Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/141203-813f-4712-9bd7-bdf431eb94f0/1/XFl82jxdYDNbHjNgNB33ituVOsI.roa
File:                     XFl82jxdYDNbHjNgNB33ituVOsI.roa (raw, json)
Hash identifier:          SKCNrV9STebt1D64arBRRyvWJkVbv/y01Xwxvd+s5Og=
Subject key identifier:   5C:59:7C:DA:3C:5D:60:33:5B:1E:33:60:34:1D:F7:8A:DB:95:3A:C2
Certificate issuer:       /CN=68810ffe4f9203a100677d65193b4426789acf5c
Certificate serial:       018CC424BC9F986033A1FC9C9C1F6D490556
Authority key identifier: 68:81:0F:FE:4F:92:03:A1:00:67:7D:65:19:3B:44:26:78:9A:CF:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aIEP_k-SA6EAZ31lGTtEJniaz1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/141203-813f-4712-9bd7-bdf431eb94f0/1/XFl82jxdYDNbHjNgNB33ituVOsI.roa
Signing time:             Mon 01 Jan 2024 08:29:51 +0000
ROA not before:           Mon 01 Jan 2024 08:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204894
IP address blocks:        91.239.240.0/24 maxlen: 24
                          2a12:fc40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/141203-813f-4712-9bd7-bdf431eb94f0/1/aIEP_k-SA6EAZ31lGTtEJniaz1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/141203-813f-4712-9bd7-bdf431eb94f0/1/aIEP_k-SA6EAZ31lGTtEJniaz1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aIEP_k-SA6EAZ31lGTtEJniaz1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:bc:9f:98:60:33:a1:fc:9c:9c:1f:6d:49:05:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68810ffe4f9203a100677d65193b4426789acf5c
        Validity
            Not Before: Jan  1 08:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c597cda3c5d60335b1e3360341df78adb953ac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ac:5f:04:94:53:38:a1:4f:79:79:8f:17:47:
                    ac:a5:d6:a1:86:5d:87:c8:37:aa:3e:4d:54:ee:26:
                    8f:e0:86:81:da:9d:c0:51:77:bb:7e:22:58:7f:58:
                    d0:f0:46:fc:b6:b4:9e:ee:68:f4:fe:b0:18:62:71:
                    9e:cd:f8:39:89:fe:fc:c8:69:88:27:02:36:5c:dd:
                    71:ce:19:7b:5d:66:1f:82:c9:b9:e0:61:e5:51:65:
                    3a:86:04:7d:55:b6:bf:49:53:1e:8c:dd:07:ea:f9:
                    a8:ec:a8:71:fb:26:d6:8c:a5:94:7b:22:6a:73:5f:
                    78:6f:64:d5:f7:be:fa:a1:a8:aa:d1:a6:aa:7e:3f:
                    c7:22:15:03:4b:99:c6:33:c1:f9:fa:fc:27:79:ec:
                    f6:79:51:12:8a:07:33:63:8a:2b:01:2e:c9:72:3d:
                    30:e5:f0:dd:91:2a:c4:10:33:55:5c:ae:bd:e2:47:
                    f5:c1:0b:92:74:a7:d4:46:38:95:79:a6:f4:7b:e7:
                    27:12:2c:89:42:4d:c2:b4:42:22:4d:06:ad:d9:f4:
                    90:2c:fb:4a:4d:5c:3c:8a:6f:e8:4c:58:bf:c5:f1:
                    69:12:50:78:c1:62:f9:a3:c8:69:45:24:b4:c6:43:
                    14:a7:9a:cc:a3:80:51:52:3b:c8:99:25:70:1f:67:
                    fd:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:59:7C:DA:3C:5D:60:33:5B:1E:33:60:34:1D:F7:8A:DB:95:3A:C2
            X509v3 Authority Key Identifier:
                keyid:68:81:0F:FE:4F:92:03:A1:00:67:7D:65:19:3B:44:26:78:9A:CF:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aIEP_k-SA6EAZ31lGTtEJniaz1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/141203-813f-4712-9bd7-bdf431eb94f0/1/XFl82jxdYDNbHjNgNB33ituVOsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/141203-813f-4712-9bd7-bdf431eb94f0/1/aIEP_k-SA6EAZ31lGTtEJniaz1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.240.0/24
                IPv6:
                  2a12:fc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:03:c4:7f:cc:5e:4c:a6:18:8a:d5:11:0a:94:fd:d8:b1:13:
         82:d1:28:4a:c8:65:d4:29:0c:63:e6:a3:48:da:af:c3:ab:f0:
         56:cc:aa:42:40:0e:66:ac:b1:bc:ef:95:42:d7:f1:50:0f:fe:
         4c:b6:8d:ce:d1:10:50:33:e3:83:f3:e9:41:05:09:cb:7b:fb:
         0a:3c:03:4f:a3:f1:2a:b0:9e:f2:85:b0:f7:7c:a0:2e:59:19:
         cf:f4:8d:3e:ea:46:41:80:75:c9:b1:93:2d:b8:cc:cf:51:56:
         76:a0:e2:f7:fc:15:dd:13:95:d4:33:7a:de:20:6b:e4:ec:f6:
         79:8c:b0:6b:67:51:86:d2:ae:03:e0:e4:ff:9a:22:2f:38:4b:
         a1:51:6b:cc:06:4e:0c:24:06:96:67:2d:98:b9:1d:9a:3f:0e:
         8a:49:91:5f:70:55:94:4f:87:9f:f6:fe:39:3b:ef:2f:c6:49:
         29:be:6d:f2:40:59:3f:78:ea:a6:58:d9:c8:74:e0:f8:eb:28:
         0e:c8:cd:b7:c4:14:e9:55:0d:a2:92:a4:99:78:13:2a:c4:7b:
         d3:d4:99:29:04:eb:50:da:02:dc:75:e8:73:b1:b8:f6:ee:e2:
         1c:2e:78:cc:93:07:0b:f5:c7:1f:94:8a:43:88:dd:1e:0e:1c:
         39:e1:ee:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJLyfmGAzofycnB9tSQVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ODEwZmZlNGY5MjAzYTEwMDY3N2Q2NTE5M2I0NDI2Nzg5
YWNmNWMwHhcNMjQwMTAxMDgyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzU5N2NkYTNjNWQ2MDMzNWIxZTMzNjAzNDFkZjc4YWRiOTUzYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6xfBJRTOKFPeXmPF0espdahhl2H
yDeqPk1U7iaP4IaB2p3AUXe7fiJYf1jQ8Eb8trSe7mj0/rAYYnGezfg5if78yGmI
JwI2XN1xzhl7XWYfgsm54GHlUWU6hgR9Vba/SVMejN0H6vmo7Khx+ybWjKWUeyJq
c194b2TV9776oaiq0aaqfj/HIhUDS5nGM8H5+vwneez2eVESigczY4orAS7Jcj0w
5fDdkSrEEDNVXK694kf1wQuSdKfURjiVeab0e+cnEiyJQk3CtEIiTQat2fSQLPtK
TVw8im/oTFi/xfFpElB4wWL5o8hpRSS0xkMUp5rMo4BRUjvImSVwH2f9lwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFxZfNo8XWAzWx4zYDQd94rblTrCMB8GA1UdIwQY
MBaAFGiBD/5PkgOhAGd9ZRk7RCZ4ms9cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUlFUF9rLVNBNkVBWjMxbEdUdEVKbmlhejF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8xNDEyMDMtODEzZi00NzEyLTliZDct
YmRmNDMxZWI5NGYwLzEvWEZsODJqeGRZRE5iSGpOZ05CMzNpdHVWT3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8xNDEyMDMtODEzZi00NzEyLTliZDctYmRmNDMxZWI5NGYw
LzEvYUlFUF9rLVNBNkVBWjMxbEdUdEVKbmlhejF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+/wMA0E
AgACMAcDBQMqEvxAMA0GCSqGSIb3DQEBCwUAA4IBAQCwA8R/zF5MphiK1REKlP3Y
sROC0ShKyGXUKQxj5qNI2q/Dq/BWzKpCQA5mrLG875VC1/FQD/5Mto3O0RBQM+OD
8+lBBQnLe/sKPANPo/EqsJ7yhbD3fKAuWRnP9I0+6kZBgHXJsZMtuMzPUVZ2oOL3
/BXdE5XUM3reIGvk7PZ5jLBrZ1GG0q4D4OT/miIvOEuhUWvMBk4MJAaWZy2YuR2a
Pw6KSZFfcFWUT4ef9v45O+8vxkkpvm3yQFk/eOqmWNnIdOD46ygOyM23xBTpVQ2i
kqSZeBMqxHvT1JkpBOtQ2gLcdehzsbj27uIcLnjMkwcL9ccflIpDiN0eDhw54e6Q
-----END CERTIFICATE-----