Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/XaLl8g7MOwSP0WY8qbR7rXaFu8w.roa
File:                     XaLl8g7MOwSP0WY8qbR7rXaFu8w.roa (raw, json)
Hash identifier:          XLX/f/GXExgzx40FKm6qmH9U/mv4+bHLTyGKgib9nDA=
Subject key identifier:   5D:A2:E5:F2:0E:CC:3B:04:8F:D1:66:3C:A9:B4:7B:AD:76:85:BB:CC
Certificate issuer:       /CN=d464667c34a7dbb02f0530bce482d11ad42487bd
Certificate serial:       018CC86F21828FED935E0787A8A781D09C95
Authority key identifier: D4:64:66:7C:34:A7:DB:B0:2F:05:30:BC:E4:82:D1:1A:D4:24:87:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GRmfDSn27AvBTC85ILRGtQkh70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/XaLl8g7MOwSP0WY8qbR7rXaFu8w.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205826
IP address blocks:        185.160.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/1GRmfDSn27AvBTC85ILRGtQkh70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/1GRmfDSn27AvBTC85ILRGtQkh70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GRmfDSn27AvBTC85ILRGtQkh70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:21:82:8f:ed:93:5e:07:87:a8:a7:81:d0:9c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d464667c34a7dbb02f0530bce482d11ad42487bd
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5da2e5f20ecc3b048fd1663ca9b47bad7685bbcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:29:94:d3:7d:00:79:b1:f2:96:ea:56:c5:0e:
                    12:95:44:7c:a6:a6:1f:27:ed:42:e4:16:b8:bc:70:
                    8d:7c:7b:de:08:70:31:be:46:ea:73:e0:e0:5e:a7:
                    e8:df:41:59:e1:7b:14:b4:ba:ab:cc:af:ad:7b:e6:
                    f3:f9:5d:78:2a:2a:3d:b2:43:d2:2e:df:fa:b5:e6:
                    29:77:90:74:df:7e:08:20:ce:12:cf:38:bd:f6:90:
                    60:39:ae:6c:61:52:0b:f3:80:08:23:ba:d7:28:a3:
                    a1:15:2b:2e:52:cc:b3:5b:c0:71:ce:91:a4:b4:21:
                    96:a4:03:74:3e:a8:5c:06:b5:6a:4b:1d:e7:c0:96:
                    40:a5:7d:62:52:4c:b5:cb:fa:f4:c0:8a:28:76:69:
                    e8:dd:a0:a0:72:e0:49:78:fd:52:10:f3:41:44:79:
                    48:a4:a0:e6:f0:39:2d:82:31:74:d3:09:69:39:2e:
                    87:84:2c:d3:36:79:e9:57:e4:f0:69:07:d4:4c:3d:
                    af:39:ed:ab:c4:ca:03:39:14:ec:60:a3:ac:2b:ca:
                    5a:18:c9:b9:e4:52:fe:32:01:98:33:56:58:b7:4f:
                    8c:a4:0c:db:9f:b7:ea:27:1b:97:87:a4:cd:09:56:
                    1e:22:88:4b:87:5f:f6:5f:ae:af:95:a1:2d:c2:76:
                    7c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A2:E5:F2:0E:CC:3B:04:8F:D1:66:3C:A9:B4:7B:AD:76:85:BB:CC
            X509v3 Authority Key Identifier:
                keyid:D4:64:66:7C:34:A7:DB:B0:2F:05:30:BC:E4:82:D1:1A:D4:24:87:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GRmfDSn27AvBTC85ILRGtQkh70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/XaLl8g7MOwSP0WY8qbR7rXaFu8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bf4793-0c84-422c-9b8e-260de6cbf456/1/1GRmfDSn27AvBTC85ILRGtQkh70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:db:76:d2:b3:f1:f4:b9:7d:c6:ff:78:e4:49:a2:34:8d:a2:
         74:91:9e:64:ca:39:05:46:dc:74:8a:c3:ae:61:ba:e1:05:6d:
         94:a6:65:78:81:8a:86:a2:88:cd:2c:41:1b:69:cc:c5:fe:bd:
         a8:27:da:a3:88:7f:d8:ee:4a:09:a5:ff:14:0b:26:95:ca:c4:
         74:1c:86:65:19:27:96:0b:1a:a2:57:4f:09:e5:bd:d4:2f:9b:
         23:d4:17:ef:07:24:ba:e5:ce:75:14:7d:72:ff:17:64:9e:09:
         8a:40:43:6f:5c:60:41:81:d2:dd:32:32:3f:e9:1c:01:7f:21:
         73:72:b2:99:29:e8:63:7c:a7:ee:90:55:5e:f5:6d:07:82:20:
         cf:dd:cd:8a:02:5d:a0:90:2d:46:3c:44:5d:74:86:c7:1b:ca:
         f4:08:b2:e3:44:c0:d6:09:8b:a7:d5:bf:b7:f5:bd:a2:8c:3e:
         c0:c1:53:65:6e:03:1e:57:f9:c4:88:19:96:75:da:5a:0f:62:
         91:71:79:73:b6:86:34:68:c0:ca:9e:6a:59:3c:51:58:07:d5:
         43:87:d6:f9:99:d6:6d:be:c0:08:18:14:1a:33:43:34:5a:07:
         98:a2:2f:94:bb:0d:38:c3:b8:0d:44:8e:87:8d:42:1b:90:97:
         39:22:59:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyGCj+2TXgeHqKeB0JyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjQ2NjdjMzRhN2RiYjAyZjA1MzBiY2U0ODJkMTFhZDQy
NDg3YmQwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGEyZTVmMjBlY2MzYjA0OGZkMTY2M2NhOWI0N2JhZDc2ODViYmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmimU030AebHylupWxQ4SlUR8pqYf
J+1C5Ba4vHCNfHveCHAxvkbqc+DgXqfo30FZ4XsUtLqrzK+te+bz+V14Kio9skPS
Lt/6teYpd5B0334IIM4Szzi99pBgOa5sYVIL84AII7rXKKOhFSsuUsyzW8BxzpGk
tCGWpAN0PqhcBrVqSx3nwJZApX1iUky1y/r0wIoodmno3aCgcuBJeP1SEPNBRHlI
pKDm8DktgjF00wlpOS6HhCzTNnnpV+TwaQfUTD2vOe2rxMoDORTsYKOsK8paGMm5
5FL+MgGYM1ZYt0+MpAzbn7fqJxuXh6TNCVYeIohLh1/2X66vlaEtwnZ8hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2i5fIOzDsEj9FmPKm0e612hbvMMB8GA1UdIwQY
MBaAFNRkZnw0p9uwLwUwvOSC0RrUJIe9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdSbWZEU24yN0F2QlRDODVJTFJHdFFraDcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iZjQ3OTMtMGM4NC00MjJjLTliOGUt
MjYwZGU2Y2JmNDU2LzEvWGFMbDhnN01Pd1NQMFdZOHFiUjdyWGFGdTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iZjQ3OTMtMGM4NC00MjJjLTliOGUtMjYwZGU2Y2JmNDU2
LzEvMUdSbWZEU24yN0F2QlRDODVJTFJHdFFraDcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDOMA0G
CSqGSIb3DQEBCwUAA4IBAQB523bSs/H0uX3G/3jkSaI0jaJ0kZ5kyjkFRtx0isOu
YbrhBW2UpmV4gYqGoojNLEEbaczF/r2oJ9qjiH/Y7koJpf8UCyaVysR0HIZlGSeW
CxqiV08J5b3UL5sj1BfvByS65c51FH1y/xdkngmKQENvXGBBgdLdMjI/6RwBfyFz
crKZKehjfKfukFVe9W0HgiDP3c2KAl2gkC1GPERddIbHG8r0CLLjRMDWCYun1b+3
9b2ijD7AwVNlbgMeV/nEiBmWddpaD2KRcXlztoY0aMDKnmpZPFFYB9VDh9b5mdZt
vsAIGBQaM0M0WgeYoi+Uuw04w7gNRI6HjUIbkJc5IlnU
-----END CERTIFICATE-----