Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/xwjf5MD4-6Q7bpa3yZqd-UifgrY.roa
File:                     xwjf5MD4-6Q7bpa3yZqd-UifgrY.roa (raw, json)
Hash identifier:          zfS4IsLGJZjg3cbqiw6xGjtxfr7TH2K1oqho/WqkwiM=
Subject key identifier:   C7:08:DF:E4:C0:F8:FB:A4:3B:6E:96:B7:C9:9A:9D:F9:48:9F:82:B6
Certificate issuer:       /CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
Certificate serial:       018CC80109697C71B40AC6AD1D35502BBDA6
Authority key identifier: 99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/xwjf5MD4-6Q7bpa3yZqd-UifgrY.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44243
IP address blocks:        185.178.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:09:69:7c:71:b4:0a:c6:ad:1d:35:50:2b:bd:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c708dfe4c0f8fba43b6e96b7c99a9df9489f82b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8e:34:2e:66:5b:2c:f7:e7:ba:3f:15:aa:62:
                    37:ef:80:7f:bc:2d:72:91:51:76:18:2d:60:a6:9c:
                    8b:85:35:51:40:3b:3c:4f:91:42:60:92:8b:a6:1f:
                    1b:90:63:02:58:b2:48:30:b6:a1:9f:1d:5b:57:02:
                    f2:4d:ce:7e:4a:53:fd:9c:97:7a:89:43:22:06:5a:
                    35:74:2c:99:64:25:e8:82:a1:8e:06:68:bb:75:39:
                    ad:d0:1b:54:e1:65:e2:df:50:fe:49:4c:24:12:64:
                    77:01:8a:6f:94:ba:d5:a4:a2:fe:b6:f7:06:3a:45:
                    3d:00:e5:1c:af:a4:1b:4f:9c:af:c5:7a:ef:0d:c9:
                    22:92:91:b4:99:86:e5:3a:0c:0b:bb:12:28:1a:ee:
                    df:f4:21:e4:f9:a2:ab:24:dc:dd:61:02:9f:b2:a8:
                    45:4d:3e:ed:15:da:2d:c6:f4:c5:33:08:41:8c:10:
                    c6:3e:0a:0f:95:21:48:9c:d0:3a:0b:38:04:0d:53:
                    da:a4:9d:41:06:f8:2e:38:46:79:8a:49:aa:27:08:
                    8e:17:e5:98:4a:f7:1a:fc:f2:93:93:36:68:cb:d2:
                    24:68:fc:57:eb:eb:17:d4:10:a4:54:9d:4c:1c:7d:
                    91:fc:ca:1a:78:ec:08:66:c8:c3:26:9f:c8:15:2e:
                    70:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:08:DF:E4:C0:F8:FB:A4:3B:6E:96:B7:C9:9A:9D:F9:48:9F:82:B6
            X509v3 Authority Key Identifier:
                keyid:99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/xwjf5MD4-6Q7bpa3yZqd-UifgrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:ed:96:25:6f:0e:63:7f:fd:96:f6:f3:ec:83:e3:79:4e:ee:
         0d:d9:ff:19:d8:10:dc:ae:07:eb:0f:ab:32:be:03:7e:16:14:
         72:ac:fc:c5:f4:83:8a:46:73:33:2f:c3:11:c5:30:b2:26:74:
         1c:e2:e4:5c:a3:ec:f9:94:dc:a4:11:d9:cb:1b:6e:8f:dd:27:
         24:5c:9f:68:23:7b:b2:72:89:50:92:3a:bc:c9:25:7c:a5:91:
         42:10:b2:32:bd:5c:8a:3d:fa:10:d6:06:dd:fd:97:5d:03:a8:
         ee:ad:ab:82:08:90:8e:f8:63:43:ab:41:72:f4:5f:29:5c:71:
         07:bd:74:26:59:07:02:27:7b:f3:7c:3c:d1:b1:23:fb:85:89:
         45:0f:b6:bb:00:51:32:f4:85:0a:97:45:92:3f:98:dd:fa:6e:
         d9:98:2b:4c:6a:e1:7f:c9:50:9c:d1:74:90:e8:a0:09:ba:14:
         4e:62:89:2e:12:1f:aa:6d:45:c1:25:2a:04:52:b3:a1:a4:78:
         bc:79:2c:84:a3:e6:af:bd:a0:de:f5:57:b1:49:4f:2e:5d:b9:
         db:be:9e:39:ea:31:a0:f5:0b:13:1d:ff:32:9b:cc:f0:e9:df:
         f2:1c:3e:05:d3:60:a6:03:a3:33:01:27:bb:5b:d3:e1:6b:9a:
         f3:50:22:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQlpfHG0CsatHTVQK72mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MTdmNzc3ZTcxYWMzNDEyMmVkYjM1ZWRkNjBjZjE0ZDc1
YjllZjYwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzA4ZGZlNGMwZjhmYmE0M2I2ZTk2YjdjOTlhOWRmOTQ4OWY4MmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo40LmZbLPfnuj8VqmI374B/vC1y
kVF2GC1gppyLhTVRQDs8T5FCYJKLph8bkGMCWLJIMLahnx1bVwLyTc5+SlP9nJd6
iUMiBlo1dCyZZCXogqGOBmi7dTmt0BtU4WXi31D+SUwkEmR3AYpvlLrVpKL+tvcG
OkU9AOUcr6QbT5yvxXrvDckikpG0mYblOgwLuxIoGu7f9CHk+aKrJNzdYQKfsqhF
TT7tFdotxvTFMwhBjBDGPgoPlSFInNA6CzgEDVPapJ1BBvguOEZ5ikmqJwiOF+WY
Svca/PKTkzZoy9IkaPxX6+sX1BCkVJ1MHH2R/MoaeOwIZsjDJp/IFS5whQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcI3+TA+PukO26Wt8manflIn4K2MB8GA1UdIwQY
MBaAFJkX93fnGsNBIu2zXt1gzxTXW572MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTkt
YTg4ZjU3NDE1MmI2LzEveHdqZjVNRDQtNlE3YnBhM3lacWQtVWlmZ3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTktYTg4ZjU3NDE1MmI2
LzEvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubJoMA0G
CSqGSIb3DQEBCwUAA4IBAQBl7ZYlbw5jf/2W9vPsg+N5Tu4N2f8Z2BDcrgfrD6sy
vgN+FhRyrPzF9IOKRnMzL8MRxTCyJnQc4uRco+z5lNykEdnLG26P3SckXJ9oI3uy
colQkjq8ySV8pZFCELIyvVyKPfoQ1gbd/ZddA6jurauCCJCO+GNDq0Fy9F8pXHEH
vXQmWQcCJ3vzfDzRsSP7hYlFD7a7AFEy9IUKl0WSP5jd+m7ZmCtMauF/yVCc0XSQ
6KAJuhROYokuEh+qbUXBJSoEUrOhpHi8eSyEo+avvaDe9VexSU8uXbnbvp456jGg
9QsTHf8ym8zw6d/yHD4F02CmA6MzASe7W9Pha5rzUCJS
-----END CERTIFICATE-----