Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa
File:                     XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa (raw, json)
Hash identifier:          D68XlNj2mdySEYDrG+BPbqyqwQFh13I4bxYHFK+QOLQ=
Subject key identifier:   5D:49:B1:B3:80:E1:03:32:CD:06:E2:C6:CD:45:44:5C:DE:86:75:7A
Certificate issuer:       /CN=ed2fa686d18c8020afc6adf55afdbe660dbaac15
Certificate serial:       018CC794C23B62E8E1C5E8AF242A2D374151
Authority key identifier: ED:2F:A6:86:D1:8C:80:20:AF:C6:AD:F5:5A:FD:BE:66:0D:BA:AC:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7S-mhtGMgCCvxq31Wv2-Zg26rBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa
Signing time:             Tue 02 Jan 2024 00:31:04 +0000
ROA not before:           Tue 02 Jan 2024 00:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212870
IP address blocks:        212.104.212.0/22 maxlen: 22
                          91.198.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/7S-mhtGMgCCvxq31Wv2-Zg26rBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/7S-mhtGMgCCvxq31Wv2-Zg26rBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7S-mhtGMgCCvxq31Wv2-Zg26rBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:c2:3b:62:e8:e1:c5:e8:af:24:2a:2d:37:41:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed2fa686d18c8020afc6adf55afdbe660dbaac15
        Validity
            Not Before: Jan  2 00:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d49b1b380e10332cd06e2c6cd45445cde86757a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8b:03:65:45:3d:cc:d5:ff:8a:05:62:0f:40:
                    aa:41:51:b8:5b:0d:ad:14:6f:b5:c4:5e:2d:65:3b:
                    77:bf:a5:86:cf:50:ad:88:1c:6c:4e:92:f9:19:4a:
                    4a:f0:5a:91:c7:36:0d:f9:a2:64:4d:22:dc:01:0a:
                    5f:7e:65:45:71:80:17:37:84:90:1d:3c:06:ec:b1:
                    76:7d:15:01:05:18:e4:1b:6b:71:f4:f1:b3:85:06:
                    33:12:3f:ce:ae:63:3c:7c:9d:52:8b:e7:ec:68:b9:
                    da:b7:93:1a:26:7d:cc:6d:66:5c:5b:3e:4c:ac:a2:
                    c3:e6:8a:b5:34:ee:26:0f:bd:63:6d:86:3b:f7:b0:
                    77:c8:c8:fc:3e:ff:1b:8e:bc:39:35:66:be:7f:56:
                    eb:58:4e:72:9f:ab:0f:db:21:94:ca:81:23:5c:ab:
                    5d:67:9e:b0:b8:dc:7d:1d:49:cd:8a:4d:1c:87:37:
                    e8:fd:81:49:4e:56:66:85:cf:6d:f3:60:8f:60:40:
                    47:58:73:2b:37:64:d9:23:3d:67:0a:d2:cf:52:1b:
                    00:ea:eb:bf:b5:11:7d:e8:5d:ff:99:cb:60:59:16:
                    d9:16:ff:54:b0:75:c1:70:19:b0:b3:59:e5:0b:2c:
                    64:c4:5f:d8:5f:6a:94:a6:79:31:8b:0b:0a:79:94:
                    21:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:49:B1:B3:80:E1:03:32:CD:06:E2:C6:CD:45:44:5C:DE:86:75:7A
            X509v3 Authority Key Identifier:
                keyid:ED:2F:A6:86:D1:8C:80:20:AF:C6:AD:F5:5A:FD:BE:66:0D:BA:AC:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7S-mhtGMgCCvxq31Wv2-Zg26rBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/XUmxs4DhAzLNBuLGzUVEXN6GdXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d78fc5-bf3e-4686-8d85-c33f8a21122c/1/7S-mhtGMgCCvxq31Wv2-Zg26rBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.188.0/24
                  212.104.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:88:cd:3d:47:71:01:ae:7f:64:c0:22:d6:91:f8:63:29:7e:
         4d:64:ea:cc:97:3e:9c:14:3d:43:ab:42:c8:32:cd:20:77:3c:
         de:b2:f4:ec:2e:b7:a5:0d:47:a1:6c:e3:81:4b:5c:b3:df:01:
         88:16:89:df:0e:5d:89:88:b9:c2:5a:84:1a:6d:89:79:b2:af:
         b3:fe:64:a0:5f:35:26:68:2f:4a:cc:6b:0d:b7:2c:5f:2d:74:
         67:30:11:12:01:93:be:fb:8c:50:b5:f1:37:36:eb:05:e1:70:
         e0:d8:fd:bc:bb:fc:87:25:ad:cd:01:fa:ee:58:ee:a3:cf:41:
         9f:4c:52:45:db:18:0f:56:0b:f5:08:bc:0a:ed:df:c3:f8:df:
         bf:a1:f5:a1:e2:c6:46:73:f9:66:01:9e:c3:4d:cd:03:41:51:
         5a:00:16:1f:9a:b2:26:d0:5b:da:da:a3:dc:79:c9:a1:c5:0a:
         74:3a:da:ee:0d:fc:9d:e8:69:64:b1:3e:d7:3b:ea:4e:9c:28:
         40:4b:ee:6a:e2:ab:3c:3f:a5:33:2b:8a:ee:af:48:98:70:a9:
         1a:77:a3:24:8f:65:16:72:e0:20:30:23:cf:65:62:43:91:c3:
         dc:6e:17:9f:fb:14:c2:67:23:b3:ed:ad:7c:90:50:9e:76:09:
         fa:37:54:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlMI7YujhxeivJCotN0FRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMmZhNjg2ZDE4YzgwMjBhZmM2YWRmNTVhZmRiZTY2MGRi
YWFjMTUwHhcNMjQwMTAyMDAzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQ5YjFiMzgwZTEwMzMyY2QwNmUyYzZjZDQ1NDQ1Y2RlODY3NTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIsDZUU9zNX/igViD0CqQVG4Ww2t
FG+1xF4tZTt3v6WGz1CtiBxsTpL5GUpK8FqRxzYN+aJkTSLcAQpffmVFcYAXN4SQ
HTwG7LF2fRUBBRjkG2tx9PGzhQYzEj/OrmM8fJ1Si+fsaLnat5MaJn3MbWZcWz5M
rKLD5oq1NO4mD71jbYY797B3yMj8Pv8bjrw5NWa+f1brWE5yn6sP2yGUyoEjXKtd
Z56wuNx9HUnNik0chzfo/YFJTlZmhc9t82CPYEBHWHMrN2TZIz1nCtLPUhsA6uu/
tRF96F3/mctgWRbZFv9UsHXBcBmws1nlCyxkxF/YX2qUpnkxiwsKeZQh9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF1JsbOA4QMyzQbixs1FRFzehnV6MB8GA1UdIwQY
MBaAFO0vpobRjIAgr8at9Vr9vmYNuqwVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1MtbWh0R01nQ0N2eHEzMVd2Mi1aZzI2ckJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kNzhmYzUtYmYzZS00Njg2LThkODUt
YzMzZjhhMjExMjJjLzEvWFVteHM0RGhBekxOQnVMR3pVVkVYTjZHZFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kNzhmYzUtYmYzZS00Njg2LThkODUtYzMzZjhhMjExMjJj
LzEvN1MtbWh0R01nQ0N2eHEzMVd2Mi1aZzI2ckJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8a8AwQC
1GjUMA0GCSqGSIb3DQEBCwUAA4IBAQCHiM09R3EBrn9kwCLWkfhjKX5NZOrMlz6c
FD1Dq0LIMs0gdzzesvTsLrelDUehbOOBS1yz3wGIFonfDl2JiLnCWoQabYl5sq+z
/mSgXzUmaC9KzGsNtyxfLXRnMBESAZO++4xQtfE3NusF4XDg2P28u/yHJa3NAfru
WO6jz0GfTFJF2xgPVgv1CLwK7d/D+N+/ofWh4sZGc/lmAZ7DTc0DQVFaABYfmrIm
0Fva2qPcecmhxQp0OtruDfyd6GlksT7XO+pOnChAS+5q4qs8P6UzK4rur0iYcKka
d6Mkj2UWcuAgMCPPZWJDkcPcbhef+xTCZyOz7a18kFCedgn6N1Rs
-----END CERTIFICATE-----