Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/XHfG84F3Dkk9VWJIYvqN-WSheuY.roa
File:                     XHfG84F3Dkk9VWJIYvqN-WSheuY.roa (raw, json)
Hash identifier:          2ZGJIsEFhny2aHACWFkKINHy6cmKIgLmSyvfFMXtqGc=
Subject key identifier:   5C:77:C6:F3:81:77:0E:49:3D:55:62:48:62:FA:8D:F9:64:A1:7A:E6
Certificate issuer:       /CN=588cabf6f523f26e267db03b524347841aaaa465
Certificate serial:       018CC7267F77504CDC461A08B0887534AC48
Authority key identifier: 58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/XHfG84F3Dkk9VWJIYvqN-WSheuY.roa
Signing time:             Mon 01 Jan 2024 22:30:38 +0000
ROA not before:           Mon 01 Jan 2024 22:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202916
IP address blocks:        2a04:1cc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:7f:77:50:4c:dc:46:1a:08:b0:88:75:34:ac:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588cabf6f523f26e267db03b524347841aaaa465
        Validity
            Not Before: Jan  1 22:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c77c6f381770e493d55624862fa8df964a17ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bd:e3:61:6a:50:f1:e2:67:c0:e2:8c:d4:b1:
                    c3:73:ba:79:26:54:29:0e:f4:eb:a0:b5:3b:8c:1a:
                    a6:4f:e8:ce:e9:bd:e6:29:24:44:40:dc:86:52:5b:
                    f8:e5:b3:d0:6e:87:e9:a9:58:75:6d:71:9e:a0:67:
                    f2:4c:be:75:5b:80:b9:71:a5:23:93:6f:e2:d6:53:
                    3c:f3:5a:87:b3:43:f8:5e:37:24:98:a4:89:22:1d:
                    3e:41:7c:6f:95:69:de:55:88:39:33:82:f9:43:6a:
                    66:6d:e6:7b:62:06:38:6d:71:08:a7:ec:c6:dd:d9:
                    ba:dd:7d:c3:db:b1:68:7b:e7:54:2d:55:63:6f:cd:
                    b0:30:7f:20:b7:70:da:a0:c9:0c:aa:9b:46:5d:68:
                    ee:a7:92:a1:a5:5f:2e:7f:38:10:7d:25:e3:d4:cb:
                    b5:d5:3e:16:6b:e4:90:11:b7:5d:33:f6:13:de:d2:
                    7c:8b:59:34:8d:08:a3:c3:3f:c1:77:89:89:25:49:
                    a8:b9:91:6a:23:6e:04:27:3f:ef:81:76:6a:d7:b9:
                    db:e4:63:0f:c4:42:05:fe:04:07:01:37:e7:a2:e6:
                    4e:21:1c:d3:09:32:37:b3:80:b5:a2:37:2f:15:be:
                    6e:09:68:ff:64:b0:37:f7:34:e5:7a:26:61:95:2e:
                    ad:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:77:C6:F3:81:77:0E:49:3D:55:62:48:62:FA:8D:F9:64:A1:7A:E6
            X509v3 Authority Key Identifier:
                keyid:58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/XHfG84F3Dkk9VWJIYvqN-WSheuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:98:c2:ca:25:44:ae:3c:b0:4c:25:29:98:97:92:4b:e9:20:
         56:eb:69:c6:ca:38:21:e5:50:f2:e8:16:fc:f6:98:2f:ed:b6:
         0a:46:05:c3:b8:d2:6d:f4:b7:59:f9:b8:ea:b3:b0:7d:78:76:
         8a:28:a6:e7:76:05:aa:00:1c:72:de:d1:51:be:7a:b0:50:7f:
         0a:b6:39:d2:d9:98:c4:ea:ea:6d:97:b2:de:ac:d8:0a:6a:2c:
         8c:67:23:a8:35:06:b4:a8:9a:39:a6:14:f8:34:1e:0e:7c:70:
         7f:f9:02:fc:76:0d:c0:90:1d:c8:96:7f:18:ee:a5:83:bb:a1:
         5e:39:c4:99:25:e1:a1:44:2b:37:da:50:24:52:69:00:86:44:
         be:84:01:c7:d4:fc:f1:15:4c:97:4f:ab:54:5f:a7:c5:1e:2e:
         30:01:df:46:ec:5a:dc:dd:b9:db:b9:fd:4a:77:d3:b8:0e:db:
         62:92:d8:37:21:cc:20:48:dd:e4:4a:12:40:3f:7e:36:9c:4d:
         26:ff:a3:7d:bd:9f:83:7f:12:f1:18:e4:26:e3:3c:df:a6:a9:
         2c:63:47:dc:2d:f6:5c:b2:31:6b:3a:a8:2b:83:c3:b0:cd:70:
         47:08:21:23:3e:9b:dc:28:16:16:64:f0:a1:9a:ee:26:23:f2:
         05:de:81:4c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJn93UEzcRhoIsIh1NKxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGNhYmY2ZjUyM2YyNmUyNjdkYjAzYjUyNDM0Nzg0MWFh
YWE0NjUwHhcNMjQwMTAxMjIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc3YzZmMzgxNzcwZTQ5M2Q1NTYyNDg2MmZhOGRmOTY0YTE3YWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAor3jYWpQ8eJnwOKM1LHDc7p5JlQp
DvTroLU7jBqmT+jO6b3mKSREQNyGUlv45bPQbofpqVh1bXGeoGfyTL51W4C5caUj
k2/i1lM881qHs0P4XjckmKSJIh0+QXxvlWneVYg5M4L5Q2pmbeZ7YgY4bXEIp+zG
3dm63X3D27Foe+dULVVjb82wMH8gt3DaoMkMqptGXWjup5KhpV8ufzgQfSXj1Mu1
1T4Wa+SQEbddM/YT3tJ8i1k0jQijwz/Bd4mJJUmouZFqI24EJz/vgXZq17nb5GMP
xEIF/gQHATfnouZOIRzTCTI3s4C1ojcvFb5uCWj/ZLA39zTleiZhlS6twQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFx3xvOBdw5JPVViSGL6jflkoXrmMB8GA1UdIwQY
MBaAFFiMq/b1I/JuJn2wO1JDR4QaqqRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQt
NmFkMzI1MmExNDI3LzEvWEhmRzg0RjNEa2s5VldKSVl2cU4tV1NoZXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQtNmFkMzI1MmExNDI3
LzEvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgQcwDAN
BgkqhkiG9w0BAQsFAAOCAQEATZjCyiVErjywTCUpmJeSS+kgVutpxso4IeVQ8ugW
/PaYL+22CkYFw7jSbfS3Wfm46rOwfXh2iiim53YFqgAcct7RUb56sFB/CrY50tmY
xOrqbZey3qzYCmosjGcjqDUGtKiaOaYU+DQeDnxwf/kC/HYNwJAdyJZ/GO6lg7uh
XjnEmSXhoUQrN9pQJFJpAIZEvoQBx9T88RVMl0+rVF+nxR4uMAHfRuxa3N2527n9
SnfTuA7bYpLYNyHMIEjd5EoSQD9+NpxNJv+jfb2fg38S8RjkJuM836apLGNH3C32
XLIxazqoK4PDsM1wRwghIz6b3CgWFmTwoZruJiPyBd6BTA==
-----END CERTIFICATE-----