Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/xcmVqoxnpIPfXbOTPAky9t0O0QI.roa
File:                     xcmVqoxnpIPfXbOTPAky9t0O0QI.roa (raw, json)
Hash identifier:          P05Vxn9UkBS+yOMfsrzDOvqTfH6hGg7PVIs/wyb23eE=
Subject key identifier:   C5:C9:95:AA:8C:67:A4:83:DF:5D:B3:93:3C:09:32:F6:DD:0E:D1:02
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0193435F29923827830267C0D9078B817BED
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/xcmVqoxnpIPfXbOTPAky9t0O0QI.roa
Signing time:             Tue 19 Nov 2024 07:42:10 +0000
ROA not before:           Tue 19 Nov 2024 07:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        82.163.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:43:5f:29:92:38:27:83:02:67:c0:d9:07:8b:81:7b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Nov 19 07:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5c995aa8c67a483df5db3933c0932f6dd0ed102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5d:2f:07:88:50:38:0a:24:be:d2:4b:c6:35:
                    52:d9:97:19:0a:97:84:9d:a7:0c:5b:88:1b:1d:aa:
                    eb:7d:41:2d:4b:de:bc:aa:53:0d:55:c1:a5:c8:33:
                    10:fa:16:32:d2:e5:a2:9a:e4:82:86:96:72:8a:bf:
                    9c:46:6c:20:90:cf:51:85:b5:fd:b7:f9:26:4d:b3:
                    57:11:4a:2d:8f:c7:bb:64:4e:cd:37:28:f7:49:72:
                    a5:ce:18:d2:8f:d8:86:44:f8:7f:3c:8f:c5:82:21:
                    e3:22:f1:38:9b:55:86:99:4c:66:13:36:83:f1:63:
                    a9:02:6f:be:93:ea:c2:d1:20:13:2d:77:27:d9:b5:
                    12:3e:8a:21:84:20:ff:a0:65:ef:5a:2f:5a:69:97:
                    7b:71:3f:c8:dd:81:d9:4f:2a:3e:4a:01:ed:c3:be:
                    18:85:a8:cc:7a:cb:30:71:a0:36:bd:ec:9a:d7:05:
                    3d:68:31:16:f8:d1:4a:ea:28:4c:09:85:11:fe:2d:
                    dd:14:33:7a:10:18:f0:4d:21:9b:c3:d8:07:b9:6b:
                    75:e2:c3:e6:a1:3b:3a:0a:cc:ed:ba:3c:64:44:93:
                    85:81:88:fb:79:58:ee:85:14:70:04:5b:5e:8b:21:
                    95:42:53:67:8d:ba:d3:30:ef:49:94:4c:73:6c:bd:
                    39:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C9:95:AA:8C:67:A4:83:DF:5D:B3:93:3C:09:32:F6:DD:0E:D1:02
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/xcmVqoxnpIPfXbOTPAky9t0O0QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:43:de:00:58:97:b2:51:6d:c6:d2:0c:86:d4:07:23:ba:7e:
         de:23:75:a8:10:e7:3d:32:b9:ff:c7:ef:a4:13:36:2f:4d:f2:
         b1:e5:05:3b:1d:07:c7:58:0d:8d:17:63:da:da:32:44:7b:ad:
         35:9c:61:f2:a3:53:c0:0c:43:2e:32:8b:5e:c8:55:fb:8f:b3:
         28:7d:b8:79:3a:c0:ba:b0:ac:03:dd:2f:45:e6:a4:81:c1:11:
         9a:a0:0d:d0:89:78:03:8a:43:7d:78:b1:21:c9:85:b7:03:9a:
         57:5f:8e:e9:e1:94:a7:3f:8a:a9:1f:83:98:4c:4e:90:bb:fd:
         b6:de:79:03:75:fa:3c:75:da:b8:9f:a7:5a:9a:f7:8d:f3:60:
         4f:79:5e:c3:d8:00:83:8e:6a:23:e7:91:28:4b:7b:9b:6b:01:
         73:3e:1d:5f:1a:f7:e6:56:aa:24:f3:a9:80:76:a8:c0:c0:71:
         e5:ef:81:5c:36:ec:5d:cd:ea:9f:e0:56:e1:19:13:01:eb:78:
         35:c4:43:a7:89:0c:2f:39:be:a8:02:29:f4:18:6e:49:26:76:
         90:ee:96:72:6d:4d:c3:fc:f4:8c:9c:6a:e8:f3:3b:0c:27:06:
         0b:89:2e:44:da:5d:f7:0e:7c:50:77:81:b0:09:39:99:c3:16:
         37:bb:16:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNDXymSOCeDAmfA2QeLgXvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMTE5MDc0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWM5OTVhYThjNjdhNDgzZGY1ZGIzOTMzYzA5MzJmNmRkMGVkMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvV0vB4hQOAokvtJLxjVS2ZcZCpeE
nacMW4gbHarrfUEtS968qlMNVcGlyDMQ+hYy0uWimuSChpZyir+cRmwgkM9RhbX9
t/kmTbNXEUotj8e7ZE7NNyj3SXKlzhjSj9iGRPh/PI/FgiHjIvE4m1WGmUxmEzaD
8WOpAm++k+rC0SATLXcn2bUSPoohhCD/oGXvWi9aaZd7cT/I3YHZTyo+SgHtw74Y
hajMesswcaA2veya1wU9aDEW+NFK6ihMCYUR/i3dFDN6EBjwTSGbw9gHuWt14sPm
oTs6CsztujxkRJOFgYj7eVjuhRRwBFteiyGVQlNnjbrTMO9JlExzbL05OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXJlaqMZ6SD312zkzwJMvbdDtECMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEveGNtVnFveG5wSVBmWGJPVFBBa3k5dDBPMFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqNAMA0G
CSqGSIb3DQEBCwUAA4IBAQBgQ94AWJeyUW3G0gyG1Acjun7eI3WoEOc9Mrn/x++k
EzYvTfKx5QU7HQfHWA2NF2Pa2jJEe601nGHyo1PADEMuMoteyFX7j7Mofbh5OsC6
sKwD3S9F5qSBwRGaoA3QiXgDikN9eLEhyYW3A5pXX47p4ZSnP4qpH4OYTE6Qu/22
3nkDdfo8ddq4n6damveN82BPeV7D2ACDjmoj55EoS3ubawFzPh1fGvfmVqok86mA
dqjAwHHl74FcNuxdzeqf4FbhGRMB63g1xEOniQwvOb6oAin0GG5JJnaQ7pZybU3D
/PSMnGro8zsMJwYLiS5E2l33DnxQd4GwCTmZwxY3uxZR
-----END CERTIFICATE-----