Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/XY4wLAl0VlNWCyWnMdB-bJghatY.roa
File:                     XY4wLAl0VlNWCyWnMdB-bJghatY.roa (raw, json)
Hash identifier:          H6myDcAyI2n4SuSsbFdQL4R5Qw5wOr4KH4gMspkrKJg=
Subject key identifier:   5D:8E:30:2C:09:74:56:53:56:0B:25:A7:31:D0:7E:6C:98:21:6A:D6
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018CC86F871364DABA22E4DFBCF65527EF27
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/XY4wLAl0VlNWCyWnMdB-bJghatY.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199329
IP address blocks:        212.49.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:87:13:64:da:ba:22:e4:df:bc:f6:55:27:ef:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d8e302c09745653560b25a731d07e6c98216ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:da:80:a2:e5:f3:59:e3:02:16:49:b1:ca:37:
                    5d:f3:4e:c8:71:cc:2b:98:bf:0f:a4:7f:b3:98:e3:
                    2a:81:19:fe:52:d9:89:b2:9d:29:c1:2d:d9:d4:90:
                    52:3e:b9:b7:9b:88:c5:3b:60:aa:b8:3e:63:55:07:
                    05:3d:52:40:75:d7:8b:3e:12:0d:1d:93:ad:8f:b8:
                    4d:de:92:e9:58:a0:d9:48:f1:68:05:88:ad:a2:78:
                    fe:51:e9:cf:c2:a9:62:d7:14:0f:82:89:25:1d:f6:
                    24:86:31:e3:7e:62:16:c5:8e:e0:84:b6:a7:a6:ef:
                    2e:4a:04:55:04:a5:da:6f:fd:89:62:8d:e5:14:f7:
                    51:4f:c7:cb:e2:34:bb:ae:a1:da:9b:5b:93:1a:d1:
                    d5:ca:90:10:d8:f9:d1:16:83:3b:89:94:f1:c2:24:
                    a0:53:fb:4d:72:27:56:d1:38:79:38:3d:64:8b:8c:
                    0b:da:23:d8:7b:a3:6d:41:41:0d:a4:f7:aa:17:ee:
                    1b:b4:fc:b0:75:81:35:33:26:f9:5d:49:77:5b:87:
                    33:81:39:7a:13:60:8b:03:d1:37:f6:ac:c9:76:69:
                    cb:46:de:fb:c5:6e:84:6d:f8:91:c4:6c:2a:d6:99:
                    fc:fa:4e:aa:49:2c:97:ea:b5:34:6e:20:33:24:82:
                    3e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:8E:30:2C:09:74:56:53:56:0B:25:A7:31:D0:7E:6C:98:21:6A:D6
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/XY4wLAl0VlNWCyWnMdB-bJghatY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.49.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0f:1b:3b:07:74:b2:31:3b:3b:7a:e3:e7:5b:0f:ca:a2:a7:
         ba:cb:28:4b:6f:6a:e9:03:73:e1:6a:0e:dc:03:68:ae:f3:a5:
         ad:d1:df:25:72:59:f7:2f:45:c2:3d:01:f0:56:9d:ff:9b:f5:
         cb:9c:74:c2:0c:d8:20:37:17:07:6c:be:a7:cc:8b:c9:0c:2f:
         94:3e:14:a6:98:dc:8f:50:f9:9f:2b:78:ef:5c:e4:c0:17:d3:
         5e:9e:2e:cc:90:46:fb:80:6f:72:5f:be:62:d5:ff:61:42:a3:
         9b:b3:fd:a0:5e:2d:be:6e:e7:75:e3:fe:77:0f:76:a3:2e:73:
         d4:b7:f6:a9:a2:19:37:d5:df:1d:78:e7:8e:38:93:cd:9e:b1:
         7b:0c:f1:68:3a:59:b5:a2:7d:e7:ad:fa:ca:2c:61:c4:7f:38:
         65:4a:82:7f:43:09:70:b6:5d:50:1f:6c:17:99:49:4a:28:3f:
         e2:3b:44:d8:53:b4:cb:1c:a5:a3:1d:b4:d5:69:b1:a8:24:5f:
         d7:3d:48:b7:ed:b6:27:63:a5:74:d9:87:4c:38:47:97:17:5b:
         fc:01:11:a4:51:ad:b9:89:9f:24:bc:ab:c9:14:8f:d8:c8:6b:
         3c:de:23:78:39:a1:8e:9a:d7:b9:2b:8d:94:3e:26:f0:4d:64:
         02:ce:c7:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4cTZNq6IuTfvPZVJ+8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDhlMzAyYzA5NzQ1NjUzNTYwYjI1YTczMWQwN2U2Yzk4MjE2YWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9dqAouXzWeMCFkmxyjdd807Iccwr
mL8PpH+zmOMqgRn+UtmJsp0pwS3Z1JBSPrm3m4jFO2CquD5jVQcFPVJAddeLPhIN
HZOtj7hN3pLpWKDZSPFoBYitonj+UenPwqli1xQPgoklHfYkhjHjfmIWxY7ghLan
pu8uSgRVBKXab/2JYo3lFPdRT8fL4jS7rqHam1uTGtHVypAQ2PnRFoM7iZTxwiSg
U/tNcidW0Th5OD1ki4wL2iPYe6NtQUENpPeqF+4btPywdYE1Myb5XUl3W4czgTl6
E2CLA9E39qzJdmnLRt77xW6EbfiRxGwq1pn8+k6qSSyX6rU0biAzJII+qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2OMCwJdFZTVgslpzHQfmyYIWrWMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvWFk0d0xBbDBWbE5XQ3lXbk1kQi1iSmdoYXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DG0MA0G
CSqGSIb3DQEBCwUAA4IBAQCHDxs7B3SyMTs7euPnWw/Koqe6yyhLb2rpA3Phag7c
A2iu86Wt0d8lcln3L0XCPQHwVp3/m/XLnHTCDNggNxcHbL6nzIvJDC+UPhSmmNyP
UPmfK3jvXOTAF9Neni7MkEb7gG9yX75i1f9hQqObs/2gXi2+bud14/53D3ajLnPU
t/apohk31d8deOeOOJPNnrF7DPFoOlm1on3nrfrKLGHEfzhlSoJ/Qwlwtl1QH2wX
mUlKKD/iO0TYU7TLHKWjHbTVabGoJF/XPUi37bYnY6V02YdMOEeXF1v8ARGkUa25
iZ8kvKvJFI/YyGs83iN4OaGOmte5K42UPibwTWQCzse2
-----END CERTIFICATE-----