Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/XQHo_QmwZR6_PNsZViDwQSCHyiM.roa
File:                     XQHo_QmwZR6_PNsZViDwQSCHyiM.roa (raw, json)
Hash identifier:          HFBAz7SavybJpIEVJVs7gNYU7Dj1mOxvLOygF85Ke3Q=
Subject key identifier:   5D:01:E8:FD:09:B0:65:1E:BF:3C:DB:19:56:20:F0:41:20:87:CA:23
Certificate issuer:       /CN=83c103d65a54d6af1efba6ac3e63722028af2bb1
Certificate serial:       018CC64AA541DD0C8691AADEE5BE993DC546
Authority key identifier: 83:C1:03:D6:5A:54:D6:AF:1E:FB:A6:AC:3E:63:72:20:28:AF:2B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g8ED1lpU1q8e-6asPmNyICivK7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/XQHo_QmwZR6_PNsZViDwQSCHyiM.roa
Signing time:             Mon 01 Jan 2024 18:30:29 +0000
ROA not before:           Mon 01 Jan 2024 18:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139070
IP address blocks:        66.22.229.0/24 maxlen: 24
                          66.22.228.0/24 maxlen: 24
                          66.22.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/g8ED1lpU1q8e-6asPmNyICivK7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/g8ED1lpU1q8e-6asPmNyICivK7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g8ED1lpU1q8e-6asPmNyICivK7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a5:41:dd:0c:86:91:aa:de:e5:be:99:3d:c5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83c103d65a54d6af1efba6ac3e63722028af2bb1
        Validity
            Not Before: Jan  1 18:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d01e8fd09b0651ebf3cdb195620f0412087ca23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1e:55:f0:2a:eb:04:91:85:d2:81:84:e1:47:
                    81:8a:ed:b3:d7:95:1a:04:c0:d0:91:86:4c:f6:1c:
                    14:b7:2c:10:98:68:34:db:d1:e6:f0:06:83:58:4b:
                    a8:53:f1:78:62:cb:b1:38:96:37:34:65:1d:b1:b4:
                    38:3e:18:e0:d2:bd:27:bd:1a:2e:68:6c:ed:bf:ad:
                    f1:72:3a:77:a5:2f:95:42:8d:10:4b:76:ee:a9:27:
                    ab:c4:9d:9d:ad:e8:45:5e:a6:e5:4e:84:72:db:38:
                    3a:2c:c4:0c:8d:e6:66:fa:de:7d:d4:7c:4f:ed:7f:
                    bb:33:c2:b4:f2:96:41:07:3b:7e:1f:f6:d0:fa:fc:
                    12:bb:d9:e6:7b:41:a3:c9:27:41:25:75:bf:69:11:
                    ae:25:39:25:2d:39:34:23:3b:14:97:3d:24:96:65:
                    4f:bd:61:c6:10:91:ea:d4:e1:c6:03:e9:20:24:19:
                    d3:9b:11:b6:f0:a4:02:9d:57:29:34:ab:90:8c:69:
                    0d:8f:42:03:4e:2c:06:22:b3:21:41:7a:2b:40:d5:
                    44:61:cb:dc:a8:f8:be:59:57:6f:57:19:78:95:db:
                    f5:de:04:8d:c2:d5:ad:8d:28:5f:de:cb:09:1e:f0:
                    f7:d6:73:2e:6a:12:05:a1:b8:a6:56:6c:96:2e:65:
                    f2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:01:E8:FD:09:B0:65:1E:BF:3C:DB:19:56:20:F0:41:20:87:CA:23
            X509v3 Authority Key Identifier:
                keyid:83:C1:03:D6:5A:54:D6:AF:1E:FB:A6:AC:3E:63:72:20:28:AF:2B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g8ED1lpU1q8e-6asPmNyICivK7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/XQHo_QmwZR6_PNsZViDwQSCHyiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/081bd4-1210-4021-a864-b50cf5f2aa22/1/g8ED1lpU1q8e-6asPmNyICivK7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.22.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:50:3a:cd:80:7e:3a:8a:47:30:18:1e:df:e0:0f:af:9c:d7:
         be:4a:ae:ad:47:cc:99:04:c8:e2:09:6c:88:86:ca:33:49:05:
         4b:2c:97:24:e4:b3:17:60:c6:b5:48:cf:89:00:db:16:98:07:
         e4:4a:5b:62:cb:5d:cf:c0:53:5c:66:06:fe:d4:ac:9e:3c:d2:
         dd:17:7f:e6:44:7c:e6:13:17:7c:b0:71:e5:0b:ea:24:10:30:
         b0:fd:04:a2:5a:4b:24:e3:03:c2:e2:89:ba:20:28:f0:ca:7f:
         c9:8c:e3:be:5a:28:64:cf:0e:b0:30:b6:30:48:05:41:40:90:
         17:87:ee:32:2e:51:fd:cf:ee:a5:e4:87:4b:55:3a:bd:a2:56:
         93:89:a1:57:6c:88:8c:f0:81:fc:95:56:e0:cb:22:f9:d8:b2:
         4a:7e:8a:77:8c:be:5a:79:6a:7e:83:8e:49:6f:50:d2:a6:67:
         2f:8f:23:e4:df:16:28:6a:4f:ae:cb:c6:fc:7a:46:a2:bf:a9:
         5e:28:6d:aa:d1:1f:1b:3a:0f:78:77:6d:5b:fb:f8:e2:35:58:
         46:08:06:dd:4f:68:06:f0:2f:2e:b8:01:bb:f2:34:00:65:67:
         8f:82:94:b6:0a:17:a9:b1:30:81:f8:f0:c9:23:ec:55:36:6f:
         1e:0e:5b:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqVB3QyGkare5b6ZPcVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYzEwM2Q2NWE1NGQ2YWYxZWZiYTZhYzNlNjM3MjIwMjhh
ZjJiYjEwHhcNMjQwMTAxMTgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAxZThmZDA5YjA2NTFlYmYzY2RiMTk1NjIwZjA0MTIwODdjYTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh5V8CrrBJGF0oGE4UeBiu2z15Ua
BMDQkYZM9hwUtywQmGg029Hm8AaDWEuoU/F4YsuxOJY3NGUdsbQ4Phjg0r0nvRou
aGztv63xcjp3pS+VQo0QS3buqSerxJ2drehFXqblToRy2zg6LMQMjeZm+t591HxP
7X+7M8K08pZBBzt+H/bQ+vwSu9nme0GjySdBJXW/aRGuJTklLTk0IzsUlz0klmVP
vWHGEJHq1OHGA+kgJBnTmxG28KQCnVcpNKuQjGkNj0IDTiwGIrMhQXorQNVEYcvc
qPi+WVdvVxl4ldv13gSNwtWtjShf3ssJHvD31nMuahIFobimVmyWLmXyQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0B6P0JsGUevzzbGVYg8EEgh8ojMB8GA1UdIwQY
MBaAFIPBA9ZaVNavHvumrD5jciAoryuxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzhFRDFscFUxcThlLTZhc1BtTnlJQ2l2SzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wODFiZDQtMTIxMC00MDIxLWE4NjQt
YjUwY2Y1ZjJhYTIyLzEvWFFIb19RbXdaUjZfUE5zWlZpRHdRU0NIeWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wODFiZDQtMTIxMC00MDIxLWE4NjQtYjUwY2Y1ZjJhYTIy
LzEvZzhFRDFscFUxcThlLTZhc1BtTnlJQ2l2SzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBQhbkMA0G
CSqGSIb3DQEBCwUAA4IBAQCSUDrNgH46ikcwGB7f4A+vnNe+Sq6tR8yZBMjiCWyI
hsozSQVLLJck5LMXYMa1SM+JANsWmAfkSltiy13PwFNcZgb+1KyePNLdF3/mRHzm
Exd8sHHlC+okEDCw/QSiWksk4wPC4om6ICjwyn/JjOO+Wihkzw6wMLYwSAVBQJAX
h+4yLlH9z+6l5IdLVTq9olaTiaFXbIiM8IH8lVbgyyL52LJKfop3jL5aeWp+g45J
b1DSpmcvjyPk3xYoak+uy8b8ekaiv6leKG2q0R8bOg94d21b+/jiNVhGCAbdT2gG
8C8uuAG78jQAZWePgpS2ChepsTCB+PDJI+xVNm8eDluP
-----END CERTIFICATE-----