Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Xt3r_C-w9qUW5CmYQWuAoAAou7Y.roa
File:                     Xt3r_C-w9qUW5CmYQWuAoAAou7Y.roa (raw, json)
Hash identifier:          2Mv98LadkDcYiFPP2woPcxXymteVmMsd/SybpXyZDUY=
Subject key identifier:   5E:DD:EB:FC:2F:B0:F6:A5:16:E4:29:98:41:6B:80:A0:00:28:BB:B6
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01912134A84062D66B51D5867216EE9261C4
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Xt3r_C-w9qUW5CmYQWuAoAAou7Y.roa
Signing time:             Mon 05 Aug 2024 06:23:04 +0000
ROA not before:           Mon 05 Aug 2024 06:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200107
IP address blocks:        46.8.206.0/24 maxlen: 24
                          109.248.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:21:34:a8:40:62:d6:6b:51:d5:86:72:16:ee:92:61:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Aug  5 06:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5eddebfc2fb0f6a516e42998416b80a00028bbb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:bc:8b:9d:eb:02:5d:d9:5e:4a:7f:d1:8a:27:
                    f0:b7:bf:3d:6d:b4:ab:67:19:a3:ef:9a:9b:e4:cd:
                    e7:b5:27:75:db:24:32:0d:de:43:70:24:1a:31:f2:
                    a8:4b:a2:5c:b1:56:56:70:fd:8d:96:61:22:c0:ec:
                    1c:cc:5a:da:16:5b:c5:85:42:8d:4b:47:a1:bd:7d:
                    d2:cd:9c:57:08:d9:44:cb:82:90:2c:7e:b2:98:03:
                    cd:61:6b:2b:cc:1f:2a:76:69:55:4b:f1:f9:f7:5e:
                    95:f5:db:bb:ad:ce:2f:b8:35:3a:3c:44:f6:e4:e9:
                    03:8d:42:65:07:73:f6:12:60:aa:b7:1d:7f:81:bb:
                    ed:ba:22:d8:18:be:d5:20:7f:9f:a9:25:75:95:c0:
                    50:f3:e4:cb:99:3d:13:c8:bb:20:e7:b9:38:04:03:
                    8b:66:7c:f4:21:86:fe:43:76:2c:19:f1:26:73:b0:
                    72:51:c3:bb:6a:4d:69:14:9c:82:fe:e9:97:97:63:
                    62:c0:07:39:ec:2d:28:83:a2:9c:bb:b2:9d:24:cc:
                    ec:90:93:ca:8a:d5:a0:22:9e:d3:ee:31:57:30:9a:
                    86:78:62:77:7f:af:de:26:b2:3b:a3:7f:3c:62:45:
                    eb:d3:d3:0e:eb:aa:30:f1:a5:e9:12:80:73:54:2a:
                    2b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:DD:EB:FC:2F:B0:F6:A5:16:E4:29:98:41:6B:80:A0:00:28:BB:B6
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Xt3r_C-w9qUW5CmYQWuAoAAou7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.206.0/24
                  109.248.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:08:51:bd:87:86:0f:34:56:d0:37:cd:a1:be:37:e9:f9:c6:
         0c:ba:7c:eb:54:b2:94:a0:c9:ce:22:8a:fd:13:75:47:a0:74:
         bf:22:b8:fa:62:35:64:54:ae:a2:f8:76:48:d5:17:45:56:94:
         b1:d1:84:98:20:e7:4d:c8:f6:c3:a4:96:c8:40:de:db:d7:3a:
         85:bd:c8:16:9d:d4:b5:1e:67:0a:a8:45:90:06:08:93:c4:45:
         40:fe:f0:2c:9d:95:3f:9e:3c:c1:b0:a4:54:37:66:a3:3e:e3:
         75:b0:9d:3e:e3:17:b2:5a:6d:b2:8e:4e:9d:a5:2a:4e:32:62:
         a3:e5:60:8d:95:36:16:b5:e0:fe:b6:b4:e7:0d:bb:35:d6:f5:
         93:d7:5a:bc:7f:8b:a6:0e:8d:25:65:08:27:56:9b:f6:d1:b1:
         ce:28:fb:ba:5f:d9:cb:f5:72:9c:66:27:60:0d:2f:d2:b5:48:
         e5:6b:e3:13:08:e2:1a:54:ac:aa:20:e9:5d:96:c1:ec:b0:11:
         be:0e:46:c2:62:e4:a5:d2:e4:8e:3d:6d:04:2a:48:ee:aa:a7:
         c5:38:c1:b8:74:a9:cb:9f:e6:79:14:66:c6:a0:cd:45:68:6c:
         b3:2e:9e:b8:80:79:15:07:a1:58:9c:7d:61:37:cb:8f:eb:94:
         cd:da:a6:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEhNKhAYtZrUdWGchbukmHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwODA1MDYyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWRkZWJmYzJmYjBmNmE1MTZlNDI5OTg0MTZiODBhMDAwMjhiYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4byLnesCXdleSn/Riifwt789bbSr
Zxmj75qb5M3ntSd12yQyDd5DcCQaMfKoS6JcsVZWcP2NlmEiwOwczFraFlvFhUKN
S0ehvX3SzZxXCNlEy4KQLH6ymAPNYWsrzB8qdmlVS/H5916V9du7rc4vuDU6PET2
5OkDjUJlB3P2EmCqtx1/gbvtuiLYGL7VIH+fqSV1lcBQ8+TLmT0TyLsg57k4BAOL
Znz0IYb+Q3YsGfEmc7ByUcO7ak1pFJyC/umXl2NiwAc57C0og6Kcu7KdJMzskJPK
itWgIp7T7jFXMJqGeGJ3f6/eJrI7o388YkXr09MO66ow8aXpEoBzVCorHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF7d6/wvsPalFuQpmEFrgKAAKLu2MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvWHQzcl9DLXc5cVVXNUNtWVFXdUFvQUFvdTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALgjOAwQA
bfjEMA0GCSqGSIb3DQEBCwUAA4IBAQAaCFG9h4YPNFbQN82hvjfp+cYMunzrVLKU
oMnOIor9E3VHoHS/Irj6YjVkVK6i+HZI1RdFVpSx0YSYIOdNyPbDpJbIQN7b1zqF
vcgWndS1HmcKqEWQBgiTxEVA/vAsnZU/njzBsKRUN2ajPuN1sJ0+4xeyWm2yjk6d
pSpOMmKj5WCNlTYWteD+trTnDbs11vWT11q8f4umDo0lZQgnVpv20bHOKPu6X9nL
9XKcZidgDS/StUjla+MTCOIaVKyqIOldlsHssBG+DkbCYuSl0uSOPW0EKkjuqqfF
OMG4dKnLn+Z5FGbGoM1FaGyzLp64gHkVB6FYnH1hN8uP65TN2qaG
-----END CERTIFICATE-----