Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/xACC0mpwH-tO0JoEc4LghPkqqZk.roa
File:                     xACC0mpwH-tO0JoEc4LghPkqqZk.roa (raw, json)
Hash identifier:          17AdF5s5qqzPval8OEZaqiVYN8RTjsPgwtvKhT9fxwA=
Subject key identifier:   C4:00:82:D2:6A:70:1F:EB:4E:D0:9A:04:73:82:E0:84:F9:2A:A9:99
Certificate issuer:       /CN=4acef45fbb0f26930aeb833cf79fc41e22ca9235
Certificate serial:       018E36DA60D263E0DAAF8A3AA73D73D9B168
Authority key identifier: 4A:CE:F4:5F:BB:0F:26:93:0A:EB:83:3C:F7:9F:C4:1E:22:CA:92:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/xACC0mpwH-tO0JoEc4LghPkqqZk.roa
Signing time:             Wed 13 Mar 2024 08:07:45 +0000
ROA not before:           Wed 13 Mar 2024 08:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210820
IP address blocks:        193.111.235.0/24 maxlen: 24
                          193.134.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:36:da:60:d2:63:e0:da:af:8a:3a:a7:3d:73:d9:b1:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4acef45fbb0f26930aeb833cf79fc41e22ca9235
        Validity
            Not Before: Mar 13 08:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c40082d26a701feb4ed09a047382e084f92aa999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a9:bb:7d:e5:4c:50:5b:55:7c:e3:4c:8d:12:
                    f7:aa:b7:00:41:4f:e5:1e:e8:29:02:02:ec:d6:da:
                    0f:0d:7a:60:6c:e0:69:f5:9f:6d:5d:47:12:e5:ff:
                    b4:b2:8e:c8:17:22:a6:78:27:a6:f8:39:b0:97:88:
                    7d:3d:88:54:21:69:46:53:ff:9c:db:54:b2:d4:c4:
                    cf:8f:43:57:bf:94:fa:11:36:95:52:b3:c4:bc:a1:
                    a8:32:7a:79:cb:6b:ab:65:11:32:9a:bc:e2:77:af:
                    88:46:6e:63:eb:68:c7:f4:b1:a6:b5:05:c2:26:21:
                    3e:bb:92:47:88:d0:75:e5:99:98:23:d0:7b:10:70:
                    bb:0d:96:8a:a0:75:bc:80:07:b7:90:e3:ab:85:35:
                    ee:0f:b1:53:7d:99:52:23:1b:33:a0:14:08:ba:1e:
                    0f:14:1e:d2:7a:6e:4f:75:bc:a1:72:b2:d5:87:2a:
                    89:b9:37:8d:d0:12:7f:a5:1a:2f:0f:bd:c0:57:68:
                    8e:96:32:30:f8:fc:33:9e:cd:ac:78:6a:f7:13:06:
                    c1:d1:fa:3d:57:1c:2a:cd:3b:68:b5:33:ac:82:d7:
                    fa:02:f8:3f:29:ef:02:60:4b:37:fc:9a:89:24:48:
                    30:78:43:db:08:91:59:ae:b1:f8:60:84:5c:8e:cf:
                    08:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:00:82:D2:6A:70:1F:EB:4E:D0:9A:04:73:82:E0:84:F9:2A:A9:99
            X509v3 Authority Key Identifier:
                keyid:4A:CE:F4:5F:BB:0F:26:93:0A:EB:83:3C:F7:9F:C4:1E:22:CA:92:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/xACC0mpwH-tO0JoEc4LghPkqqZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.235.0/24
                  193.134.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:17:3f:2b:57:1a:97:cf:58:46:27:12:1b:d8:63:58:4c:fd:
         49:e4:37:bd:95:66:62:8b:49:53:fd:85:9f:92:fe:e0:36:51:
         0c:cc:21:3e:46:7c:90:37:f9:95:44:ed:c9:fa:77:a7:3d:46:
         a3:a0:f7:ca:e4:e7:f8:7f:66:31:c4:b7:31:f9:c1:22:ae:79:
         4d:fb:c2:a2:12:c4:ab:c6:ed:2b:8b:5d:f6:a0:41:64:4a:13:
         9a:50:b1:72:76:45:89:e1:39:3e:9c:5a:ac:07:62:3c:1c:49:
         3b:26:27:4b:de:94:ce:24:1a:c6:ac:b2:2f:c5:da:4e:05:e8:
         f7:53:60:68:ad:35:c6:9f:8b:a1:4a:19:39:84:78:45:34:76:
         97:07:9f:18:aa:ed:13:26:26:c5:1d:6b:97:b1:aa:d9:2e:8e:
         1f:81:11:63:94:38:65:6e:00:ac:d5:f3:3d:bd:a0:34:fe:cc:
         7c:06:f5:9f:d7:f1:52:9d:e9:86:62:44:10:4b:75:82:a7:d1:
         23:58:e1:3f:0b:24:10:45:5c:ba:c4:b7:d9:17:f7:18:c4:e0:
         8b:cd:8f:00:0e:93:a9:d2:37:c4:f7:6f:7b:ee:4f:5c:22:a8:
         89:c7:da:cd:f4:a7:4a:78:a3:4d:22:be:9e:21:18:1e:11:81:
         16:64:92:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY422mDSY+Dar4o6pz1z2bFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2VmNDVmYmIwZjI2OTMwYWViODMzY2Y3OWZjNDFlMjJj
YTkyMzUwHhcNMjQwMzEzMDgwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDAwODJkMjZhNzAxZmViNGVkMDlhMDQ3MzgyZTA4NGY5MmFhOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6m7feVMUFtVfONMjRL3qrcAQU/l
HugpAgLs1toPDXpgbOBp9Z9tXUcS5f+0so7IFyKmeCem+Dmwl4h9PYhUIWlGU/+c
21Sy1MTPj0NXv5T6ETaVUrPEvKGoMnp5y2urZREymrzid6+IRm5j62jH9LGmtQXC
JiE+u5JHiNB15ZmYI9B7EHC7DZaKoHW8gAe3kOOrhTXuD7FTfZlSIxszoBQIuh4P
FB7Sem5PdbyhcrLVhyqJuTeN0BJ/pRovD73AV2iOljIw+Pwzns2seGr3EwbB0fo9
VxwqzTtotTOsgtf6Avg/Ke8CYEs3/JqJJEgweEPbCJFZrrH4YIRcjs8IUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMQAgtJqcB/rTtCaBHOC4IT5KqmZMB8GA1UdIwQY
MBaAFErO9F+7DyaTCuuDPPefxB4iypI1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3M3MFg3c1BKcE1LNjRNODk1X0VIaUxLa2pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85N2ZiMzYtZWE5Yi00M2Y0LWFhZDUt
MDZmNzI5MGRjNDRhLzEveEFDQzBtcHdILXRPMEpvRWM0TGdoUGtxcVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85N2ZiMzYtZWE5Yi00M2Y0LWFhZDUtMDZmNzI5MGRjNDRh
LzEvU3M3MFg3c1BKcE1LNjRNODk1X0VIaUxLa2pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW/rAwQA
wYZlMA0GCSqGSIb3DQEBCwUAA4IBAQCfFz8rVxqXz1hGJxIb2GNYTP1J5De9lWZi
i0lT/YWfkv7gNlEMzCE+RnyQN/mVRO3J+nenPUajoPfK5Of4f2YxxLcx+cEirnlN
+8KiEsSrxu0ri132oEFkShOaULFydkWJ4Tk+nFqsB2I8HEk7JidL3pTOJBrGrLIv
xdpOBej3U2BorTXGn4uhShk5hHhFNHaXB58Yqu0TJibFHWuXsarZLo4fgRFjlDhl
bgCs1fM9vaA0/sx8BvWf1/FSnemGYkQQS3WCp9EjWOE/CyQQRVy6xLfZF/cYxOCL
zY8ADpOp0jfE92977k9cIqiJx9rN9KdKeKNNIr6eIRgeEYEWZJJs
-----END CERTIFICATE-----