Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/0716df-341b-4a08-a451-596225031ee3/1/xGjFPWOWK5JbnB1zW68TPItDAj0.roa
File:                     xGjFPWOWK5JbnB1zW68TPItDAj0.roa (raw, json)
Hash identifier:          QFmYFD9bB/H5Y9oV11eb0kanEIR1dZekgS2y53i8Ugo=
Subject key identifier:   C4:68:C5:3D:63:96:2B:92:5B:9C:1D:73:5B:AF:13:3C:8B:43:02:3D
Certificate issuer:       /CN=cf224c84aeba859b90c8936cba6167ee4c44ece7
Certificate serial:       018CC56DE4D5688992D78B50027FC9296D5D
Authority key identifier: CF:22:4C:84:AE:BA:85:9B:90:C8:93:6C:BA:61:67:EE:4C:44:EC:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zyJMhK66hZuQyJNsumFn7kxE7Oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/0716df-341b-4a08-a451-596225031ee3/1/xGjFPWOWK5JbnB1zW68TPItDAj0.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50837
IP address blocks:        109.224.243.0/24 maxlen: 24
                          185.113.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/0716df-341b-4a08-a451-596225031ee3/1/zyJMhK66hZuQyJNsumFn7kxE7Oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/0716df-341b-4a08-a451-596225031ee3/1/zyJMhK66hZuQyJNsumFn7kxE7Oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zyJMhK66hZuQyJNsumFn7kxE7Oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e4:d5:68:89:92:d7:8b:50:02:7f:c9:29:6d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf224c84aeba859b90c8936cba6167ee4c44ece7
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c468c53d63962b925b9c1d735baf133c8b43023d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b7:ef:90:ae:88:48:9b:e3:4a:45:ab:d9:6b:
                    5c:9b:ff:cb:46:93:d9:9c:54:17:15:a8:5d:62:2e:
                    df:8f:93:28:db:cb:3b:e8:fd:6d:c8:9a:0e:02:38:
                    5a:ec:b5:52:a0:be:8c:6a:39:dc:e0:a1:07:e7:e7:
                    e5:4a:9e:e4:c4:66:6e:ed:ee:db:73:4a:bb:01:8e:
                    70:53:e8:a0:76:85:ce:94:59:fb:f3:87:bf:6a:c1:
                    fd:0f:9a:71:92:d4:10:a8:b7:b1:61:84:79:67:12:
                    17:ce:5e:a2:a9:97:36:d9:df:fb:23:95:1e:56:cb:
                    88:7d:2a:32:75:51:14:0c:6e:76:f0:c5:be:2c:42:
                    ae:1b:00:6e:d0:00:e3:30:a1:f4:a7:33:88:b3:5b:
                    27:55:92:4a:5c:a5:eb:5e:e5:b5:ee:0c:31:84:c1:
                    e9:db:2a:fc:49:48:00:a8:1f:93:fa:a4:00:49:64:
                    c1:47:14:7d:b1:91:b3:96:7d:4e:c0:28:0d:20:4b:
                    c2:8a:da:51:aa:a8:8d:c8:93:6e:12:24:86:41:17:
                    71:4b:37:c5:0a:0c:b4:03:ef:fa:83:3e:c7:51:16:
                    d2:9f:f9:65:0b:ea:5f:33:2d:eb:f0:18:d7:1e:90:
                    42:7f:04:87:ce:3c:dc:50:2a:f8:0d:59:00:83:3d:
                    d9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:68:C5:3D:63:96:2B:92:5B:9C:1D:73:5B:AF:13:3C:8B:43:02:3D
            X509v3 Authority Key Identifier:
                keyid:CF:22:4C:84:AE:BA:85:9B:90:C8:93:6C:BA:61:67:EE:4C:44:EC:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zyJMhK66hZuQyJNsumFn7kxE7Oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0716df-341b-4a08-a451-596225031ee3/1/xGjFPWOWK5JbnB1zW68TPItDAj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0716df-341b-4a08-a451-596225031ee3/1/zyJMhK66hZuQyJNsumFn7kxE7Oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.224.243.0/24
                  185.113.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:62:0a:7a:41:91:e7:f0:05:19:7a:d9:0f:21:36:ab:83:70:
         46:b5:f2:e5:80:68:74:5b:95:a1:57:36:cf:53:a4:b5:66:16:
         06:42:59:d0:7f:ba:6c:2c:ae:e2:69:33:ed:73:6d:b1:ff:81:
         65:b6:e3:88:ad:62:ff:42:17:2e:36:8e:61:61:b7:1b:ce:ea:
         80:c8:e0:d6:bb:42:ec:7f:31:b6:67:81:8a:9a:20:4e:ff:39:
         5b:c4:ee:6a:6b:0a:60:15:46:7d:00:6e:b5:22:a6:61:77:0f:
         e0:e3:83:76:6e:01:0c:d1:9d:0a:bf:a9:f5:ac:e6:50:b9:74:
         0d:14:d6:43:80:58:27:a9:5f:d2:95:ea:c3:7f:75:28:ba:70:
         27:61:6c:c1:c8:e5:81:f5:81:9a:09:13:0a:ec:ad:8e:2a:c1:
         da:9f:a1:ec:81:60:ec:8e:aa:04:66:f4:b1:b4:a7:d4:31:f2:
         a0:0b:07:fe:b4:3c:2a:24:30:9f:9d:0f:3b:e9:cf:da:1c:47:
         6d:70:fb:cf:bf:1b:26:08:3f:32:90:11:88:ae:12:3a:3f:d0:
         73:6b:10:b8:f3:2f:3e:8f:8b:65:0c:f2:54:01:1c:40:92:33:
         38:b9:9f:6f:8f:60:f2:3c:09:ca:84:05:12:35:3c:1a:0c:e0:
         81:08:90:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbeTVaImS14tQAn/JKW1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMjI0Yzg0YWViYTg1OWI5MGM4OTM2Y2JhNjE2N2VlNGM0
NGVjZTcwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDY4YzUzZDYzOTYyYjkyNWI5YzFkNzM1YmFmMTMzYzhiNDMwMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7fvkK6ISJvjSkWr2Wtcm//LRpPZ
nFQXFahdYi7fj5Mo28s76P1tyJoOAjha7LVSoL6Majnc4KEH5+flSp7kxGZu7e7b
c0q7AY5wU+igdoXOlFn784e/asH9D5pxktQQqLexYYR5ZxIXzl6iqZc22d/7I5Ue
VsuIfSoydVEUDG528MW+LEKuGwBu0ADjMKH0pzOIs1snVZJKXKXrXuW17gwxhMHp
2yr8SUgAqB+T+qQASWTBRxR9sZGzln1OwCgNIEvCitpRqqiNyJNuEiSGQRdxSzfF
Cgy0A+/6gz7HURbSn/llC+pfMy3r8BjXHpBCfwSHzjzcUCr4DVkAgz3ZxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMRoxT1jliuSW5wdc1uvEzyLQwI9MB8GA1UdIwQY
MBaAFM8iTISuuoWbkMiTbLphZ+5MROznMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenlKTWhLNjZoWnVReUpOc3VtRm43a3hFN09jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wNzE2ZGYtMzQxYi00YTA4LWE0NTEt
NTk2MjI1MDMxZWUzLzEveEdqRlBXT1dLNUpibkIxelc2OFRQSXREQWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wNzE2ZGYtMzQxYi00YTA4LWE0NTEtNTk2MjI1MDMxZWUz
LzEvenlKTWhLNjZoWnVReUpOc3VtRm43a3hFN09jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbeDzAwQA
uXHeMA0GCSqGSIb3DQEBCwUAA4IBAQBYYgp6QZHn8AUZetkPITarg3BGtfLlgGh0
W5WhVzbPU6S1ZhYGQlnQf7psLK7iaTPtc22x/4FltuOIrWL/QhcuNo5hYbcbzuqA
yODWu0LsfzG2Z4GKmiBO/zlbxO5qawpgFUZ9AG61IqZhdw/g44N2bgEM0Z0Kv6n1
rOZQuXQNFNZDgFgnqV/SlerDf3UounAnYWzByOWB9YGaCRMK7K2OKsHan6HsgWDs
jqoEZvSxtKfUMfKgCwf+tDwqJDCfnQ876c/aHEdtcPvPvxsmCD8ykBGIrhI6P9Bz
axC48y8+j4tlDPJUARxAkjM4uZ9vj2DyPAnKhAUSNTwaDOCBCJBX
-----END CERTIFICATE-----