Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1b7968-ca4d-45f4-b671-2e7f78489cd3/1/XjrXKS7kUI6KjuvrC07O4_FbwSs.roa
File:                     XjrXKS7kUI6KjuvrC07O4_FbwSs.roa (raw, json)
Hash identifier:          ltRj+N20+AHTRR0rXQPf0nDfbiO7ExrsHeDCSO5iAoY=
Subject key identifier:   5E:3A:D7:29:2E:E4:50:8E:8A:8E:EB:EB:0B:4E:CE:E3:F1:5B:C1:2B
Certificate issuer:       /CN=7f178faf6401e2f3716e31764569df731df58f22
Certificate serial:       018CC26CF4120AB4843E1DAC6ADB65E941CF
Authority key identifier: 7F:17:8F:AF:64:01:E2:F3:71:6E:31:76:45:69:DF:73:1D:F5:8F:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fxePr2QB4vNxbjF2RWnfcx31jyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1b7968-ca4d-45f4-b671-2e7f78489cd3/1/XjrXKS7kUI6KjuvrC07O4_FbwSs.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206036
IP address blocks:        185.202.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/1b7968-ca4d-45f4-b671-2e7f78489cd3/1/fxePr2QB4vNxbjF2RWnfcx31jyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/1b7968-ca4d-45f4-b671-2e7f78489cd3/1/fxePr2QB4vNxbjF2RWnfcx31jyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fxePr2QB4vNxbjF2RWnfcx31jyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:12:0a:b4:84:3e:1d:ac:6a:db:65:e9:41:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f178faf6401e2f3716e31764569df731df58f22
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e3ad7292ee4508e8a8eebeb0b4ecee3f15bc12b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c3:e8:77:38:0a:25:b9:39:bf:ab:51:e2:9c:
                    cf:bd:f8:32:d6:51:65:9e:95:f0:8a:bf:dd:73:1c:
                    08:2b:24:d3:f9:0f:63:a2:c9:53:c7:b0:05:f5:42:
                    17:af:c6:a3:57:d0:a3:f8:e0:29:85:ac:47:dc:52:
                    79:17:c1:ae:a3:30:bd:51:28:d5:98:2a:51:9e:eb:
                    e8:7d:4a:86:00:f2:f8:bd:79:cd:d0:b6:ac:5a:21:
                    c2:78:b6:61:0e:73:43:a8:73:3b:3d:57:6c:12:a3:
                    d9:6d:a9:48:aa:53:1e:a5:b3:6f:0b:5b:6e:36:80:
                    a1:de:3f:31:f8:9d:e9:b8:1b:84:96:69:ab:88:be:
                    5a:87:2b:3f:d2:95:60:1c:81:78:86:6d:38:8e:f1:
                    8c:e8:e3:dc:ee:77:e1:9f:3f:3e:6b:7d:01:19:83:
                    c7:b7:6a:9c:e9:bf:ca:83:85:fe:62:75:6b:33:4b:
                    5f:62:3d:2b:b7:20:bb:dd:88:10:2e:a1:83:eb:10:
                    a3:79:9d:aa:1a:88:e1:e9:93:63:7b:37:d3:10:90:
                    de:04:98:3d:b9:2c:ed:7f:47:5e:ec:47:e7:4b:e5:
                    bf:a6:7b:97:35:7f:23:76:d9:9f:86:cd:ea:03:40:
                    2b:d2:7b:96:6f:d0:58:f5:62:59:bb:22:1a:a7:35:
                    4f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:3A:D7:29:2E:E4:50:8E:8A:8E:EB:EB:0B:4E:CE:E3:F1:5B:C1:2B
            X509v3 Authority Key Identifier:
                keyid:7F:17:8F:AF:64:01:E2:F3:71:6E:31:76:45:69:DF:73:1D:F5:8F:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fxePr2QB4vNxbjF2RWnfcx31jyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1b7968-ca4d-45f4-b671-2e7f78489cd3/1/XjrXKS7kUI6KjuvrC07O4_FbwSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1b7968-ca4d-45f4-b671-2e7f78489cd3/1/fxePr2QB4vNxbjF2RWnfcx31jyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:9b:a6:11:1e:6e:d2:a3:36:3a:31:1a:83:37:58:a5:70:35:
         00:e6:4d:00:36:c8:eb:f3:8f:cb:b9:f5:83:5d:95:1b:a6:88:
         aa:08:22:e0:c7:e4:8e:8e:c7:9c:b6:6f:cb:9a:a9:b6:5a:80:
         f6:7a:53:f3:90:af:f4:02:c6:6d:f6:d0:31:4d:81:99:ed:41:
         b2:f8:8e:30:84:60:dc:69:3a:6d:6b:04:74:c1:9e:78:25:cf:
         31:13:ce:83:f9:43:50:9a:6a:19:e0:23:81:14:f7:62:72:7f:
         d6:38:8e:d9:c4:02:91:f5:7e:ba:56:7e:5c:6b:e4:b4:df:db:
         cc:3a:b8:cb:ed:4e:73:68:5f:bd:a4:6b:0e:bb:7d:b0:b0:d1:
         72:61:42:a3:71:09:20:98:c4:ca:50:00:ba:a5:2a:3d:d1:d9:
         40:42:59:46:a7:52:4a:aa:8b:7f:26:87:66:89:7d:de:70:cb:
         e3:66:86:98:85:95:65:38:c4:e3:7c:1c:e9:f2:bc:2e:56:7a:
         1b:ba:ab:ae:7e:8d:52:c8:8f:be:3f:82:94:fa:82:5b:18:61:
         57:a2:52:be:1e:ec:85:df:ba:b5:f6:0d:7f:54:c1:50:93:11:
         29:68:eb:19:48:07:46:15:80:45:97:c5:16:98:e8:b5:18:de:
         44:91:56:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPQSCrSEPh2sattl6UHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMTc4ZmFmNjQwMWUyZjM3MTZlMzE3NjQ1NjlkZjczMWRm
NThmMjIwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTNhZDcyOTJlZTQ1MDhlOGE4ZWViZWIwYjRlY2VlM2YxNWJjMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncPodzgKJbk5v6tR4pzPvfgy1lFl
npXwir/dcxwIKyTT+Q9joslTx7AF9UIXr8ajV9Cj+OAphaxH3FJ5F8GuozC9USjV
mCpRnuvofUqGAPL4vXnN0LasWiHCeLZhDnNDqHM7PVdsEqPZbalIqlMepbNvC1tu
NoCh3j8x+J3puBuElmmriL5ahys/0pVgHIF4hm04jvGM6OPc7nfhnz8+a30BGYPH
t2qc6b/Kg4X+YnVrM0tfYj0rtyC73YgQLqGD6xCjeZ2qGojh6ZNjezfTEJDeBJg9
uSztf0de7EfnS+W/pnuXNX8jdtmfhs3qA0Ar0nuWb9BY9WJZuyIapzVPGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF461yku5FCOio7r6wtOzuPxW8ErMB8GA1UdIwQY
MBaAFH8Xj69kAeLzcW4xdkVp33Md9Y8iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnhlUHIyUUI0dk54YmpGMlJXbmZjeDMxanlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYjc5NjgtY2E0ZC00NWY0LWI2NzEt
MmU3Zjc4NDg5Y2QzLzEvWGpyWEtTN2tVSTZLanV2ckMwN080X0Zid1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYjc5NjgtY2E0ZC00NWY0LWI2NzEtMmU3Zjc4NDg5Y2Qz
LzEvZnhlUHIyUUI0dk54YmpGMlJXbmZjeDMxanlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucroMA0G
CSqGSIb3DQEBCwUAA4IBAQCSm6YRHm7SozY6MRqDN1ilcDUA5k0ANsjr84/LufWD
XZUbpoiqCCLgx+SOjsectm/Lmqm2WoD2elPzkK/0AsZt9tAxTYGZ7UGy+I4whGDc
aTptawR0wZ54Jc8xE86D+UNQmmoZ4COBFPdicn/WOI7ZxAKR9X66Vn5ca+S039vM
OrjL7U5zaF+9pGsOu32wsNFyYUKjcQkgmMTKUAC6pSo90dlAQllGp1JKqot/Jodm
iX3ecMvjZoaYhZVlOMTjfBzp8rwuVnobuquufo1SyI++P4KU+oJbGGFXolK+HuyF
37q19g1/VMFQkxEpaOsZSAdGFYBFl8UWmOi1GN5EkVbs
-----END CERTIFICATE-----