Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/54be58-4175-407a-bc37-cc26d4316142/1/xw69fddFPZ6jHbjQc2P026UiVus.roa
File:                     xw69fddFPZ6jHbjQc2P026UiVus.roa (raw, json)
Hash identifier:          ZD5fSdTdTgrzPmDWzh/HqAQr87fO6AvKUD1KhDWHOwI=
Subject key identifier:   C7:0E:BD:7D:D7:45:3D:9E:A3:1D:B8:D0:73:63:F4:DB:A5:22:56:EB
Certificate issuer:       /CN=e214eb35a35fd488860703b7990b8170af17912f
Certificate serial:       018CC348C94C90F8D1D7D4A76EBB3AFF7301
Authority key identifier: E2:14:EB:35:A3:5F:D4:88:86:07:03:B7:99:0B:81:70:AF:17:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4hTrNaNf1IiGBwO3mQuBcK8XkS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/54be58-4175-407a-bc37-cc26d4316142/1/xw69fddFPZ6jHbjQc2P026UiVus.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12693
IP address blocks:        84.38.72.0/22 maxlen: 22
                          91.203.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/54be58-4175-407a-bc37-cc26d4316142/1/4hTrNaNf1IiGBwO3mQuBcK8XkS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/54be58-4175-407a-bc37-cc26d4316142/1/4hTrNaNf1IiGBwO3mQuBcK8XkS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4hTrNaNf1IiGBwO3mQuBcK8XkS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c9:4c:90:f8:d1:d7:d4:a7:6e:bb:3a:ff:73:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e214eb35a35fd488860703b7990b8170af17912f
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c70ebd7dd7453d9ea31db8d07363f4dba52256eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:29:b8:12:2d:f7:35:c9:91:68:8d:9a:54:4b:
                    0f:a7:b8:d2:b5:c0:b4:f7:86:0a:8d:b3:a1:ec:c4:
                    e5:7d:a7:2d:8a:26:f6:29:0f:2e:65:ab:dd:2c:67:
                    77:33:55:7b:16:e6:51:e5:28:e6:21:dd:7c:25:f1:
                    1a:c1:bd:a4:ad:a1:0d:41:de:85:ab:79:e3:9e:46:
                    4a:8f:b2:56:ba:6a:28:12:86:77:95:53:26:b7:21:
                    e3:c8:a6:18:47:f2:e5:62:3c:fd:0c:19:0b:94:7b:
                    a7:08:bc:76:19:cc:20:94:3c:0d:55:2e:0f:0c:f0:
                    87:74:48:f3:91:85:be:f7:ab:8e:be:98:fc:12:34:
                    c7:5b:ec:6c:db:0e:b8:91:d8:c4:1a:a1:c1:71:cb:
                    21:30:69:df:6c:5f:ca:08:0a:8d:69:49:27:d2:28:
                    c7:35:e0:61:5e:3b:06:84:d4:55:cd:fc:44:28:47:
                    75:e1:ee:c5:21:26:7e:c4:1e:b3:11:56:ae:34:9b:
                    a0:75:46:98:9f:15:ff:ec:f0:14:08:1c:6b:ff:21:
                    eb:52:75:04:f9:07:56:77:d3:08:97:a1:a9:01:5f:
                    8b:11:2b:85:28:82:e4:f0:c9:9a:47:79:80:72:c8:
                    1f:ce:fb:64:e4:d6:bc:ee:9c:22:5f:17:43:bb:4a:
                    dc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0E:BD:7D:D7:45:3D:9E:A3:1D:B8:D0:73:63:F4:DB:A5:22:56:EB
            X509v3 Authority Key Identifier:
                keyid:E2:14:EB:35:A3:5F:D4:88:86:07:03:B7:99:0B:81:70:AF:17:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4hTrNaNf1IiGBwO3mQuBcK8XkS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/54be58-4175-407a-bc37-cc26d4316142/1/xw69fddFPZ6jHbjQc2P026UiVus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/54be58-4175-407a-bc37-cc26d4316142/1/4hTrNaNf1IiGBwO3mQuBcK8XkS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.72.0/22
                  91.203.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:3e:d9:ec:0c:a7:43:43:ae:b3:4c:4c:4b:aa:1e:84:93:e3:
         88:63:0a:84:d6:eb:64:17:5c:73:7a:74:73:d6:22:67:51:7d:
         35:f3:27:35:f9:8e:e4:cb:25:6a:ed:17:69:4f:c8:9b:a2:96:
         5e:a2:9a:18:ef:8b:df:85:dd:93:c1:8e:0c:22:69:9f:40:ac:
         b8:a4:7a:86:2a:15:9a:f9:fb:a0:6b:c3:e7:cf:bf:16:ca:1e:
         bc:a4:c4:02:a5:f3:f7:b6:8a:74:bd:f0:3c:be:50:02:6a:cd:
         29:73:d0:4f:87:38:f9:5b:a2:70:ef:b0:ca:52:dc:dd:ff:df:
         4d:ba:1f:c8:46:20:04:0a:79:c3:b6:8b:85:1e:14:34:87:44:
         35:d3:e7:8d:42:10:9b:db:c1:41:8e:2f:79:19:9d:35:eb:6a:
         4e:54:1d:95:72:07:57:88:37:c2:49:36:d8:92:b1:ea:74:cc:
         f8:29:83:55:22:93:fd:15:8d:61:b3:74:04:5f:8a:20:a0:36:
         cf:80:37:e5:13:c5:94:d6:58:5f:76:82:98:08:c0:e4:43:9f:
         56:7e:ec:08:d0:eb:8c:41:53:ae:3c:94:0a:22:1c:77:af:11:
         d0:fb:c3:05:1a:6a:e2:50:ad:7d:8f:ab:4c:65:7d:e1:10:67:
         2d:2d:6b:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMlMkPjR19Snbrs6/3MBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMTRlYjM1YTM1ZmQ0ODg4NjA3MDNiNzk5MGI4MTcwYWYx
NzkxMmYwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzBlYmQ3ZGQ3NDUzZDllYTMxZGI4ZDA3MzYzZjRkYmE1MjI1NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiym4Ei33NcmRaI2aVEsPp7jStcC0
94YKjbOh7MTlfactiib2KQ8uZavdLGd3M1V7FuZR5SjmId18JfEawb2kraENQd6F
q3njnkZKj7JWumooEoZ3lVMmtyHjyKYYR/LlYjz9DBkLlHunCLx2GcwglDwNVS4P
DPCHdEjzkYW+96uOvpj8EjTHW+xs2w64kdjEGqHBccshMGnfbF/KCAqNaUkn0ijH
NeBhXjsGhNRVzfxEKEd14e7FISZ+xB6zEVauNJugdUaYnxX/7PAUCBxr/yHrUnUE
+QdWd9MIl6GpAV+LESuFKILk8MmaR3mAcsgfzvtk5Na87pwiXxdDu0rcEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMcOvX3XRT2eox240HNj9NulIlbrMB8GA1UdIwQY
MBaAFOIU6zWjX9SIhgcDt5kLgXCvF5EvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGhUck5hTmYxSWlHQndPM21RdUJjSzhYa1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS81NGJlNTgtNDE3NS00MDdhLWJjMzct
Y2MyNmQ0MzE2MTQyLzEveHc2OWZkZEZQWjZqSGJqUWMyUDAyNlVpVnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS81NGJlNTgtNDE3NS00MDdhLWJjMzctY2MyNmQ0MzE2MTQy
LzEvNGhUck5hTmYxSWlHQndPM21RdUJjSzhYa1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVCZIAwQC
W8vMMA0GCSqGSIb3DQEBCwUAA4IBAQAjPtnsDKdDQ66zTExLqh6Ek+OIYwqE1utk
F1xzenRz1iJnUX018yc1+Y7kyyVq7RdpT8ibopZeopoY74vfhd2TwY4MImmfQKy4
pHqGKhWa+fuga8Pnz78Wyh68pMQCpfP3top0vfA8vlACas0pc9BPhzj5W6Jw77DK
Utzd/99Nuh/IRiAECnnDtouFHhQ0h0Q10+eNQhCb28FBji95GZ0162pOVB2VcgdX
iDfCSTbYkrHqdMz4KYNVIpP9FY1hs3QEX4ogoDbPgDflE8WU1lhfdoKYCMDkQ59W
fuwI0OuMQVOuPJQKIhx3rxHQ+8MFGmriUK19j6tMZX3hEGctLWul
-----END CERTIFICATE-----