Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/XQ6LqdBKZO6izOm1W-YpTeJpeps.roa
File:                     XQ6LqdBKZO6izOm1W-YpTeJpeps.roa (raw, json)
Hash identifier:          NFDDx9pebt/GfssmAMa8eDiIYsTIR8zA3ZUSZp4rojA=
Subject key identifier:   5D:0E:8B:A9:D0:4A:64:EE:A2:CC:E9:B5:5B:E6:29:4D:E2:69:7A:9B
Certificate issuer:       /CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
Certificate serial:       018CC348F93B910DD9304CE31BDED1363227
Authority key identifier: 5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/XQ6LqdBKZO6izOm1W-YpTeJpeps.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15948
IP address blocks:        195.251.205.0/24 maxlen: 24
                          195.251.206.0/23 maxlen: 23
                          194.177.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f9:3b:91:0d:d9:30:4c:e3:1b:de:d1:36:32:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a6f9295521df30a158f506ba7cb873ab9529dc3
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d0e8ba9d04a64eea2cce9b55be6294de2697a9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:64:22:59:51:db:d1:78:78:fb:a7:4a:d8:82:
                    df:ea:01:99:ec:38:59:43:6b:ef:d6:bc:c8:f5:4c:
                    f0:5b:db:bc:0d:02:4e:a6:74:2b:8c:98:b1:5b:c4:
                    0f:bf:ee:51:55:bc:d9:02:81:78:85:b1:1a:a6:64:
                    7a:2c:9c:1a:05:6f:bf:ed:1a:a4:bf:b5:67:3d:1e:
                    5a:6e:c7:83:61:df:4e:1f:79:7b:48:b5:3a:e6:3c:
                    80:35:aa:75:df:84:fb:14:3f:78:a3:c8:fe:1a:54:
                    bd:6c:8a:d1:c8:ed:fb:62:13:e3:70:47:50:68:3f:
                    90:1d:02:76:75:0b:4d:00:3f:bf:15:f0:f8:5f:d9:
                    ad:85:cf:46:63:0d:4c:26:b6:2c:ec:95:d7:2b:3c:
                    9d:48:83:27:0b:fe:8f:b4:d0:a3:f0:14:75:ad:24:
                    10:2a:b4:7a:bf:cf:b4:a1:9f:94:eb:1a:3f:a3:df:
                    f2:e2:47:44:45:b9:d5:a9:93:8c:34:0c:68:18:3c:
                    64:f6:ff:4f:e3:f3:b7:18:c6:1c:ca:40:a7:53:ac:
                    84:d9:6a:b4:76:5f:af:e7:aa:14:6d:4f:1c:f5:b0:
                    74:b2:77:02:a8:ad:68:15:a6:d4:ef:44:8c:18:f6:
                    8f:b6:41:8e:4e:19:af:43:d4:f0:32:28:b4:c9:e1:
                    a1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:0E:8B:A9:D0:4A:64:EE:A2:CC:E9:B5:5B:E6:29:4D:E2:69:7A:9B
            X509v3 Authority Key Identifier:
                keyid:5A:6F:92:95:52:1D:F3:0A:15:8F:50:6B:A7:CB:87:3A:B9:52:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wm-SlVId8woVj1Brp8uHOrlSncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/XQ6LqdBKZO6izOm1W-YpTeJpeps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f93b-be31-45cf-aa7e-aaa4553d2abd/1/Wm-SlVId8woVj1Brp8uHOrlSncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.193.0/24
                  195.251.205.0-195.251.207.255

    Signature Algorithm: sha256WithRSAEncryption
         80:57:2e:74:9e:09:ca:f3:1e:1c:17:8b:a8:2d:cd:fc:2c:d0:
         5c:96:06:80:00:80:86:5d:f2:4c:b1:e2:48:99:70:76:40:8e:
         40:ae:1d:65:c9:8a:c6:49:36:87:69:89:d6:13:27:51:75:8b:
         0f:92:d9:4b:ac:d7:84:ce:59:e1:73:cb:2a:d5:9a:f7:33:5f:
         9d:08:29:a9:80:fa:ff:e8:13:07:a1:18:cd:91:b8:d8:cc:2a:
         9d:2c:72:c6:1b:3e:42:c5:e0:95:59:14:ac:1d:1e:b9:9f:a3:
         4e:1e:14:08:04:ce:35:29:2e:a0:e7:4c:c9:3d:aa:06:3e:0f:
         9f:1d:f1:67:17:06:2b:41:11:b1:9b:e9:5a:05:10:e6:ca:a5:
         f2:bd:83:8b:ee:66:e4:9e:36:9c:b9:57:7c:40:d4:9a:06:18:
         11:91:11:ea:22:f2:94:7b:1c:f2:e9:16:14:0b:d9:14:79:d9:
         6c:aa:1d:79:88:27:32:de:44:b4:45:2e:5d:97:2f:f8:71:a9:
         8e:48:a1:a5:23:aa:73:a2:d8:65:7a:0e:3a:f7:b7:17:ef:54:
         b4:82:7e:c1:9c:ea:09:65:c5:26:e8:8f:02:f7:c2:0e:21:19:
         b7:d4:29:90:80:19:9b:60:41:1c:3b:ef:a9:49:5b:4f:da:bf:
         e8:c6:42:7b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDSPk7kQ3ZMEzjG97RNjInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNmY5Mjk1NTIxZGYzMGExNThmNTA2YmE3Y2I4NzNhYjk1
MjlkYzMwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDBlOGJhOWQwNGE2NGVlYTJjY2U5YjU1YmU2Mjk0ZGUyNjk3YTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomQiWVHb0Xh4+6dK2ILf6gGZ7DhZ
Q2vv1rzI9UzwW9u8DQJOpnQrjJixW8QPv+5RVbzZAoF4hbEapmR6LJwaBW+/7Rqk
v7VnPR5abseDYd9OH3l7SLU65jyANap134T7FD94o8j+GlS9bIrRyO37YhPjcEdQ
aD+QHQJ2dQtNAD+/FfD4X9mthc9GYw1MJrYs7JXXKzydSIMnC/6PtNCj8BR1rSQQ
KrR6v8+0oZ+U6xo/o9/y4kdERbnVqZOMNAxoGDxk9v9P4/O3GMYcykCnU6yE2Wq0
dl+v56oUbU8c9bB0sncCqK1oFabU70SMGPaPtkGOThmvQ9TwMii0yeGhMQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFF0Oi6nQSmTuoszptVvmKU3iaXqbMB8GA1UdIwQY
MBaAFFpvkpVSHfMKFY9Qa6fLhzq5Up3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2Ut
YWFhNDU1M2QyYWJkLzEvWFE2THFkQktaTzZpek9tMVctWXBUZUpwZXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWY5M2ItYmUzMS00NWNmLWFhN2UtYWFhNDU1M2QyYWJk
LzEvV20tU2xWSWQ4d29WajFCcnA4dUhPcmxTbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAwrHBMAwD
BADD+80DBATD+8AwDQYJKoZIhvcNAQELBQADggEBAIBXLnSeCcrzHhwXi6gtzfws
0FyWBoAAgIZd8kyx4kiZcHZAjkCuHWXJisZJNodpidYTJ1F1iw+S2Uus14TOWeFz
yyrVmvczX50IKamA+v/oEwehGM2RuNjMKp0scsYbPkLF4JVZFKwdHrmfo04eFAgE
zjUpLqDnTMk9qgY+D58d8WcXBitBEbGb6VoFEObKpfK9g4vuZuSeNpy5V3xA1JoG
GBGREeoi8pR7HPLpFhQL2RR52WyqHXmIJzLeRLRFLl2XL/hxqY5IoaUjqnOi2GV6
Djr3txfvVLSCfsGc6gllxSbojwL3wg4hGbfUKZCAGZtgQRw776lJW0/av+jGQns=
-----END CERTIFICATE-----