Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/ea10b5-21f6-46b9-aad6-3f7a3e025e8b/1/xrVdojvso0VCroNbiq5XhdAjUVc.roa
File:                     xrVdojvso0VCroNbiq5XhdAjUVc.roa (raw, json)
Hash identifier:          D82IYwq07/asrfGlpKcglSCToOjPK4+JlX/ueL9O870=
Subject key identifier:   C6:B5:5D:A2:3B:EC:A3:45:42:AE:83:5B:8A:AE:57:85:D0:23:51:57
Certificate issuer:       /CN=7e5c8528f81787c489c54a993839269f5a6b1f94
Certificate serial:       018CC8DEEE663BFEA97383CCB6A91075D87F
Authority key identifier: 7E:5C:85:28:F8:17:87:C4:89:C5:4A:99:38:39:26:9F:5A:6B:1F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flyFKPgXh8SJxUqZODkmn1prH5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/ea10b5-21f6-46b9-aad6-3f7a3e025e8b/1/xrVdojvso0VCroNbiq5XhdAjUVc.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12676
IP address blocks:        193.108.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/ea10b5-21f6-46b9-aad6-3f7a3e025e8b/1/flyFKPgXh8SJxUqZODkmn1prH5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/ea10b5-21f6-46b9-aad6-3f7a3e025e8b/1/flyFKPgXh8SJxUqZODkmn1prH5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flyFKPgXh8SJxUqZODkmn1prH5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ee:66:3b:fe:a9:73:83:cc:b6:a9:10:75:d8:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e5c8528f81787c489c54a993839269f5a6b1f94
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6b55da23beca34542ae835b8aae5785d0235157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bf:22:c1:85:0e:f8:9d:46:ca:39:64:92:69:
                    b9:bc:05:e3:0d:88:97:6f:e3:9c:a9:d4:d6:e9:ac:
                    cd:7c:8a:ec:30:6b:ea:c9:ff:8f:0a:31:85:c7:52:
                    05:d8:44:6c:cd:27:65:ef:bb:f1:58:49:ba:0d:d6:
                    75:6b:46:4e:75:34:cf:da:07:36:91:26:86:df:70:
                    c5:9e:d2:59:ad:cd:99:7f:91:8d:ec:a9:52:ea:a6:
                    6a:d4:87:3a:99:7d:86:54:6d:f2:ab:6a:07:3d:b3:
                    1b:f5:23:ed:cf:65:18:4f:14:16:12:24:89:69:71:
                    fa:f9:a2:ef:24:67:ce:68:41:fc:0f:5d:81:45:45:
                    b3:14:e9:b2:0e:41:82:ae:d6:96:61:6a:bc:c1:59:
                    72:0c:2d:a8:9d:e3:75:ed:e8:2c:f6:a2:0d:ab:ab:
                    7f:9d:1f:36:e6:f1:53:4b:77:3a:0a:8d:e1:c1:99:
                    73:cf:21:95:d2:05:59:ab:d5:91:ed:64:e4:6d:e3:
                    2a:a4:db:21:7e:b3:68:8f:b5:e9:66:58:2f:5b:aa:
                    18:92:dc:0e:d4:c0:0e:8f:a2:7a:13:4e:9e:28:e7:
                    5e:b9:e1:19:15:3e:73:43:06:5d:f0:70:85:8b:57:
                    43:da:40:48:d6:71:a4:a9:3a:4b:38:1b:a9:c7:f6:
                    7f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B5:5D:A2:3B:EC:A3:45:42:AE:83:5B:8A:AE:57:85:D0:23:51:57
            X509v3 Authority Key Identifier:
                keyid:7E:5C:85:28:F8:17:87:C4:89:C5:4A:99:38:39:26:9F:5A:6B:1F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flyFKPgXh8SJxUqZODkmn1prH5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/ea10b5-21f6-46b9-aad6-3f7a3e025e8b/1/xrVdojvso0VCroNbiq5XhdAjUVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/ea10b5-21f6-46b9-aad6-3f7a3e025e8b/1/flyFKPgXh8SJxUqZODkmn1prH5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:b0:1f:d4:c2:1d:9c:8f:09:39:6b:37:ce:21:4d:4a:dc:19:
         1d:25:91:60:07:d6:5e:b7:db:50:b9:88:08:33:de:2c:6b:bc:
         8a:96:8b:63:4d:8d:6f:c3:a7:f2:8f:01:ca:52:cd:03:ce:58:
         96:7a:2c:2a:e0:b2:20:f9:c3:cc:33:d8:f3:34:eb:8d:5c:40:
         34:54:35:40:56:87:04:78:af:2f:58:12:05:ea:ae:75:9c:7f:
         26:a4:85:98:5b:51:35:c5:02:61:25:4d:98:22:99:98:53:d9:
         e7:cb:c0:76:5f:0d:0a:a6:85:53:9b:5c:0d:e3:1c:1e:9e:cf:
         97:db:88:88:48:a3:e0:50:b5:39:a8:6b:a9:9e:4f:0e:4d:a7:
         2a:bb:6b:fb:a8:7e:0a:d2:7a:a6:db:ca:07:6f:9c:17:d8:a2:
         de:36:da:aa:e6:f5:1d:3c:eb:0d:59:60:58:11:3e:80:bb:09:
         7c:38:67:92:d6:47:57:6c:5c:8b:db:3f:e6:5e:cc:a3:7b:e5:
         3f:40:e3:f8:c6:be:c9:cf:96:1b:9c:78:c8:26:db:e5:f3:62:
         de:dc:7e:13:b5:3a:cf:5e:35:63:37:fd:73:d0:9c:63:c0:e4:
         11:3b:b8:79:70:c8:3b:7e:f5:5e:79:0a:ba:51:ae:a9:45:d3:
         2f:94:0f:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3u5mO/6pc4PMtqkQddh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNWM4NTI4ZjgxNzg3YzQ4OWM1NGE5OTM4MzkyNjlmNWE2
YjFmOTQwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI1NWRhMjNiZWNhMzQ1NDJhZTgzNWI4YWFlNTc4NWQwMjM1MTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAor8iwYUO+J1Gyjlkkmm5vAXjDYiX
b+OcqdTW6azNfIrsMGvqyf+PCjGFx1IF2ERszSdl77vxWEm6DdZ1a0ZOdTTP2gc2
kSaG33DFntJZrc2Zf5GN7KlS6qZq1Ic6mX2GVG3yq2oHPbMb9SPtz2UYTxQWEiSJ
aXH6+aLvJGfOaEH8D12BRUWzFOmyDkGCrtaWYWq8wVlyDC2oneN17egs9qINq6t/
nR825vFTS3c6Co3hwZlzzyGV0gVZq9WR7WTkbeMqpNshfrNoj7XpZlgvW6oYktwO
1MAOj6J6E06eKOdeueEZFT5zQwZd8HCFi1dD2kBI1nGkqTpLOBupx/Z/SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMa1XaI77KNFQq6DW4quV4XQI1FXMB8GA1UdIwQY
MBaAFH5chSj4F4fEicVKmTg5Jp9aax+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmx5RktQZ1hoOFNKeFVxWk9Ea21uMXBySDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9lYTEwYjUtMjFmNi00NmI5LWFhZDYt
M2Y3YTNlMDI1ZThiLzEveHJWZG9qdnNvMFZDcm9OYmlxNVhoZEFqVVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9lYTEwYjUtMjFmNi00NmI5LWFhZDYtM2Y3YTNlMDI1ZThi
LzEvZmx5RktQZ1hoOFNKeFVxWk9Ea21uMXBySDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWy+MA0G
CSqGSIb3DQEBCwUAA4IBAQAIsB/Uwh2cjwk5azfOIU1K3BkdJZFgB9Zet9tQuYgI
M94sa7yKlotjTY1vw6fyjwHKUs0DzliWeiwq4LIg+cPMM9jzNOuNXEA0VDVAVocE
eK8vWBIF6q51nH8mpIWYW1E1xQJhJU2YIpmYU9nny8B2Xw0KpoVTm1wN4xwens+X
24iISKPgULU5qGupnk8OTacqu2v7qH4K0nqm28oHb5wX2KLeNtqq5vUdPOsNWWBY
ET6Auwl8OGeS1kdXbFyL2z/mXsyje+U/QOP4xr7Jz5YbnHjIJtvl82Le3H4TtTrP
XjVjN/1z0JxjwOQRO7h5cMg7fvVeeQq6Ua6pRdMvlA8K
-----END CERTIFICATE-----