Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/XBA50M5JOc2OeNoFX9LX7VI9oPI.roa
File:                     XBA50M5JOc2OeNoFX9LX7VI9oPI.roa (raw, json)
Hash identifier:          nK1r59Plj+bAweAXCMtH9W779YVw4GUhD0N1sszpp70=
Subject key identifier:   5C:10:39:D0:CE:49:39:CD:8E:78:DA:05:5F:D2:D7:ED:52:3D:A0:F2
Certificate issuer:       /CN=330fe971b3e36b16a92be85f59985be45968b864
Certificate serial:       018CC9BC12293BF579A0F5959B328ECA272E
Authority key identifier: 33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/XBA50M5JOc2OeNoFX9LX7VI9oPI.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201628
IP address blocks:        185.68.183.0/24 maxlen: 24
                          185.68.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:12:29:3b:f5:79:a0:f5:95:9b:32:8e:ca:27:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330fe971b3e36b16a92be85f59985be45968b864
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c1039d0ce4939cd8e78da055fd2d7ed523da0f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7c:46:fc:df:1e:a6:79:6e:50:34:c1:9c:01:
                    05:bb:5d:91:76:05:15:42:88:5d:6c:4e:35:52:ce:
                    8d:f4:3a:57:ce:3e:c4:52:37:f0:a4:f2:da:bc:35:
                    ee:79:0d:ee:c1:01:ee:9f:b0:4b:29:57:e8:44:d7:
                    59:14:d3:09:8e:e7:58:37:2a:79:86:7b:93:5e:b5:
                    08:bf:f5:90:75:7c:77:73:2b:a4:5f:97:4d:fb:25:
                    74:e6:c1:19:b9:69:e5:5a:a3:26:33:cc:55:37:3c:
                    27:50:2d:ea:f1:a9:01:dc:0a:9c:61:b1:f8:b9:4b:
                    cb:58:93:05:4f:03:94:fa:d6:0b:db:7d:c5:30:10:
                    e1:e5:03:42:af:62:4c:f9:48:dd:fd:aa:ea:66:26:
                    f1:73:7d:72:e1:fa:c3:6e:bc:dc:71:dd:34:51:71:
                    47:76:f0:5a:af:a4:de:27:c7:84:51:be:e1:16:17:
                    b0:e7:bf:57:10:e1:2d:a0:ab:df:d7:02:2c:a5:88:
                    0e:69:23:13:30:29:fa:50:0e:a2:b6:23:cf:b9:4a:
                    59:cf:d6:97:15:a1:3b:74:5e:41:03:e2:f5:a3:46:
                    91:0e:94:1b:35:6a:a9:eb:1f:81:e3:89:95:36:e4:
                    50:b0:b4:ad:a7:11:ed:15:94:50:18:b9:8b:92:99:
                    71:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:10:39:D0:CE:49:39:CD:8E:78:DA:05:5F:D2:D7:ED:52:3D:A0:F2
            X509v3 Authority Key Identifier:
                keyid:33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/XBA50M5JOc2OeNoFX9LX7VI9oPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.180.0/23
                  185.68.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:bd:88:91:c2:b2:08:3a:35:20:78:fa:4d:23:d5:6b:0e:b4:
         71:41:09:9b:ef:b1:3a:e3:e2:9f:7c:31:a3:cc:2e:48:e9:21:
         47:5c:dc:ae:86:62:d2:ee:83:6b:ce:00:c9:ef:b0:1f:6c:fc:
         45:9e:df:72:96:f4:16:f7:34:98:a2:47:87:81:48:32:05:c9:
         c7:11:9b:5a:bb:45:76:c8:73:96:90:1a:5a:cb:eb:e8:ff:9b:
         c2:d8:f8:2f:3c:55:dc:57:42:38:39:ae:77:c9:78:80:f7:c1:
         59:e2:be:3f:d6:a8:ae:f5:97:e9:8a:d5:48:8b:6d:9a:c5:8f:
         ff:d5:b1:47:c5:f2:17:6e:ed:45:73:f4:e7:aa:2a:8a:de:84:
         0c:43:d6:48:97:b5:c7:94:14:89:6d:0e:1f:9b:b1:ca:34:17:
         93:69:82:4e:ed:b2:fa:10:0c:14:23:4b:4b:bd:9c:24:0d:a0:
         47:c5:04:65:7f:3c:fd:5a:63:85:12:7a:db:75:5e:2f:0f:80:
         61:29:e1:51:bc:5d:81:45:26:00:74:62:8d:b0:77:0d:cc:ea:
         a6:ba:23:93:af:d5:64:31:39:f8:e7:9a:eb:54:e0:49:9f:4e:
         c0:82:12:e3:02:d2:9a:81:e4:1f:83:95:e0:ce:29:c5:da:28:
         1a:72:2e:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvBIpO/V5oPWVmzKOyicuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGZlOTcxYjNlMzZiMTZhOTJiZTg1ZjU5OTg1YmU0NTk2
OGI4NjQwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzEwMzlkMGNlNDkzOWNkOGU3OGRhMDU1ZmQyZDdlZDUyM2RhMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXxG/N8epnluUDTBnAEFu12RdgUV
QohdbE41Us6N9DpXzj7EUjfwpPLavDXueQ3uwQHun7BLKVfoRNdZFNMJjudYNyp5
hnuTXrUIv/WQdXx3cyukX5dN+yV05sEZuWnlWqMmM8xVNzwnUC3q8akB3AqcYbH4
uUvLWJMFTwOU+tYL233FMBDh5QNCr2JM+Ujd/arqZibxc31y4frDbrzccd00UXFH
dvBar6TeJ8eEUb7hFhew579XEOEtoKvf1wIspYgOaSMTMCn6UA6itiPPuUpZz9aX
FaE7dF5BA+L1o0aRDpQbNWqp6x+B44mVNuRQsLStpxHtFZRQGLmLkplxJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFwQOdDOSTnNjnjaBV/S1+1SPaDyMB8GA1UdIwQY
MBaAFDMP6XGz42sWqSvoX1mYW+RZaLhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWIt
MTFlOWU5ZjAxMzQzLzEvWEJBNTBNNUpPYzJPZU5vRlg5TFg3Vkk5b1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWItMTFlOWU5ZjAxMzQz
LzEvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuUS0AwQA
uUS3MA0GCSqGSIb3DQEBCwUAA4IBAQCbvYiRwrIIOjUgePpNI9VrDrRxQQmb77E6
4+KffDGjzC5I6SFHXNyuhmLS7oNrzgDJ77AfbPxFnt9ylvQW9zSYokeHgUgyBcnH
EZtau0V2yHOWkBpay+vo/5vC2PgvPFXcV0I4Oa53yXiA98FZ4r4/1qiu9ZfpitVI
i22axY//1bFHxfIXbu1Fc/TnqiqK3oQMQ9ZIl7XHlBSJbQ4fm7HKNBeTaYJO7bL6
EAwUI0tLvZwkDaBHxQRlfzz9WmOFEnrbdV4vD4BhKeFRvF2BRSYAdGKNsHcNzOqm
uiOTr9VkMTn455rrVOBJn07AghLjAtKageQfg5XgzinF2igaci7v
-----END CERTIFICATE-----