Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/XWUyYH6Qi5hsRwgoMhzbgvxAuvg.roa
File:                     XWUyYH6Qi5hsRwgoMhzbgvxAuvg.roa (raw, json)
Hash identifier:          mMGmQCmK0WvprQlXqDNeY3jw+SxSeQC+KOroXTaVdPk=
Subject key identifier:   5D:65:32:60:7E:90:8B:98:6C:47:08:28:32:1C:DB:82:FC:40:BA:F8
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC5011867030C1F4FB536025068032B6F
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/XWUyYH6Qi5hsRwgoMhzbgvxAuvg.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        185.227.83.0/24 maxlen: 24
                          45.141.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:18:67:03:0c:1f:4f:b5:36:02:50:68:03:2b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d6532607e908b986c470828321cdb82fc40baf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:60:e0:ae:e6:0e:6a:dc:38:8a:69:d0:97:72:
                    02:80:75:7b:82:ed:ba:00:8f:c6:63:d7:4f:a7:eb:
                    30:02:82:ce:01:c5:06:55:16:75:7b:56:ee:bc:1c:
                    83:33:b6:41:4d:d2:26:e4:33:40:82:f0:c9:e8:dd:
                    9a:38:2f:42:51:1e:7c:2d:09:81:d1:b3:91:15:30:
                    97:e7:70:f6:fb:b2:59:86:46:de:54:49:fd:ac:b6:
                    b2:2a:12:ea:b1:72:1f:03:a7:58:33:32:4e:88:c7:
                    c0:5b:1e:bd:e5:a9:f6:8c:28:be:93:33:56:2e:08:
                    23:49:2a:39:78:eb:5f:41:5a:3a:73:c4:6a:b8:fe:
                    53:76:e6:e3:d4:19:f3:82:a6:87:97:82:f3:1f:8e:
                    e7:cb:9a:f4:16:9d:8f:df:9c:90:c0:9a:dd:d6:65:
                    fa:28:83:8c:fa:5c:96:e0:1f:d0:49:2e:5e:a3:e0:
                    df:f9:19:08:5d:26:6e:1b:86:6f:93:c7:9c:12:ab:
                    65:d5:44:d2:0f:34:ab:62:64:68:1b:38:58:3f:0a:
                    ff:f2:38:e1:6b:8d:c1:d4:e7:87:42:ad:71:bd:61:
                    47:93:aa:10:c6:ca:57:ad:81:fa:f8:be:e3:64:f2:
                    c7:68:c9:77:bb:b7:5c:84:ab:db:22:c8:92:29:e8:
                    8d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:65:32:60:7E:90:8B:98:6C:47:08:28:32:1C:DB:82:FC:40:BA:F8
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/XWUyYH6Qi5hsRwgoMhzbgvxAuvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.60.0/24
                  185.227.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:4c:a6:ce:fd:d5:f5:fd:fe:65:1c:92:db:d0:2a:2d:f6:f0:
         e6:02:6f:26:a5:2f:e0:ed:f6:68:01:b0:48:5b:46:72:26:27:
         46:8c:ce:3f:1e:14:23:69:33:92:bc:2f:45:63:d3:5e:f7:86:
         5c:60:e4:73:af:33:76:f2:8a:98:4f:fe:11:a5:c6:2e:f0:6a:
         80:fc:1d:4d:30:fc:e3:77:fb:44:3f:73:d4:60:b8:c7:a9:79:
         55:72:14:48:fd:38:6d:39:31:96:2f:cf:b0:54:25:c3:d1:b6:
         32:40:67:31:18:4c:1c:a9:6f:57:6a:12:d5:e0:7b:61:c8:8a:
         46:6c:55:5f:d7:1b:ea:f8:e2:1b:6d:a4:47:1a:06:b5:62:16:
         54:de:07:ba:e6:68:bb:15:c7:29:35:b1:a9:d3:0d:96:64:94:
         e1:b1:cb:23:72:0a:d6:ef:bc:ab:55:87:6e:71:8b:48:01:ee:
         68:f9:c2:a6:90:cc:ec:41:80:26:50:9c:4e:b2:b0:a4:52:42:
         7d:25:0a:ce:8a:64:13:3d:89:4d:1a:4e:66:14:cb:11:ea:ea:
         cb:44:77:05:29:cd:d0:20:e3:09:77:3b:26:ec:6f:d5:a6:c1:
         5c:1b:9d:3c:3c:11:11:cc:bb:bb:e0:60:d0:d4:e4:d3:f9:15:
         61:fd:f0:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFARhnAwwfT7U2AlBoAytvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDY1MzI2MDdlOTA4Yjk4NmM0NzA4MjgzMjFjZGI4MmZjNDBiYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WDgruYOatw4imnQl3ICgHV7gu26
AI/GY9dPp+swAoLOAcUGVRZ1e1buvByDM7ZBTdIm5DNAgvDJ6N2aOC9CUR58LQmB
0bORFTCX53D2+7JZhkbeVEn9rLayKhLqsXIfA6dYMzJOiMfAWx695an2jCi+kzNW
LggjSSo5eOtfQVo6c8RquP5Tdubj1BnzgqaHl4LzH47ny5r0Fp2P35yQwJrd1mX6
KIOM+lyW4B/QSS5eo+Df+RkIXSZuG4Zvk8ecEqtl1UTSDzSrYmRoGzhYPwr/8jjh
a43B1OeHQq1xvWFHk6oQxspXrYH6+L7jZPLHaMl3u7dchKvbIsiSKeiNXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF1lMmB+kIuYbEcIKDIc24L8QLr4MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvWFdVeVlINlFpNWhzUndnb01oemJndnhBdXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY08AwQA
ueNTMA0GCSqGSIb3DQEBCwUAA4IBAQCQTKbO/dX1/f5lHJLb0Cot9vDmAm8mpS/g
7fZoAbBIW0ZyJidGjM4/HhQjaTOSvC9FY9Ne94ZcYORzrzN28oqYT/4RpcYu8GqA
/B1NMPzjd/tEP3PUYLjHqXlVchRI/ThtOTGWL8+wVCXD0bYyQGcxGEwcqW9XahLV
4HthyIpGbFVf1xvq+OIbbaRHGga1YhZU3ge65mi7FccpNbGp0w2WZJThscsjcgrW
77yrVYducYtIAe5o+cKmkMzsQYAmUJxOsrCkUkJ9JQrOimQTPYlNGk5mFMsR6urL
RHcFKc3QIOMJdzsm7G/VpsFcG508PBERzLu74GDQ1OTT+RVh/fAY
-----END CERTIFICATE-----