Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/XyE-vXkSkeizeZsx-YB3MXDi4z0.roa
File:                     XyE-vXkSkeizeZsx-YB3MXDi4z0.roa (raw, json)
Hash identifier:          OCsDvYqiJ9FE0jFwLjjGB6uKo3WbMi3GPrvmOObmUwk=
Subject key identifier:   5F:21:3E:BD:79:12:91:E8:B3:79:9B:31:F9:80:77:31:70:E2:E3:3D
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5114C991CF278A756F6B7ADB9E2C
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/XyE-vXkSkeizeZsx-YB3MXDi4z0.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39018
IP address blocks:        185.193.38.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:51:14:c9:91:cf:27:8a:75:6f:6b:7a:db:9e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f213ebd791291e8b3799b31f980773170e2e33d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:14:ed:01:93:3b:9d:2b:54:23:48:4e:39:c0:
                    90:7e:e4:3d:1f:59:13:18:c4:27:7c:fa:17:f2:ea:
                    8f:e8:17:ad:3a:2e:9f:7e:1c:f6:c1:36:0f:5d:ef:
                    8f:09:d6:20:50:d2:37:a0:57:8d:9b:6e:a2:2e:9c:
                    96:fd:e9:56:fe:26:32:4b:03:9b:cc:18:e4:ea:88:
                    2f:ac:be:7a:22:e6:21:38:59:5c:e6:81:3a:90:fa:
                    f4:36:a1:9e:df:7a:35:9a:be:8e:05:9a:66:00:03:
                    15:80:72:da:38:7d:1a:d5:f2:e9:de:0d:a9:db:22:
                    c7:48:11:26:93:1b:98:7e:27:c7:af:01:41:8b:6d:
                    76:79:93:11:d6:87:15:41:10:cd:ac:85:85:76:da:
                    fc:8c:27:37:58:b3:5e:98:29:bb:d9:a7:6c:45:bf:
                    36:3d:17:7a:3d:9e:74:bb:7a:1e:81:d9:5a:d4:98:
                    2b:58:37:9d:eb:d7:0c:65:10:01:aa:d8:bf:80:94:
                    e8:fc:7e:ff:16:1a:65:a6:54:f8:38:12:ee:09:6c:
                    a7:ea:57:ce:ad:d9:ed:8f:85:a7:ff:ad:c3:4d:43:
                    dc:7d:9f:fd:47:8e:53:73:17:ce:a3:39:63:67:ca:
                    d6:1a:c2:a0:25:8c:a3:5e:87:da:fa:6a:e3:e6:7c:
                    4b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:21:3E:BD:79:12:91:E8:B3:79:9B:31:F9:80:77:31:70:E2:E3:3D
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/XyE-vXkSkeizeZsx-YB3MXDi4z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:74:c4:2b:28:ca:06:d3:52:b3:28:4b:67:76:c0:8f:45:b2:
         9d:a3:af:bc:80:51:df:35:89:6a:f4:ec:4e:21:75:03:27:4d:
         ab:38:e3:16:92:71:21:e9:d0:66:dc:74:36:70:fa:54:9e:6d:
         dd:27:2e:cd:30:38:8b:f8:2f:e8:4e:45:fe:f6:4b:4a:2b:d5:
         91:b1:96:8f:3c:f9:8b:42:60:68:6e:5e:26:7e:30:53:8c:55:
         c5:34:f2:69:7c:e5:e1:c0:81:90:3f:38:11:ca:85:00:cf:a3:
         d7:7a:85:4c:ce:f2:a1:7a:d0:5d:a6:6c:64:74:93:90:19:72:
         2b:db:80:95:be:c4:21:0a:37:1a:5b:8f:90:50:bb:f9:a7:50:
         13:16:0f:d5:4b:e1:fe:8d:e7:da:16:74:23:c9:0f:51:4b:1b:
         5c:3a:d0:7a:34:3d:e0:78:3e:bc:51:21:98:b2:12:f6:bb:46:
         01:8d:97:cf:a0:04:84:a3:c9:0d:80:7f:e3:23:5b:87:bc:f1:
         c0:46:7e:5c:51:8a:36:7e:99:1c:a9:7d:e7:72:25:16:46:a6:
         04:a4:94:8c:5e:a7:24:70:c0:e8:b0:fa:f7:ad:24:8e:71:1a:
         90:30:ec:be:02:bf:03:26:bf:86:67:b9:71:ae:b6:63:87:97:
         4b:3d:77:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1EUyZHPJ4p1b2t6254sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjIxM2ViZDc5MTI5MWU4YjM3OTliMzFmOTgwNzczMTcwZTJlMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRTtAZM7nStUI0hOOcCQfuQ9H1kT
GMQnfPoX8uqP6BetOi6ffhz2wTYPXe+PCdYgUNI3oFeNm26iLpyW/elW/iYySwOb
zBjk6ogvrL56IuYhOFlc5oE6kPr0NqGe33o1mr6OBZpmAAMVgHLaOH0a1fLp3g2p
2yLHSBEmkxuYfifHrwFBi212eZMR1ocVQRDNrIWFdtr8jCc3WLNemCm72adsRb82
PRd6PZ50u3oegdla1JgrWDed69cMZRABqti/gJTo/H7/FhplplT4OBLuCWyn6lfO
rdntj4Wn/63DTUPcfZ/9R45TcxfOozljZ8rWGsKgJYyjXofa+mrj5nxL8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8hPr15EpHos3mbMfmAdzFw4uM9MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvWHlFLXZYa1NrZWl6ZVpzeC1ZQjNNWERpNHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucEmMA0G
CSqGSIb3DQEBCwUAA4IBAQCMdMQrKMoG01KzKEtndsCPRbKdo6+8gFHfNYlq9OxO
IXUDJ02rOOMWknEh6dBm3HQ2cPpUnm3dJy7NMDiL+C/oTkX+9ktKK9WRsZaPPPmL
QmBobl4mfjBTjFXFNPJpfOXhwIGQPzgRyoUAz6PXeoVMzvKhetBdpmxkdJOQGXIr
24CVvsQhCjcaW4+QULv5p1ATFg/VS+H+jefaFnQjyQ9RSxtcOtB6ND3geD68USGY
shL2u0YBjZfPoASEo8kNgH/jI1uHvPHARn5cUYo2fpkcqX3nciUWRqYEpJSMXqck
cMDosPr3rSSOcRqQMOy+Ar8DJr+GZ7lxrrZjh5dLPXck
-----END CERTIFICATE-----