Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/1XVQRXybkectWuMHchDrSrwXMpU.roa
File:                     1XVQRXybkectWuMHchDrSrwXMpU.roa (raw, json)
Hash identifier:          RcoSmwMPkyxnc3WzQBSo6GXkpGhgep8YGeIm2IqSusQ=
Subject key identifier:   D5:75:50:45:7C:9B:91:E7:2D:5A:E3:07:72:10:EB:4A:BC:17:32:95
Certificate issuer:       /CN=835fbb927b295062b7d0a72047b6b4aa1b0f9b29
Certificate serial:       018CC493006AC3D315663C89F6720C73D5BC
Authority key identifier: 83:5F:BB:92:7B:29:50:62:B7:D0:A7:20:47:B6:B4:AA:1B:0F:9B:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1-7knspUGK30KcgR7a0qhsPmyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/1XVQRXybkectWuMHchDrSrwXMpU.roa
Signing time:             Mon 01 Jan 2024 10:30:17 +0000
ROA not before:           Mon 01 Jan 2024 10:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206909
IP address blocks:        185.172.104.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/g1-7knspUGK30KcgR7a0qhsPmyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/g1-7knspUGK30KcgR7a0qhsPmyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1-7knspUGK30KcgR7a0qhsPmyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:00:6a:c3:d3:15:66:3c:89:f6:72:0c:73:d5:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835fbb927b295062b7d0a72047b6b4aa1b0f9b29
        Validity
            Not Before: Jan  1 10:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d57550457c9b91e72d5ae3077210eb4abc173295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:82:96:24:04:70:10:c4:66:c2:0b:ed:1b:a6:
                    94:de:90:b2:fb:41:bf:76:5d:40:c2:5e:25:c9:82:
                    fb:00:c3:70:52:cd:fa:c1:f2:2a:90:26:ee:5f:88:
                    35:d0:9d:52:1a:90:9b:e0:cc:2f:53:d7:6a:f5:28:
                    a7:17:c1:f5:ab:7a:ee:e4:c4:4a:23:14:39:1b:37:
                    a5:71:3f:fa:7b:9f:ab:43:4f:fc:6a:23:01:e8:07:
                    55:f2:82:29:2d:d7:d1:47:f7:5f:2a:d6:2f:e2:f1:
                    ad:fc:1b:95:e5:0f:31:9a:c3:5f:b3:01:0d:13:01:
                    4d:a8:6b:c5:e3:0e:f2:b8:0b:e8:ba:97:35:34:c0:
                    e0:4f:5c:22:5b:1d:ad:fc:ec:46:a2:11:1c:9a:78:
                    80:8c:d3:32:5f:49:6c:99:3c:ff:2c:c6:d2:a0:15:
                    b8:2c:18:c4:35:d9:0f:38:05:35:57:85:35:f2:f5:
                    44:0c:fc:52:c3:b7:23:a5:96:2a:45:75:f3:5c:b3:
                    69:a1:48:de:d0:e1:6c:15:ef:07:93:46:f5:46:3d:
                    be:79:54:5c:f3:01:3b:07:9e:b1:31:c6:db:a2:b0:
                    6e:bf:51:07:98:22:bf:62:30:f1:be:85:41:b1:eb:
                    8c:79:ca:39:ef:ff:55:d3:d3:1a:95:91:be:d1:96:
                    6d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:75:50:45:7C:9B:91:E7:2D:5A:E3:07:72:10:EB:4A:BC:17:32:95
            X509v3 Authority Key Identifier:
                keyid:83:5F:BB:92:7B:29:50:62:B7:D0:A7:20:47:B6:B4:AA:1B:0F:9B:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1-7knspUGK30KcgR7a0qhsPmyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/1XVQRXybkectWuMHchDrSrwXMpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/c64bf4-c605-461a-bb74-b18f8f7d90e8/1/g1-7knspUGK30KcgR7a0qhsPmyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:1b:3d:8c:32:8b:61:4d:6c:34:2b:97:ff:77:53:54:cb:46:
         d6:28:77:5d:ce:ca:1f:8e:ff:6f:e6:5a:2a:9c:13:78:97:6b:
         33:b0:ee:8b:43:44:a0:b6:ce:49:1c:34:b0:71:2b:d7:09:a9:
         3e:f9:ae:7c:7d:62:21:e9:be:93:fe:e9:21:f9:fe:f5:74:58:
         4d:f3:2a:bb:4b:ac:7d:22:2f:6c:0f:77:50:df:6c:a0:15:07:
         7c:a0:85:08:ff:98:d0:04:eb:21:f9:24:e1:de:48:54:12:66:
         21:3a:36:b1:3f:b7:f4:88:28:da:cd:c0:db:cc:a6:e7:96:88:
         98:1d:59:5f:68:b2:73:13:ce:47:e8:4f:d0:5b:b3:97:3d:4f:
         8c:00:50:18:a1:9e:04:45:7c:97:a8:8f:ae:ab:ea:f3:85:36:
         ef:62:8f:72:b0:13:d9:db:68:60:04:b2:f0:1c:90:a5:36:cc:
         b9:9a:09:dc:a5:f0:5d:07:69:6c:39:c6:c6:d4:29:ec:a1:1f:
         b4:7c:75:f1:57:41:ff:15:9b:36:60:35:d1:13:73:fe:9d:e7:
         ba:3d:64:86:58:1b:e7:6e:e3:0e:1f:6a:5c:63:ee:60:c7:91:
         d6:89:e7:7d:3c:96:36:d4:1a:cb:e9:38:6f:73:7d:b9:27:65:
         7e:79:7e:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwBqw9MVZjyJ9nIMc9W8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWZiYjkyN2IyOTUwNjJiN2QwYTcyMDQ3YjZiNGFhMWIw
ZjliMjkwHhcNMjQwMTAxMTAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc1NTA0NTdjOWI5MWU3MmQ1YWUzMDc3MjEwZWI0YWJjMTczMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoKWJARwEMRmwgvtG6aU3pCy+0G/
dl1Awl4lyYL7AMNwUs36wfIqkCbuX4g10J1SGpCb4MwvU9dq9SinF8H1q3ru5MRK
IxQ5GzelcT/6e5+rQ0/8aiMB6AdV8oIpLdfRR/dfKtYv4vGt/BuV5Q8xmsNfswEN
EwFNqGvF4w7yuAvoupc1NMDgT1wiWx2t/OxGohEcmniAjNMyX0lsmTz/LMbSoBW4
LBjENdkPOAU1V4U18vVEDPxSw7cjpZYqRXXzXLNpoUje0OFsFe8Hk0b1Rj2+eVRc
8wE7B56xMcbborBuv1EHmCK/YjDxvoVBseuMeco57/9V09MalZG+0ZZtnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV1UEV8m5HnLVrjB3IQ60q8FzKVMB8GA1UdIwQY
MBaAFINfu5J7KVBit9CnIEe2tKobD5spMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzEtN2tuc3BVR0szMEtjZ1I3YTBxaHNQbXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9jNjRiZjQtYzYwNS00NjFhLWJiNzQt
YjE4ZjhmN2Q5MGU4LzEvMVhWUVJYeWJrZWN0V3VNSGNoRHJTcndYTXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9jNjRiZjQtYzYwNS00NjFhLWJiNzQtYjE4ZjhmN2Q5MGU4
LzEvZzEtN2tuc3BVR0szMEtjZ1I3YTBxaHNQbXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaxoMA0G
CSqGSIb3DQEBCwUAA4IBAQCOGz2MMothTWw0K5f/d1NUy0bWKHddzsofjv9v5loq
nBN4l2szsO6LQ0Sgts5JHDSwcSvXCak++a58fWIh6b6T/ukh+f71dFhN8yq7S6x9
Ii9sD3dQ32ygFQd8oIUI/5jQBOsh+STh3khUEmYhOjaxP7f0iCjazcDbzKbnloiY
HVlfaLJzE85H6E/QW7OXPU+MAFAYoZ4ERXyXqI+uq+rzhTbvYo9ysBPZ22hgBLLw
HJClNsy5mgncpfBdB2lsOcbG1CnsoR+0fHXxV0H/FZs2YDXRE3P+nee6PWSGWBvn
buMOH2pcY+5gx5HWied9PJY21BrL6Thvc325J2V+eX7A
-----END CERTIFICATE-----