Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Xinoe1601OCX-luzD-zzFlT4CCU.roa
File:                     Xinoe1601OCX-luzD-zzFlT4CCU.roa (raw, json)
Hash identifier:          jufvNm2VIys02/xYRheANcLuo5pm4OLywW1z+gffJwA=
Subject key identifier:   5E:29:E8:7B:5E:B4:D4:E0:97:FA:5B:B3:0F:EC:F3:16:54:F8:08:25
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018EF6D1C2EE91D41E290572319F666F249A
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Xinoe1601OCX-luzD-zzFlT4CCU.roa
Signing time:             Fri 19 Apr 2024 14:45:25 +0000
ROA not before:           Fri 19 Apr 2024 14:45:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216334
IP address blocks:        109.120.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:d1:c2:ee:91:d4:1e:29:05:72:31:9f:66:6f:24:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Apr 19 14:45:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e29e87b5eb4d4e097fa5bb30fecf31654f80825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a5:82:70:f5:84:38:58:9a:13:6f:ba:58:da:
                    5d:ef:9b:23:20:9b:10:16:3b:0c:16:da:f0:32:15:
                    27:56:62:6d:b0:02:53:7c:46:05:da:2d:08:e5:2f:
                    7d:5b:e1:5f:08:76:34:eb:19:2c:14:86:06:b9:29:
                    8e:67:a2:c9:c2:a0:fc:c9:5b:c2:6f:d6:bb:c5:c4:
                    ab:6f:4a:d7:8a:83:c9:d5:06:3b:2e:a8:70:eb:13:
                    8e:73:c4:0a:1d:a3:ff:fd:46:f3:f3:f2:66:ec:30:
                    f1:1c:bc:1d:9a:ba:f1:48:6d:a0:20:73:1d:5a:80:
                    a6:39:ff:48:ea:af:1b:bb:d2:60:1d:76:e0:4f:4f:
                    ad:4b:81:27:54:2e:2e:46:0e:03:da:05:86:a1:cf:
                    7e:38:46:a6:c8:05:9d:ba:bb:92:61:0d:62:c3:b7:
                    cc:7b:a4:e6:b5:35:43:e6:5b:35:97:4e:7f:d4:6b:
                    42:df:21:b8:ad:66:67:e8:60:30:90:6f:71:d0:9b:
                    0f:71:8b:a4:57:f4:bb:db:35:d0:d7:89:47:02:92:
                    ac:10:3d:cf:73:04:0b:ae:6a:7a:b8:a5:fd:48:05:
                    bc:de:ad:5a:9e:ed:fe:1a:10:25:45:1c:1e:23:9c:
                    70:c4:6e:ce:56:74:5e:15:20:19:b8:91:4c:ab:c0:
                    fe:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:29:E8:7B:5E:B4:D4:E0:97:FA:5B:B3:0F:EC:F3:16:54:F8:08:25
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Xinoe1601OCX-luzD-zzFlT4CCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:28:6e:c8:e2:fb:5e:f8:e5:48:08:1c:c4:4b:84:54:05:93:
         ea:13:fe:11:f8:a7:0e:a7:15:7e:fe:fb:21:47:1b:b8:ba:e8:
         b1:07:56:a0:e9:d1:d0:27:aa:c7:a7:9b:87:ba:c2:84:be:a3:
         d5:31:bd:da:1d:6d:75:03:c5:bb:27:91:92:87:e3:c2:a9:62:
         4e:6f:32:6b:88:7e:9b:37:50:30:f0:54:ae:36:e4:a1:16:03:
         0a:cd:e7:5d:c3:c2:d5:f9:59:33:1e:e9:f5:cc:a7:9b:fb:30:
         0a:5e:95:d0:34:04:7d:ae:37:5c:19:31:68:2a:ee:cf:6e:38:
         75:9d:3e:ca:28:ee:91:7d:e6:6e:89:6a:f3:51:90:fd:de:7f:
         bd:59:cb:d1:f5:cd:ad:d8:77:33:e0:4a:e4:be:70:24:a3:9a:
         58:8a:28:ee:96:da:db:3d:29:d6:45:bc:9d:a3:2a:3b:3e:e3:
         86:d3:b2:dc:ad:fe:f3:e7:87:e2:65:a2:21:a8:1f:74:4f:dc:
         a7:dc:98:ca:9a:53:8f:37:e3:e4:81:b8:9e:8e:f8:4c:53:24:
         6d:68:d4:5b:fc:cf:ab:0a:f1:14:91:a0:1f:69:19:1d:9d:c4:
         37:79:0e:da:7c:88:94:96:a9:26:90:d6:2f:cc:cd:c0:21:a1:
         03:ff:41:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY720cLukdQeKQVyMZ9mbySaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNDE5MTQ0NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTI5ZTg3YjVlYjRkNGUwOTdmYTViYjMwZmVjZjMxNjU0ZjgwODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaWCcPWEOFiaE2+6WNpd75sjIJsQ
FjsMFtrwMhUnVmJtsAJTfEYF2i0I5S99W+FfCHY06xksFIYGuSmOZ6LJwqD8yVvC
b9a7xcSrb0rXioPJ1QY7Lqhw6xOOc8QKHaP//Ubz8/Jm7DDxHLwdmrrxSG2gIHMd
WoCmOf9I6q8bu9JgHXbgT0+tS4EnVC4uRg4D2gWGoc9+OEamyAWduruSYQ1iw7fM
e6TmtTVD5ls1l05/1GtC3yG4rWZn6GAwkG9x0JsPcYukV/S72zXQ14lHApKsED3P
cwQLrmp6uKX9SAW83q1anu3+GhAlRRweI5xwxG7OVnReFSAZuJFMq8D+WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4p6HtetNTgl/pbsw/s8xZU+AglMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvWGlub2UxNjAxT0NYLWx1ekQtenpGbFQ0Q0NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXiNMA0G
CSqGSIb3DQEBCwUAA4IBAQCwKG7I4vte+OVICBzES4RUBZPqE/4R+KcOpxV+/vsh
Rxu4uuixB1ag6dHQJ6rHp5uHusKEvqPVMb3aHW11A8W7J5GSh+PCqWJObzJriH6b
N1Aw8FSuNuShFgMKzeddw8LV+VkzHun1zKeb+zAKXpXQNAR9rjdcGTFoKu7Pbjh1
nT7KKO6RfeZuiWrzUZD93n+9WcvR9c2t2Hcz4ErkvnAko5pYiijultrbPSnWRbyd
oyo7PuOG07Lcrf7z54fiZaIhqB90T9yn3JjKmlOPN+PkgbiejvhMUyRtaNRb/M+r
CvEUkaAfaRkdncQ3eQ7afIiUlqkmkNYvzM3AIaED/0Hs
-----END CERTIFICATE-----