c:
         39:2d:16:0e:fe:b8:f6:fc:74:48:bc:2f:56:2b:91:62:18:d4:
         71:0d:6b:01:f9:6b:36:cd:4a:dd:9d:4f:57:21:b6:5a:df:f6:
         7e:83:eb:59:ff:13:2c:15:14:c5:32:1b:bf:a8:14:38:bb:fc:
         4a:2a:be:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ARYWKknBuec6wqR9rQMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiY2Y3MjFjNzFjOGFlN2NhZjcwNmQ5ZGYzMzU4YjEyZDU0
YjRkOTAwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ5MzgzODQ3YmE3NDJmZGQyZjI2MTYzMGQ5MzJiMjI4MzA3OTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjX4D10IL45MJx2NuoVx+GzHvzt0
yfjHmDfS/PSAgHlVqis8/nv1D6FuVBnA0bq7UooVGt/yiiSLuHeoDqGNbvJ3TxOA
XxVqVyMmp8seWW+woxGO72ELipl9ZO3/Uu2CRrCul4uPIUcTbrEzhwLRQvPMT6Ro
IZWky7D9YKrZwJgYnXDWQP4I2dMnXQlUK+KPhPkRskWXf8RpEmYbk1cAgpG7rPLw
O3KI08sy1xxdGvZaMgN0AUM17SBmrVroWYE3MstEufaNq5EP5rNMbZUxolpIwgZU
2KiA3JZ2PVSCtnmuCbp/qLp9N0KAYgwEovp0zCCtuQ+L6ZBOw6n7T9MnIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxJODhHunQv3S8mFjDZMrIoMHlqMB8GA1UdIwQY
MBaAFAvPchxxyK58r3BtnfM1ixLVS02QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzg5eUhISElybnl2Y0cyZDh6V0xFdFZMVFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wZWUxMWYtNDFiNy00YWM5LTliMTYt
ZDllYjhkNTczNjZjLzEvWEVrNE9FZTZkQ19kTHlZV01Oa3lzaWd3ZVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wZWUxMWYtNDFiNy00YWM5LTliMTYtZDllYjhkNTczNjZj
LzEvQzg5eUhISElybnl2Y0cyZDh6V0xFdFZMVFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW4iMA0G
CSqGSIb3DQEBCwUAA4IBAQAQB0ynflob2h38C8YcW4+T/6SeegOmBPUmVE8EEz8k
cO9+IaoGjU5Yh1qWtOa1ovFyXmYNsWKQKr3ULh6g17GrjwvWYSYApKt4N3sfDZuJ
0rz1gbY7+T7Kke421Kk3YrKEc/5s4CWjcJEQIgxIxbljgAz7v6T+wRpUMrDde3uM
4DBp91vCvrqD0hBvw0ERyIU6EeM3gxlj/hd1DDl0yfQiJgvuwTz5Kc+B4Fwoaluj
LgRshvZ6xlOp5kudaLeB7ZbtQfy1qUw5LRYO/rj2/HRIvC9WK5FiGNRxDWsB+Ws2
zUrdnU9XIbZa3/Z+g+tZ/xMsFRTFMhu/qBQ4u/xKKr7h
-----END CERTIFICATE-----