Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/6018cb-339a-416f-af4c-1244ba9eacd9/1/XTvBJELtU2C65Rz7nAQ-NdIfud4.roa
File:                     XTvBJELtU2C65Rz7nAQ-NdIfud4.roa (raw, json)
Hash identifier:          1tg7SBQy+iX0vO8GiNFTGtw1GUbjxnADOXchIW7EcQA=
Subject key identifier:   5D:3B:C1:24:42:ED:53:60:BA:E5:1C:FB:9C:04:3E:35:D2:1F:B9:DE
Certificate issuer:       /CN=eeb526fe681118956441227133b320f5efbdfd6b
Certificate serial:       018CC649BE4796FE1F3CEC6420F9A2FF1BC5
Authority key identifier: EE:B5:26:FE:68:11:18:95:64:41:22:71:33:B3:20:F5:EF:BD:FD:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rUm_mgRGJVkQSJxM7Mg9e-9_Ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/6018cb-339a-416f-af4c-1244ba9eacd9/1/XTvBJELtU2C65Rz7nAQ-NdIfud4.roa
Signing time:             Mon 01 Jan 2024 18:29:30 +0000
ROA not before:           Mon 01 Jan 2024 18:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31669
IP address blocks:        195.28.164.0/23 maxlen: 24
                          89.106.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/6018cb-339a-416f-af4c-1244ba9eacd9/1/7rUm_mgRGJVkQSJxM7Mg9e-9_Ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/6018cb-339a-416f-af4c-1244ba9eacd9/1/7rUm_mgRGJVkQSJxM7Mg9e-9_Ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rUm_mgRGJVkQSJxM7Mg9e-9_Ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:be:47:96:fe:1f:3c:ec:64:20:f9:a2:ff:1b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb526fe681118956441227133b320f5efbdfd6b
        Validity
            Not Before: Jan  1 18:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d3bc12442ed5360bae51cfb9c043e35d21fb9de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a1:51:a5:2c:ce:88:51:63:96:c9:9e:c1:ed:
                    86:86:25:ad:ed:99:da:66:eb:37:3d:4d:0d:ac:f0:
                    ca:85:8b:b9:a1:4f:e7:47:15:f8:5d:5e:3f:eb:83:
                    cb:05:45:7c:fd:1a:3d:45:bc:94:08:da:78:c3:85:
                    a9:61:39:b6:1a:90:75:cd:3b:e5:e1:56:9b:93:3c:
                    c6:e8:c3:15:aa:24:56:10:e7:cc:0b:31:4a:06:58:
                    9a:ee:fa:ed:42:4c:c1:10:6a:1d:7c:61:bf:a2:16:
                    c1:a0:fa:36:f4:81:5c:8a:b5:35:d2:7e:6d:7f:bd:
                    94:13:ab:04:4f:c1:a5:6f:51:21:ea:84:e7:0f:8d:
                    d9:02:f5:1d:00:b5:2e:30:18:de:69:3d:a3:41:1b:
                    5f:11:0e:d5:0c:d5:e7:ad:34:a4:0f:b2:d6:3e:55:
                    13:6c:36:5c:79:15:d2:40:9a:bc:65:36:81:11:9e:
                    8c:c1:58:ee:58:6d:89:64:81:91:72:ae:71:dc:49:
                    1b:72:06:72:ab:27:76:f8:5c:d8:00:e7:31:22:55:
                    48:d8:13:ed:13:77:d8:3c:bf:81:03:76:34:ac:33:
                    7c:ac:d9:15:fc:14:e3:3c:bc:3d:e4:a9:5c:0e:ac:
                    fd:66:9c:c5:84:25:bf:ff:f6:8e:27:ed:19:d5:30:
                    07:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3B:C1:24:42:ED:53:60:BA:E5:1C:FB:9C:04:3E:35:D2:1F:B9:DE
            X509v3 Authority Key Identifier:
                keyid:EE:B5:26:FE:68:11:18:95:64:41:22:71:33:B3:20:F5:EF:BD:FD:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rUm_mgRGJVkQSJxM7Mg9e-9_Ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/6018cb-339a-416f-af4c-1244ba9eacd9/1/XTvBJELtU2C65Rz7nAQ-NdIfud4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/6018cb-339a-416f-af4c-1244ba9eacd9/1/7rUm_mgRGJVkQSJxM7Mg9e-9_Ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.240.0/21
                  195.28.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:02:80:62:ec:13:57:8d:69:55:01:01:f3:81:ac:f4:8a:fa:
         11:af:46:fb:2b:5c:97:72:74:c8:0b:b1:f3:19:83:c2:67:71:
         a6:86:eb:bc:cd:d8:00:59:fb:67:98:bd:4c:f4:2f:38:02:9e:
         61:93:34:87:a4:f7:6d:f2:78:75:3a:d2:e6:33:85:bc:df:93:
         62:37:44:c2:a4:b8:d4:e4:25:de:c9:1f:e3:82:3b:e7:c0:e7:
         1b:0b:50:47:51:d2:04:4f:13:3a:10:2f:a8:be:95:24:fb:fa:
         6b:e8:4a:03:ca:f2:6a:b5:26:be:ec:1b:f3:00:f6:cb:c3:09:
         9f:e5:39:f1:78:b4:9f:d3:63:80:a6:c0:de:b8:85:1f:85:c3:
         a9:02:e8:3b:dc:38:a4:7b:27:ce:51:67:f7:24:d7:f3:53:59:
         04:51:dc:ed:f8:fd:2e:04:3d:dd:5b:e4:46:a6:0e:c6:e9:22:
         09:94:ad:60:72:bf:ea:dd:06:44:60:19:bf:6f:3b:b6:03:34:
         83:7b:10:e8:6c:c4:80:5a:cb:8c:d9:09:26:8b:ba:e8:b1:ae:
         1b:49:4c:20:79:75:94:dd:27:3d:aa:a4:a5:1f:1c:b8:23:94:
         92:00:48:32:ba:41:02:6b:b8:2e:7a:e4:3f:e2:f8:22:23:89:
         6c:5d:38:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSb5Hlv4fPOxkIPmi/xvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjUyNmZlNjgxMTE4OTU2NDQxMjI3MTMzYjMyMGY1ZWZi
ZGZkNmIwHhcNMjQwMTAxMTgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNiYzEyNDQyZWQ1MzYwYmFlNTFjZmI5YzA0M2UzNWQyMWZiOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKFRpSzOiFFjlsmewe2GhiWt7Zna
Zus3PU0NrPDKhYu5oU/nRxX4XV4/64PLBUV8/Ro9RbyUCNp4w4WpYTm2GpB1zTvl
4VabkzzG6MMVqiRWEOfMCzFKBlia7vrtQkzBEGodfGG/ohbBoPo29IFcirU10n5t
f72UE6sET8Glb1Eh6oTnD43ZAvUdALUuMBjeaT2jQRtfEQ7VDNXnrTSkD7LWPlUT
bDZceRXSQJq8ZTaBEZ6MwVjuWG2JZIGRcq5x3EkbcgZyqyd2+FzYAOcxIlVI2BPt
E3fYPL+BA3Y0rDN8rNkV/BTjPLw95KlcDqz9ZpzFhCW///aOJ+0Z1TAHLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF07wSRC7VNguuUc+5wEPjXSH7neMB8GA1UdIwQY
MBaAFO61Jv5oERiVZEEicTOzIPXvvf1rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JVbV9tZ1JHSlZrUVNKeE03TWc5ZS05X1dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My82MDE4Y2ItMzM5YS00MTZmLWFmNGMt
MTI0NGJhOWVhY2Q5LzEvWFR2QkpFTHRVMkM2NVJ6N25BUS1OZElmdWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My82MDE4Y2ItMzM5YS00MTZmLWFmNGMtMTI0NGJhOWVhY2Q5
LzEvN3JVbV9tZ1JHSlZrUVNKeE03TWc5ZS05X1dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWWrwAwQB
wxykMA0GCSqGSIb3DQEBCwUAA4IBAQCkAoBi7BNXjWlVAQHzgaz0ivoRr0b7K1yX
cnTIC7HzGYPCZ3Gmhuu8zdgAWftnmL1M9C84Ap5hkzSHpPdt8nh1OtLmM4W835Ni
N0TCpLjU5CXeyR/jgjvnwOcbC1BHUdIETxM6EC+ovpUk+/pr6EoDyvJqtSa+7Bvz
APbLwwmf5TnxeLSf02OApsDeuIUfhcOpAug73DikeyfOUWf3JNfzU1kEUdzt+P0u
BD3dW+RGpg7G6SIJlK1gcr/q3QZEYBm/bzu2AzSDexDobMSAWsuM2Qkmi7rosa4b
SUwgeXWU3Sc9qqSlHxy4I5SSAEgyukECa7gueuQ/4vgiI4lsXTgu
-----END CERTIFICATE-----