Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/4a8d2a-664b-4464-a4e9-1709f7c7d5e8/1/SXQQ_dAgXQ4waIYZr-ceYYoW1nw.roa
File:                     SXQQ_dAgXQ4waIYZr-ceYYoW1nw.roa (raw, json)
Hash identifier:          Mr2qnpO3aizAdUZ8aINeZ9lh/vOnYloB9IvkX7sMKBA=
Subject key identifier:   49:74:10:FD:D0:20:5D:0E:30:68:86:19:AF:E7:1E:61:8A:16:D6:7C
Certificate issuer:       /CN=c57e0c0698abc19a568afece6b190ced033a7285
Certificate serial:       018CC8011EE6905D989AA54E30588DBE7B8C
Authority key identifier: C5:7E:0C:06:98:AB:C1:9A:56:8A:FE:CE:6B:19:0C:ED:03:3A:72:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xX4MBpirwZpWiv7OaxkM7QM6coU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/4a8d2a-664b-4464-a4e9-1709f7c7d5e8/1/SXQQ_dAgXQ4waIYZr-ceYYoW1nw.roa
Signing time:             Tue 02 Jan 2024 02:29:25 +0000
ROA not before:           Tue 02 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205044
IP address blocks:        185.231.236.0/22 maxlen: 22
                          2a0c:8f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/4a8d2a-664b-4464-a4e9-1709f7c7d5e8/1/xX4MBpirwZpWiv7OaxkM7QM6coU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/4a8d2a-664b-4464-a4e9-1709f7c7d5e8/1/xX4MBpirwZpWiv7OaxkM7QM6coU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xX4MBpirwZpWiv7OaxkM7QM6coU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1e:e6:90:5d:98:9a:a5:4e:30:58:8d:be:7b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c57e0c0698abc19a568afece6b190ced033a7285
        Validity
            Not Before: Jan  2 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=497410fdd0205d0e30688619afe71e618a16d67c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:01:33:1b:09:ab:54:1c:b9:28:0f:00:1e:df:
                    a5:33:b9:39:3b:b9:97:d1:0e:a1:e1:76:b0:37:38:
                    00:89:67:d8:28:28:94:65:33:6d:06:3b:0c:12:3c:
                    15:82:8b:93:82:0e:2d:04:d3:57:00:b1:34:2d:ba:
                    42:69:af:d4:8d:f4:d2:77:1e:16:1e:d4:08:36:d1:
                    36:7a:b4:d3:6d:0e:0c:88:e7:8f:ea:6d:49:07:44:
                    7d:a5:6a:f1:57:2b:57:08:ae:4e:ce:82:9a:fb:80:
                    3b:7b:57:fe:7f:34:a0:60:ae:73:8c:30:87:15:bf:
                    87:be:c0:9e:74:70:12:c3:06:dd:8d:05:0f:e5:99:
                    bf:de:71:59:7c:71:ed:37:2a:c8:93:d6:9f:88:52:
                    e0:5d:3f:ad:82:40:c5:67:92:d4:65:a6:94:16:b7:
                    93:e5:94:d2:3c:ca:c5:3e:02:70:53:86:0e:ce:9d:
                    1d:a9:2e:1b:89:aa:6a:a6:e2:e5:28:78:a4:29:7e:
                    7a:7f:b8:26:6c:54:26:f9:46:4a:8d:b4:24:fc:9a:
                    89:fc:ef:93:d3:68:5a:2c:f1:d3:ff:36:a1:f8:70:
                    84:11:dc:b8:10:93:59:b3:e7:84:cc:60:0b:17:1a:
                    2b:4a:dc:f9:d7:1a:a8:70:fd:19:09:7c:c0:ea:ab:
                    1b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:74:10:FD:D0:20:5D:0E:30:68:86:19:AF:E7:1E:61:8A:16:D6:7C
            X509v3 Authority Key Identifier:
                keyid:C5:7E:0C:06:98:AB:C1:9A:56:8A:FE:CE:6B:19:0C:ED:03:3A:72:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xX4MBpirwZpWiv7OaxkM7QM6coU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4a8d2a-664b-4464-a4e9-1709f7c7d5e8/1/SXQQ_dAgXQ4waIYZr-ceYYoW1nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/4a8d2a-664b-4464-a4e9-1709f7c7d5e8/1/xX4MBpirwZpWiv7OaxkM7QM6coU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.236.0/22
                IPv6:
                  2a0c:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:5b:b1:e7:da:6b:8b:eb:81:f6:9e:9b:7e:be:57:7a:9f:6f:
         05:0f:7f:40:db:c9:06:4d:29:e5:7d:14:5c:f0:9f:99:b2:d7:
         e7:71:55:fb:c4:e0:99:43:df:57:94:f3:37:14:b2:48:af:da:
         e6:da:79:c9:9f:19:cd:a7:96:1b:f3:45:4f:65:3a:dc:37:f1:
         73:50:67:dd:ba:95:cf:5c:34:d1:a8:02:75:b7:b7:e7:2d:96:
         6e:c8:39:68:e6:d6:98:2a:ba:ea:b6:1e:59:37:ce:41:16:60:
         b1:12:6f:3d:99:ae:fd:08:e3:a1:ea:ee:3e:4f:4f:b1:00:c2:
         07:52:9c:0c:6e:70:e3:c1:a9:3e:4c:cc:eb:79:16:3e:22:a2:
         d2:43:90:fe:2d:a6:f5:fa:a1:83:ad:b7:b1:a9:9b:76:6e:44:
         b8:e8:b3:58:4f:78:2a:3b:1b:b3:16:dc:c5:dc:8e:18:a6:db:
         80:ee:20:f0:5f:d8:bb:1c:5a:b9:7c:6e:e2:ad:6e:72:e5:4a:
         ee:af:4f:2f:39:28:82:01:48:f8:dc:ff:d9:2c:d2:77:de:92:
         7c:10:fc:28:d3:a2:da:df:d3:09:0e:13:10:c3:39:60:7b:f5:
         73:1f:ae:c1:6c:8a:ff:e6:9f:42:56:9d:24:89:a4:b0:c8:ea:
         de:03:59:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAR7mkF2YmqVOMFiNvnuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1N2UwYzA2OThhYmMxOWE1NjhhZmVjZTZiMTkwY2VkMDMz
YTcyODUwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc0MTBmZGQwMjA1ZDBlMzA2ODg2MTlhZmU3MWU2MThhMTZkNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwEzGwmrVBy5KA8AHt+lM7k5O7mX
0Q6h4XawNzgAiWfYKCiUZTNtBjsMEjwVgouTgg4tBNNXALE0LbpCaa/UjfTSdx4W
HtQINtE2erTTbQ4MiOeP6m1JB0R9pWrxVytXCK5OzoKa+4A7e1f+fzSgYK5zjDCH
Fb+HvsCedHASwwbdjQUP5Zm/3nFZfHHtNyrIk9afiFLgXT+tgkDFZ5LUZaaUFreT
5ZTSPMrFPgJwU4YOzp0dqS4biapqpuLlKHikKX56f7gmbFQm+UZKjbQk/JqJ/O+T
02haLPHT/zah+HCEEdy4EJNZs+eEzGALFxorStz51xqocP0ZCXzA6qsbkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEl0EP3QIF0OMGiGGa/nHmGKFtZ8MB8GA1UdIwQY
MBaAFMV+DAaYq8GaVor+zmsZDO0DOnKFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFg0TUJwaXJ3WnBXaXY3T2F4a003UU02Y29VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS80YThkMmEtNjY0Yi00NDY0LWE0ZTkt
MTcwOWY3YzdkNWU4LzEvU1hRUV9kQWdYUTR3YUlZWnItY2VZWW9XMW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS80YThkMmEtNjY0Yi00NDY0LWE0ZTktMTcwOWY3YzdkNWU4
LzEveFg0TUJwaXJ3WnBXaXY3T2F4a003UU02Y29VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuefsMA0E
AgACMAcDBQMqDI8AMA0GCSqGSIb3DQEBCwUAA4IBAQDOW7Hn2muL64H2npt+vld6
n28FD39A28kGTSnlfRRc8J+ZstfncVX7xOCZQ99XlPM3FLJIr9rm2nnJnxnNp5Yb
80VPZTrcN/FzUGfdupXPXDTRqAJ1t7fnLZZuyDlo5taYKrrqth5ZN85BFmCxEm89
ma79COOh6u4+T0+xAMIHUpwMbnDjwak+TMzreRY+IqLSQ5D+Lab1+qGDrbexqZt2
bkS46LNYT3gqOxuzFtzF3I4YptuA7iDwX9i7HFq5fG7irW5y5Urur08vOSiCAUj4
3P/ZLNJ33pJ8EPwo06La39MJDhMQwzlge/VzH67BbIr/5p9CVp0kiaSwyOreA1m5
-----END CERTIFICATE-----