Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/xsK_sWYdobF5qj_3szm1gfdQSIQ.roa
File:                     xsK_sWYdobF5qj_3szm1gfdQSIQ.roa (raw, json)
Hash identifier:          y3SlLTWJx7ugPfunlAa/sngHlHXp0folMIJv3FeFxpc=
Subject key identifier:   C6:C2:BF:B1:66:1D:A1:B1:79:AA:3F:F7:B3:39:B5:81:F7:50:48:84
Certificate issuer:       /CN=ae8b7ccf10bb849ff848e2841bb7c052812a501d
Certificate serial:       018CC50131921F5340E3ED39D670BC5DAED3
Authority key identifier: AE:8B:7C:CF:10:BB:84:9F:F8:48:E2:84:1B:B7:C0:52:81:2A:50:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rot8zxC7hJ_4SOKEG7fAUoEqUB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/xsK_sWYdobF5qj_3szm1gfdQSIQ.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31019
IP address blocks:        194.213.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/rot8zxC7hJ_4SOKEG7fAUoEqUB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/rot8zxC7hJ_4SOKEG7fAUoEqUB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rot8zxC7hJ_4SOKEG7fAUoEqUB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:31:92:1f:53:40:e3:ed:39:d6:70:bc:5d:ae:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae8b7ccf10bb849ff848e2841bb7c052812a501d
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6c2bfb1661da1b179aa3ff7b339b581f7504884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:59:a8:5d:05:25:b2:80:f3:4b:93:3d:05:ce:
                    47:ef:06:5e:a5:4c:58:de:39:7d:6e:22:bc:05:83:
                    5e:25:33:b3:bf:6a:6f:6a:8f:a5:ac:d7:08:98:ee:
                    91:45:b6:7e:8a:df:2d:b1:f3:97:1d:73:1e:8e:8c:
                    c1:1c:15:4c:e6:cc:e7:50:bc:67:5a:cd:7a:f7:0f:
                    f2:0f:32:c9:22:eb:dd:52:f6:79:29:40:f7:66:a4:
                    b0:18:3d:be:c1:7b:dd:d0:c8:0e:34:d9:6f:81:93:
                    d6:bb:fd:02:94:95:70:62:b6:8a:d2:db:ac:38:38:
                    53:73:18:ae:e2:aa:94:1e:4c:7b:14:d0:16:9a:d9:
                    ee:16:76:e5:c6:4c:37:a4:42:43:c8:31:ea:82:66:
                    5f:f0:08:59:06:70:b8:c3:5c:e1:c7:c9:9f:fb:e8:
                    3b:cc:86:a1:9f:46:5a:1b:f6:0c:12:fc:8e:7a:2a:
                    71:61:6f:49:de:20:e9:3e:91:21:3b:81:d8:a2:79:
                    3b:bb:73:af:3e:a4:8a:50:96:bd:83:10:fd:c4:18:
                    41:82:aa:0a:e4:75:ae:75:59:95:57:7e:bb:b2:ad:
                    79:4e:bc:75:ac:3a:b1:37:f8:7d:f0:13:d7:be:a2:
                    41:c6:2e:e6:41:e6:fa:3f:a7:b4:8e:ef:a6:53:3a:
                    a4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:C2:BF:B1:66:1D:A1:B1:79:AA:3F:F7:B3:39:B5:81:F7:50:48:84
            X509v3 Authority Key Identifier:
                keyid:AE:8B:7C:CF:10:BB:84:9F:F8:48:E2:84:1B:B7:C0:52:81:2A:50:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rot8zxC7hJ_4SOKEG7fAUoEqUB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/xsK_sWYdobF5qj_3szm1gfdQSIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2b078e-908a-41a9-b637-3db4a1d4b42c/1/rot8zxC7hJ_4SOKEG7fAUoEqUB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:05:36:f5:57:d9:ef:cc:7c:a1:d7:c5:50:2c:97:f0:db:ca:
         61:2c:83:94:e7:6f:28:52:3f:9f:b3:2d:67:03:80:e3:79:69:
         ba:7a:24:40:ad:83:9f:a0:03:a7:fd:10:ce:b9:54:72:fe:83:
         6c:1f:01:dc:89:15:f3:23:e8:ae:55:fd:7f:28:0b:ab:26:9a:
         ac:80:3d:6b:c4:04:aa:21:68:16:db:79:d0:81:b9:9a:9d:ae:
         6b:18:51:cc:98:ff:7a:b8:ef:16:f1:6e:be:40:1a:69:b4:21:
         0b:f3:10:d3:c3:4f:a8:1f:37:37:93:c1:88:60:37:89:79:2a:
         2c:3a:c7:07:78:ee:93:26:1b:7a:ea:a2:1e:5b:b7:81:d7:07:
         4f:b1:f5:4b:de:99:73:7c:2d:a3:07:f4:32:1e:d2:42:ae:43:
         30:c9:46:2c:54:39:83:71:59:2d:c6:4a:e8:d2:e1:79:f7:8a:
         3a:14:3c:22:57:92:a1:64:44:ff:9e:6f:87:77:c7:e0:59:aa:
         ac:67:50:24:34:e1:ef:ff:d7:ec:0d:37:5f:06:64:4e:b9:bc:
         d0:a7:5d:ee:cd:9f:2a:c0:5a:f5:03:58:c2:3d:35:b4:c6:fb:
         7a:b0:25:4c:26:fa:98:e8:92:f0:66:01:ad:9e:fc:1d:5c:f5:
         f9:0b:3e:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATGSH1NA4+051nC8Xa7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOGI3Y2NmMTBiYjg0OWZmODQ4ZTI4NDFiYjdjMDUyODEy
YTUwMWQwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmMyYmZiMTY2MWRhMWIxNzlhYTNmZjdiMzM5YjU4MWY3NTA0ODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlmoXQUlsoDzS5M9Bc5H7wZepUxY
3jl9biK8BYNeJTOzv2pvao+lrNcImO6RRbZ+it8tsfOXHXMejozBHBVM5sznULxn
Ws169w/yDzLJIuvdUvZ5KUD3ZqSwGD2+wXvd0MgONNlvgZPWu/0ClJVwYraK0tus
ODhTcxiu4qqUHkx7FNAWmtnuFnblxkw3pEJDyDHqgmZf8AhZBnC4w1zhx8mf++g7
zIahn0ZaG/YMEvyOeipxYW9J3iDpPpEhO4HYonk7u3OvPqSKUJa9gxD9xBhBgqoK
5HWudVmVV367sq15Trx1rDqxN/h98BPXvqJBxi7mQeb6P6e0ju+mUzqk5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbCv7FmHaGxeao/97M5tYH3UEiEMB8GA1UdIwQY
MBaAFK6LfM8Qu4Sf+EjihBu3wFKBKlAdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm90OHp4QzdoSl80U09LRUc3ZkFVb0VxVUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8yYjA3OGUtOTA4YS00MWE5LWI2Mzct
M2RiNGExZDRiNDJjLzEveHNLX3NXWWRvYkY1cWpfM3N6bTFnZmRRU0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8yYjA3OGUtOTA4YS00MWE5LWI2MzctM2RiNGExZDRiNDJj
LzEvcm90OHp4QzdoSl80U09LRUc3ZkFVb0VxVUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtVsMA0G
CSqGSIb3DQEBCwUAA4IBAQBGBTb1V9nvzHyh18VQLJfw28phLIOU528oUj+fsy1n
A4DjeWm6eiRArYOfoAOn/RDOuVRy/oNsHwHciRXzI+iuVf1/KAurJpqsgD1rxASq
IWgW23nQgbmana5rGFHMmP96uO8W8W6+QBpptCEL8xDTw0+oHzc3k8GIYDeJeSos
OscHeO6TJht66qIeW7eB1wdPsfVL3plzfC2jB/QyHtJCrkMwyUYsVDmDcVktxkro
0uF594o6FDwiV5KhZET/nm+Hd8fgWaqsZ1AkNOHv/9fsDTdfBmROubzQp13uzZ8q
wFr1A1jCPTW0xvt6sCVMJvqY6JLwZgGtnvwdXPX5Cz52
-----END CERTIFICATE-----