Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/390837-2b7b-4684-9557-69c7ea5d8714/1/XHNoszxm0532vuZMbAgVjqgc4K0.roa
File:                     XHNoszxm0532vuZMbAgVjqgc4K0.roa (raw, json)
Hash identifier:          l+c4VqLNlk1/VKP5mF/z1cmXUx2uW0hAey9fSowREzg=
Subject key identifier:   5C:73:68:B3:3C:66:D3:9D:F6:BE:E6:4C:6C:08:15:8E:A8:1C:E0:AD
Certificate issuer:       /CN=162fee2e6906e0cfd7c94c37c64fabf41e14c7b6
Certificate serial:       0190CA7192FA8349D18302FA4ACBEF3AE1E1
Authority key identifier: 16:2F:EE:2E:69:06:E0:CF:D7:C9:4C:37:C6:4F:AB:F4:1E:14:C7:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fi_uLmkG4M_XyUw3xk-r9B4Ux7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/390837-2b7b-4684-9557-69c7ea5d8714/1/XHNoszxm0532vuZMbAgVjqgc4K0.roa
Signing time:             Fri 19 Jul 2024 10:02:39 +0000
ROA not before:           Fri 19 Jul 2024 10:02:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35306
IP address blocks:        193.239.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/390837-2b7b-4684-9557-69c7ea5d8714/1/Fi_uLmkG4M_XyUw3xk-r9B4Ux7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/390837-2b7b-4684-9557-69c7ea5d8714/1/Fi_uLmkG4M_XyUw3xk-r9B4Ux7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fi_uLmkG4M_XyUw3xk-r9B4Ux7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ca:71:92:fa:83:49:d1:83:02:fa:4a:cb:ef:3a:e1:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=162fee2e6906e0cfd7c94c37c64fabf41e14c7b6
        Validity
            Not Before: Jul 19 10:02:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c7368b33c66d39df6bee64c6c08158ea81ce0ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:00:26:06:e6:71:94:e0:86:55:35:93:67:ac:
                    d1:21:6d:27:1f:72:17:54:f5:eb:ae:5c:e2:8a:92:
                    0f:e0:67:48:04:7e:fc:97:e5:a9:6b:49:95:11:16:
                    41:d3:e5:74:9b:83:db:f0:54:f9:8d:45:a2:93:ca:
                    24:c4:1f:f6:7f:f1:46:14:0b:be:21:df:60:2d:90:
                    4f:33:2c:a0:e3:9b:76:0d:bf:ef:69:af:61:06:bc:
                    5a:c3:d8:52:c6:f2:ad:16:27:4b:04:b1:1c:21:5f:
                    f4:37:77:02:bb:6b:ef:dc:82:08:7a:37:e7:06:c2:
                    68:c3:fd:68:78:d1:a9:28:e5:75:e7:c0:41:d7:a2:
                    bb:7f:9f:32:6e:b8:af:f2:19:a6:13:d4:73:9d:4e:
                    70:fd:13:5f:88:33:fa:d1:6d:20:9b:36:69:5d:00:
                    0a:35:a0:91:84:84:43:b7:fc:32:75:6c:b0:a8:f7:
                    a4:5c:94:5f:04:29:4a:57:e8:87:9a:83:7c:c6:1b:
                    5b:99:de:db:43:84:27:7d:7d:06:88:80:50:d1:5c:
                    1a:b2:a6:41:1e:31:8d:07:59:68:72:93:1b:81:da:
                    59:de:56:b6:d5:03:6a:98:b2:78:dd:a7:d8:47:ff:
                    f1:61:b5:36:e1:af:a5:61:d3:e3:15:a8:e6:37:d1:
                    a0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:73:68:B3:3C:66:D3:9D:F6:BE:E6:4C:6C:08:15:8E:A8:1C:E0:AD
            X509v3 Authority Key Identifier:
                keyid:16:2F:EE:2E:69:06:E0:CF:D7:C9:4C:37:C6:4F:AB:F4:1E:14:C7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fi_uLmkG4M_XyUw3xk-r9B4Ux7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/390837-2b7b-4684-9557-69c7ea5d8714/1/XHNoszxm0532vuZMbAgVjqgc4K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/390837-2b7b-4684-9557-69c7ea5d8714/1/Fi_uLmkG4M_XyUw3xk-r9B4Ux7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:d3:63:2a:70:85:59:1d:15:fe:a8:b0:17:40:e8:f4:da:75:
         2b:4d:a7:ea:ae:55:41:e8:05:00:88:1f:2b:b0:65:5e:d3:42:
         fe:27:80:0a:45:f2:ec:53:c9:26:7b:45:44:cf:72:1e:aa:09:
         e6:db:d2:0d:2b:0a:14:fd:04:10:7b:b3:45:09:4b:37:9f:9e:
         ab:51:d4:7e:1d:1d:5e:01:35:a3:0a:2e:81:0b:99:a6:0b:ec:
         e2:ae:25:5f:a1:dd:63:0f:8e:05:88:41:32:b1:88:e0:13:3b:
         2e:77:89:e3:9e:84:7b:56:85:d0:96:85:b7:61:8d:39:8f:9a:
         5d:82:83:dd:b4:79:e4:eb:9b:fa:91:57:70:ab:41:3b:a4:5a:
         59:f8:31:93:90:62:6e:db:e4:ef:f1:af:d8:29:bf:d4:f7:e2:
         ba:d2:bb:4a:f8:cd:26:e4:1d:74:96:da:8e:d8:62:94:d7:5b:
         9d:c0:af:09:08:e5:3a:58:37:58:2b:5a:72:19:d3:ac:a4:37:
         95:ec:ec:21:9c:8d:96:80:e5:91:81:c6:ff:3c:aa:47:0f:dd:
         ca:2e:40:bd:93:4d:88:3d:cb:4d:cf:78:04:6f:f3:28:7a:1e:
         80:eb:90:24:82:0d:0c:64:86:f2:ce:41:f4:8e:77:6a:00:78:
         b5:a5:11:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDKcZL6g0nRgwL6SsvvOuHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MmZlZTJlNjkwNmUwY2ZkN2M5NGMzN2M2NGZhYmY0MWUx
NGM3YjYwHhcNMjQwNzE5MTAwMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzczNjhiMzNjNjZkMzlkZjZiZWU2NGM2YzA4MTU4ZWE4MWNlMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAAmBuZxlOCGVTWTZ6zRIW0nH3IX
VPXrrlziipIP4GdIBH78l+Wpa0mVERZB0+V0m4Pb8FT5jUWik8okxB/2f/FGFAu+
Id9gLZBPMyyg45t2Db/vaa9hBrxaw9hSxvKtFidLBLEcIV/0N3cCu2vv3IIIejfn
BsJow/1oeNGpKOV158BB16K7f58ybriv8hmmE9RznU5w/RNfiDP60W0gmzZpXQAK
NaCRhIRDt/wydWywqPekXJRfBClKV+iHmoN8xhtbmd7bQ4QnfX0GiIBQ0VwasqZB
HjGNB1locpMbgdpZ3la21QNqmLJ43afYR//xYbU24a+lYdPjFajmN9GgKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxzaLM8ZtOd9r7mTGwIFY6oHOCtMB8GA1UdIwQY
MBaAFBYv7i5pBuDP18lMN8ZPq/QeFMe2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlfdUxta0c0TV9YeVV3M3hrLXI5QjRVeDdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zOTA4MzctMmI3Yi00Njg0LTk1NTct
NjljN2VhNWQ4NzE0LzEvWEhOb3N6eG0wNTMydnVaTWJBZ1ZqcWdjNEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zOTA4MzctMmI3Yi00Njg0LTk1NTctNjljN2VhNWQ4NzE0
LzEvRmlfdUxta0c0TV9YeVV3M3hrLXI5QjRVeDdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwe98MA0G
CSqGSIb3DQEBCwUAA4IBAQAa02MqcIVZHRX+qLAXQOj02nUrTafqrlVB6AUAiB8r
sGVe00L+J4AKRfLsU8kme0VEz3Ieqgnm29INKwoU/QQQe7NFCUs3n56rUdR+HR1e
ATWjCi6BC5mmC+ziriVfod1jD44FiEEysYjgEzsud4njnoR7VoXQloW3YY05j5pd
goPdtHnk65v6kVdwq0E7pFpZ+DGTkGJu2+Tv8a/YKb/U9+K60rtK+M0m5B10ltqO
2GKU11udwK8JCOU6WDdYK1pyGdOspDeV7OwhnI2WgOWRgcb/PKpHD93KLkC9k02I
PctNz3gEb/Moeh6A65Akgg0MZIbyzkH0jndqAHi1pRGy
-----END CERTIFICATE-----