Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ad9756-84d1-4ab9-96e1-14797eac522e/1/XmWa13T8G0mThMbVX6OFsKizMKg.roa
File:                     XmWa13T8G0mThMbVX6OFsKizMKg.roa (raw, json)
Hash identifier:          t4bXwdh0arSDYp8wEDy4OePbCm3GapwJgRC153s9vl4=
Subject key identifier:   5E:65:9A:D7:74:FC:1B:49:93:84:C6:D5:5F:A3:85:B0:A8:B3:30:A8
Certificate issuer:       /CN=68d2c25d0534a4027c695562a8ce4f001cd5396f
Certificate serial:       018CC4245E239C848D4658A0776601DF9607
Authority key identifier: 68:D2:C2:5D:05:34:A4:02:7C:69:55:62:A8:CE:4F:00:1C:D5:39:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNLCXQU0pAJ8aVViqM5PABzVOW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/ad9756-84d1-4ab9-96e1-14797eac522e/1/XmWa13T8G0mThMbVX6OFsKizMKg.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41015
IP address blocks:        185.90.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/ad9756-84d1-4ab9-96e1-14797eac522e/1/aNLCXQU0pAJ8aVViqM5PABzVOW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/ad9756-84d1-4ab9-96e1-14797eac522e/1/aNLCXQU0pAJ8aVViqM5PABzVOW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNLCXQU0pAJ8aVViqM5PABzVOW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5e:23:9c:84:8d:46:58:a0:77:66:01:df:96:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d2c25d0534a4027c695562a8ce4f001cd5396f
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e659ad774fc1b499384c6d55fa385b0a8b330a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:47:51:e8:71:ec:d0:6a:04:98:7d:7b:6a:11:
                    d3:06:4f:2c:eb:32:ec:c4:81:b7:b4:51:75:12:8e:
                    68:99:33:86:87:a9:ed:db:df:46:5c:1d:2d:2d:34:
                    f6:6a:8f:1b:f0:75:e1:99:7c:98:26:b7:f6:3a:0c:
                    4f:9b:cd:ad:8b:07:55:36:5e:5b:c6:5f:39:29:07:
                    97:31:e4:46:bd:40:90:28:4e:de:ac:57:f9:46:10:
                    e3:83:61:b4:1c:8e:ad:f4:2f:31:43:0f:6e:fb:39:
                    5f:71:88:c5:86:79:3d:b3:01:dd:89:83:cd:18:90:
                    a9:7d:24:16:7e:c8:b3:d9:20:50:6b:06:cb:3f:5b:
                    87:d7:49:34:07:5a:dd:cd:05:9c:c0:d5:27:a8:7d:
                    7d:80:4f:cf:3c:2d:72:7a:66:f5:9f:33:e7:c2:f1:
                    79:34:7a:0d:0a:52:cb:b5:bf:1a:a0:d9:e8:ca:4f:
                    44:bc:19:58:0a:3a:dd:6b:0b:4c:f3:1e:52:08:8b:
                    fc:12:c1:5e:22:7f:22:7c:63:08:2d:b4:46:6d:97:
                    66:66:2e:5c:a4:73:6d:ca:0f:b8:b1:86:7b:e3:85:
                    89:c3:e6:b9:c2:9a:22:3d:65:7a:8d:ad:8f:00:a6:
                    fc:1f:42:05:77:5e:af:5b:fb:01:5a:bb:8f:4c:90:
                    52:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:65:9A:D7:74:FC:1B:49:93:84:C6:D5:5F:A3:85:B0:A8:B3:30:A8
            X509v3 Authority Key Identifier:
                keyid:68:D2:C2:5D:05:34:A4:02:7C:69:55:62:A8:CE:4F:00:1C:D5:39:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNLCXQU0pAJ8aVViqM5PABzVOW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ad9756-84d1-4ab9-96e1-14797eac522e/1/XmWa13T8G0mThMbVX6OFsKizMKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ad9756-84d1-4ab9-96e1-14797eac522e/1/aNLCXQU0pAJ8aVViqM5PABzVOW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:cb:28:08:ae:d7:a1:46:cd:f5:0c:d3:bf:fc:aa:79:02:58:
         0b:c2:11:5e:0f:69:5f:b6:93:6c:91:69:5f:a5:19:62:18:9b:
         fa:4d:72:d3:2d:d9:c3:b4:bc:36:d5:ab:79:32:7d:88:3b:bf:
         54:33:7e:12:da:52:49:24:82:bc:58:16:6a:13:93:9c:af:cc:
         23:ca:30:a5:77:02:d3:e8:14:49:92:7a:29:95:71:57:a9:01:
         84:fa:e6:9f:4b:c5:4c:76:bc:fc:47:3f:12:b2:d0:19:c6:5a:
         ac:81:17:51:2b:11:5b:7e:be:76:ca:5d:72:93:8c:3e:4b:67:
         7e:ab:02:27:a2:65:5f:3b:31:b9:85:da:f1:80:c7:cb:af:b1:
         ed:54:5c:15:5d:a3:1c:85:41:a3:75:5d:96:27:7f:1e:b7:ef:
         b6:8c:74:a8:67:43:53:13:cc:bf:ae:1a:76:d9:d6:a2:3f:3a:
         c3:e3:65:df:5b:3a:41:b7:57:d1:6c:d3:ad:83:1a:2c:dd:6d:
         c5:38:e7:3d:ed:3c:54:e8:16:44:41:fc:d3:ae:49:f6:71:2e:
         42:16:a7:b8:69:f7:1d:22:2d:a1:9c:b2:86:2c:29:d3:e0:64:
         f4:a7:7d:fb:86:5b:a8:85:a8:8c:90:66:8d:37:e5:6c:01:b2:
         3c:4f:ca:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJF4jnISNRligd2YB35YHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDJjMjVkMDUzNGE0MDI3YzY5NTU2MmE4Y2U0ZjAwMWNk
NTM5NmYwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY1OWFkNzc0ZmMxYjQ5OTM4NGM2ZDU1ZmEzODViMGE4YjMzMGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkdR6HHs0GoEmH17ahHTBk8s6zLs
xIG3tFF1Eo5omTOGh6nt299GXB0tLTT2ao8b8HXhmXyYJrf2OgxPm82tiwdVNl5b
xl85KQeXMeRGvUCQKE7erFf5RhDjg2G0HI6t9C8xQw9u+zlfcYjFhnk9swHdiYPN
GJCpfSQWfsiz2SBQawbLP1uH10k0B1rdzQWcwNUnqH19gE/PPC1yemb1nzPnwvF5
NHoNClLLtb8aoNnoyk9EvBlYCjrdawtM8x5SCIv8EsFeIn8ifGMILbRGbZdmZi5c
pHNtyg+4sYZ744WJw+a5wpoiPWV6ja2PAKb8H0IFd16vW/sBWruPTJBS3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5lmtd0/BtJk4TG1V+jhbCoszCoMB8GA1UdIwQY
MBaAFGjSwl0FNKQCfGlVYqjOTwAc1TlvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5MQ1hRVTBwQUo4YVZWaXFNNVBBQnpWT1c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9hZDk3NTYtODRkMS00YWI5LTk2ZTEt
MTQ3OTdlYWM1MjJlLzEvWG1XYTEzVDhHMG1UaE1iVlg2T0ZzS2l6TUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9hZDk3NTYtODRkMS00YWI5LTk2ZTEtMTQ3OTdlYWM1MjJl
LzEvYU5MQ1hRVTBwQUo4YVZWaXFNNVBBQnpWT1c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVpUMA0G
CSqGSIb3DQEBCwUAA4IBAQB7yygIrtehRs31DNO//Kp5AlgLwhFeD2lftpNskWlf
pRliGJv6TXLTLdnDtLw21at5Mn2IO79UM34S2lJJJIK8WBZqE5Ocr8wjyjCldwLT
6BRJknoplXFXqQGE+uafS8VMdrz8Rz8SstAZxlqsgRdRKxFbfr52yl1yk4w+S2d+
qwInomVfOzG5hdrxgMfLr7HtVFwVXaMchUGjdV2WJ38et++2jHSoZ0NTE8y/rhp2
2daiPzrD42XfWzpBt1fRbNOtgxos3W3FOOc97TxU6BZEQfzTrkn2cS5CFqe4afcd
Ii2hnLKGLCnT4GT0p337hluohaiMkGaNN+VsAbI8T8qX
-----END CERTIFICATE-----