Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/XFLEMez2BHI25CZMk_gW2dTr6rg.roa
File:                     XFLEMez2BHI25CZMk_gW2dTr6rg.roa (raw, json)
Hash identifier:          c7CWYNwSZg38Gv6lfutWPgvG4xQp4LJnd8R55EBA4yA=
Subject key identifier:   5C:52:C4:31:EC:F6:04:72:36:E4:26:4C:93:F8:16:D9:D4:EB:EA:B8
Certificate issuer:       /CN=6c1bec3f9358668a87d1a16c4722f41e3c2381e2
Certificate serial:       018CC424FF4FE69997426A69DE7313274790
Authority key identifier: 6C:1B:EC:3F:93:58:66:8A:87:D1:A1:6C:47:22:F4:1E:3C:23:81:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/XFLEMez2BHI25CZMk_gW2dTr6rg.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     37002
IP address blocks:        185.161.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ff:4f:e6:99:97:42:6a:69:de:73:13:27:47:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1bec3f9358668a87d1a16c4722f41e3c2381e2
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c52c431ecf6047236e4264c93f816d9d4ebeab8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:34:3e:f9:2c:93:d8:73:94:09:af:ca:6e:04:
                    a3:e1:6f:10:fc:cf:d3:a8:81:b1:6e:7e:79:bf:ea:
                    15:d5:94:3a:fa:3b:68:f6:02:20:53:74:18:87:c0:
                    06:58:e2:b0:fc:f7:52:06:86:e8:71:a7:1f:18:84:
                    45:88:28:08:0d:6a:60:2f:84:a0:fa:4b:3a:72:c9:
                    1b:35:be:5b:01:3c:ab:fb:8c:01:d5:67:23:8b:7c:
                    fc:d2:2e:f1:b3:60:e0:4c:0f:e9:d3:54:65:91:e4:
                    e3:7b:2a:1b:d5:67:b9:90:05:8d:41:75:2f:1d:6f:
                    a8:ae:79:3e:b6:c9:43:be:9f:04:9c:a3:c1:95:a6:
                    37:64:32:71:15:fe:c8:b5:0a:51:67:0d:ab:ed:3f:
                    52:a3:dd:e2:2a:d9:9d:92:ea:14:1f:b3:4b:56:6a:
                    ae:41:13:bb:66:58:c5:0d:62:67:7e:d3:25:f3:85:
                    fb:bf:35:57:20:52:cf:45:0e:6b:5c:e0:20:ed:c3:
                    5e:2b:97:7b:38:52:f6:b6:b5:6c:c4:d8:1e:07:4a:
                    39:a8:02:39:8a:da:de:31:e1:01:d9:53:4b:cc:32:
                    81:6b:3c:07:bf:77:92:7b:b3:93:14:47:b7:69:af:
                    da:f1:18:c0:7e:12:4b:43:72:58:45:bd:21:10:d4:
                    d2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:52:C4:31:EC:F6:04:72:36:E4:26:4C:93:F8:16:D9:D4:EB:EA:B8
            X509v3 Authority Key Identifier:
                keyid:6C:1B:EC:3F:93:58:66:8A:87:D1:A1:6C:47:22:F4:1E:3C:23:81:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBvsP5NYZoqH0aFsRyL0HjwjgeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/XFLEMez2BHI25CZMk_gW2dTr6rg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/8c0473-e7d0-4e43-a7f9-797f4cc4b500/1/bBvsP5NYZoqH0aFsRyL0HjwjgeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:80:c2:00:3f:14:5a:a7:94:24:f6:72:9c:a1:94:ee:91:be:
         07:96:60:5f:f3:65:5c:62:24:21:16:a8:4c:c8:29:51:0d:b0:
         b2:a5:b6:b7:bb:45:03:c4:b8:e0:88:0a:c1:a4:e6:4e:11:c8:
         14:cb:96:ba:69:a4:47:00:62:8b:2a:23:fb:86:df:17:74:d8:
         b8:11:90:3e:8d:e8:23:ec:1d:f3:ac:9d:c7:4b:13:8a:eb:08:
         dc:e2:99:43:dc:4a:63:a7:26:2f:d7:69:4a:ec:d1:15:52:cd:
         4f:aa:2a:e4:d4:c5:67:d2:98:57:e1:8d:45:22:cf:f1:e0:5a:
         1f:c3:0e:a4:08:4b:ee:67:69:b4:2c:a0:a1:89:f1:67:67:6b:
         66:4e:82:96:07:de:b3:bc:73:ca:3b:5c:f9:62:d5:c3:c1:9c:
         24:80:4a:30:bc:3f:6d:81:fe:28:14:b3:04:c3:7d:5d:ba:21:
         18:60:cb:f2:8d:d5:d8:3f:cd:39:df:13:4c:10:55:6a:aa:32:
         a4:70:a3:11:b5:ce:13:84:fd:71:2d:c4:43:a5:d1:88:13:4b:
         99:f5:1a:66:12:34:d5:32:ac:08:e1:88:f1:a7:75:43:5e:13:
         ee:74:0c:88:87:93:45:31:72:64:16:69:4d:8b:79:e7:ca:50:
         8a:80:e9:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJP9P5pmXQmpp3nMTJ0eQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWJlYzNmOTM1ODY2OGE4N2QxYTE2YzQ3MjJmNDFlM2My
MzgxZTIwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUyYzQzMWVjZjYwNDcyMzZlNDI2NGM5M2Y4MTZkOWQ0ZWJlYWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjQ++SyT2HOUCa/KbgSj4W8Q/M/T
qIGxbn55v+oV1ZQ6+jto9gIgU3QYh8AGWOKw/PdSBobocacfGIRFiCgIDWpgL4Sg
+ks6cskbNb5bATyr+4wB1Wcji3z80i7xs2DgTA/p01RlkeTjeyob1We5kAWNQXUv
HW+ornk+tslDvp8EnKPBlaY3ZDJxFf7ItQpRZw2r7T9So93iKtmdkuoUH7NLVmqu
QRO7ZljFDWJnftMl84X7vzVXIFLPRQ5rXOAg7cNeK5d7OFL2trVsxNgeB0o5qAI5
itreMeEB2VNLzDKBazwHv3eSe7OTFEe3aa/a8RjAfhJLQ3JYRb0hENTSgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxSxDHs9gRyNuQmTJP4FtnU6+q4MB8GA1UdIwQY
MBaAFGwb7D+TWGaKh9GhbEci9B48I4HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJ2c1A1Tllab3FIMGFGc1J5TDBIandqZ2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84YzA0NzMtZTdkMC00ZTQzLWE3Zjkt
Nzk3ZjRjYzRiNTAwLzEvWEZMRU1lejJCSEkyNUNaTWtfZ1cyZFRyNnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84YzA0NzMtZTdkMC00ZTQzLWE3ZjktNzk3ZjRjYzRiNTAw
LzEvYkJ2c1A1Tllab3FIMGFGc1J5TDBIandqZ2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaEKMA0G
CSqGSIb3DQEBCwUAA4IBAQCKgMIAPxRap5Qk9nKcoZTukb4HlmBf82VcYiQhFqhM
yClRDbCypba3u0UDxLjgiArBpOZOEcgUy5a6aaRHAGKLKiP7ht8XdNi4EZA+jegj
7B3zrJ3HSxOK6wjc4plD3EpjpyYv12lK7NEVUs1Pqirk1MVn0phX4Y1FIs/x4Fof
ww6kCEvuZ2m0LKChifFnZ2tmToKWB96zvHPKO1z5YtXDwZwkgEowvD9tgf4oFLME
w31duiEYYMvyjdXYP8053xNMEFVqqjKkcKMRtc4ThP1xLcRDpdGIE0uZ9RpmEjTV
MqwI4Yjxp3VDXhPudAyIh5NFMXJkFmlNi3nnylCKgOlZ
-----END CERTIFICATE-----