Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/afbb62-0098-42b3-81ae-f0bb2e15f6d0/1/XXvHEew-WLqrY69xSQw9hdhUvco.roa
File:                     XXvHEew-WLqrY69xSQw9hdhUvco.roa (raw, json)
Hash identifier:          0Ua2MXgy/wd/6ovwq5m+O7l1jxyA+KfDGA1/Drsouio=
Subject key identifier:   5D:7B:C7:11:EC:3E:58:BA:AB:63:AF:71:49:0C:3D:85:D8:54:BD:CA
Certificate issuer:       /CN=e57731ea857b903aa40a8e5fd8d88446505b5233
Certificate serial:       018CC64B819FEFC169F3710AD53C92CCE02A
Authority key identifier: E5:77:31:EA:85:7B:90:3A:A4:0A:8E:5F:D8:D8:84:46:50:5B:52:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Xcx6oV7kDqkCo5f2NiERlBbUjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/afbb62-0098-42b3-81ae-f0bb2e15f6d0/1/XXvHEew-WLqrY69xSQw9hdhUvco.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7046
IP address blocks:        193.67.192.0/22 maxlen: 22
                          193.67.192.0/20 maxlen: 20
                          193.67.206.0/23 maxlen: 24
                          193.67.201.0/24 maxlen: 24
                          193.67.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/afbb62-0098-42b3-81ae-f0bb2e15f6d0/1/5Xcx6oV7kDqkCo5f2NiERlBbUjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/afbb62-0098-42b3-81ae-f0bb2e15f6d0/1/5Xcx6oV7kDqkCo5f2NiERlBbUjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Xcx6oV7kDqkCo5f2NiERlBbUjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:81:9f:ef:c1:69:f3:71:0a:d5:3c:92:cc:e0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e57731ea857b903aa40a8e5fd8d88446505b5233
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d7bc711ec3e58baab63af71490c3d85d854bdca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:15:02:06:15:fb:c9:c9:77:a1:f5:eb:e9:57:
                    88:7f:cb:36:01:fe:db:26:3f:d3:e8:f2:0f:2c:a8:
                    7c:97:f4:f5:38:45:a4:9f:c1:e3:c0:0d:b3:01:e3:
                    bb:32:91:01:90:f4:2b:00:91:b3:f3:16:86:13:b0:
                    47:fa:b9:76:f7:f8:0a:26:71:a9:5c:61:ff:96:c3:
                    92:76:f0:7e:9b:b6:27:7e:60:0e:9c:0a:5e:55:24:
                    fb:bf:16:87:97:2b:ba:f6:c8:6f:ea:2b:c5:cc:6c:
                    56:5c:a9:00:8e:c1:62:94:40:3d:1e:ca:d2:03:68:
                    79:af:45:82:48:7a:4a:dc:f3:e6:58:80:cb:a9:cd:
                    74:d3:b0:3a:28:d3:9e:df:36:da:cf:9a:43:79:01:
                    08:73:73:bd:b8:68:fd:57:44:da:ca:1f:89:80:49:
                    5d:55:af:90:81:9d:fa:5f:9f:fc:d4:94:da:ab:51:
                    b7:81:e8:d7:19:a0:fc:ce:95:6d:e1:ff:93:e3:b8:
                    a9:cf:e8:4e:40:93:49:ff:8d:e2:e4:bf:f3:27:ca:
                    51:8e:84:ce:07:6d:4a:48:03:a3:80:4a:49:62:a4:
                    e2:a0:7d:2d:98:d9:4a:69:17:8e:cc:b4:bb:13:1e:
                    43:6e:92:a2:7e:ee:1f:a5:3e:f7:96:8e:73:ce:52:
                    77:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7B:C7:11:EC:3E:58:BA:AB:63:AF:71:49:0C:3D:85:D8:54:BD:CA
            X509v3 Authority Key Identifier:
                keyid:E5:77:31:EA:85:7B:90:3A:A4:0A:8E:5F:D8:D8:84:46:50:5B:52:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Xcx6oV7kDqkCo5f2NiERlBbUjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/afbb62-0098-42b3-81ae-f0bb2e15f6d0/1/XXvHEew-WLqrY69xSQw9hdhUvco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/afbb62-0098-42b3-81ae-f0bb2e15f6d0/1/5Xcx6oV7kDqkCo5f2NiERlBbUjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.67.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         56:35:7b:af:69:3f:84:c7:03:71:63:10:bb:b5:8c:92:eb:1b:
         fb:db:4e:bb:cd:c4:1f:3d:d7:c7:aa:33:f0:20:22:89:10:d8:
         2b:0c:33:83:f4:19:50:b8:d7:15:ac:d8:b9:72:09:15:8f:e2:
         b5:74:72:4f:33:ab:91:b6:f9:f8:76:7f:b2:dd:f5:ba:e7:6d:
         83:51:c5:7e:e8:65:b8:40:4a:c7:fb:e6:91:d5:21:3a:bb:52:
         4a:fb:19:54:04:68:c8:fe:7b:84:bd:bf:1c:ff:70:09:05:e8:
         33:e5:19:e4:6b:bc:60:5b:64:ff:17:ce:19:9c:0f:b6:6f:74:
         0d:ea:7a:e0:c8:01:36:4c:77:f6:19:17:89:b9:fc:7e:5d:2a:
         af:2e:d6:f8:1a:17:19:c2:6b:b0:ce:91:8d:37:b9:ee:0b:15:
         79:ae:7b:27:4a:33:7c:c8:35:3f:22:06:db:c2:ee:38:ef:24:
         d5:56:0c:fd:9e:46:76:24:6b:ba:ae:0f:7a:49:95:51:27:8b:
         34:31:c9:56:38:7d:0b:01:b5:f0:4b:24:8e:0f:86:93:f0:5d:
         e5:55:ed:f5:c0:ba:3e:a6:43:4a:db:38:d7:56:a5:0e:e6:0a:
         00:8e:02:38:47:92:01:f4:2f:8a:64:af:a8:63:26:31:cb:7e:
         1a:8a:87:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4Gf78Fp83EK1TySzOAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NzczMWVhODU3YjkwM2FhNDBhOGU1ZmQ4ZDg4NDQ2NTA1
YjUyMzMwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdiYzcxMWVjM2U1OGJhYWI2M2FmNzE0OTBjM2Q4NWQ4NTRiZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxUCBhX7ycl3ofXr6VeIf8s2Af7b
Jj/T6PIPLKh8l/T1OEWkn8HjwA2zAeO7MpEBkPQrAJGz8xaGE7BH+rl29/gKJnGp
XGH/lsOSdvB+m7YnfmAOnApeVST7vxaHlyu69shv6ivFzGxWXKkAjsFilEA9HsrS
A2h5r0WCSHpK3PPmWIDLqc1007A6KNOe3zbaz5pDeQEIc3O9uGj9V0Tayh+JgEld
Va+QgZ36X5/81JTaq1G3gejXGaD8zpVt4f+T47ipz+hOQJNJ/43i5L/zJ8pRjoTO
B21KSAOjgEpJYqTioH0tmNlKaReOzLS7Ex5DbpKifu4fpT73lo5zzlJ3DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF17xxHsPli6q2OvcUkMPYXYVL3KMB8GA1UdIwQY
MBaAFOV3MeqFe5A6pAqOX9jYhEZQW1IzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVhjeDZvVjdrRHFrQ281ZjJOaUVSbEJiVWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hZmJiNjItMDA5OC00MmIzLTgxYWUt
ZjBiYjJlMTVmNmQwLzEvWFh2SEVldy1XTHFyWTY5eFNRdzloZGhVdmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hZmJiNjItMDA5OC00MmIzLTgxYWUtZjBiYjJlMTVmNmQw
LzEvNVhjeDZvVjdrRHFrQ281ZjJOaUVSbEJiVWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwUPAMA0G
CSqGSIb3DQEBCwUAA4IBAQBWNXuvaT+ExwNxYxC7tYyS6xv72067zcQfPdfHqjPw
ICKJENgrDDOD9BlQuNcVrNi5cgkVj+K1dHJPM6uRtvn4dn+y3fW6522DUcV+6GW4
QErH++aR1SE6u1JK+xlUBGjI/nuEvb8c/3AJBegz5Rnka7xgW2T/F84ZnA+2b3QN
6nrgyAE2THf2GReJufx+XSqvLtb4GhcZwmuwzpGNN7nuCxV5rnsnSjN8yDU/Igbb
wu447yTVVgz9nkZ2JGu6rg96SZVRJ4s0MclWOH0LAbXwSySOD4aT8F3lVe31wLo+
pkNK2zjXVqUO5goAjgI4R5IB9C+KZK+oYyYxy34aioco
-----END CERTIFICATE-----