Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/XOw0CCMpT4i9mPb285O4AJdJOe8.roa
File:                     XOw0CCMpT4i9mPb285O4AJdJOe8.roa (raw, json)
Hash identifier:          oeNy0HtNr9z+oT+u1zFBMDnX2MYGkqY6Z/oA1Hduus0=
Subject key identifier:   5C:EC:34:08:23:29:4F:88:BD:98:F6:F6:F3:93:B8:00:97:49:39:EF
Certificate issuer:       /CN=9783a5487b35c1d1e1f157c191312b3df4bc17ab
Certificate serial:       018CC793469D78CD76C2984CF785F8044278
Authority key identifier: 97:83:A5:48:7B:35:C1:D1:E1:F1:57:C1:91:31:2B:3D:F4:BC:17:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/XOw0CCMpT4i9mPb285O4AJdJOe8.roa
Signing time:             Tue 02 Jan 2024 00:29:27 +0000
ROA not before:           Tue 02 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210312
IP address blocks:        147.189.216.0/21 maxlen: 21
                          193.5.16.0/22 maxlen: 22
                          2a0d:3dc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:46:9d:78:cd:76:c2:98:4c:f7:85:f8:04:42:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9783a5487b35c1d1e1f157c191312b3df4bc17ab
        Validity
            Not Before: Jan  2 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cec340823294f88bd98f6f6f393b800974939ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f9:06:c0:87:da:b4:38:83:4b:aa:23:32:1b:
                    6d:73:fd:de:fa:ed:80:a7:01:5e:2c:08:1d:cd:a1:
                    19:90:22:77:ef:6a:7a:56:91:1e:26:d4:56:c5:2e:
                    94:4a:2f:c1:e8:ce:39:63:5e:be:61:0a:69:d7:70:
                    ea:8e:8c:9f:17:4d:bf:38:16:2f:df:3e:dd:04:04:
                    11:bd:42:fe:d5:2a:75:48:a7:79:ca:e5:f9:ff:fb:
                    c8:cc:ee:60:0c:b0:86:7d:57:57:0b:0a:27:2f:4a:
                    eb:6f:71:8c:f9:a1:a6:cb:3e:37:f1:67:73:2d:09:
                    88:82:70:0b:2f:c1:2d:0e:97:db:57:89:cf:c9:ff:
                    a1:d9:67:e4:19:42:92:92:3e:8b:38:5f:4d:cf:59:
                    01:a9:96:c2:d4:e9:d1:9e:ed:b8:32:44:3b:b5:b9:
                    50:31:22:23:23:da:12:8c:8e:32:17:26:13:85:eb:
                    6e:12:4d:b2:79:20:06:b0:fb:bb:c5:c6:5e:70:17:
                    42:ba:82:7b:f9:b9:2f:2b:9f:a5:4d:86:40:c2:c1:
                    24:29:f0:5e:49:57:58:af:10:0f:91:b2:92:03:f5:
                    13:43:16:8d:62:dc:eb:e4:8b:a4:aa:78:d7:11:ef:
                    47:87:74:ed:fa:7d:e0:2f:a1:56:a5:7c:bd:ef:e3:
                    12:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:EC:34:08:23:29:4F:88:BD:98:F6:F6:F3:93:B8:00:97:49:39:EF
            X509v3 Authority Key Identifier:
                keyid:97:83:A5:48:7B:35:C1:D1:E1:F1:57:C1:91:31:2B:3D:F4:BC:17:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l4OlSHs1wdHh8VfBkTErPfS8F6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/XOw0CCMpT4i9mPb285O4AJdJOe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f22131-a0ff-4f27-8dfa-69152e9a08c3/1/l4OlSHs1wdHh8VfBkTErPfS8F6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.216.0/21
                  193.5.16.0/22
                IPv6:
                  2a0d:3dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:64:21:cf:d6:01:da:46:5a:5d:3d:90:f5:99:07:81:28:9b:
         72:58:a1:5b:62:c4:3b:e0:e9:76:bd:f9:82:0a:b4:a4:47:c7:
         94:ea:06:97:0f:50:d4:83:c3:88:84:10:ce:be:d5:ae:83:b8:
         4e:11:80:f3:19:b2:27:5b:6b:b6:dc:e1:a8:31:65:c5:39:69:
         b1:60:40:26:81:c1:6d:99:d6:b9:61:04:5b:ad:f4:ec:3a:78:
         6c:ef:26:da:66:f7:fd:a0:87:fc:f3:de:3a:0e:eb:69:64:54:
         f1:d9:1a:43:7a:11:5c:45:b4:dc:a9:5d:36:0e:f4:c0:3d:0d:
         40:f0:a9:ed:0e:f4:90:67:10:63:c4:62:f1:0a:8c:1c:ac:af:
         2e:4c:c9:0c:b5:2b:0a:b8:8b:30:74:2a:12:50:13:bc:fc:c9:
         59:ea:2d:a6:f9:a9:9c:2f:33:ed:55:9b:2d:81:38:77:51:3d:
         f2:74:c4:ba:b5:ab:47:0e:15:4c:6c:00:43:79:f2:cf:a9:a1:
         32:35:75:d9:02:6b:18:a5:cc:da:c0:72:3b:4d:83:95:95:14:
         fa:c5:dc:30:36:37:98:3b:15:be:13:68:b4:77:d8:94:73:78:
         dc:d6:59:a2:cf:e6:51:06:1b:45:ad:6e:5c:d8:be:ce:ae:9d:
         f9:0e:08:3d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHk0adeM12wphM94X4BEJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ODNhNTQ4N2IzNWMxZDFlMWYxNTdjMTkxMzEyYjNkZjRi
YzE3YWIwHhcNMjQwMTAyMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2VjMzQwODIzMjk0Zjg4YmQ5OGY2ZjZmMzkzYjgwMDk3NDkzOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifkGwIfatDiDS6ojMhttc/3e+u2A
pwFeLAgdzaEZkCJ372p6VpEeJtRWxS6USi/B6M45Y16+YQpp13DqjoyfF02/OBYv
3z7dBAQRvUL+1Sp1SKd5yuX5//vIzO5gDLCGfVdXCwonL0rrb3GM+aGmyz438Wdz
LQmIgnALL8EtDpfbV4nPyf+h2WfkGUKSkj6LOF9Nz1kBqZbC1OnRnu24MkQ7tblQ
MSIjI9oSjI4yFyYThetuEk2yeSAGsPu7xcZecBdCuoJ7+bkvK5+lTYZAwsEkKfBe
SVdYrxAPkbKSA/UTQxaNYtzr5IukqnjXEe9Hh3Tt+n3gL6FWpXy97+MSfwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFzsNAgjKU+IvZj29vOTuACXSTnvMB8GA1UdIwQY
MBaAFJeDpUh7NcHR4fFXwZExKz30vBerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDRPbFNIczF3ZEhoOFZmQmtURXJQZlM4RjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mMjIxMzEtYTBmZi00ZjI3LThkZmEt
NjkxNTJlOWEwOGMzLzEvWE93MENDTXBUNGk5bVBiMjg1TzRBSmRKT2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mMjIxMzEtYTBmZi00ZjI3LThkZmEtNjkxNTJlOWEwOGMz
LzEvbDRPbFNIczF3ZEhoOFZmQmtURXJQZlM4RjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDk73YAwQC
wQUQMA0EAgACMAcDBQMqDT3AMA0GCSqGSIb3DQEBCwUAA4IBAQAkZCHP1gHaRlpd
PZD1mQeBKJtyWKFbYsQ74Ol2vfmCCrSkR8eU6gaXD1DUg8OIhBDOvtWug7hOEYDz
GbInW2u23OGoMWXFOWmxYEAmgcFtmda5YQRbrfTsOnhs7ybaZvf9oIf88946Dutp
ZFTx2RpDehFcRbTcqV02DvTAPQ1A8KntDvSQZxBjxGLxCowcrK8uTMkMtSsKuIsw
dCoSUBO8/MlZ6i2m+amcLzPtVZstgTh3UT3ydMS6tatHDhVMbABDefLPqaEyNXXZ
AmsYpczawHI7TYOVlRT6xdwwNjeYOxW+E2i0d9iUc3jc1lmiz+ZRBhtFrW5c2L7O
rp35Dgg9
-----END CERTIFICATE-----