Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Xx8dhhqLoyOsONJff7ACko0qlEI.roa
File:                     Xx8dhhqLoyOsONJff7ACko0qlEI.roa (raw, json)
Hash identifier:          QQEwKuUsGbWiDqtDUzO3XpVMKH0nCRyvTLhpaov8Bio=
Subject key identifier:   5F:1F:1D:86:1A:8B:A3:23:AC:38:D2:5F:7F:B0:02:92:8D:2A:94:42
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018DB796FBA8D5E4986724AB3427239F4F76
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Xx8dhhqLoyOsONJff7ACko0qlEI.roa
Signing time:             Sat 17 Feb 2024 15:02:21 +0000
ROA not before:           Sat 17 Feb 2024 15:02:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48014
IP address blocks:        185.187.154.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b7:96:fb:a8:d5:e4:98:67:24:ab:34:27:23:9f:4f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Feb 17 15:02:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f1f1d861a8ba323ac38d25f7fb002928d2a9442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:11:2b:ab:6a:8a:e0:b4:9e:86:43:0c:76:ce:
                    3d:50:89:7e:4b:b9:0a:b3:34:e1:df:13:98:c4:3b:
                    8b:ed:40:d0:24:d0:2c:1e:2d:87:8d:91:e1:f3:c6:
                    a2:94:11:e1:f8:7e:2a:00:20:2a:92:46:aa:cb:0f:
                    2a:c2:79:c9:29:b6:64:57:17:16:23:0a:cf:42:dc:
                    c2:ce:b4:35:3a:7e:a8:a1:96:58:34:e6:38:77:33:
                    63:7b:b0:52:f8:b2:b2:3b:45:e6:65:10:b1:74:d9:
                    2b:e3:b4:ad:70:e1:dc:d6:bf:f6:fd:2d:ec:8a:ab:
                    35:21:32:8d:bf:a4:35:97:53:2f:42:87:ba:d6:1b:
                    0a:d8:7d:fc:2d:df:99:f8:21:46:58:98:74:89:4d:
                    69:b3:6e:60:4f:87:17:41:29:e7:d3:7d:b3:be:43:
                    71:01:6c:55:06:71:15:df:36:2f:5c:b8:6f:08:b6:
                    1e:11:36:4a:2f:e3:e1:9d:89:03:d6:36:c1:2a:c8:
                    a9:37:03:6a:df:cb:20:04:2e:f9:3a:e5:44:1a:95:
                    35:d4:45:eb:a3:4b:89:e5:1d:57:09:30:b5:7e:dc:
                    20:ba:69:64:ca:21:29:db:c1:32:74:16:7b:a7:57:
                    5b:ab:6b:74:f4:a6:ff:d7:06:59:4d:76:d4:4d:2e:
                    b1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1F:1D:86:1A:8B:A3:23:AC:38:D2:5F:7F:B0:02:92:8D:2A:94:42
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/Xx8dhhqLoyOsONJff7ACko0qlEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a3:c2:45:2e:b8:52:4b:8d:8e:e9:33:d3:be:a3:83:54:df:
         e1:27:7a:03:01:0f:07:97:4c:05:41:61:db:c1:ab:1c:ef:e3:
         a4:12:7d:a1:b8:6e:00:86:1c:94:3a:ea:c5:63:78:59:76:7d:
         f8:47:21:98:3d:ed:93:10:22:72:f5:36:40:e3:b2:1a:dd:fe:
         07:ae:36:70:05:33:5d:fd:c9:c6:c4:11:92:1a:ef:7a:63:05:
         52:d7:99:23:00:c8:c6:b3:32:b0:f3:27:c7:d4:f0:27:f0:4b:
         56:f5:16:ee:fb:dc:2d:04:0c:0f:9f:dd:9a:d4:84:54:b6:ee:
         a8:b5:26:77:c8:64:dd:6e:a8:b9:7e:dc:9d:ea:a6:be:7c:13:
         52:cb:1d:7a:ac:3a:8d:a9:15:fa:ec:d7:84:8c:3d:5d:ee:29:
         31:6f:5a:ef:fb:14:bd:a0:b1:89:e2:0d:fd:0d:47:f5:b7:ec:
         f7:5a:69:72:91:c1:b8:dd:23:b8:b3:f9:c8:ef:b9:c8:6d:9a:
         6d:14:2a:54:d0:5b:36:99:36:55:13:d3:7b:71:b2:66:06:f5:
         ee:59:f2:b6:c0:a2:1f:89:6a:b1:6e:15:1e:d4:28:99:60:52:
         05:5d:20:eb:33:14:8e:1c:55:09:72:21:65:0d:dd:0d:00:2d:
         d4:28:b3:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY23lvuo1eSYZySrNCcjn092MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMjE3MTUwMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFmMWQ4NjFhOGJhMzIzYWMzOGQyNWY3ZmIwMDI5MjhkMmE5NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhErq2qK4LSehkMMds49UIl+S7kK
szTh3xOYxDuL7UDQJNAsHi2HjZHh88ailBHh+H4qACAqkkaqyw8qwnnJKbZkVxcW
IwrPQtzCzrQ1On6ooZZYNOY4dzNje7BS+LKyO0XmZRCxdNkr47StcOHc1r/2/S3s
iqs1ITKNv6Q1l1MvQoe61hsK2H38Ld+Z+CFGWJh0iU1ps25gT4cXQSnn032zvkNx
AWxVBnEV3zYvXLhvCLYeETZKL+PhnYkD1jbBKsipNwNq38sgBC75OuVEGpU11EXr
o0uJ5R1XCTC1ftwgumlkyiEp28EydBZ7p1dbq2t09Kb/1wZZTXbUTS6xpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8fHYYai6MjrDjSX3+wApKNKpRCMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvWHg4ZGhocUxveU9zT05KZmY3QUNrbzBxbEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubuaMA0G
CSqGSIb3DQEBCwUAA4IBAQBLo8JFLrhSS42O6TPTvqODVN/hJ3oDAQ8Hl0wFQWHb
wasc7+OkEn2huG4AhhyUOurFY3hZdn34RyGYPe2TECJy9TZA47Ia3f4HrjZwBTNd
/cnGxBGSGu96YwVS15kjAMjGszKw8yfH1PAn8EtW9Rbu+9wtBAwPn92a1IRUtu6o
tSZ3yGTdbqi5ftyd6qa+fBNSyx16rDqNqRX67NeEjD1d7ikxb1rv+xS9oLGJ4g39
DUf1t+z3WmlykcG43SO4s/nI77nIbZptFCpU0Fs2mTZVE9N7cbJmBvXuWfK2wKIf
iWqxbhUe1CiZYFIFXSDrMxSOHFUJciFlDd0NAC3UKLPj
-----END CERTIFICATE-----