Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/xYL1pCeXlNRKXYKyeuNnd4_f3j0.roa
File:                     xYL1pCeXlNRKXYKyeuNnd4_f3j0.roa (raw, json)
Hash identifier:          QiilZ7pPMOgLxT8/8awMd05o1z/YMsxaefTli4U6Bh8=
Subject key identifier:   C5:82:F5:A4:27:97:94:D4:4A:5D:82:B2:7A:E3:67:77:8F:DF:DE:3D
Certificate issuer:       /CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
Certificate serial:       018CC8DEF3AA0FD075EBF112183FF9DC6678
Authority key identifier: 7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/xYL1pCeXlNRKXYKyeuNnd4_f3j0.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29319
IP address blocks:        84.23.32.0/20 maxlen: 32
                          84.23.46.0/23 maxlen: 32
                          217.70.16.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f3:aa:0f:d0:75:eb:f1:12:18:3f:f9:dc:66:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c582f5a4279794d44a5d82b27ae367778fdfde3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8d:32:b9:f9:8b:37:27:08:ac:62:a2:43:22:
                    28:07:a4:44:e9:12:78:aa:b2:7b:7a:1f:58:30:f4:
                    3f:3c:31:31:4f:5e:c6:d5:86:1b:45:45:c6:95:6e:
                    fe:7b:5e:d6:d1:af:d3:a6:e1:18:91:11:70:5f:7c:
                    3c:65:62:f7:48:45:d2:38:8a:0e:4e:ec:31:4d:97:
                    34:08:2b:41:e7:ca:b4:af:07:2a:2f:15:5d:09:b9:
                    77:39:90:08:2c:7d:20:83:8c:ff:6d:a6:2e:06:7d:
                    9a:5c:7f:4a:3f:41:da:0d:f0:86:3b:de:31:a3:cb:
                    a7:1b:76:a2:d7:4c:11:37:90:29:95:b3:df:14:e9:
                    31:47:ae:99:53:6c:90:e1:b7:33:ee:6d:b8:2d:cc:
                    a6:87:e5:8a:9e:1e:b4:ea:a5:61:0c:dc:4b:9f:4f:
                    ad:f5:eb:66:10:59:b9:e3:06:76:82:88:07:ad:96:
                    36:44:23:ac:c1:43:08:f3:ca:2d:42:83:b0:90:4e:
                    36:1f:ef:8d:3f:77:67:26:23:12:3d:95:4a:cd:0f:
                    e1:2f:9b:d4:50:42:fb:1b:68:e9:55:32:b8:40:48:
                    94:6b:ed:8d:19:61:6c:b6:e2:1d:a6:b7:c7:6b:3c:
                    31:cf:3a:88:8f:96:ef:ea:97:a9:98:ee:3e:39:43:
                    9f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:82:F5:A4:27:97:94:D4:4A:5D:82:B2:7A:E3:67:77:8F:DF:DE:3D
            X509v3 Authority Key Identifier:
                keyid:7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/xYL1pCeXlNRKXYKyeuNnd4_f3j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.23.32.0/20
                  217.70.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         23:e1:d2:fd:16:0a:ae:19:94:77:52:ae:24:71:c3:33:f0:b0:
         94:ef:8c:44:65:22:7a:8e:a5:50:ab:c6:d0:d8:f9:ca:7f:74:
         1c:c3:d0:6a:75:3f:30:f2:69:38:05:8b:35:ae:db:b1:6d:ea:
         5c:12:9f:d0:44:44:4d:07:57:08:89:71:68:b9:2d:a3:cf:c7:
         0e:2b:d1:fd:f8:f0:06:ef:e0:07:16:20:ea:93:01:ee:bf:5d:
         29:01:0c:e5:05:0f:4d:00:61:6b:6e:b5:52:51:32:45:66:31:
         99:30:6b:68:79:e7:b6:fd:28:6f:98:78:1e:01:1a:77:88:ce:
         c9:2e:6f:4f:a5:0c:18:ae:dc:c9:2b:d5:b1:bf:6b:81:df:01:
         16:4e:d5:2d:59:43:6f:c2:78:95:86:20:7a:19:76:13:a9:59:
         52:a6:6c:3d:49:26:6b:a2:ce:ea:a3:d2:57:5a:fb:21:f0:b4:
         ee:b7:0f:51:5d:56:05:fa:48:5e:5b:a0:c7:bc:76:47:72:95:
         d4:e3:e1:48:2c:f2:36:2c:c5:20:60:83:ff:64:da:16:0f:a2:
         65:c0:18:dd:75:44:2c:cb:70:a5:c5:d9:76:8c:38:3f:74:ef:
         8e:c3:b5:0f:10:fd:85:53:66:ea:7f:89:80:1c:a5:99:2c:62:
         9b:9b:10:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3vOqD9B16/ESGD/53GZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMGJjZGVlOGNlODM5YzRkMjA0MTNjODYyNDIzY2NhMDRm
ZGM2MGEwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTgyZjVhNDI3OTc5NGQ0NGE1ZDgyYjI3YWUzNjc3NzhmZGZkZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI0yufmLNycIrGKiQyIoB6RE6RJ4
qrJ7eh9YMPQ/PDExT17G1YYbRUXGlW7+e17W0a/TpuEYkRFwX3w8ZWL3SEXSOIoO
TuwxTZc0CCtB58q0rwcqLxVdCbl3OZAILH0gg4z/baYuBn2aXH9KP0HaDfCGO94x
o8unG3ai10wRN5AplbPfFOkxR66ZU2yQ4bcz7m24Lcymh+WKnh606qVhDNxLn0+t
9etmEFm54wZ2gogHrZY2RCOswUMI88otQoOwkE42H++NP3dnJiMSPZVKzQ/hL5vU
UEL7G2jpVTK4QEiUa+2NGWFstuIdprfHazwxzzqIj5bv6pepmO4+OUOf7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMWC9aQnl5TUSl2CsnrjZ3eP3949MB8GA1UdIwQY
MBaAFHoLze6M6DnE0gQTyGJCPMoE/cYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMt
NGRlZjU3MzY1MTY5LzEveFlMMXBDZVhsTlJLWFlLeWV1Tm5kNF9mM2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMtNGRlZjU3MzY1MTY5
LzEvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEVBcgAwQE
2UYQMA0GCSqGSIb3DQEBCwUAA4IBAQAj4dL9FgquGZR3Uq4kccMz8LCU74xEZSJ6
jqVQq8bQ2PnKf3Qcw9BqdT8w8mk4BYs1rtuxbepcEp/QRERNB1cIiXFouS2jz8cO
K9H9+PAG7+AHFiDqkwHuv10pAQzlBQ9NAGFrbrVSUTJFZjGZMGtoeee2/ShvmHge
ARp3iM7JLm9PpQwYrtzJK9Wxv2uB3wEWTtUtWUNvwniVhiB6GXYTqVlSpmw9SSZr
os7qo9JXWvsh8LTutw9RXVYF+kheW6DHvHZHcpXU4+FILPI2LMUgYIP/ZNoWD6Jl
wBjddUQsy3Clxdl2jDg/dO+Ow7UPEP2FU2bqf4mAHKWZLGKbmxCI
-----END CERTIFICATE-----