Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/XGpjSsUaSfqGKaUYeIly3L8TnZ0.roa
File:                     XGpjSsUaSfqGKaUYeIly3L8TnZ0.roa (raw, json)
Hash identifier:          RrnKOiRfI4/q6d3wiaVnZVm5AnHR5896Ob4xQAr1i6A=
Subject key identifier:   5C:6A:63:4A:C5:1A:49:FA:86:29:A5:18:78:89:72:DC:BF:13:9D:9D
Certificate issuer:       /CN=8afbc64d593fc073c693143566310295de0a8337
Certificate serial:       018CC793742F3A313C90E8BF76D4A862DB95
Authority key identifier: 8A:FB:C6:4D:59:3F:C0:73:C6:93:14:35:66:31:02:95:DE:0A:83:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/XGpjSsUaSfqGKaUYeIly3L8TnZ0.roa
Signing time:             Tue 02 Jan 2024 00:29:38 +0000
ROA not before:           Tue 02 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202288
IP address blocks:        91.244.245.0/24 maxlen: 24
                          2001:678:728::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:74:2f:3a:31:3c:90:e8:bf:76:d4:a8:62:db:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afbc64d593fc073c693143566310295de0a8337
        Validity
            Not Before: Jan  2 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c6a634ac51a49fa8629a518788972dcbf139d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:76:84:e9:bc:e2:eb:1f:95:59:f7:87:b6:b0:
                    08:38:e3:03:e4:95:f7:7f:35:b8:26:23:bf:fb:d0:
                    7d:9c:d8:28:8a:ba:8c:a6:c7:e4:18:c1:57:f1:e3:
                    df:2b:20:33:3f:ea:a8:0b:07:c3:0e:7d:87:1f:43:
                    7e:b4:fd:1c:f2:1a:83:0f:46:6b:96:27:32:c7:39:
                    f6:2e:4f:ce:08:33:e6:fd:90:42:f0:4e:b3:21:7a:
                    9e:2b:3b:99:a4:b1:55:f4:c5:9f:91:df:60:01:4a:
                    f7:23:c5:1f:87:20:55:7b:ef:03:02:41:3a:35:42:
                    47:f0:92:e4:a4:ec:07:e3:14:4f:c3:35:99:13:5d:
                    11:3b:4c:90:3d:58:69:98:48:81:fd:df:d6:81:5b:
                    11:ab:a4:9d:ce:74:a1:dc:b4:c1:76:a0:3b:15:4e:
                    d4:e4:7d:73:b3:54:83:5a:85:a5:c1:cb:eb:cc:50:
                    3a:a4:9b:c2:e2:ea:1f:23:fc:cf:7a:7a:cb:4b:60:
                    6c:52:c6:65:c4:b5:12:b4:43:fc:64:21:d2:d2:6c:
                    59:98:4c:52:52:7a:0c:5a:d1:61:65:44:03:d4:3a:
                    1a:e2:15:99:97:9f:3e:df:60:4f:81:a4:da:98:70:
                    5c:fe:ba:8f:ce:97:34:7c:e6:66:b0:a0:f0:a6:f2:
                    bc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:6A:63:4A:C5:1A:49:FA:86:29:A5:18:78:89:72:DC:BF:13:9D:9D
            X509v3 Authority Key Identifier:
                keyid:8A:FB:C6:4D:59:3F:C0:73:C6:93:14:35:66:31:02:95:DE:0A:83:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/XGpjSsUaSfqGKaUYeIly3L8TnZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.245.0/24
                IPv6:
                  2001:678:728::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:9b:00:6a:26:a9:86:58:d9:f7:17:2f:f8:5b:ab:1b:86:4f:
         d9:64:f5:00:96:8d:be:d0:1b:a4:64:ad:9f:20:9a:43:a4:7b:
         6a:1f:f0:20:52:5e:d7:3b:69:09:93:0e:6b:ff:5c:93:95:f1:
         c1:c5:46:94:f3:8b:9a:34:54:ad:ed:29:ec:a9:3c:b2:00:fd:
         42:c4:19:5d:cd:ff:a7:00:3d:be:5a:28:63:b3:0b:d3:d6:35:
         df:8d:66:6c:72:05:6c:18:08:3b:bc:e2:b9:87:30:03:e7:12:
         4b:3c:5b:db:57:ec:cb:2b:33:d8:31:fe:8e:f5:56:27:8f:ec:
         88:be:3e:93:83:38:fb:5a:8b:15:bb:fa:ce:43:f1:2b:03:a3:
         b6:0e:53:42:e4:a9:70:de:07:e5:6b:69:d6:42:5c:37:99:a7:
         42:f0:e8:f9:02:ea:89:3a:e2:a7:20:5d:0f:80:23:1f:03:da:
         af:01:43:e2:36:8c:8f:0c:ab:d5:a6:46:7d:ca:53:0c:2b:3a:
         ee:3e:1a:fd:dc:38:4b:9c:d0:21:e7:f0:de:26:95:92:4b:c4:
         24:46:57:ee:47:3a:0c:b1:62:f4:6b:f1:91:b5:52:2c:46:0e:
         f3:dc:9e:d4:a2:fc:5d:f8:51:48:45:e6:9f:10:c6:93:0b:a7:
         19:99:ed:27
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHk3QvOjE8kOi/dtSoYtuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmJjNjRkNTkzZmMwNzNjNjkzMTQzNTY2MzEwMjk1ZGUw
YTgzMzcwHhcNMjQwMTAyMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzZhNjM0YWM1MWE0OWZhODYyOWE1MTg3ODg5NzJkY2JmMTM5ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXaE6bzi6x+VWfeHtrAIOOMD5JX3
fzW4JiO/+9B9nNgoirqMpsfkGMFX8ePfKyAzP+qoCwfDDn2HH0N+tP0c8hqDD0Zr
licyxzn2Lk/OCDPm/ZBC8E6zIXqeKzuZpLFV9MWfkd9gAUr3I8UfhyBVe+8DAkE6
NUJH8JLkpOwH4xRPwzWZE10RO0yQPVhpmEiB/d/WgVsRq6SdznSh3LTBdqA7FU7U
5H1zs1SDWoWlwcvrzFA6pJvC4uofI/zPenrLS2BsUsZlxLUStEP8ZCHS0mxZmExS
UnoMWtFhZUQD1Doa4hWZl58+32BPgaTamHBc/rqPzpc0fOZmsKDwpvK8CwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFxqY0rFGkn6himlGHiJcty/E52dMB8GA1UdIwQY
MBaAFIr7xk1ZP8BzxpMUNWYxApXeCoM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZ2R1RWa193SFBHa3hRMVpqRUNsZDRLZ3pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC80NmJlY2UtNTAyZi00ZjBkLWI3MjQt
MTA5N2RhOWRkZjI3LzEvWEdwalNzVWFTZnFHS2FVWWVJbHkzTDhUblowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC80NmJlY2UtNTAyZi00ZjBkLWI3MjQtMTA5N2RhOWRkZjI3
LzEvaXZ2R1RWa193SFBHa3hRMVpqRUNsZDRLZ3pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/T1MA8E
AgACMAkDBwAgAQZ4BygwDQYJKoZIhvcNAQELBQADggEBAIybAGomqYZY2fcXL/hb
qxuGT9lk9QCWjb7QG6RkrZ8gmkOke2of8CBSXtc7aQmTDmv/XJOV8cHFRpTzi5o0
VK3tKeypPLIA/ULEGV3N/6cAPb5aKGOzC9PWNd+NZmxyBWwYCDu84rmHMAPnEks8
W9tX7MsrM9gx/o71VieP7Ii+PpODOPtaixW7+s5D8SsDo7YOU0LkqXDeB+VradZC
XDeZp0Lw6PkC6ok64qcgXQ+AIx8D2q8BQ+I2jI8Mq9WmRn3KUwwrOu4+Gv3cOEuc
0CHn8N4mlZJLxCRGV+5HOgyxYvRr8ZG1UixGDvPcntSi/F34UUhF5p8QxpMLpxmZ
7Sc=
-----END CERTIFICATE-----