Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/XaneZGIGLMekYYrQ2yJWDz8z6Iw.roa
File:                     XaneZGIGLMekYYrQ2yJWDz8z6Iw.roa (raw, json)
Hash identifier:          J4je66xAltUTeO8whodG2m43BUptmLfA31UJ/QIgbpA=
Subject key identifier:   5D:A9:DE:64:62:06:2C:C7:A4:61:8A:D0:DB:22:56:0F:3F:33:E8:8C
Certificate issuer:       /CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Certificate serial:       018CC5DBFEB53ECB15386D9E405C6735854F
Authority key identifier: C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/XaneZGIGLMekYYrQ2yJWDz8z6Iw.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35278
IP address blocks:        193.222.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fe:b5:3e:cb:15:38:6d:9e:40:5c:67:35:85:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5da9de6462062cc7a4618ad0db22560f3f33e88c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b8:60:7a:24:e3:4d:40:21:fc:06:48:4e:50:
                    02:6d:77:5f:5a:88:ff:a4:f9:fe:52:75:14:92:4f:
                    d0:c6:69:f8:6b:a1:a2:22:ab:e4:9e:64:24:38:ea:
                    e3:59:42:3f:79:22:e0:64:fe:57:fa:d8:e7:94:e3:
                    d1:ff:28:79:1a:9d:0f:74:ac:86:45:3d:b9:93:5f:
                    c0:71:b5:86:29:e5:43:d9:f1:6d:79:f7:66:9e:77:
                    08:d0:70:17:9e:8d:82:96:fc:58:45:cd:27:24:aa:
                    60:6d:8f:27:b8:87:b9:31:75:fd:11:ac:be:5f:13:
                    28:fb:89:ac:be:71:76:e7:86:14:7d:27:43:42:08:
                    e0:9d:e0:a7:68:f3:2a:0d:e0:c1:34:76:d2:b7:0b:
                    e6:ad:e5:a0:32:97:9d:89:46:17:93:49:73:e7:e0:
                    1a:7c:60:1a:ff:24:3c:1a:70:00:31:39:80:a3:37:
                    a3:34:54:9b:4e:0b:d2:7c:dc:94:9a:b6:eb:63:cc:
                    ea:73:39:23:b4:60:00:4e:82:7f:79:1c:d4:51:73:
                    e0:f2:ef:95:85:fc:d2:59:1d:e0:3a:32:25:ed:39:
                    69:8f:3a:15:d4:cd:f9:3d:f4:c3:8c:c4:a5:d3:29:
                    bf:a1:5a:84:1f:4c:21:9e:0d:73:f1:b6:1a:22:8b:
                    f8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A9:DE:64:62:06:2C:C7:A4:61:8A:D0:DB:22:56:0F:3F:33:E8:8C
            X509v3 Authority Key Identifier:
                keyid:C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/XaneZGIGLMekYYrQ2yJWDz8z6Iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:46:92:a3:83:b2:68:55:5e:11:19:70:c6:17:0e:2f:db:60:
         41:f0:5f:2d:52:6f:6c:58:e5:c7:3c:12:a1:c2:a4:a5:b7:40:
         20:c1:0c:1d:5c:c2:f9:36:11:4b:43:64:22:9e:77:4e:20:63:
         3f:52:34:c6:51:fa:50:9d:35:45:de:5b:46:c5:58:5e:43:a6:
         eb:ba:47:02:e0:21:91:25:02:92:ed:5a:33:93:3d:08:63:5a:
         ca:96:40:3a:67:2f:ef:a7:e9:30:07:e2:af:ac:cf:cf:15:16:
         27:d2:a1:57:9a:ea:87:83:30:20:ef:94:33:0f:4a:7a:45:57:
         af:e0:30:a7:bd:6e:f0:2d:0d:92:38:e8:a0:6f:a1:c5:eb:7d:
         e5:28:fc:da:66:40:8f:b2:1f:7a:71:16:32:d6:34:6e:e6:53:
         f6:4f:26:03:30:6b:65:4a:70:6a:17:7a:a8:62:9a:47:a6:e4:
         3b:0b:7d:c2:d5:e9:95:8a:3a:36:cb:d5:fb:76:5f:95:6e:42:
         a7:a5:c2:45:42:34:78:5b:ac:55:21:db:1b:d2:5f:7e:6e:48:
         74:e0:a9:8d:9b:e6:09:4a:28:37:1a:b2:bf:df:f9:4f:4a:09:
         c4:ed:a3:92:9d:ea:bd:5c:63:5c:16:e6:9c:82:39:bf:0a:8f:
         6f:0f:f4:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/61PssVOG2eQFxnNYVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWJkY2M0OWY3ZDkwMzNiNTI5MDQ2NzlmM2M5Yjc4M2Q4
YzEzNTgwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE5ZGU2NDYyMDYyY2M3YTQ2MThhZDBkYjIyNTYwZjNmMzNlODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7hgeiTjTUAh/AZITlACbXdfWoj/
pPn+UnUUkk/Qxmn4a6GiIqvknmQkOOrjWUI/eSLgZP5X+tjnlOPR/yh5Gp0PdKyG
RT25k1/AcbWGKeVD2fFtefdmnncI0HAXno2ClvxYRc0nJKpgbY8nuIe5MXX9Eay+
XxMo+4msvnF254YUfSdDQgjgneCnaPMqDeDBNHbStwvmreWgMpediUYXk0lz5+Aa
fGAa/yQ8GnAAMTmAozejNFSbTgvSfNyUmrbrY8zqczkjtGAAToJ/eRzUUXPg8u+V
hfzSWR3gOjIl7TlpjzoV1M35PfTDjMSl0ym/oVqEH0whng1z8bYaIov4vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2p3mRiBizHpGGK0NsiVg8/M+iMMB8GA1UdIwQY
MBaAFMOr3MSffZAztSkEZ588m3g9jBNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAt
NGQ5MTI3ZmJhM2FkLzEvWGFuZVpHSUdMTWVrWVlyUTJ5SldEejh6Nkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAtNGQ5MTI3ZmJhM2Fk
LzEvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd4+MA0G
CSqGSIb3DQEBCwUAA4IBAQCmRpKjg7JoVV4RGXDGFw4v22BB8F8tUm9sWOXHPBKh
wqSlt0AgwQwdXML5NhFLQ2QinndOIGM/UjTGUfpQnTVF3ltGxVheQ6brukcC4CGR
JQKS7Vozkz0IY1rKlkA6Zy/vp+kwB+KvrM/PFRYn0qFXmuqHgzAg75QzD0p6RVev
4DCnvW7wLQ2SOOigb6HF633lKPzaZkCPsh96cRYy1jRu5lP2TyYDMGtlSnBqF3qo
YppHpuQ7C33C1emVijo2y9X7dl+VbkKnpcJFQjR4W6xVIdsb0l9+bkh04KmNm+YJ
Sig3GrK/3/lPSgnE7aOSneq9XGNcFuacgjm/Co9vD/Sd
-----END CERTIFICATE-----