Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/XAtIzK6TJVw46-FxKN1gfXuaYZA.roa
File:                     XAtIzK6TJVw46-FxKN1gfXuaYZA.roa (raw, json)
Hash identifier:          iKY7G7wX4GsdLAuWqbhbirJsb8o13YRChs74nwIrR9U=
Subject key identifier:   5C:0B:48:CC:AE:93:25:5C:38:EB:E1:71:28:DD:60:7D:7B:9A:61:90
Certificate issuer:       /CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Certificate serial:       018CC86F0A4FAEE69F1BB911E25BE25D2D27
Authority key identifier: D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/XAtIzK6TJVw46-FxKN1gfXuaYZA.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206570
IP address blocks:        185.179.200.0/23 maxlen: 24
                          213.179.210.0/23 maxlen: 23
                          2a00:1d23::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0a:4f:ae:e6:9f:1b:b9:11:e2:5b:e2:5d:2d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d41703db3020cc1ef2fd71091a468f4a649c238f
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c0b48ccae93255c38ebe17128dd607d7b9a6190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:95:32:ed:42:43:36:43:20:a6:0b:78:66:9c:
                    18:9b:32:92:f8:69:30:21:3a:94:e1:24:e0:f9:ed:
                    f2:bc:77:e5:0e:48:ab:f2:c7:da:c2:2e:16:c9:66:
                    30:38:e4:51:50:3d:d4:2b:49:91:60:f6:68:fe:17:
                    fd:10:1c:77:d1:15:cd:c8:99:ca:9e:1b:e5:26:5d:
                    7b:56:9c:a4:64:99:e7:b4:77:d1:0b:48:1c:69:0d:
                    48:51:b4:b5:36:02:ec:d0:b6:ec:64:c6:e1:3b:0e:
                    4d:ca:47:c8:2c:77:ab:73:b8:e5:a2:b0:46:9e:51:
                    75:23:b2:61:b8:77:ad:59:ff:4f:3b:10:b1:1e:b6:
                    58:33:cd:96:c6:a1:af:d9:b8:41:a7:11:f9:39:22:
                    27:b4:55:4e:ac:aa:d3:51:27:c7:09:d5:48:74:c6:
                    25:c5:5e:27:cc:df:a1:45:4c:5c:09:79:1b:7d:3a:
                    d0:c5:16:cf:b7:86:1a:d0:87:9f:5d:ee:7a:bb:dc:
                    ce:3c:43:f5:2b:cf:65:66:59:3d:75:1d:0f:92:30:
                    bf:04:b1:8b:3a:ab:50:36:49:16:1d:21:c6:fd:8e:
                    9f:47:7a:c7:f7:0e:b7:6d:aa:92:f9:56:a2:84:78:
                    c5:40:00:78:b2:12:af:b1:c2:18:94:7b:e2:41:ac:
                    e4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0B:48:CC:AE:93:25:5C:38:EB:E1:71:28:DD:60:7D:7B:9A:61:90
            X509v3 Authority Key Identifier:
                keyid:D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/XAtIzK6TJVw46-FxKN1gfXuaYZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.200.0/23
                  213.179.210.0/23
                IPv6:
                  2a00:1d23::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:8e:34:14:9c:ca:e8:de:70:3a:c0:12:d6:da:3a:26:b8:2f:
         99:bc:19:82:b8:d1:42:40:c0:34:1f:f7:a2:0f:ac:4e:cb:c7:
         14:57:73:36:a3:62:19:4a:bf:c0:91:5f:68:c8:fa:a2:61:dc:
         79:4e:d0:e6:7a:0d:dc:2d:24:2f:e0:ca:60:aa:fa:54:08:32:
         d4:bb:80:ed:af:54:c7:73:b6:69:cb:98:bb:12:20:54:35:73:
         3d:fe:1c:5e:64:00:73:ca:65:ce:65:18:aa:a6:90:1f:7b:fc:
         f0:d9:49:ed:3b:a4:00:41:69:88:46:3c:6c:ad:e9:b5:57:8d:
         10:a8:e5:9d:70:f7:fa:20:2d:f3:18:54:32:42:38:bb:02:4d:
         de:6b:fa:67:65:53:e0:04:8d:1f:82:90:25:b7:66:b9:7b:26:
         6e:48:45:bd:39:35:7b:0c:72:6e:15:87:29:53:2b:94:4b:13:
         40:1a:8b:08:b5:a6:4e:b6:b3:c2:68:e5:71:f5:17:3e:98:85:
         52:f3:30:f5:5b:ed:07:58:3f:f7:63:5b:77:f9:98:2d:e4:a4:
         94:ca:e7:e0:ac:57:72:02:2c:bf:0a:35:22:a2:4e:25:6b:05:
         6b:b0:1e:43:7f:74:82:af:16:ef:54:0c:ce:27:27:95:3e:23:
         d0:94:50:f6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIbwpPruafG7kR4lviXS0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTcwM2RiMzAyMGNjMWVmMmZkNzEwOTFhNDY4ZjRhNjQ5
YzIzOGYwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBiNDhjY2FlOTMyNTVjMzhlYmUxNzEyOGRkNjA3ZDdiOWE2MTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUy7UJDNkMgpgt4ZpwYmzKS+Gkw
ITqU4STg+e3yvHflDkir8sfawi4WyWYwOORRUD3UK0mRYPZo/hf9EBx30RXNyJnK
nhvlJl17VpykZJnntHfRC0gcaQ1IUbS1NgLs0LbsZMbhOw5NykfILHerc7jlorBG
nlF1I7JhuHetWf9POxCxHrZYM82WxqGv2bhBpxH5OSIntFVOrKrTUSfHCdVIdMYl
xV4nzN+hRUxcCXkbfTrQxRbPt4Ya0IefXe56u9zOPEP1K89lZlk9dR0PkjC/BLGL
OqtQNkkWHSHG/Y6fR3rH9w63baqS+VaihHjFQAB4shKvscIYlHviQazklwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFwLSMyukyVcOOvhcSjdYH17mmGQMB8GA1UdIwQY
MBaAFNQXA9swIMwe8v1xCRpGj0pknCOPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYt
NDhkMzFjNzVmMzFlLzEvWEF0SXpLNlRKVnc0Ni1GeEtOMWdmWHVhWVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYtNDhkMzFjNzVmMzFl
LzEvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBubPIAwQB
1bPSMA0EAgACMAcDBQAqAB0jMA0GCSqGSIb3DQEBCwUAA4IBAQBsjjQUnMro3nA6
wBLW2jomuC+ZvBmCuNFCQMA0H/eiD6xOy8cUV3M2o2IZSr/AkV9oyPqiYdx5TtDm
eg3cLSQv4MpgqvpUCDLUu4Dtr1THc7Zpy5i7EiBUNXM9/hxeZABzymXOZRiqppAf
e/zw2UntO6QAQWmIRjxsrem1V40QqOWdcPf6IC3zGFQyQji7Ak3ea/pnZVPgBI0f
gpAlt2a5eyZuSEW9OTV7DHJuFYcpUyuUSxNAGosItaZOtrPCaOVx9Rc+mIVS8zD1
W+0HWD/3Y1t3+Zgt5KSUyufgrFdyAiy/CjUiok4lawVrsB5Df3SCrxbvVAzOJyeV
PiPQlFD2
-----END CERTIFICATE-----