Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/XHTIV5GFr2GwbJP-Mv_nJHnOEsQ.roa
File:                     XHTIV5GFr2GwbJP-Mv_nJHnOEsQ.roa (raw, json)
Hash identifier:          caXXXOz/PWqCRjDafgEWObIs+edXTsj287rNJ0g9tK8=
Subject key identifier:   5C:74:C8:57:91:85:AF:61:B0:6C:93:FE:32:FF:E7:24:79:CE:12:C4
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       018CC56E08ED63DDE1E1D7046F69B6410BE6
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/XHTIV5GFr2GwbJP-Mv_nJHnOEsQ.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        80.93.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:08:ed:63:dd:e1:e1:d7:04:6f:69:b6:41:0b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c74c8579185af61b06c93fe32ffe72479ce12c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b2:c2:69:75:d8:da:5a:58:7f:0a:0b:91:f5:
                    9d:e6:97:a1:6e:83:b9:60:bc:e6:5f:f6:19:85:19:
                    9e:27:67:81:e6:84:01:ff:3e:e6:47:d9:c1:bf:ed:
                    0c:47:f5:f4:e7:4e:39:a9:39:7e:80:dc:bd:04:b4:
                    a8:10:04:87:be:33:17:c5:2f:a0:44:db:0c:1a:cc:
                    17:d6:fa:15:6d:4c:c1:c2:0c:57:d7:2b:6a:bd:f6:
                    36:4d:71:69:88:8a:e8:56:8b:01:38:04:ad:64:68:
                    ca:3c:e6:78:25:b9:73:65:0a:03:f5:b7:d5:df:aa:
                    be:07:6f:e8:28:f1:7d:5a:5e:c6:57:3d:65:bc:21:
                    e2:97:0b:7b:cd:c4:59:16:a8:32:50:2d:5e:7b:9c:
                    ff:e7:ed:f7:79:e8:c2:ec:42:ac:93:ee:27:73:df:
                    84:90:0b:86:66:44:f4:22:95:56:b6:e7:cd:94:d3:
                    f7:60:31:71:e1:13:1e:4c:f6:a5:28:0f:16:47:43:
                    8f:c8:01:33:eb:bf:56:1d:03:2b:68:b9:fd:35:c3:
                    1a:f2:80:6f:f8:54:ff:66:e9:96:19:64:43:30:94:
                    ff:44:9e:b6:e5:dd:05:47:1a:ca:9b:4f:13:28:db:
                    7c:84:12:ea:85:af:e4:d7:08:ae:d9:db:7f:70:d9:
                    e4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:74:C8:57:91:85:AF:61:B0:6C:93:FE:32:FF:E7:24:79:CE:12:C4
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/XHTIV5GFr2GwbJP-Mv_nJHnOEsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:57:8f:b3:80:db:8d:b1:f3:1e:e7:e7:e9:95:cc:89:c0:e7:
         ee:05:ab:37:8f:22:47:48:2c:e9:1c:0f:7e:82:ff:01:79:80:
         6f:99:4e:bd:ee:ba:e7:8c:cd:3a:5e:fa:94:53:2c:71:3e:a9:
         8d:83:56:e2:b7:25:7e:18:73:e7:de:38:ba:7a:c4:ce:87:bd:
         ca:b4:09:57:0c:32:33:23:67:87:b5:ff:d5:d9:db:5c:ca:e4:
         ea:96:9c:3a:d7:9a:f5:02:26:b5:d3:f4:bb:e6:19:37:7d:0c:
         b1:85:9b:0f:f4:92:20:7e:e7:e1:97:7f:a6:94:9a:17:94:30:
         05:74:cc:10:01:a1:c3:6e:82:44:d3:f6:d7:7f:2a:d4:8b:34:
         53:22:0c:3c:6c:c3:33:ea:3d:e2:77:76:1c:14:e2:ff:40:7b:
         b9:4b:e7:47:61:ea:d4:07:42:b9:75:e7:14:ff:73:8e:dc:02:
         5a:91:98:77:95:48:9b:0e:75:49:0f:eb:ea:10:e0:b7:57:a9:
         4b:86:d3:19:ce:c4:ed:4c:e6:44:6f:23:50:38:df:01:4b:aa:
         c0:b8:ce:92:3c:d5:bb:dc:76:da:55:97:73:a0:a4:5e:2d:4a:
         95:8a:a5:c7:17:14:d9:95:0f:9a:26:54:aa:a4:84:c8:cf:f6:
         d6:41:ea:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgjtY93h4dcEb2m2QQvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc0Yzg1NzkxODVhZjYxYjA2YzkzZmUzMmZmZTcyNDc5Y2UxMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrLCaXXY2lpYfwoLkfWd5pehboO5
YLzmX/YZhRmeJ2eB5oQB/z7mR9nBv+0MR/X05045qTl+gNy9BLSoEASHvjMXxS+g
RNsMGswX1voVbUzBwgxX1ytqvfY2TXFpiIroVosBOAStZGjKPOZ4JblzZQoD9bfV
36q+B2/oKPF9Wl7GVz1lvCHilwt7zcRZFqgyUC1ee5z/5+33eejC7EKsk+4nc9+E
kAuGZkT0IpVWtufNlNP3YDFx4RMeTPalKA8WR0OPyAEz679WHQMraLn9NcMa8oBv
+FT/ZumWGWRDMJT/RJ625d0FRxrKm08TKNt8hBLqha/k1wiu2dt/cNnk0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx0yFeRha9hsGyT/jL/5yR5zhLEMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvWEhUSVY1R0ZyMkd3YkpQLU12X25KSG5PRXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3BMA0G
CSqGSIb3DQEBCwUAA4IBAQAxV4+zgNuNsfMe5+fplcyJwOfuBas3jyJHSCzpHA9+
gv8BeYBvmU697rrnjM06XvqUUyxxPqmNg1bityV+GHPn3ji6esTOh73KtAlXDDIz
I2eHtf/V2dtcyuTqlpw615r1Aia10/S75hk3fQyxhZsP9JIgfufhl3+mlJoXlDAF
dMwQAaHDboJE0/bXfyrUizRTIgw8bMMz6j3id3YcFOL/QHu5S+dHYerUB0K5decU
/3OO3AJakZh3lUibDnVJD+vqEOC3V6lLhtMZzsTtTOZEbyNQON8BS6rAuM6SPNW7
3HbaVZdzoKReLUqViqXHFxTZlQ+aJlSqpITIz/bWQerT
-----END CERTIFICATE-----