Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/46dec5-c38d-4c1d-9cec-9ead81da2e44/1/XLNrQbnaILnIDfBHi89i54FpI40.roa
File:                     XLNrQbnaILnIDfBHi89i54FpI40.roa (raw, json)
Hash identifier:          sNy3Am/K84vmIf6d88CCDrMJwJQcc+Lp9WzkWCGfu98=
Subject key identifier:   5C:B3:6B:41:B9:DA:20:B9:C8:0D:F0:47:8B:CF:62:E7:81:69:23:8D
Certificate issuer:       /CN=ab7aaabb23cd245bfa828fb02521d644c6d5b566
Certificate serial:       018CC6B792B74208C69FDB97AD8952F96A97
Authority key identifier: AB:7A:AA:BB:23:CD:24:5B:FA:82:8F:B0:25:21:D6:44:C6:D5:B5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3qquyPNJFv6go-wJSHWRMbVtWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/46dec5-c38d-4c1d-9cec-9ead81da2e44/1/XLNrQbnaILnIDfBHi89i54FpI40.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212318
IP address blocks:        178.57.66.0/24 maxlen: 24
                          178.57.65.0/24 maxlen: 24
                          178.57.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/46dec5-c38d-4c1d-9cec-9ead81da2e44/1/q3qquyPNJFv6go-wJSHWRMbVtWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/46dec5-c38d-4c1d-9cec-9ead81da2e44/1/q3qquyPNJFv6go-wJSHWRMbVtWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q3qquyPNJFv6go-wJSHWRMbVtWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:92:b7:42:08:c6:9f:db:97:ad:89:52:f9:6a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab7aaabb23cd245bfa828fb02521d644c6d5b566
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cb36b41b9da20b9c80df0478bcf62e78169238d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e5:39:b0:30:a5:41:16:71:1a:c1:8b:e5:0d:
                    f3:aa:88:cc:ed:a4:64:2a:d5:ba:78:46:41:72:d5:
                    95:63:b2:a1:63:48:c5:48:e2:66:b7:13:a5:79:fb:
                    fc:2b:a7:2d:41:af:e0:d5:4b:8b:ad:02:89:80:15:
                    55:95:b0:74:ed:7b:70:63:5d:64:56:b5:82:98:1f:
                    d7:01:72:84:4c:25:9c:17:c0:df:e4:3c:d2:35:c6:
                    1d:2a:0b:d5:fb:ea:0b:bb:5b:aa:70:1a:62:ed:bb:
                    55:e0:01:93:fb:73:cf:ed:24:40:26:7a:25:67:96:
                    9e:41:ee:94:1b:10:97:1a:50:9b:32:78:fc:9d:d8:
                    a6:5a:05:59:cc:80:d2:eb:72:c3:57:9e:de:41:6a:
                    d2:6b:bd:ec:72:2b:b7:e0:4c:31:1f:8c:c5:b3:f9:
                    a1:2c:af:10:92:e9:6b:25:fa:08:19:50:58:b7:2d:
                    ff:c4:67:0f:b8:94:61:e7:a5:cf:04:32:01:57:97:
                    bc:a0:c8:06:b4:2f:7f:82:be:67:16:02:61:51:3d:
                    f4:7d:f9:e4:a4:1e:2a:f7:ee:9a:47:60:cc:b4:33:
                    99:bc:eb:4a:94:dc:3b:40:53:e3:90:43:97:e2:4f:
                    3b:f4:a7:f6:98:62:06:53:45:e7:d3:14:00:01:30:
                    c2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B3:6B:41:B9:DA:20:B9:C8:0D:F0:47:8B:CF:62:E7:81:69:23:8D
            X509v3 Authority Key Identifier:
                keyid:AB:7A:AA:BB:23:CD:24:5B:FA:82:8F:B0:25:21:D6:44:C6:D5:B5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3qquyPNJFv6go-wJSHWRMbVtWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/46dec5-c38d-4c1d-9cec-9ead81da2e44/1/XLNrQbnaILnIDfBHi89i54FpI40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/46dec5-c38d-4c1d-9cec-9ead81da2e44/1/q3qquyPNJFv6go-wJSHWRMbVtWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.57.65.0-178.57.67.255

    Signature Algorithm: sha256WithRSAEncryption
         1e:ef:e1:b5:63:4e:37:d4:c8:9a:cd:34:33:bd:b5:b1:20:38:
         13:42:8f:f0:bb:53:39:ae:06:4c:0b:62:7d:f9:b0:90:34:9a:
         97:6c:c0:d8:72:8e:5e:f6:75:71:a3:9b:9e:d9:da:b0:8c:0a:
         c4:43:9a:9b:6f:13:6a:77:19:cd:17:5e:c1:74:34:48:c5:c7:
         4d:32:30:16:4b:74:cc:f9:73:01:b7:88:04:48:d9:ba:fc:56:
         b1:0c:dc:7e:b9:d3:ea:bb:6c:1b:73:e2:c3:53:89:8a:26:7a:
         b8:c1:e9:0e:85:7c:36:1f:7c:98:25:7b:d1:9b:e5:f3:98:da:
         c7:4d:2a:ba:d5:ab:1a:12:1b:be:f9:a7:06:21:62:0a:22:b1:
         d0:7a:59:98:79:5d:4b:92:49:42:f4:7f:0c:44:1f:8a:de:6e:
         3a:eb:9f:57:20:9c:0b:39:60:d1:ca:e5:bd:03:3a:98:84:63:
         84:ca:ae:8f:c7:d2:9b:a3:ef:d6:4f:39:42:ca:d7:2b:4a:99:
         25:14:7e:a2:43:eb:79:b5:81:bf:92:3a:31:1f:57:89:b3:b3:
         5d:9a:ff:ea:05:61:18:b9:21:65:e7:33:ca:6f:90:25:f2:81:
         98:9e:99:04:e5:66:d1:ee:ca:e8:15:e0:13:95:ed:fd:d3:45:
         42:b7:9c:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt5K3QgjGn9uXrYlS+WqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiN2FhYWJiMjNjZDI0NWJmYTgyOGZiMDI1MjFkNjQ0YzZk
NWI1NjYwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2IzNmI0MWI5ZGEyMGI5YzgwZGYwNDc4YmNmNjJlNzgxNjkyMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+U5sDClQRZxGsGL5Q3zqojM7aRk
KtW6eEZBctWVY7KhY0jFSOJmtxOlefv8K6ctQa/g1UuLrQKJgBVVlbB07XtwY11k
VrWCmB/XAXKETCWcF8Df5DzSNcYdKgvV++oLu1uqcBpi7btV4AGT+3PP7SRAJnol
Z5aeQe6UGxCXGlCbMnj8ndimWgVZzIDS63LDV57eQWrSa73sciu34EwxH4zFs/mh
LK8QkulrJfoIGVBYty3/xGcPuJRh56XPBDIBV5e8oMgGtC9/gr5nFgJhUT30ffnk
pB4q9+6aR2DMtDOZvOtKlNw7QFPjkEOX4k879Kf2mGIGU0Xn0xQAATDCawIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFyza0G52iC5yA3wR4vPYueBaSONMB8GA1UdIwQY
MBaAFKt6qrsjzSRb+oKPsCUh1kTG1bVmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNxcXV5UE5KRnY2Z28td0pTSFdSTWJWdFdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS80NmRlYzUtYzM4ZC00YzFkLTljZWMt
OWVhZDgxZGEyZTQ0LzEvWExOclFibmFJTG5JRGZCSGk4OWk1NEZwSTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS80NmRlYzUtYzM4ZC00YzFkLTljZWMtOWVhZDgxZGEyZTQ0
LzEvcTNxcXV5UE5KRnY2Z28td0pTSFdSTWJWdFdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACyOUED
BAKyOUAwDQYJKoZIhvcNAQELBQADggEBAB7v4bVjTjfUyJrNNDO9tbEgOBNCj/C7
UzmuBkwLYn35sJA0mpdswNhyjl72dXGjm57Z2rCMCsRDmptvE2p3Gc0XXsF0NEjF
x00yMBZLdMz5cwG3iARI2br8VrEM3H650+q7bBtz4sNTiYomerjB6Q6FfDYffJgl
e9Gb5fOY2sdNKrrVqxoSG775pwYhYgoisdB6WZh5XUuSSUL0fwxEH4rebjrrn1cg
nAs5YNHK5b0DOpiEY4TKro/H0puj79ZPOULK1ytKmSUUfqJD63m1gb+SOjEfV4mz
s12a/+oFYRi5IWXnM8pvkCXygZiemQTlZtHuyugV4BOV7f3TRUK3nC4=
-----END CERTIFICATE-----