Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/XDO7GoxLJHWMTJMh6FQu-M_UYOg.roa
File:                     XDO7GoxLJHWMTJMh6FQu-M_UYOg.roa (raw, json)
Hash identifier:          0IUbhfRYPDXDqmX+i0LqpIKWXG0/68lJf38+jX0T2bs=
Subject key identifier:   5C:33:BB:1A:8C:4B:24:75:8C:4C:93:21:E8:54:2E:F8:CF:D4:60:E8
Certificate issuer:       /CN=2b2830617c43c8cbc89af3cb2a74ea5dd00fe6ea
Certificate serial:       018CC424ECCA7AB5205C009D16CE35B198EB
Authority key identifier: 2B:28:30:61:7C:43:C8:CB:C8:9A:F3:CB:2A:74:EA:5D:D0:0F:E6:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KygwYXxDyMvImvPLKnTqXdAP5uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/XDO7GoxLJHWMTJMh6FQu-M_UYOg.roa
Signing time:             Mon 01 Jan 2024 08:30:03 +0000
ROA not before:           Mon 01 Jan 2024 08:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204758
IP address blocks:        185.240.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/KygwYXxDyMvImvPLKnTqXdAP5uo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/KygwYXxDyMvImvPLKnTqXdAP5uo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KygwYXxDyMvImvPLKnTqXdAP5uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ec:ca:7a:b5:20:5c:00:9d:16:ce:35:b1:98:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b2830617c43c8cbc89af3cb2a74ea5dd00fe6ea
        Validity
            Not Before: Jan  1 08:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c33bb1a8c4b24758c4c9321e8542ef8cfd460e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5d:6a:cd:2a:69:c2:94:67:90:bc:30:79:09:
                    13:a6:74:c1:ef:2f:96:89:09:32:e1:0e:a8:85:27:
                    01:ce:ce:d9:bd:31:7b:68:34:7a:5f:e0:95:af:67:
                    5e:2a:5e:ca:d6:fc:8d:9b:db:d2:a9:fe:61:74:c5:
                    ea:5f:c3:69:82:24:53:61:bf:81:f7:ea:46:5c:49:
                    2e:72:1c:f5:df:23:e4:69:cf:fb:b9:f0:dd:b5:56:
                    72:67:02:98:19:94:95:09:d8:3e:de:9c:d6:27:99:
                    63:2d:d5:f8:5d:cc:b6:0e:fd:07:76:ec:02:ef:95:
                    51:a1:67:52:6e:69:55:b4:59:b6:08:ac:fa:4a:4b:
                    ad:00:88:71:ef:09:0b:35:ad:a9:47:93:a7:c4:98:
                    f9:a8:5e:4b:a3:8d:a3:f8:31:f8:1f:91:3c:56:16:
                    36:30:65:1a:12:fe:f7:b5:95:e5:20:4c:be:80:07:
                    03:4a:28:36:31:94:36:d6:da:92:7f:f3:87:35:ed:
                    0b:b2:c9:64:b5:72:bd:e0:70:c2:54:d8:9a:9d:cc:
                    f3:f7:65:5d:12:ad:16:68:18:b5:73:03:d0:c3:65:
                    7d:e5:4f:78:cb:44:00:cc:f6:cf:db:1c:9c:af:24:
                    ca:e7:db:bf:a5:3e:b5:e9:f4:9c:bf:7e:28:4a:9a:
                    5b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:33:BB:1A:8C:4B:24:75:8C:4C:93:21:E8:54:2E:F8:CF:D4:60:E8
            X509v3 Authority Key Identifier:
                keyid:2B:28:30:61:7C:43:C8:CB:C8:9A:F3:CB:2A:74:EA:5D:D0:0F:E6:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KygwYXxDyMvImvPLKnTqXdAP5uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/XDO7GoxLJHWMTJMh6FQu-M_UYOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c9ee8c-574d-4cf6-a008-11b52c24a112/1/KygwYXxDyMvImvPLKnTqXdAP5uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:e1:fb:af:13:6d:92:7f:c5:68:27:ac:23:58:39:51:ea:ad:
         c3:75:a9:f1:5a:f0:34:6d:f0:49:82:26:d7:7e:6d:28:bc:95:
         28:2f:a1:d6:82:cb:75:5b:40:d1:35:31:b2:b0:54:a9:44:66:
         37:7f:a2:e0:77:7d:3f:5b:7a:f4:77:8d:10:d7:80:23:45:91:
         59:92:c1:e0:72:bf:2e:9b:d6:78:53:5e:8a:b2:66:b4:88:be:
         d4:37:9c:96:67:41:08:b3:14:21:76:02:38:76:9c:45:24:69:
         8b:5d:c4:d3:bb:b8:04:fa:07:07:70:47:81:39:95:8e:25:bf:
         d7:84:84:2d:52:bf:2c:ff:eb:4b:d0:2f:fc:92:24:7a:a8:2f:
         b2:5d:5a:9f:2c:72:b9:9c:62:e3:0f:e1:f1:3c:48:03:f1:b2:
         10:d8:c3:03:95:16:4c:3b:e5:ea:8e:d2:96:43:ed:79:58:2a:
         b5:89:89:b6:f3:9c:db:3d:2f:94:07:fd:4c:04:26:68:cd:c9:
         55:be:ae:48:a8:91:0d:68:33:85:8b:73:a9:4c:4d:3d:f3:4b:
         4f:21:12:e2:59:49:d7:12:bc:5e:3b:c2:c3:a1:44:99:57:dc:
         80:60:66:9f:a9:3d:b6:92:23:31:62:e2:d4:16:8c:b5:4e:f4:
         92:a5:2f:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJOzKerUgXACdFs41sZjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjgzMDYxN2M0M2M4Y2JjODlhZjNjYjJhNzRlYTVkZDAw
ZmU2ZWEwHhcNMjQwMTAxMDgzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzMzYmIxYThjNGIyNDc1OGM0YzkzMjFlODU0MmVmOGNmZDQ2MGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg11qzSppwpRnkLwweQkTpnTB7y+W
iQky4Q6ohScBzs7ZvTF7aDR6X+CVr2deKl7K1vyNm9vSqf5hdMXqX8NpgiRTYb+B
9+pGXEkuchz13yPkac/7ufDdtVZyZwKYGZSVCdg+3pzWJ5ljLdX4Xcy2Dv0HduwC
75VRoWdSbmlVtFm2CKz6SkutAIhx7wkLNa2pR5OnxJj5qF5Lo42j+DH4H5E8VhY2
MGUaEv73tZXlIEy+gAcDSig2MZQ21tqSf/OHNe0LsslktXK94HDCVNianczz92Vd
Eq0WaBi1cwPQw2V95U94y0QAzPbP2xycryTK59u/pT616fScv34oSppb2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwzuxqMSyR1jEyTIehULvjP1GDoMB8GA1UdIwQY
MBaAFCsoMGF8Q8jLyJrzyyp06l3QD+bqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lnd1lYeER5TXZJbXZQTEtuVHFYZEFQNXVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jOWVlOGMtNTc0ZC00Y2Y2LWEwMDgt
MTFiNTJjMjRhMTEyLzEvWERPN0dveExKSFdNVEpNaDZGUXUtTV9VWU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jOWVlOGMtNTc0ZC00Y2Y2LWEwMDgtMTFiNTJjMjRhMTEy
LzEvS3lnd1lYeER5TXZJbXZQTEtuVHFYZEFQNXVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufDkMA0G
CSqGSIb3DQEBCwUAA4IBAQCB4fuvE22Sf8VoJ6wjWDlR6q3DdanxWvA0bfBJgibX
fm0ovJUoL6HWgst1W0DRNTGysFSpRGY3f6Lgd30/W3r0d40Q14AjRZFZksHgcr8u
m9Z4U16Ksma0iL7UN5yWZ0EIsxQhdgI4dpxFJGmLXcTTu7gE+gcHcEeBOZWOJb/X
hIQtUr8s/+tL0C/8kiR6qC+yXVqfLHK5nGLjD+HxPEgD8bIQ2MMDlRZMO+XqjtKW
Q+15WCq1iYm285zbPS+UB/1MBCZozclVvq5IqJENaDOFi3OpTE0980tPIRLiWUnX
ErxeO8LDoUSZV9yAYGafqT22kiMxYuLUFoy1TvSSpS8W
-----END CERTIFICATE-----