Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/XbcIr4k0XVRG-8uo4FkgO4YUFq0.roa
File:                     XbcIr4k0XVRG-8uo4FkgO4YUFq0.roa (raw, json)
Hash identifier:          lQJdVQHTBqV2U2NJMCnJE7LfqISCdjg3nHQkJFLdogA=
Subject key identifier:   5D:B7:08:AF:89:34:5D:54:46:FB:CB:A8:E0:59:20:3B:86:14:16:AD
Certificate issuer:       /CN=696c67867e0e202248e7f5e3cbd574bd1a32fe3f
Certificate serial:       018CC26D27BCD1AA5FF9CDAAACE9BC113912
Authority key identifier: 69:6C:67:86:7E:0E:20:22:48:E7:F5:E3:CB:D5:74:BD:1A:32:FE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aWxnhn4OICJI5_Xjy9V0vRoy_j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/XbcIr4k0XVRG-8uo4FkgO4YUFq0.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8851
IP address blocks:        163.119.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/aWxnhn4OICJI5_Xjy9V0vRoy_j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/aWxnhn4OICJI5_Xjy9V0vRoy_j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aWxnhn4OICJI5_Xjy9V0vRoy_j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:27:bc:d1:aa:5f:f9:cd:aa:ac:e9:bc:11:39:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=696c67867e0e202248e7f5e3cbd574bd1a32fe3f
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db708af89345d5446fbcba8e059203b861416ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9a:37:65:c6:90:5b:22:52:40:7f:ec:22:2f:
                    c6:fb:fc:11:af:30:04:4a:ef:5e:12:d5:d8:05:0b:
                    60:ec:b5:7e:c1:51:e2:1a:09:5a:d7:e1:d2:c6:2d:
                    a2:87:a9:bd:10:af:a9:94:8e:cc:fb:1b:85:75:29:
                    49:1f:ff:c7:04:c9:97:08:1e:ab:be:ea:3a:62:e0:
                    6e:38:e8:18:c9:21:9c:e5:46:8f:8a:ed:04:7d:98:
                    28:6d:50:42:18:f7:20:01:d9:0e:00:dd:4d:16:d7:
                    c1:d9:04:63:44:eb:32:25:94:95:a2:d5:5d:e6:c6:
                    ec:5a:55:d6:e4:39:ac:b7:4b:a1:de:c1:3c:9e:09:
                    2d:f9:fc:71:d2:21:1b:d1:0b:e3:7d:51:5c:a2:e6:
                    68:da:1f:1f:8a:74:9e:c0:5c:03:28:de:be:41:b6:
                    6f:bf:1f:28:5e:9c:0f:1b:24:e2:3c:30:8e:4e:81:
                    8d:9a:71:e1:f2:18:e5:6f:3c:08:ff:04:b3:7c:61:
                    1a:de:38:39:8d:94:8d:12:7e:70:2c:6c:39:87:ad:
                    81:2d:0e:87:c5:45:30:b0:c4:d4:2e:c3:20:8f:05:
                    56:54:83:0f:f4:2a:48:0d:fc:68:97:29:7a:3e:bb:
                    ee:5d:0c:bc:c4:10:3b:e1:6c:df:ff:26:ec:27:8f:
                    44:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B7:08:AF:89:34:5D:54:46:FB:CB:A8:E0:59:20:3B:86:14:16:AD
            X509v3 Authority Key Identifier:
                keyid:69:6C:67:86:7E:0E:20:22:48:E7:F5:E3:CB:D5:74:BD:1A:32:FE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aWxnhn4OICJI5_Xjy9V0vRoy_j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/XbcIr4k0XVRG-8uo4FkgO4YUFq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ec0453-7e8f-41b1-85d1-1cb1a8f80238/1/aWxnhn4OICJI5_Xjy9V0vRoy_j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.119.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:57:87:c1:e3:cb:a9:80:a9:ad:f0:5d:85:56:d9:ac:d5:51:
         3d:72:9d:a9:f5:d9:95:8c:97:cc:71:74:b8:5c:6c:7e:8b:2d:
         95:71:5c:12:c6:de:2b:48:f2:ce:10:24:4d:90:07:d6:73:9c:
         97:ee:b1:35:39:72:6e:26:29:67:02:60:70:5a:52:4f:2d:c4:
         6a:68:c7:a0:1b:72:1a:79:22:39:d8:cf:c0:76:ae:c2:01:65:
         f2:cc:ce:8d:c1:b9:9d:bb:b6:e9:34:a9:89:21:0f:55:2f:33:
         5d:0f:23:ff:c3:71:45:8a:a0:3c:92:f5:54:f5:94:5c:70:80:
         25:cb:af:06:69:ce:5a:91:c7:bd:89:e1:6d:69:f1:da:a7:5e:
         a5:f2:57:c1:c8:d2:3a:2d:c9:db:0c:e2:28:f5:a7:75:1b:ab:
         16:2b:bf:8a:de:31:8a:d2:75:ad:91:fa:0c:65:80:77:85:3d:
         f1:4e:9f:95:d9:fb:f3:2c:ba:45:60:8f:45:27:53:60:7d:90:
         69:57:05:e4:cd:07:c3:65:d7:8a:b4:2f:fd:94:e2:d3:45:07:
         07:ac:f0:ec:3a:0b:d2:09:cc:6b:7b:8a:85:99:b2:0b:77:ec:
         c6:43:df:52:6e:9c:54:95:90:7f:90:65:76:34:75:89:8b:12:
         84:5e:97:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSe80apf+c2qrOm8ETkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NmM2Nzg2N2UwZTIwMjI0OGU3ZjVlM2NiZDU3NGJkMWEz
MmZlM2YwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI3MDhhZjg5MzQ1ZDU0NDZmYmNiYThlMDU5MjAzYjg2MTQxNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJo3ZcaQWyJSQH/sIi/G+/wRrzAE
Su9eEtXYBQtg7LV+wVHiGgla1+HSxi2ih6m9EK+plI7M+xuFdSlJH//HBMmXCB6r
vuo6YuBuOOgYySGc5UaPiu0EfZgobVBCGPcgAdkOAN1NFtfB2QRjROsyJZSVotVd
5sbsWlXW5Dmst0uh3sE8ngkt+fxx0iEb0QvjfVFcouZo2h8finSewFwDKN6+QbZv
vx8oXpwPGyTiPDCOToGNmnHh8hjlbzwI/wSzfGEa3jg5jZSNEn5wLGw5h62BLQ6H
xUUwsMTULsMgjwVWVIMP9CpIDfxolyl6PrvuXQy8xBA74Wzf/ybsJ49EowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF23CK+JNF1URvvLqOBZIDuGFBatMB8GA1UdIwQY
MBaAFGlsZ4Z+DiAiSOf148vVdL0aMv4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVd4bmhuNE9JQ0pJNV9Yank5VjB2Um95X2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYzA0NTMtN2U4Zi00MWIxLTg1ZDEt
MWNiMWE4ZjgwMjM4LzEvWGJjSXI0azBYVlJHLTh1bzRGa2dPNFlVRnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYzA0NTMtN2U4Zi00MWIxLTg1ZDEtMWNiMWE4ZjgwMjM4
LzEvYVd4bmhuNE9JQ0pJNV9Yank5VjB2Um95X2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo3cEMA0G
CSqGSIb3DQEBCwUAA4IBAQB9V4fB48upgKmt8F2FVtms1VE9cp2p9dmVjJfMcXS4
XGx+iy2VcVwSxt4rSPLOECRNkAfWc5yX7rE1OXJuJilnAmBwWlJPLcRqaMegG3Ia
eSI52M/Adq7CAWXyzM6Nwbmdu7bpNKmJIQ9VLzNdDyP/w3FFiqA8kvVU9ZRccIAl
y68Gac5akce9ieFtafHap16l8lfByNI6LcnbDOIo9ad1G6sWK7+K3jGK0nWtkfoM
ZYB3hT3xTp+V2fvzLLpFYI9FJ1NgfZBpVwXkzQfDZdeKtC/9lOLTRQcHrPDsOgvS
Ccxre4qFmbILd+zGQ99SbpxUlZB/kGV2NHWJixKEXpdm
-----END CERTIFICATE-----