Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xmVsTpUbvrgHbtbw-8HTD6LxgPQ.roa
File:                     xmVsTpUbvrgHbtbw-8HTD6LxgPQ.roa (raw, json)
Hash identifier:          9gL4Jz/p5Xr13+dCyw8LIYUNey2rSV6kMuYYeUouvEY=
Subject key identifier:   C6:65:6C:4E:95:1B:BE:B8:07:6E:D6:F0:FB:C1:D3:0F:A2:F1:80:F4
Certificate issuer:       /CN=c51791a5811c7f6ed81fd441b50265af5e9c61b0
Certificate serial:       018CC7957E2BE22231EC8DC77CAE677151BC
Authority key identifier: C5:17:91:A5:81:1C:7F:6E:D8:1F:D4:41:B5:02:65:AF:5E:9C:61:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xmVsTpUbvrgHbtbw-8HTD6LxgPQ.roa
Signing time:             Tue 02 Jan 2024 00:31:52 +0000
ROA not before:           Tue 02 Jan 2024 00:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48095
IP address blocks:        194.4.168.0/23 maxlen: 23
                          194.4.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 06:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7e:2b:e2:22:31:ec:8d:c7:7c:ae:67:71:51:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c51791a5811c7f6ed81fd441b50265af5e9c61b0
        Validity
            Not Before: Jan  2 00:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6656c4e951bbeb8076ed6f0fbc1d30fa2f180f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5e:10:64:a3:a0:cc:9a:3d:c8:c2:a7:8f:54:
                    f6:be:8d:1b:cc:90:e8:3c:23:f4:0e:23:61:75:df:
                    85:b0:7c:41:8a:7e:0f:cc:1f:e7:2b:74:44:ab:50:
                    87:62:91:d7:82:9f:f3:d8:1d:01:57:6b:55:ac:4b:
                    79:d8:af:06:31:36:b0:d0:37:95:dd:ee:51:66:51:
                    2d:5c:54:77:07:be:bf:04:63:de:bd:31:54:3d:fb:
                    cb:0e:40:51:5e:5b:b7:75:86:f5:23:56:e3:66:9e:
                    cb:43:b1:c1:46:08:a0:58:df:85:2c:90:03:dc:b4:
                    e5:cb:58:7e:e2:04:53:b5:56:ad:8b:23:b8:80:cc:
                    a4:49:3a:ca:73:28:c2:e3:d1:f1:38:c2:b3:ea:a6:
                    51:9b:c1:a5:be:da:f1:7c:a5:38:ab:6a:d8:b1:53:
                    7b:e3:6d:3f:5a:51:1b:65:8a:b0:df:83:dc:7a:2f:
                    db:7f:82:c2:c3:cc:36:ba:01:ad:0b:11:11:35:78:
                    48:50:92:df:f6:da:4f:43:c1:5c:7a:e2:5b:f3:67:
                    ec:df:04:b6:74:d0:00:22:56:b9:26:95:6a:98:9b:
                    6b:c5:34:fd:66:85:c0:f1:d3:8d:6c:b4:1b:bc:99:
                    0f:02:a3:5a:a6:4e:d0:07:fa:03:70:c6:85:68:95:
                    52:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:65:6C:4E:95:1B:BE:B8:07:6E:D6:F0:FB:C1:D3:0F:A2:F1:80:F4
            X509v3 Authority Key Identifier:
                keyid:C5:17:91:A5:81:1C:7F:6E:D8:1F:D4:41:B5:02:65:AF:5E:9C:61:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xmVsTpUbvrgHbtbw-8HTD6LxgPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:b8:ca:3d:b9:59:ce:43:9f:45:c9:71:f5:d4:7e:ad:18:39:
         6c:3d:e6:21:c3:6a:de:53:57:25:99:ee:73:d5:9f:e1:c7:a0:
         46:58:0c:16:5f:c3:53:ea:9c:9b:5c:aa:60:65:2e:7f:a7:b4:
         cc:b2:22:e2:d1:85:9b:55:21:39:1c:e2:75:f6:83:0d:56:c5:
         fa:08:36:6e:57:b5:28:f0:ba:14:de:c1:08:fa:01:1d:62:1c:
         12:5e:97:54:59:7c:d4:5a:3d:fc:ec:f8:d9:b1:2a:fe:2f:3b:
         a1:9e:a9:9d:ad:cf:07:6f:86:e7:98:44:79:1f:e4:d1:0b:3f:
         b4:ce:4d:21:4d:7a:56:11:a4:a3:1f:da:fb:19:58:58:49:1d:
         83:b2:12:d4:4d:5d:2a:05:63:29:79:f9:c9:e1:a6:2b:ad:67:
         91:35:49:fc:87:2e:58:98:8a:64:7c:70:9e:2b:1f:be:8a:72:
         67:25:46:95:38:35:8a:d6:d2:91:0d:64:8d:02:49:14:cc:d2:
         c1:4d:60:d5:e3:ef:8c:bd:e0:8c:e8:60:16:19:be:bf:bd:2c:
         54:38:c6:5e:2a:61:1e:7f:3f:85:5a:9e:ab:41:69:87:c9:e7:
         5b:a0:68:23:45:53:1b:3e:64:4d:d7:78:65:ef:68:64:cb:b6:
         d1:a0:25:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlX4r4iIx7I3HfK5ncVG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTc5MWE1ODExYzdmNmVkODFmZDQ0MWI1MDI2NWFmNWU5
YzYxYjAwHhcNMjQwMTAyMDAzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY1NmM0ZTk1MWJiZWI4MDc2ZWQ2ZjBmYmMxZDMwZmEyZjE4MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAll4QZKOgzJo9yMKnj1T2vo0bzJDo
PCP0DiNhdd+FsHxBin4PzB/nK3REq1CHYpHXgp/z2B0BV2tVrEt52K8GMTaw0DeV
3e5RZlEtXFR3B76/BGPevTFUPfvLDkBRXlu3dYb1I1bjZp7LQ7HBRgigWN+FLJAD
3LTly1h+4gRTtVatiyO4gMykSTrKcyjC49HxOMKz6qZRm8GlvtrxfKU4q2rYsVN7
420/WlEbZYqw34Pcei/bf4LCw8w2ugGtCxERNXhIUJLf9tpPQ8FceuJb82fs3wS2
dNAAIla5JpVqmJtrxTT9ZoXA8dONbLQbvJkPAqNapk7QB/oDcMaFaJVSEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZlbE6VG764B27W8PvB0w+i8YD0MB8GA1UdIwQY
MBaAFMUXkaWBHH9u2B/UQbUCZa9enGGwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJlUnBZRWNmMjdZSDlSQnRRSmxyMTZjWWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wYmYxOTYtNjVhYi00ZTc0LWE2MWEt
ODE5MTY0YjkyYjg4LzEveG1Wc1RwVWJ2cmdIYnRidy04SFRENkx4Z1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wYmYxOTYtNjVhYi00ZTc0LWE2MWEtODE5MTY0YjkyYjg4
LzEveFJlUnBZRWNmMjdZSDlSQnRRSmxyMTZjWWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwgSoMA0G
CSqGSIb3DQEBCwUAA4IBAQAKuMo9uVnOQ59FyXH11H6tGDlsPeYhw2reU1clme5z
1Z/hx6BGWAwWX8NT6pybXKpgZS5/p7TMsiLi0YWbVSE5HOJ19oMNVsX6CDZuV7Uo
8LoU3sEI+gEdYhwSXpdUWXzUWj387PjZsSr+Lzuhnqmdrc8Hb4bnmER5H+TRCz+0
zk0hTXpWEaSjH9r7GVhYSR2DshLUTV0qBWMpefnJ4aYrrWeRNUn8hy5YmIpkfHCe
Kx++inJnJUaVODWK1tKRDWSNAkkUzNLBTWDV4++MveCM6GAWGb6/vSxUOMZeKmEe
fz+FWp6rQWmHyedboGgjRVMbPmRN13hl72hky7bRoCWb
-----END CERTIFICATE-----