Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xcIP_iWP_LwRpTvRntkh6j3ePTo.roa
File:                     xcIP_iWP_LwRpTvRntkh6j3ePTo.roa (raw, json)
Hash identifier:          CKoecaUlWy7T3FLabsxcgSxWZLoOFK+49lkGRhuEKjQ=
Subject key identifier:   C5:C2:0F:FE:25:8F:FC:BC:11:A5:3B:D1:9E:D9:21:EA:3D:DE:3D:3A
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01924E4D69B43803E0D2393E9F41A2768050
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xcIP_iWP_LwRpTvRntkh6j3ePTo.roa
Signing time:             Wed 02 Oct 2024 17:35:49 +0000
ROA not before:           Wed 02 Oct 2024 17:35:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        87.120.84.0/24 maxlen: 24
                          94.156.177.0/24 maxlen: 24
                          185.216.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4e:4d:69:b4:38:03:e0:d2:39:3e:9f:41:a2:76:80:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct  2 17:35:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5c20ffe258ffcbc11a53bd19ed921ea3dde3d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e8:49:ee:97:e1:a7:6f:1b:84:66:5f:f5:e9:
                    f7:c6:64:9c:80:d9:c4:19:87:8c:45:1e:ae:d0:67:
                    f1:6d:ab:92:09:b0:ef:b7:a3:2b:03:b3:09:02:20:
                    e9:3b:4c:bb:a1:d2:85:3c:d4:c2:5e:8a:88:a7:fd:
                    e6:20:5c:a6:19:13:0a:03:c5:c8:5b:cd:46:35:56:
                    0f:1c:4b:b4:dc:9c:f6:ef:c0:45:ab:09:5c:24:a7:
                    74:a5:53:42:55:e2:d7:b2:c4:21:56:92:88:dd:b2:
                    6c:3f:6f:5d:cc:c3:8c:79:2b:31:32:33:ed:4f:04:
                    df:21:8b:87:6c:c9:4d:22:10:62:c2:ab:e8:c8:5d:
                    91:8b:85:8a:44:0c:f2:a2:13:38:ef:3c:9a:4a:6b:
                    11:91:aa:5d:5f:88:c0:a1:bf:eb:40:b7:46:ad:ac:
                    99:ac:33:29:10:6c:d0:7a:73:46:05:03:5f:36:da:
                    20:2b:74:33:0d:60:c7:df:94:7d:a6:b6:bd:68:d0:
                    36:1f:d3:98:12:eb:e6:c4:ac:6b:03:d0:39:7a:12:
                    46:fc:02:98:17:8e:7c:3f:45:19:25:8e:e1:95:9c:
                    1d:a9:fa:ee:3a:87:37:04:88:26:20:81:b1:cc:42:
                    1e:d5:10:64:31:16:d5:ce:63:5e:a6:56:bc:35:aa:
                    07:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C2:0F:FE:25:8F:FC:BC:11:A5:3B:D1:9E:D9:21:EA:3D:DE:3D:3A
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xcIP_iWP_LwRpTvRntkh6j3ePTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.84.0/24
                  94.156.177.0/24
                  185.216.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:c5:4f:f4:e9:50:39:48:82:35:11:2e:cd:f9:b1:8b:b2:91:
         cb:f8:62:22:93:82:39:32:b7:6a:80:e6:32:95:cb:f2:26:db:
         20:0a:90:90:53:9d:d5:0f:d7:8a:26:08:6e:ef:db:08:89:bf:
         51:fd:34:1c:87:22:34:96:a5:bb:1e:ae:c1:b3:69:26:58:01:
         73:a7:a1:e5:ee:f1:0d:ba:75:b5:e7:5d:c8:d1:cf:91:9e:ec:
         1f:db:54:2a:5c:58:19:12:72:45:3e:01:f0:4e:49:f6:78:b5:
         bb:e2:ed:60:1b:32:04:78:51:47:8d:bc:30:21:1d:b0:c3:99:
         31:54:d9:e1:54:9f:7d:fb:77:98:5b:2a:21:e6:36:2b:fb:4a:
         82:3f:51:0b:83:ba:ca:5b:54:b6:12:ee:5e:55:71:59:b0:f5:
         81:82:1c:86:dd:b0:2d:f3:d9:9c:c5:7f:be:5b:4d:4a:c5:30:
         4d:58:39:7a:45:81:3d:bd:59:ed:10:5f:b3:c5:1b:d3:ff:1f:
         6c:54:f0:c0:6e:ea:aa:d9:35:d9:11:01:a5:b9:9d:8b:b0:92:
         74:43:47:e6:25:59:55:68:4f:39:d1:bc:51:b3:6a:3d:b1:53:
         2a:1f:aa:43:8d:e3:2b:2e:b6:9c:14:d3:84:cc:c9:0f:2e:3c:
         75:c7:28:d4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJOTWm0OAPg0jk+n0GidoBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDAyMTczNTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWMyMGZmZTI1OGZmY2JjMTFhNTNiZDE5ZWQ5MjFlYTNkZGUzZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+hJ7pfhp28bhGZf9en3xmScgNnE
GYeMRR6u0GfxbauSCbDvt6MrA7MJAiDpO0y7odKFPNTCXoqIp/3mIFymGRMKA8XI
W81GNVYPHEu03Jz278BFqwlcJKd0pVNCVeLXssQhVpKI3bJsP29dzMOMeSsxMjPt
TwTfIYuHbMlNIhBiwqvoyF2Ri4WKRAzyohM47zyaSmsRkapdX4jAob/rQLdGrayZ
rDMpEGzQenNGBQNfNtogK3QzDWDH35R9pra9aNA2H9OYEuvmxKxrA9A5ehJG/AKY
F458P0UZJY7hlZwdqfruOoc3BIgmIIGxzEIe1RBkMRbVzmNepla8NaoHLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMXCD/4lj/y8EaU70Z7ZIeo93j06MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveGNJUF9pV1BfTHdScFR2Um50a2g2ajNlUFRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV3hUAwQA
XpyxAwQAudhHMA0GCSqGSIb3DQEBCwUAA4IBAQANxU/06VA5SII1ES7N+bGLspHL
+GIik4I5MrdqgOYylcvyJtsgCpCQU53VD9eKJghu79sIib9R/TQchyI0lqW7Hq7B
s2kmWAFzp6Hl7vENunW1513I0c+Rnuwf21QqXFgZEnJFPgHwTkn2eLW74u1gGzIE
eFFHjbwwIR2ww5kxVNnhVJ99+3eYWyoh5jYr+0qCP1ELg7rKW1S2Eu5eVXFZsPWB
ghyG3bAt89mcxX++W01KxTBNWDl6RYE9vVntEF+zxRvT/x9sVPDAbuqq2TXZEQGl
uZ2LsJJ0Q0fmJVlVaE850bxRs2o9sVMqH6pDjeMrLracFNOEzMkPLjx1xyjU
-----END CERTIFICATE-----