Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/xwkIedAY7dN4dS0IGQzr3j5jNCc.roa
File:                     xwkIedAY7dN4dS0IGQzr3j5jNCc.roa (raw, json)
Hash identifier:          3vmzY+EamKs+w6FK9pt6HD2RM0lYchzRci3DzO5i2ws=
Subject key identifier:   C7:09:08:79:D0:18:ED:D3:78:75:2D:08:19:0C:EB:DE:3E:63:34:27
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019169F92A7E44ED51F82127674E19AA33C5
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/xwkIedAY7dN4dS0IGQzr3j5jNCc.roa
Signing time:             Mon 19 Aug 2024 09:30:22 +0000
ROA not before:           Mon 19 Aug 2024 09:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210893
IP address blocks:        217.180.36.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:f9:2a:7e:44:ed:51:f8:21:27:67:4e:19:aa:33:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Aug 19 09:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7090879d018edd378752d08190cebde3e633427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:60:f1:82:8b:cd:81:6d:3d:98:ea:34:5e:bc:
                    78:92:9d:93:ff:8b:33:2b:0c:7e:1d:64:65:99:98:
                    8b:a8:aa:b2:a8:6b:fb:86:f8:d8:0a:5a:4d:35:0a:
                    4f:9d:44:f2:74:b1:16:cf:79:5d:fc:71:82:70:9d:
                    6e:1e:b6:b0:48:85:51:18:03:46:4e:8e:be:44:5d:
                    10:9c:2e:0c:42:72:62:ed:c2:c1:3f:0a:b3:64:c2:
                    85:6c:c3:ef:da:c7:65:8f:03:13:7c:d5:87:fc:64:
                    a1:29:d0:79:a5:83:11:7c:ba:5f:93:5c:28:8b:4d:
                    e4:d9:c0:3a:49:00:e1:5b:c7:07:dd:dc:ab:11:0b:
                    f6:4f:1e:1e:23:08:fe:21:59:00:13:6b:fe:d9:7a:
                    7f:c8:0f:dd:32:c0:bf:0d:6d:d3:76:9a:9e:f0:9f:
                    d5:0d:12:cd:26:3f:33:7c:dd:da:9a:c5:f3:8d:ab:
                    91:b6:e2:31:61:ad:58:db:a5:e3:ed:58:1e:2c:c9:
                    d1:20:af:04:56:07:e3:f9:9f:92:87:99:4d:2c:95:
                    47:57:2c:bc:48:4b:c4:8b:3a:7e:2f:0e:32:39:62:
                    88:f2:b6:4a:8e:57:84:c5:fd:17:b5:d9:9d:ff:b4:
                    ba:25:8d:42:af:d0:be:c7:87:2d:07:1f:2e:29:c8:
                    9b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:09:08:79:D0:18:ED:D3:78:75:2D:08:19:0C:EB:DE:3E:63:34:27
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/xwkIedAY7dN4dS0IGQzr3j5jNCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:d6:c9:59:8f:bf:66:b6:6d:71:6f:12:f1:ed:5b:8b:dd:a6:
         fc:53:11:e6:de:b8:bc:36:92:83:04:7a:c8:bb:19:ce:58:c6:
         4a:4c:2d:3f:77:9a:5f:e4:c9:5b:91:e9:dd:3b:1f:f6:06:61:
         0f:42:af:d2:df:b8:37:ae:f3:68:ff:d1:ff:ad:c1:72:92:db:
         74:80:e4:48:69:e2:6d:24:a8:1d:31:84:25:ac:86:df:46:75:
         b3:2d:5d:67:b1:c5:a4:f5:75:22:eb:28:c2:88:55:c6:4d:e1:
         51:fb:ae:ba:15:75:4c:79:c9:72:12:47:b7:0c:45:13:bc:5c:
         4d:c0:41:72:d2:31:35:8e:6a:b1:e6:8f:02:73:3c:43:bf:7d:
         6a:aa:30:ff:70:3a:42:a7:b5:cd:6e:3f:41:72:77:93:2a:e4:
         39:fe:3f:09:23:c9:d3:67:2b:9f:9a:30:53:b1:b0:49:90:64:
         2e:a0:7e:53:1d:10:d6:0f:70:1e:24:26:32:45:bb:c9:90:41:
         e5:bd:89:fb:88:bb:16:a4:19:94:61:ea:f1:5b:c6:39:46:93:
         27:a2:80:79:b3:68:c9:dc:e7:aa:da:4e:e4:34:61:a0:19:c2:
         2e:96:96:ac:a3:9f:c7:19:f3:a7:21:9b:5d:85:d6:6d:f6:57:
         89:d4:a0:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFp+Sp+RO1R+CEnZ04ZqjPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwODE5MDkzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzA5MDg3OWQwMThlZGQzNzg3NTJkMDgxOTBjZWJkZTNlNjMzNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmDxgovNgW09mOo0Xrx4kp2T/4sz
Kwx+HWRlmZiLqKqyqGv7hvjYClpNNQpPnUTydLEWz3ld/HGCcJ1uHrawSIVRGANG
To6+RF0QnC4MQnJi7cLBPwqzZMKFbMPv2sdljwMTfNWH/GShKdB5pYMRfLpfk1wo
i03k2cA6SQDhW8cH3dyrEQv2Tx4eIwj+IVkAE2v+2Xp/yA/dMsC/DW3Tdpqe8J/V
DRLNJj8zfN3amsXzjauRtuIxYa1Y26Xj7VgeLMnRIK8EVgfj+Z+Sh5lNLJVHVyy8
SEvEizp+Lw4yOWKI8rZKjleExf0Xtdmd/7S6JY1Cr9C+x4ctBx8uKcibmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcJCHnQGO3TeHUtCBkM694+YzQnMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEveHdrSWVkQVk3ZE40ZFMwSUdRenIzajVqTkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2bQkMA0G
CSqGSIb3DQEBCwUAA4IBAQBu1slZj79mtm1xbxLx7VuL3ab8UxHm3ri8NpKDBHrI
uxnOWMZKTC0/d5pf5MlbkendOx/2BmEPQq/S37g3rvNo/9H/rcFyktt0gORIaeJt
JKgdMYQlrIbfRnWzLV1nscWk9XUi6yjCiFXGTeFR+666FXVMeclyEke3DEUTvFxN
wEFy0jE1jmqx5o8CczxDv31qqjD/cDpCp7XNbj9BcneTKuQ5/j8JI8nTZyufmjBT
sbBJkGQuoH5THRDWD3AeJCYyRbvJkEHlvYn7iLsWpBmUYerxW8Y5RpMnooB5s2jJ
3Oeq2k7kNGGgGcIulpaso5/HGfOnIZtdhdZt9leJ1KBD
-----END CERTIFICATE-----