Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/XOZCvt7DBtA2hps9YPs1cKeAQG8.roa
File:                     XOZCvt7DBtA2hps9YPs1cKeAQG8.roa (raw, json)
Hash identifier:          PwikP15d9hUKuMn3vPhR9FveFTTO+OcvgLY1+InluV8=
Subject key identifier:   5C:E6:42:BE:DE:C3:06:D0:36:86:9B:3D:60:FB:35:70:A7:80:40:6F
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCD948A1E719CB4F824FC61E64749F
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/XOZCvt7DBtA2hps9YPs1cKeAQG8.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47911
IP address blocks:        188.186.128.0/21 maxlen: 24
                          2a02:2698:b000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d9:48:a1:e7:19:cb:4f:82:4f:c6:1e:64:74:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ce642bedec306d036869b3d60fb3570a780406f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:89:d0:2b:bf:db:1b:1b:45:8d:22:e9:b6:70:
                    0e:ff:5d:73:98:63:db:7b:bf:93:f0:eb:58:30:01:
                    3a:76:1d:a2:a5:b3:5b:ac:f4:8a:b1:62:5a:5d:86:
                    0b:58:cc:34:4a:56:80:b1:10:92:c1:11:c7:2c:53:
                    f7:2f:28:34:89:ac:10:9f:07:91:d0:0b:f5:e6:69:
                    3a:a4:f3:db:09:74:74:c7:98:1f:e7:ba:1b:0d:fc:
                    08:10:98:69:fa:bc:a3:c3:b6:55:3e:1c:4c:fb:ef:
                    c0:aa:d9:d1:d3:e8:a9:14:23:b1:6c:77:78:98:2a:
                    36:33:d3:44:b4:dd:42:5d:f8:e4:32:94:b5:ae:04:
                    ca:04:72:ef:6d:e5:61:c7:48:67:cb:d1:42:0b:6b:
                    41:29:1b:69:e1:ba:eb:32:80:c0:26:91:71:55:6d:
                    98:db:68:ef:28:05:c0:2d:4a:74:4a:3e:87:76:bc:
                    07:9c:a6:32:92:76:47:18:3a:fc:fa:df:9d:df:fa:
                    fb:ec:52:e8:25:ee:34:37:95:c4:c0:a0:d1:d5:20:
                    fe:e0:68:08:1f:99:b5:a9:f6:69:ee:1d:d9:74:b6:
                    49:cb:45:ce:0a:bb:c6:85:c2:f3:e2:89:01:cb:99:
                    08:f2:c8:6a:7b:1d:a3:4c:9b:aa:76:c4:ba:32:ef:
                    cf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E6:42:BE:DE:C3:06:D0:36:86:9B:3D:60:FB:35:70:A7:80:40:6F
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/XOZCvt7DBtA2hps9YPs1cKeAQG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.186.128.0/21
                IPv6:
                  2a02:2698:b000::/36

    Signature Algorithm: sha256WithRSAEncryption
         65:a4:16:0b:b8:53:bc:9d:1f:28:c5:f0:2b:77:e5:2e:0e:0b:
         e2:be:b6:9b:cd:ff:41:cd:8a:58:83:14:cb:fe:0d:b7:d5:dd:
         42:4f:3f:92:30:bd:db:b0:2f:ac:e1:6b:5c:d4:95:1d:9d:09:
         15:a6:10:1a:b7:ba:60:85:57:61:b8:ea:1d:71:9d:a0:98:be:
         cc:d0:c9:ca:1f:03:10:48:8b:77:ee:93:7e:1f:a7:71:ad:f8:
         49:64:07:9d:42:e6:84:17:74:b9:8b:84:2f:db:ed:d5:14:00:
         39:1b:70:89:84:06:8b:cc:c8:37:a9:5e:98:a8:85:79:5e:67:
         f5:16:6d:89:83:02:ad:6b:a6:32:e5:b8:f4:21:9e:9d:97:45:
         21:b7:a4:e5:56:c9:22:24:d0:49:72:1d:67:c6:86:e9:a3:01:
         2f:04:7d:c3:88:6c:41:23:20:8d:c4:e0:b6:8a:48:68:2a:46:
         3f:fa:73:ad:e7:0b:69:a2:4a:00:58:52:69:cb:67:2a:16:e5:
         55:6d:8c:ec:31:33:60:a6:2c:e8:18:4b:b4:c0:cd:7b:66:f5:
         9f:0c:95:8e:bf:55:3b:43:1c:73:9d:06:19:15:98:a0:b5:73:
         81:50:39:ae:95:de:78:3b:9f:53:d4:3f:6a:ea:8d:48:dc:f8:
         f3:38:c5:fe
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzJvNlIoecZy0+CT8YeZHSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U2NDJiZWRlYzMwNmQwMzY4NjliM2Q2MGZiMzU3MGE3ODA0MDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnInQK7/bGxtFjSLptnAO/11zmGPb
e7+T8OtYMAE6dh2ipbNbrPSKsWJaXYYLWMw0SlaAsRCSwRHHLFP3Lyg0iawQnweR
0Av15mk6pPPbCXR0x5gf57obDfwIEJhp+ryjw7ZVPhxM++/AqtnR0+ipFCOxbHd4
mCo2M9NEtN1CXfjkMpS1rgTKBHLvbeVhx0hny9FCC2tBKRtp4brrMoDAJpFxVW2Y
22jvKAXALUp0Sj6HdrwHnKYyknZHGDr8+t+d3/r77FLoJe40N5XEwKDR1SD+4GgI
H5m1qfZp7h3ZdLZJy0XOCrvGhcLz4okBy5kI8shqex2jTJuqdsS6Mu/PTQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFzmQr7ewwbQNoabPWD7NXCngEBvMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvWE9aQ3Z0N0RCdEEyaHBzOVlQczFjS2VBUUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQDvLqAMA4E
AgACMAgDBgQqAiaYsDANBgkqhkiG9w0BAQsFAAOCAQEAZaQWC7hTvJ0fKMXwK3fl
Lg4L4r62m83/Qc2KWIMUy/4Nt9XdQk8/kjC927AvrOFrXNSVHZ0JFaYQGre6YIVX
YbjqHXGdoJi+zNDJyh8DEEiLd+6Tfh+nca34SWQHnULmhBd0uYuEL9vt1RQAORtw
iYQGi8zIN6lemKiFeV5n9RZtiYMCrWumMuW49CGenZdFIbek5VbJIiTQSXIdZ8aG
6aMBLwR9w4hsQSMgjcTgtopIaCpGP/pzrecLaaJKAFhSactnKhblVW2M7DEzYKYs
6BhLtMDNe2b1nwyVjr9VO0Mcc50GGRWYoLVzgVA5rpXeeDufU9Q/auqNSNz48zjF
/g==
-----END CERTIFICATE-----