Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/XUO1gC6rEuOk2IKlJcyFrEvIJnA.roa
File:                     XUO1gC6rEuOk2IKlJcyFrEvIJnA.roa (raw, json)
Hash identifier:          EBhKDbQpZjLpkyNZTKwL3Nsjwaa+YvH3y7qW+qpSDHE=
Subject key identifier:   5D:43:B5:80:2E:AB:12:E3:A4:D8:82:A5:25:CC:85:AC:4B:C8:26:70
Certificate issuer:       /CN=a749aca85dc66c83ce55ecdc045c96075ca7debc
Certificate serial:       018CC4939EC3CD0ABAD65DAE3AB4239C1847
Authority key identifier: A7:49:AC:A8:5D:C6:6C:83:CE:55:EC:DC:04:5C:96:07:5C:A7:DE:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p0msqF3GbIPOVezcBFyWB1yn3rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/XUO1gC6rEuOk2IKlJcyFrEvIJnA.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        185.17.238.0/23 maxlen: 23
                          2a03:dd41::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/p0msqF3GbIPOVezcBFyWB1yn3rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/p0msqF3GbIPOVezcBFyWB1yn3rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p0msqF3GbIPOVezcBFyWB1yn3rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9e:c3:cd:0a:ba:d6:5d:ae:3a:b4:23:9c:18:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a749aca85dc66c83ce55ecdc045c96075ca7debc
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d43b5802eab12e3a4d882a525cc85ac4bc82670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a4:a1:50:5f:41:c8:fe:3e:13:fb:ff:58:30:
                    5a:c8:10:bb:65:fd:bb:7c:6d:98:5b:12:2f:4e:31:
                    f4:84:25:ae:8d:d1:07:81:e8:96:d5:bf:fc:de:3f:
                    fc:ea:7e:e2:2a:9e:2b:ed:bd:b7:07:12:2e:dd:0d:
                    d0:84:73:ec:d8:54:9f:2d:47:e0:6e:c6:47:fd:c7:
                    ab:1b:93:37:c6:ad:ef:fb:b9:2e:12:6b:81:f2:49:
                    d0:8e:be:61:50:18:15:27:d1:7e:3f:88:90:c4:0d:
                    99:50:2b:5a:54:61:7d:b6:ed:2a:14:cf:0d:25:d4:
                    5a:14:cc:39:04:3b:b5:77:9e:36:24:18:d1:8a:c1:
                    84:0f:84:44:68:b0:d6:94:7d:d5:c1:b3:d7:fd:ee:
                    ec:5e:a7:e7:9e:17:07:14:1d:cf:5b:c0:24:58:58:
                    60:9f:53:98:03:30:25:5a:55:cf:93:4f:84:06:19:
                    bc:0e:72:26:63:7c:21:40:04:56:1b:ec:8d:8d:fd:
                    01:ec:64:a7:ad:09:73:6c:d9:ff:43:fe:62:8e:48:
                    1a:0f:a6:62:08:0d:4b:91:b7:97:0f:d7:18:49:c8:
                    a6:34:7d:3d:68:69:1d:66:34:be:86:a5:31:64:34:
                    0a:47:ae:19:4b:6e:37:c2:7c:00:db:e2:42:67:a1:
                    b9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:43:B5:80:2E:AB:12:E3:A4:D8:82:A5:25:CC:85:AC:4B:C8:26:70
            X509v3 Authority Key Identifier:
                keyid:A7:49:AC:A8:5D:C6:6C:83:CE:55:EC:DC:04:5C:96:07:5C:A7:DE:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p0msqF3GbIPOVezcBFyWB1yn3rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/XUO1gC6rEuOk2IKlJcyFrEvIJnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/p0msqF3GbIPOVezcBFyWB1yn3rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.238.0/23
                IPv6:
                  2a03:dd41::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:33:37:a6:ab:07:89:02:9d:fb:3c:46:b7:ee:3e:fc:6d:03:
         fa:0f:d6:18:c0:82:83:85:f9:39:67:dd:b0:14:e9:d3:82:ff:
         df:21:97:85:59:e9:38:a0:1b:a1:e3:96:24:ef:0e:76:05:38:
         b1:7e:6e:ff:25:15:a9:5c:b6:b0:52:a2:94:87:2e:f8:a3:fc:
         20:d9:40:ca:2a:fb:99:ca:ae:5b:77:85:bc:fd:c3:fe:9d:ff:
         df:91:90:d8:fd:56:c7:cd:cf:62:be:86:01:0a:41:81:22:1a:
         4e:f1:90:62:41:7c:da:fc:75:0b:a0:5a:c6:fd:ae:de:cf:59:
         cf:07:6d:cd:9b:a3:dd:72:bc:99:14:e4:ad:90:7c:4e:f2:ad:
         db:10:74:33:c7:91:c5:0e:dd:43:ed:2d:1f:ec:32:14:13:ba:
         9f:44:f5:e6:bd:8d:23:3b:87:0b:50:48:88:64:75:0c:a8:24:
         0e:6c:03:da:90:c6:4b:89:fd:7f:63:ea:c0:ae:94:d2:80:be:
         c4:68:8b:e4:fb:49:e5:03:4a:47:66:7a:37:07:eb:3e:41:3a:
         38:b7:56:5c:70:32:28:44:70:b0:b5:6d:77:17:7f:b0:4e:65:
         d6:2a:a0:4a:e0:d0:38:de:85:e0:0c:c1:85:36:52:8f:a5:e7:
         f2:51:df:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk57DzQq61l2uOrQjnBhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NDlhY2E4NWRjNjZjODNjZTU1ZWNkYzA0NWM5NjA3NWNh
N2RlYmMwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQzYjU4MDJlYWIxMmUzYTRkODgyYTUyNWNjODVhYzRiYzgyNjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKShUF9ByP4+E/v/WDBayBC7Zf27
fG2YWxIvTjH0hCWujdEHgeiW1b/83j/86n7iKp4r7b23BxIu3Q3QhHPs2FSfLUfg
bsZH/cerG5M3xq3v+7kuEmuB8knQjr5hUBgVJ9F+P4iQxA2ZUCtaVGF9tu0qFM8N
JdRaFMw5BDu1d542JBjRisGED4REaLDWlH3VwbPX/e7sXqfnnhcHFB3PW8AkWFhg
n1OYAzAlWlXPk0+EBhm8DnImY3whQARWG+yNjf0B7GSnrQlzbNn/Q/5ijkgaD6Zi
CA1LkbeXD9cYScimNH09aGkdZjS+hqUxZDQKR64ZS243wnwA2+JCZ6G5jQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF1DtYAuqxLjpNiCpSXMhaxLyCZwMB8GA1UdIwQY
MBaAFKdJrKhdxmyDzlXs3ARclgdcp968MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDBtc3FGM0diSVBPVmV6Y0JGeVdCMXluM3J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zM2U1MDgtMTI3ZC00OTQ2LWIzY2Mt
NGM5ZjQzZjg3OGFiLzEvWFVPMWdDNnJFdU9rMklLbEpjeUZyRXZJSm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zM2U1MDgtMTI3ZC00OTQ2LWIzY2MtNGM5ZjQzZjg3OGFi
LzEvcDBtc3FGM0diSVBPVmV6Y0JGeVdCMXluM3J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuRHuMA0E
AgACMAcDBQAqA91BMA0GCSqGSIb3DQEBCwUAA4IBAQCvMzemqweJAp37PEa37j78
bQP6D9YYwIKDhfk5Z92wFOnTgv/fIZeFWek4oBuh45Yk7w52BTixfm7/JRWpXLaw
UqKUhy74o/wg2UDKKvuZyq5bd4W8/cP+nf/fkZDY/VbHzc9ivoYBCkGBIhpO8ZBi
QXza/HULoFrG/a7ez1nPB23Nm6PdcryZFOStkHxO8q3bEHQzx5HFDt1D7S0f7DIU
E7qfRPXmvY0jO4cLUEiIZHUMqCQObAPakMZLif1/Y+rArpTSgL7EaIvk+0nlA0pH
Zno3B+s+QTo4t1ZccDIoRHCwtW13F3+wTmXWKqBK4NA43oXgDMGFNlKPpefyUd/U
-----END CERTIFICATE-----