Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/e2d729-ba9e-4723-a368-644bfdceb9f6/1/XolyMeFrw-w4-LDhysbwnQQ898w.roa
File:                     XolyMeFrw-w4-LDhysbwnQQ898w.roa (raw, json)
Hash identifier:          /BGdLu0JzkjUUFAsv/n97c84G46WAxR9DG/8bQOF9fo=
Subject key identifier:   5E:89:72:31:E1:6B:C3:EC:38:F8:B0:E1:CA:C6:F0:9D:04:3C:F7:CC
Certificate issuer:       /CN=edff0ab25662757afb831675319296f63d989b69
Certificate serial:       018CC80186C8263C953D9EBA9FC61FBFCAA0
Authority key identifier: ED:FF:0A:B2:56:62:75:7A:FB:83:16:75:31:92:96:F6:3D:98:9B:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7f8KslZidXr7gxZ1MZKW9j2Ym2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/e2d729-ba9e-4723-a368-644bfdceb9f6/1/XolyMeFrw-w4-LDhysbwnQQ898w.roa
Signing time:             Tue 02 Jan 2024 02:29:52 +0000
ROA not before:           Tue 02 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206556
IP address blocks:        185.182.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/e2d729-ba9e-4723-a368-644bfdceb9f6/1/7f8KslZidXr7gxZ1MZKW9j2Ym2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/e2d729-ba9e-4723-a368-644bfdceb9f6/1/7f8KslZidXr7gxZ1MZKW9j2Ym2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7f8KslZidXr7gxZ1MZKW9j2Ym2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:86:c8:26:3c:95:3d:9e:ba:9f:c6:1f:bf:ca:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edff0ab25662757afb831675319296f63d989b69
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e897231e16bc3ec38f8b0e1cac6f09d043cf7cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:57:4b:62:d1:01:41:b7:2b:3f:28:6b:c5:13:
                    1f:7c:36:fa:ac:d2:33:0a:fd:c4:89:52:38:9c:29:
                    dc:77:71:86:68:dd:38:37:a6:ff:fc:72:77:d7:0c:
                    e6:c3:8b:30:5b:6d:34:b4:57:c8:f7:e1:8a:16:f8:
                    64:a4:33:68:cc:dc:c9:ba:f4:f0:6b:a3:0a:9f:ff:
                    2c:95:ef:1d:c8:08:34:4f:5f:57:54:7b:b5:98:02:
                    7b:eb:fb:89:fb:5b:9a:3b:9e:4a:7c:45:94:cb:9c:
                    80:0c:a4:2a:99:05:6d:7d:ac:fc:74:24:d6:39:9e:
                    8a:dc:9d:97:fe:e8:52:6f:10:0c:57:ea:4b:ff:4f:
                    e3:ff:39:cc:11:ce:09:ec:2d:fb:03:a5:ec:9e:fe:
                    f7:47:f1:c2:70:2e:b8:87:0f:03:03:b9:b5:40:ba:
                    dd:9c:9f:82:80:b7:30:e1:ea:e1:97:7f:14:79:be:
                    82:42:4d:21:6c:7e:d5:90:99:e4:c8:e3:36:27:73:
                    13:40:72:54:9b:39:d3:54:c6:87:02:52:17:b8:a3:
                    d2:d4:b1:5e:f3:d6:59:e2:32:74:c7:a3:fe:f8:1f:
                    83:b3:eb:6e:8f:33:e7:30:16:20:ce:8f:89:0d:75:
                    1a:e3:41:99:42:7a:45:cf:44:3f:59:53:8b:20:ad:
                    38:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:89:72:31:E1:6B:C3:EC:38:F8:B0:E1:CA:C6:F0:9D:04:3C:F7:CC
            X509v3 Authority Key Identifier:
                keyid:ED:FF:0A:B2:56:62:75:7A:FB:83:16:75:31:92:96:F6:3D:98:9B:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f8KslZidXr7gxZ1MZKW9j2Ym2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/e2d729-ba9e-4723-a368-644bfdceb9f6/1/XolyMeFrw-w4-LDhysbwnQQ898w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/e2d729-ba9e-4723-a368-644bfdceb9f6/1/7f8KslZidXr7gxZ1MZKW9j2Ym2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:35:8d:7f:2d:8d:a5:74:fa:e5:bb:bd:1e:f5:56:6b:fc:2e:
         aa:22:3b:df:24:80:2c:c4:ef:17:c0:c7:1b:be:66:bf:0d:59:
         5e:79:89:83:11:dd:c6:25:a5:b3:37:f9:e1:79:92:67:08:88:
         a0:d6:05:15:9e:99:f5:53:e7:cf:c5:51:bb:73:41:97:0c:5d:
         5b:9d:92:4f:d3:ad:4c:ea:4a:bd:df:3f:29:d6:5c:ba:44:30:
         50:9e:9a:e3:99:ed:7c:3b:74:d2:21:05:4b:20:41:85:ee:39:
         c1:2a:f4:90:55:fb:c6:ab:03:de:1d:3f:dd:f2:00:97:ec:b8:
         12:13:e1:e8:4d:59:12:b0:72:ae:75:f7:be:5f:74:32:94:f1:
         86:2e:6b:f9:f7:e9:0b:61:af:bd:f7:82:41:d1:6d:a5:d7:d9:
         c4:ea:09:4a:e8:12:d9:6f:cc:04:c1:7e:2f:f6:cf:02:50:44:
         f2:58:27:11:cc:99:d0:5d:f7:71:10:ca:fa:36:9c:a7:ef:80:
         84:61:8b:eb:c5:7c:9a:47:6e:bb:2e:52:e1:7f:c4:17:ce:1d:
         9b:50:f2:f5:20:63:1f:d3:7b:13:0d:51:f8:80:eb:9e:6b:8c:
         58:8a:f0:3c:4b:18:a6:ee:47:36:b1:de:d7:71:b6:b7:0f:d9:
         d1:c1:4c:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYbIJjyVPZ66n8Yfv8qgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZmYwYWIyNTY2Mjc1N2FmYjgzMTY3NTMxOTI5NmY2M2Q5
ODliNjkwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTg5NzIzMWUxNmJjM2VjMzhmOGIwZTFjYWM2ZjA5ZDA0M2NmN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAildLYtEBQbcrPyhrxRMffDb6rNIz
Cv3EiVI4nCncd3GGaN04N6b//HJ31wzmw4swW200tFfI9+GKFvhkpDNozNzJuvTw
a6MKn/8sle8dyAg0T19XVHu1mAJ76/uJ+1uaO55KfEWUy5yADKQqmQVtfaz8dCTW
OZ6K3J2X/uhSbxAMV+pL/0/j/znMEc4J7C37A6Xsnv73R/HCcC64hw8DA7m1QLrd
nJ+CgLcw4erhl38Ueb6CQk0hbH7VkJnkyOM2J3MTQHJUmznTVMaHAlIXuKPS1LFe
89ZZ4jJ0x6P++B+Ds+tujzPnMBYgzo+JDXUa40GZQnpFz0Q/WVOLIK04BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6JcjHha8PsOPiw4crG8J0EPPfMMB8GA1UdIwQY
MBaAFO3/CrJWYnV6+4MWdTGSlvY9mJtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2Y4S3NsWmlkWHI3Z3haMU1aS1c5ajJZbTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9lMmQ3MjktYmE5ZS00NzIzLWEzNjgt
NjQ0YmZkY2ViOWY2LzEvWG9seU1lRnJ3LXc0LUxEaHlzYnduUVE4OTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9lMmQ3MjktYmE5ZS00NzIzLWEzNjgtNjQ0YmZkY2ViOWY2
LzEvN2Y4S3NsWmlkWHI3Z3haMU1aS1c5ajJZbTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubbvMA0G
CSqGSIb3DQEBCwUAA4IBAQA1NY1/LY2ldPrlu70e9VZr/C6qIjvfJIAsxO8XwMcb
vma/DVleeYmDEd3GJaWzN/nheZJnCIig1gUVnpn1U+fPxVG7c0GXDF1bnZJP061M
6kq93z8p1ly6RDBQnprjme18O3TSIQVLIEGF7jnBKvSQVfvGqwPeHT/d8gCX7LgS
E+HoTVkSsHKudfe+X3QylPGGLmv59+kLYa+994JB0W2l19nE6glK6BLZb8wEwX4v
9s8CUETyWCcRzJnQXfdxEMr6Npyn74CEYYvrxXyaR267LlLhf8QXzh2bUPL1IGMf
03sTDVH4gOuea4xYivA8Sxim7kc2sd7Xcba3D9nRwUwe
-----END CERTIFICATE-----