Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/XaXP-5zt19E-3mFwub8yCz7YQDw.roa
File:                     XaXP-5zt19E-3mFwub8yCz7YQDw.roa (raw, json)
Hash identifier:          trFZTtlTJvUUnhtCRoloMjMFeZLLPMAhFZQZRqFmZRs=
Subject key identifier:   5D:A5:CF:FB:9C:ED:D7:D1:3E:DE:61:70:B9:BF:32:0B:3E:D8:40:3C
Certificate issuer:       /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial:       018CC26D0B7459B63F98E980D22460B8BE4C
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/XaXP-5zt19E-3mFwub8yCz7YQDw.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        185.208.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0b:74:59:b6:3f:98:e9:80:d2:24:60:b8:be:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5da5cffb9cedd7d13ede6170b9bf320b3ed8403c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:44:b5:02:b0:b3:21:cb:f2:13:cb:87:0a:7f:
                    7c:07:b2:26:06:0a:0c:f5:d6:65:b1:6c:7d:6c:da:
                    c8:d2:18:04:77:41:e6:0f:5a:3d:70:20:23:9a:57:
                    08:3e:c7:4e:bf:11:37:ce:8e:7a:ea:02:b2:4a:ab:
                    55:ef:14:89:17:cf:69:c0:07:e1:c8:35:f6:e2:0f:
                    3f:d2:86:2f:35:7a:2d:6f:02:9e:7d:46:47:43:37:
                    aa:ff:23:e6:14:76:b9:d9:ab:b6:aa:9e:0c:17:bc:
                    cc:6b:39:d2:6f:59:57:01:ec:9d:83:97:35:14:f9:
                    a2:fb:f9:be:67:11:85:70:7c:8a:fc:10:89:b1:6d:
                    2c:00:d3:d3:4d:cb:e3:7f:91:07:dd:66:c7:00:49:
                    6e:3b:f4:e3:6e:48:a4:8f:78:0a:5c:73:9b:37:29:
                    13:b6:1f:92:2b:d0:19:48:f6:dd:ef:6a:cb:4a:5f:
                    a2:a8:f9:df:a0:b8:bd:b4:a5:4e:5a:59:ef:83:72:
                    86:06:f2:85:6f:14:d1:80:81:40:ef:b6:34:bb:14:
                    2e:26:d6:27:fa:ec:55:75:78:e3:bf:4c:d2:d3:85:
                    0d:d1:37:8a:79:ac:ca:ae:d4:51:2c:b4:e9:a8:3e:
                    bb:d9:dd:da:9d:6b:ae:a9:92:32:30:bd:d0:7f:f7:
                    6e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A5:CF:FB:9C:ED:D7:D1:3E:DE:61:70:B9:BF:32:0B:3E:D8:40:3C
            X509v3 Authority Key Identifier:
                keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/XaXP-5zt19E-3mFwub8yCz7YQDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:2b:d5:dc:74:5d:6f:39:d8:24:d5:04:e2:92:73:31:7a:df:
         eb:19:8e:dc:c2:e1:3b:f8:04:92:d6:06:eb:2b:b3:76:22:8e:
         b8:73:be:5a:5a:f1:06:f9:52:eb:f5:6d:ad:7b:aa:23:63:7b:
         77:af:70:d1:f3:b6:1f:d3:dc:30:cc:cf:b8:64:0c:e8:b3:94:
         c6:56:1c:4c:ae:a7:e9:8d:50:63:2d:59:e4:97:35:7d:4c:0f:
         92:c2:16:7e:27:32:45:cd:1c:74:19:ea:1a:4c:04:1c:5a:0f:
         8f:6f:4e:54:ef:d4:b4:e2:3f:0e:2e:ef:1d:4f:90:9c:3c:1c:
         5e:7f:d5:13:71:d7:02:3e:45:aa:74:2a:ef:51:bf:fd:7e:fa:
         50:93:d7:29:b4:b6:e8:f3:2c:54:2e:8a:ef:a5:8d:04:24:74:
         fa:8c:0c:ef:e3:64:64:96:c8:51:c7:13:ab:b9:90:15:3e:ee:
         f5:06:2f:f3:0b:d6:c8:a3:f6:67:4e:3b:c6:15:8f:c6:db:fb:
         8e:a9:cd:ce:c3:46:42:bd:3a:20:b7:4b:af:83:a9:38:59:84:
         0e:3a:57:9c:6b:bd:f5:9b:b5:04:87:43:cb:1b:18:b9:3a:f1:
         a5:64:3c:04:13:f6:3e:ba:5c:45:29:3a:62:b7:23:89:8e:de:
         4d:0a:6c:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQt0WbY/mOmA0iRguL5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE1Y2ZmYjljZWRkN2QxM2VkZTYxNzBiOWJmMzIwYjNlZDg0MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUS1ArCzIcvyE8uHCn98B7ImBgoM
9dZlsWx9bNrI0hgEd0HmD1o9cCAjmlcIPsdOvxE3zo566gKySqtV7xSJF89pwAfh
yDX24g8/0oYvNXotbwKefUZHQzeq/yPmFHa52au2qp4MF7zMaznSb1lXAeydg5c1
FPmi+/m+ZxGFcHyK/BCJsW0sANPTTcvjf5EH3WbHAEluO/Tjbkikj3gKXHObNykT
th+SK9AZSPbd72rLSl+iqPnfoLi9tKVOWlnvg3KGBvKFbxTRgIFA77Y0uxQuJtYn
+uxVdXjjv0zS04UN0TeKeazKrtRRLLTpqD672d3anWuuqZIyML3Qf/duewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2lz/uc7dfRPt5hcLm/Mgs+2EA8MB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvWGFYUC01enQxOUUtM21Gd3ViOHlDejdZUUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudAKMA0G
CSqGSIb3DQEBCwUAA4IBAQCIK9XcdF1vOdgk1QTiknMxet/rGY7cwuE7+ASS1gbr
K7N2Io64c75aWvEG+VLr9W2te6ojY3t3r3DR87Yf09wwzM+4ZAzos5TGVhxMrqfp
jVBjLVnklzV9TA+SwhZ+JzJFzRx0GeoaTAQcWg+Pb05U79S04j8OLu8dT5CcPBxe
f9UTcdcCPkWqdCrvUb/9fvpQk9cptLbo8yxULorvpY0EJHT6jAzv42RklshRxxOr
uZAVPu71Bi/zC9bIo/ZnTjvGFY/G2/uOqc3Ow0ZCvTogt0uvg6k4WYQOOleca731
m7UEh0PLGxi5OvGlZDwEE/Y+ulxFKTpityOJjt5NCmzV
-----END CERTIFICATE-----