Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/XSldRWkSGuC6YB0qaeT_nhOpDig.roa
File:                     XSldRWkSGuC6YB0qaeT_nhOpDig.roa (raw, json)
Hash identifier:          LGr9475jNOzPSK9vTbm1WBLiqvYR+5T/t5ixpKSkdo8=
Subject key identifier:   5D:29:5D:45:69:12:1A:E0:BA:60:1D:2A:69:E4:FF:9E:13:A9:0E:28
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       018DCBA1F24DEC18E87C8DBCB0F0C8060A93
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/XSldRWkSGuC6YB0qaeT_nhOpDig.roa
Signing time:             Wed 21 Feb 2024 12:26:44 +0000
ROA not before:           Wed 21 Feb 2024 12:26:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        85.11.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:a1:f2:4d:ec:18:e8:7c:8d:bc:b0:f0:c8:06:0a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Feb 21 12:26:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d295d4569121ae0ba601d2a69e4ff9e13a90e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:89:1d:34:2a:a5:53:2b:ca:fa:d2:30:ac:71:
                    69:fa:e8:60:a2:9c:89:bf:4e:f0:80:5d:85:00:a9:
                    92:60:66:84:ec:d2:e4:e1:dd:75:37:61:f7:6e:97:
                    b7:00:63:ee:37:ac:e7:b8:72:00:ac:64:22:6f:7a:
                    4e:72:d2:bb:11:de:0b:1f:88:78:2f:16:8a:10:7f:
                    74:44:44:38:a8:00:c4:f6:1b:da:cd:47:f2:2e:1f:
                    74:fe:d5:f9:52:5b:2e:31:92:cb:63:7a:aa:52:60:
                    e6:3b:3b:76:8e:6e:ba:29:64:30:6a:4e:14:73:e3:
                    41:16:97:19:00:2a:fe:5b:e1:e6:0e:0e:28:fe:40:
                    22:2c:62:53:db:20:0a:cc:d5:9e:56:c9:02:e6:92:
                    d5:2b:ee:e5:b5:58:45:3b:71:05:d5:f6:fb:8e:2f:
                    aa:46:ac:96:7a:b2:24:d3:a1:b9:62:6f:1f:47:c0:
                    ae:0b:9c:ea:8e:ba:00:2b:1c:51:f2:d6:19:bb:4f:
                    3a:09:fd:92:99:16:4a:9a:1c:f1:94:54:a9:10:05:
                    ec:ba:92:50:5b:9e:f2:de:07:93:72:a2:bc:6e:dd:
                    ad:65:c5:30:e6:d4:41:b4:d8:67:e2:2b:de:2d:42:
                    c0:c1:a1:87:97:83:aa:1e:61:35:d9:af:12:57:c9:
                    42:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:29:5D:45:69:12:1A:E0:BA:60:1D:2A:69:E4:FF:9E:13:A9:0E:28
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/XSldRWkSGuC6YB0qaeT_nhOpDig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:b8:55:35:a7:e6:f2:bd:82:b1:6c:17:33:e7:11:0a:9d:60:
         95:8d:9f:89:3f:90:de:57:b0:a4:57:cf:bf:81:b1:4d:7b:4b:
         bf:73:84:10:fa:2d:a6:e1:69:48:60:e4:76:28:57:a3:82:22:
         a1:8c:5c:83:ab:0a:cf:c1:95:fb:1c:b3:31:5f:a6:bd:31:f3:
         19:d3:d7:16:14:07:9e:65:b3:38:8a:7d:1a:bf:0a:6b:71:11:
         8a:b9:95:47:0a:e7:90:01:87:ca:a5:ae:65:6f:81:30:43:3f:
         e2:5e:45:50:54:a4:8c:a7:e6:b2:5a:3e:3c:05:f4:e0:63:76:
         a3:8e:d3:c7:ea:2a:03:da:e4:dc:34:97:0f:af:72:0e:66:65:
         a3:88:f5:21:7a:6c:18:7a:3d:a6:81:29:99:3e:ef:64:b1:06:
         94:aa:e8:ec:bf:e1:f3:05:fc:cb:86:65:2a:cd:47:e9:79:38:
         d5:df:75:e4:d8:7c:4f:dd:b5:1d:3a:b4:5f:02:35:73:92:18:
         9b:77:4b:5d:b0:8f:33:09:d0:b6:aa:a4:1a:07:d2:45:af:4c:
         fb:d2:14:b1:87:81:e7:50:91:b3:19:ff:3b:4b:b5:a4:c6:4f:
         a7:71:60:9b:e2:83:39:84:c2:91:1b:f3:81:76:3e:e1:16:b9:
         f5:93:02:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3LofJN7BjofI28sPDIBgqTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjQwMjIxMTIyNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDI5NWQ0NTY5MTIxYWUwYmE2MDFkMmE2OWU0ZmY5ZTEzYTkwZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYkdNCqlUyvK+tIwrHFp+uhgopyJ
v07wgF2FAKmSYGaE7NLk4d11N2H3bpe3AGPuN6znuHIArGQib3pOctK7Ed4LH4h4
LxaKEH90REQ4qADE9hvazUfyLh90/tX5UlsuMZLLY3qqUmDmOzt2jm66KWQwak4U
c+NBFpcZACr+W+HmDg4o/kAiLGJT2yAKzNWeVskC5pLVK+7ltVhFO3EF1fb7ji+q
RqyWerIk06G5Ym8fR8CuC5zqjroAKxxR8tYZu086Cf2SmRZKmhzxlFSpEAXsupJQ
W57y3geTcqK8bt2tZcUw5tRBtNhn4iveLULAwaGHl4OqHmE12a8SV8lCQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0pXUVpEhrgumAdKmnk/54TqQ4oMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvWFNsZFJXa1NHdUM2WUIwcWFlVF9uaE9wRGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQu+MA0G
CSqGSIb3DQEBCwUAA4IBAQAvuFU1p+byvYKxbBcz5xEKnWCVjZ+JP5DeV7CkV8+/
gbFNe0u/c4QQ+i2m4WlIYOR2KFejgiKhjFyDqwrPwZX7HLMxX6a9MfMZ09cWFAee
ZbM4in0avwprcRGKuZVHCueQAYfKpa5lb4EwQz/iXkVQVKSMp+ayWj48BfTgY3aj
jtPH6ioD2uTcNJcPr3IOZmWjiPUhemwYej2mgSmZPu9ksQaUqujsv+HzBfzLhmUq
zUfpeTjV33Xk2HxP3bUdOrRfAjVzkhibd0tdsI8zCdC2qqQaB9JFr0z70hSxh4Hn
UJGzGf87S7Wkxk+ncWCb4oM5hMKRG/OBdj7hFrn1kwLJ
-----END CERTIFICATE-----