Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/xjj9LJNIGgQGtNe8q92-ger1cUA.roa
File:                     xjj9LJNIGgQGtNe8q92-ger1cUA.roa (raw, json)
Hash identifier:          MLv1HgX6pVFu5RBHZEE+vSednURUAHRGPNkp67C+wko=
Subject key identifier:   C6:38:FD:2C:93:48:1A:04:06:B4:D7:BC:AB:DD:BE:81:EA:F5:71:40
Certificate issuer:       /CN=322639b35e5d9d0fb3696fe2fd61cb6f4c3fa504
Certificate serial:       018CC3B732CB4C96CA1CBABB670C42009573
Authority key identifier: 32:26:39:B3:5E:5D:9D:0F:B3:69:6F:E2:FD:61:CB:6F:4C:3F:A5:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/xjj9LJNIGgQGtNe8q92-ger1cUA.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204331
IP address blocks:        185.253.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:32:cb:4c:96:ca:1c:ba:bb:67:0c:42:00:95:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322639b35e5d9d0fb3696fe2fd61cb6f4c3fa504
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c638fd2c93481a0406b4d7bcabddbe81eaf57140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ad:d9:6e:b2:23:0a:2e:e3:b4:71:71:b1:e9:
                    45:96:01:7f:b9:5b:aa:4c:c7:98:08:91:3c:06:33:
                    81:a3:17:23:91:8d:d2:4d:63:ef:4c:96:02:10:28:
                    64:c2:fb:7a:6c:f5:3d:95:2c:4c:3a:f2:e5:3f:05:
                    23:70:2f:3c:35:3b:0d:90:24:d7:bb:c5:77:e7:87:
                    96:63:e8:73:5c:c0:62:e8:8b:7d:cf:53:8b:f9:6d:
                    31:cc:da:0b:27:ed:ba:52:80:46:6a:70:cb:1e:e1:
                    c9:8e:35:ce:92:a5:65:d8:ba:82:9e:ff:1d:8d:c3:
                    ea:8f:8a:8e:af:d4:b0:3d:09:5e:1f:6a:f6:fb:bf:
                    62:56:7d:14:36:7a:1f:e5:9c:ec:bb:60:33:65:b9:
                    40:05:8f:0e:a8:fa:eb:98:d0:bb:1e:2a:79:4d:48:
                    7f:00:df:c2:b3:43:0a:3c:72:15:e5:fb:4d:13:24:
                    c3:a9:4e:5c:2a:38:45:3a:52:b4:80:b5:99:03:88:
                    77:07:a8:55:2b:25:1a:be:15:87:1f:01:16:95:05:
                    d9:59:6b:ee:b6:e5:3b:0c:2e:35:85:f8:34:e8:7d:
                    4c:e8:f1:98:38:75:7c:77:66:73:e6:fe:21:2a:9f:
                    b3:c2:04:9e:ff:3e:c2:01:c3:b6:7e:99:e0:77:d5:
                    d4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:38:FD:2C:93:48:1A:04:06:B4:D7:BC:AB:DD:BE:81:EA:F5:71:40
            X509v3 Authority Key Identifier:
                keyid:32:26:39:B3:5E:5D:9D:0F:B3:69:6F:E2:FD:61:CB:6F:4C:3F:A5:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/xjj9LJNIGgQGtNe8q92-ger1cUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/662fbf-5576-4595-892b-b5b3aeae98ea/1/MiY5s15dnQ-zaW_i_WHLb0w_pQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:51:5e:22:0b:c3:9b:8c:2c:bb:c6:1b:42:3e:ca:12:75:97:
         86:0c:0f:11:34:47:ea:dd:3f:ab:28:94:e8:7d:9e:f1:ec:7d:
         69:c3:05:f4:55:87:dd:82:e4:75:a8:d7:19:63:17:4c:b2:5c:
         89:b7:6b:23:25:4f:67:77:0a:90:f7:f1:42:2f:24:f3:cd:1b:
         53:b0:24:66:b6:87:b5:c3:55:3a:71:a1:23:a6:45:a5:80:03:
         2a:46:e8:62:33:69:88:45:08:a6:85:e1:27:de:0c:9a:95:88:
         04:7f:8e:0f:88:b6:95:95:43:f3:b3:a1:e3:91:58:44:98:83:
         e2:95:ed:10:c3:8b:50:02:4e:6b:c8:50:9c:21:56:ee:89:67:
         f3:82:4f:47:a2:36:1d:ae:f4:8a:ca:f5:27:c5:5e:61:78:07:
         7a:b4:57:99:cd:80:ce:fa:05:c3:cd:ac:d3:96:c4:a7:96:41:
         20:48:44:19:4b:81:cf:b3:47:7f:02:81:0e:9f:44:ca:d8:3c:
         77:06:9c:bc:40:6f:cb:96:8e:9e:5b:67:e0:21:22:5d:66:42:
         c4:ce:13:e1:33:6e:9c:83:8b:16:0b:c0:f9:34:c7:31:9b:90:
         6f:c9:a3:40:6c:37:f5:02:b9:49:4c:d8:5c:bb:6b:75:3f:e3:
         a3:d4:0e:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzLLTJbKHLq7ZwxCAJVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMjYzOWIzNWU1ZDlkMGZiMzY5NmZlMmZkNjFjYjZmNGMz
ZmE1MDQwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM4ZmQyYzkzNDgxYTA0MDZiNGQ3YmNhYmRkYmU4MWVhZjU3MTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK3ZbrIjCi7jtHFxselFlgF/uVuq
TMeYCJE8BjOBoxcjkY3STWPvTJYCEChkwvt6bPU9lSxMOvLlPwUjcC88NTsNkCTX
u8V354eWY+hzXMBi6It9z1OL+W0xzNoLJ+26UoBGanDLHuHJjjXOkqVl2LqCnv8d
jcPqj4qOr9SwPQleH2r2+79iVn0UNnof5Zzsu2AzZblABY8OqPrrmNC7Hip5TUh/
AN/Cs0MKPHIV5ftNEyTDqU5cKjhFOlK0gLWZA4h3B6hVKyUavhWHHwEWlQXZWWvu
tuU7DC41hfg06H1M6PGYOHV8d2Zz5v4hKp+zwgSe/z7CAcO2fpngd9XUwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY4/SyTSBoEBrTXvKvdvoHq9XFAMB8GA1UdIwQY
MBaAFDImObNeXZ0Ps2lv4v1hy29MP6UEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWlZNXMxNWRuUS16YVdfaV9XSExiMHdfcFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82NjJmYmYtNTU3Ni00NTk1LTg5MmIt
YjViM2FlYWU5OGVhLzEveGpqOUxKTklHZ1FHdE5lOHE5Mi1nZXIxY1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82NjJmYmYtNTU3Ni00NTk1LTg5MmItYjViM2FlYWU5OGVh
LzEvTWlZNXMxNWRuUS16YVdfaV9XSExiMHdfcFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf1MMA0G
CSqGSIb3DQEBCwUAA4IBAQBLUV4iC8ObjCy7xhtCPsoSdZeGDA8RNEfq3T+rKJTo
fZ7x7H1pwwX0VYfdguR1qNcZYxdMslyJt2sjJU9ndwqQ9/FCLyTzzRtTsCRmtoe1
w1U6caEjpkWlgAMqRuhiM2mIRQimheEn3gyalYgEf44PiLaVlUPzs6HjkVhEmIPi
le0Qw4tQAk5ryFCcIVbuiWfzgk9HojYdrvSKyvUnxV5heAd6tFeZzYDO+gXDzazT
lsSnlkEgSEQZS4HPs0d/AoEOn0TK2Dx3Bpy8QG/Llo6eW2fgISJdZkLEzhPhM26c
g4sWC8D5NMcxm5BvyaNAbDf1ArlJTNhcu2t1P+Oj1A53
-----END CERTIFICATE-----