Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xI4YCgzkvMH1my9gUpACgdiC_es.roa
File:                     xI4YCgzkvMH1my9gUpACgdiC_es.roa (raw, json)
Hash identifier:          PMoqhtq4PaBGXW9IeCXNdfIc4BDqHqAqXQRm3a/Mfq4=
Subject key identifier:   C4:8E:18:0A:0C:E4:BC:C1:F5:9B:2F:60:52:90:02:81:D8:82:FD:EB
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56E01A33946C95804A2A546EC11558A
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xI4YCgzkvMH1my9gUpACgdiC_es.roa
Signing time:             Mon 01 Jan 2024 14:29:30 +0000
ROA not before:           Mon 01 Jan 2024 14:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        5.1.40.0/24 maxlen: 24
                          185.182.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:01:a3:39:46:c9:58:04:a2:a5:46:ec:11:55:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c48e180a0ce4bcc1f59b2f6052900281d882fdeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:86:5f:38:bf:60:6c:4e:4e:8a:1a:5f:98:2c:
                    a5:d6:4f:7c:af:f2:f1:a8:ca:f5:0b:cd:54:d9:07:
                    7b:bf:d4:dc:f2:d6:6c:22:d1:1a:19:f2:58:f7:6c:
                    40:85:05:c7:95:29:48:15:b5:98:63:31:56:f1:75:
                    69:e3:5b:b3:e9:43:8c:e9:e6:7a:f8:62:5c:26:b6:
                    78:3f:65:23:88:d9:52:39:1c:1c:a0:d0:44:06:c0:
                    f9:f7:20:98:7a:49:d8:85:60:d5:31:c0:36:7a:52:
                    39:a4:a3:40:bd:14:bf:96:79:1c:ee:9a:e7:cf:4f:
                    39:cc:f4:75:41:b3:64:fa:12:d6:f1:76:e8:fd:27:
                    fb:7e:4a:a9:c0:77:f0:8d:1c:60:44:20:0e:f7:fd:
                    a7:83:17:6f:03:81:bc:3c:51:7f:14:15:dc:67:87:
                    67:7d:12:d7:26:da:fe:a6:c9:2d:7e:b1:a4:7c:77:
                    63:c9:db:b2:d8:29:c4:bb:12:4d:c1:38:56:2a:f4:
                    eb:40:29:71:2f:cf:c8:e6:51:3b:6b:73:9d:5d:31:
                    c1:dd:48:75:fe:42:84:4b:26:4a:e5:31:fa:87:51:
                    75:82:81:a0:cd:3d:7a:27:97:5f:e3:a2:bc:e7:05:
                    8c:45:95:9f:b7:be:92:36:a7:bf:92:4c:1e:06:65:
                    00:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8E:18:0A:0C:E4:BC:C1:F5:9B:2F:60:52:90:02:81:D8:82:FD:EB
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/xI4YCgzkvMH1my9gUpACgdiC_es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.40.0/24
                  185.182.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:bd:39:a5:6e:bd:37:6a:ed:47:7d:30:37:50:e8:ba:00:75:
         00:93:06:4a:d6:a2:18:4e:0f:c0:dd:1d:5a:4c:bc:e7:ac:5f:
         66:f8:96:d9:79:e5:1e:db:49:95:71:b4:36:93:26:f4:36:9e:
         58:21:3b:31:43:d0:2d:c7:df:ec:b4:ac:9b:28:85:c5:ed:fa:
         7f:2f:5a:79:c4:98:48:76:e8:18:15:11:7c:fd:46:94:86:bc:
         bb:cd:1c:d2:7a:9a:ba:04:38:19:39:3e:ec:7e:6a:d7:ac:4c:
         e3:60:c9:fa:43:8f:c3:23:22:a5:8d:2e:c6:06:16:64:fe:4e:
         6b:d4:7c:8b:9c:8c:2e:77:27:7c:15:72:f7:bd:b5:bc:9b:50:
         d8:af:4d:8c:ef:51:4b:62:19:7f:44:45:e4:f0:f3:ae:ef:2c:
         fb:97:b1:36:d2:24:8b:91:54:53:0b:02:ef:5a:b2:93:ab:5b:
         24:44:fd:00:a4:1b:8c:0b:18:3f:41:8b:e2:bd:a8:c2:3a:f4:
         c7:fb:01:95:8a:9c:33:91:5b:cd:08:a7:f7:f2:fd:0d:95:12:
         e0:4d:15:9a:01:b4:eb:49:aa:25:84:5d:a3:07:7a:ff:4e:7b:
         c3:86:e1:a1:20:eb:7e:ef:a2:ec:f2:7e:b3:c9:cb:1b:27:e2:
         6a:ea:51:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbgGjOUbJWASipUbsEVWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhlMTgwYTBjZTRiY2MxZjU5YjJmNjA1MjkwMDI4MWQ4ODJmZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4ZfOL9gbE5OihpfmCyl1k98r/Lx
qMr1C81U2Qd7v9Tc8tZsItEaGfJY92xAhQXHlSlIFbWYYzFW8XVp41uz6UOM6eZ6
+GJcJrZ4P2UjiNlSORwcoNBEBsD59yCYeknYhWDVMcA2elI5pKNAvRS/lnkc7prn
z085zPR1QbNk+hLW8Xbo/Sf7fkqpwHfwjRxgRCAO9/2ngxdvA4G8PFF/FBXcZ4dn
fRLXJtr+psktfrGkfHdjyduy2CnEuxJNwThWKvTrQClxL8/I5lE7a3OdXTHB3Uh1
/kKESyZK5TH6h1F1goGgzT16J5df46K85wWMRZWft76SNqe/kkweBmUAxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMSOGAoM5LzB9ZsvYFKQAoHYgv3rMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEveEk0WUNnemt2TUgxbXk5Z1VwQUNnZGlDX2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQEoAwQA
ubZBMA0GCSqGSIb3DQEBCwUAA4IBAQAKvTmlbr03au1HfTA3UOi6AHUAkwZK1qIY
Tg/A3R1aTLznrF9m+JbZeeUe20mVcbQ2kyb0Np5YITsxQ9Atx9/stKybKIXF7fp/
L1p5xJhIdugYFRF8/UaUhry7zRzSepq6BDgZOT7sfmrXrEzjYMn6Q4/DIyKljS7G
BhZk/k5r1HyLnIwudyd8FXL3vbW8m1DYr02M71FLYhl/REXk8POu7yz7l7E20iSL
kVRTCwLvWrKTq1skRP0ApBuMCxg/QYvivajCOvTH+wGVipwzkVvNCKf38v0NlRLg
TRWaAbTrSaolhF2jB3r/TnvDhuGhIOt+76Ls8n6zycsbJ+Jq6lGX
-----END CERTIFICATE-----