Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/XDILvvKovK62SZUirswxhxVFISM.roa
File:                     XDILvvKovK62SZUirswxhxVFISM.roa (raw, json)
Hash identifier:          QmaTPBawSuypyeS/HwTup0pVZiZWPpJZN1Z1xHIrrUw=
Subject key identifier:   5C:32:0B:BE:F2:A8:BC:AE:B6:49:95:22:AE:CC:31:87:15:45:21:23
Certificate issuer:       /CN=4c9fbe4756028fa4187a399595fac65c3c1c43c6
Certificate serial:       018CC2DB4D70A422275F14A0133B48C44B5B
Authority key identifier: 4C:9F:BE:47:56:02:8F:A4:18:7A:39:95:95:FA:C6:5C:3C:1C:43:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/XDILvvKovK62SZUirswxhxVFISM.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43872
IP address blocks:        84.38.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4d:70:a4:22:27:5f:14:a0:13:3b:48:c4:4b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c9fbe4756028fa4187a399595fac65c3c1c43c6
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c320bbef2a8bcaeb6499522aecc318715452123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:72:52:25:c3:44:51:42:a1:73:93:db:31:b2:
                    af:ad:ea:e7:18:b0:84:88:5c:06:82:f4:1b:0a:71:
                    2f:fb:ad:e1:80:e5:40:78:15:b2:2f:99:0d:26:11:
                    ca:fe:22:01:d9:c8:b1:1b:61:40:56:53:f5:3d:5d:
                    f7:2b:7f:52:8d:09:cd:64:b0:99:90:20:94:fa:25:
                    93:14:45:c9:ba:95:37:0e:00:b7:1c:46:fa:95:a8:
                    e4:ba:74:44:b6:e3:4a:9b:4f:c3:11:b5:6b:81:f7:
                    33:63:72:99:f6:16:9a:9c:a1:08:b0:ec:24:76:2c:
                    36:76:53:aa:e1:4a:93:99:bf:2c:36:19:ca:5f:6c:
                    7e:b4:e6:be:0b:9c:2b:91:6f:8d:48:81:b2:ab:1d:
                    06:ab:70:d1:a7:a2:5c:70:19:76:56:7f:9e:57:4b:
                    9f:f6:e1:a9:f0:b5:4e:fb:a0:a9:57:38:8c:bf:a6:
                    28:d3:71:fc:7b:6b:5d:b8:81:91:20:d0:36:3e:6b:
                    cb:31:69:26:c0:25:1e:6e:ae:e9:78:aa:c8:62:ec:
                    95:eb:0b:17:cd:32:4e:04:61:15:e3:b0:4f:00:ad:
                    6f:46:f6:3e:a9:fb:21:33:48:6a:19:9c:72:6b:ce:
                    7f:a8:86:e9:f9:8b:87:86:5e:e1:77:65:76:d4:02:
                    b3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:32:0B:BE:F2:A8:BC:AE:B6:49:95:22:AE:CC:31:87:15:45:21:23
            X509v3 Authority Key Identifier:
                keyid:4C:9F:BE:47:56:02:8F:A4:18:7A:39:95:95:FA:C6:5C:3C:1C:43:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/XDILvvKovK62SZUirswxhxVFISM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c7:ad:e1:0b:7a:01:ca:94:8e:1b:e1:ea:fe:aa:db:b9:bf:
         81:62:24:ca:74:38:7f:3c:47:64:18:16:28:0c:22:2a:3d:ee:
         18:ee:cf:5c:d1:00:74:77:ef:76:4d:95:ff:b8:4e:53:2f:52:
         52:4b:50:28:12:df:ef:20:18:9f:cc:77:b8:d4:4c:03:19:42:
         96:6d:0a:df:8d:d8:85:83:44:85:cf:03:60:99:e1:57:c4:b9:
         cd:2d:c0:b2:45:ca:bd:ed:3c:af:22:1f:54:64:01:e1:27:b2:
         98:20:88:c2:ac:95:0a:17:85:5c:5e:40:b3:b1:4e:b8:b7:c9:
         52:82:67:a6:f5:72:3e:75:d8:93:62:b1:11:7e:5e:48:3b:c3:
         bd:92:73:97:e7:3a:93:bd:d2:dd:be:84:8f:e4:dd:73:43:0f:
         1e:19:69:b5:8d:cf:db:6d:24:34:5a:4f:e7:34:25:f6:46:7e:
         de:8a:13:b7:8f:be:1e:f1:b1:7d:f3:85:8d:82:b1:24:a4:95:
         8e:61:8a:c3:fe:95:8a:d8:41:25:7d:cc:44:26:16:5d:fe:c6:
         9c:14:bf:f3:11:e7:77:63:01:39:83:a2:8b:b9:fd:28:74:ab:
         3b:2d:60:0f:59:f0:6a:a1:aa:96:d8:2d:ef:13:5d:14:93:65:
         d8:a0:e9:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC201wpCInXxSgEztIxEtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOWZiZTQ3NTYwMjhmYTQxODdhMzk5NTk1ZmFjNjVjM2Mx
YzQzYzYwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzMyMGJiZWYyYThiY2FlYjY0OTk1MjJhZWNjMzE4NzE1NDUyMTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnJSJcNEUUKhc5PbMbKvrernGLCE
iFwGgvQbCnEv+63hgOVAeBWyL5kNJhHK/iIB2cixG2FAVlP1PV33K39SjQnNZLCZ
kCCU+iWTFEXJupU3DgC3HEb6lajkunREtuNKm0/DEbVrgfczY3KZ9haanKEIsOwk
diw2dlOq4UqTmb8sNhnKX2x+tOa+C5wrkW+NSIGyqx0Gq3DRp6JccBl2Vn+eV0uf
9uGp8LVO+6CpVziMv6Yo03H8e2tduIGRINA2PmvLMWkmwCUebq7peKrIYuyV6wsX
zTJOBGEV47BPAK1vRvY+qfshM0hqGZxya85/qIbp+YuHhl7hd2V21AKzgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwyC77yqLyutkmVIq7MMYcVRSEjMB8GA1UdIwQY
MBaAFEyfvkdWAo+kGHo5lZX6xlw8HEPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEotLVIxWUNqNlFZZWptVmxmckdYRHdjUThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9iNWZiNTgtOTI4Yy00MzhmLWJjZWYt
ODU4ZjhhY2EzMjNmLzEvWERJTHZ2S292SzYyU1pVaXJzd3hoeFZGSVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9iNWZiNTgtOTI4Yy00MzhmLWJjZWYtODU4ZjhhY2EzMjNm
LzEvVEotLVIxWUNqNlFZZWptVmxmckdYRHdjUThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCb2MA0G
CSqGSIb3DQEBCwUAA4IBAQCMx63hC3oBypSOG+Hq/qrbub+BYiTKdDh/PEdkGBYo
DCIqPe4Y7s9c0QB0d+92TZX/uE5TL1JSS1AoEt/vIBifzHe41EwDGUKWbQrfjdiF
g0SFzwNgmeFXxLnNLcCyRcq97TyvIh9UZAHhJ7KYIIjCrJUKF4VcXkCzsU64t8lS
gmem9XI+ddiTYrERfl5IO8O9knOX5zqTvdLdvoSP5N1zQw8eGWm1jc/bbSQ0Wk/n
NCX2Rn7eihO3j74e8bF984WNgrEkpJWOYYrD/pWK2EElfcxEJhZd/sacFL/zEed3
YwE5g6KLuf0odKs7LWAPWfBqoaqW2C3vE10Uk2XYoOnZ
-----END CERTIFICATE-----