Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/aa9e97-4001-48a4-bf80-3d25458b39ee/1/xgoCWftS-p33ub63TY9uS7CSU00.roa
File:                     xgoCWftS-p33ub63TY9uS7CSU00.roa (raw, json)
Hash identifier:          k1eMXPORtkKFv2X46rzKsx5Y0b4Oi3XmAA3E93fVHKc=
Subject key identifier:   C6:0A:02:59:FB:52:FA:9D:F7:B9:BE:B7:4D:8F:6E:4B:B0:92:53:4D
Certificate issuer:       /CN=d2cb5d181afea69f39e17112593be4b00e584b4d
Certificate serial:       018FC3BA12E3F996470926CC592978ABFBB9
Authority key identifier: D2:CB:5D:18:1A:FE:A6:9F:39:E1:71:12:59:3B:E4:B0:0E:58:4B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0stdGBr-pp854XESWTvksA5YS00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/aa9e97-4001-48a4-bf80-3d25458b39ee/1/xgoCWftS-p33ub63TY9uS7CSU00.roa
Signing time:             Wed 29 May 2024 09:41:42 +0000
ROA not before:           Wed 29 May 2024 09:41:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214814
IP address blocks:        193.164.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/aa9e97-4001-48a4-bf80-3d25458b39ee/1/0stdGBr-pp854XESWTvksA5YS00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/aa9e97-4001-48a4-bf80-3d25458b39ee/1/0stdGBr-pp854XESWTvksA5YS00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0stdGBr-pp854XESWTvksA5YS00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c3:ba:12:e3:f9:96:47:09:26:cc:59:29:78:ab:fb:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2cb5d181afea69f39e17112593be4b00e584b4d
        Validity
            Not Before: May 29 09:41:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c60a0259fb52fa9df7b9beb74d8f6e4bb092534d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:fa:15:f8:0c:4b:49:e2:ef:02:56:7d:4c:13:
                    9e:86:75:26:46:c5:25:a2:59:35:f2:d5:a7:bd:5c:
                    c3:12:65:f3:5b:8f:d7:ac:68:fe:01:b6:bb:7b:17:
                    d3:49:d0:1e:ca:1f:d8:4c:37:f1:f5:61:dd:4d:ad:
                    af:89:04:f0:d9:9c:d6:41:81:3f:49:a7:ae:23:73:
                    e0:1e:6e:e0:30:0e:ec:fb:96:06:e4:97:fe:e7:cd:
                    9b:5e:0b:6b:8b:42:1e:e8:88:1f:fb:f8:38:9b:aa:
                    cc:cd:99:c2:40:78:c5:18:5e:ea:58:28:cb:93:f0:
                    e0:b4:25:e7:4f:24:2e:35:a4:16:c1:56:48:d6:11:
                    14:57:6a:05:1f:7c:63:2a:72:2d:68:12:80:6e:51:
                    66:e4:0b:75:00:68:30:78:a2:46:32:07:b0:82:9a:
                    ec:c0:ab:ca:24:2c:31:3a:81:5d:70:f7:db:fc:5e:
                    01:4e:76:02:f1:95:4c:33:6e:b3:ea:b1:57:2e:e9:
                    7f:ce:7b:7d:ad:6c:f6:a6:48:43:ec:a5:07:6a:c0:
                    f2:a0:78:6c:c2:df:28:28:2a:f0:78:aa:92:8e:12:
                    56:f7:d5:d8:51:e5:5b:d5:77:d3:48:fc:38:ab:75:
                    c2:a0:fc:df:37:1b:6e:ec:f8:09:64:79:33:b8:ba:
                    b3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:0A:02:59:FB:52:FA:9D:F7:B9:BE:B7:4D:8F:6E:4B:B0:92:53:4D
            X509v3 Authority Key Identifier:
                keyid:D2:CB:5D:18:1A:FE:A6:9F:39:E1:71:12:59:3B:E4:B0:0E:58:4B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0stdGBr-pp854XESWTvksA5YS00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/aa9e97-4001-48a4-bf80-3d25458b39ee/1/xgoCWftS-p33ub63TY9uS7CSU00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/aa9e97-4001-48a4-bf80-3d25458b39ee/1/0stdGBr-pp854XESWTvksA5YS00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:ad:f3:3f:d1:4d:11:49:b6:e0:38:7d:bb:ff:78:c2:16:69:
         c5:9f:39:7c:fe:ed:ff:10:54:af:d7:02:d2:1d:75:36:ca:f8:
         02:a6:5d:83:68:58:9f:2f:79:0c:83:34:67:e3:5f:04:1e:1d:
         0e:9f:49:0d:84:4f:89:a1:7d:9c:ef:8f:c5:95:f2:5e:b3:22:
         5f:be:18:77:ea:84:2c:04:b9:89:31:b0:db:94:fe:4a:e6:4b:
         37:77:ab:1d:79:50:2d:27:d6:54:59:64:25:16:2c:4d:52:da:
         a6:07:db:75:f8:f7:95:37:49:b8:9d:76:46:ea:03:c5:95:fa:
         70:10:94:6e:03:eb:33:10:d1:7f:20:09:3c:bf:aa:82:b1:52:
         d0:e0:b7:04:e9:9c:12:d1:20:2d:76:4c:72:cc:30:d4:52:70:
         31:ef:75:74:62:a4:cb:55:f9:12:7b:c1:e8:99:ce:d0:fb:54:
         bf:79:86:9c:c2:5d:78:40:e2:30:fa:0b:f9:bb:b0:b6:1a:a7:
         55:23:b2:40:88:0d:50:8f:b8:de:02:91:c0:7f:d8:f2:74:73:
         44:6f:7f:02:d9:a2:d0:49:19:7b:3a:5d:75:10:8a:82:4b:28:
         88:ae:e6:c7:4d:84:ff:e6:33:86:df:48:fa:3d:21:72:e0:29:
         4f:6e:6d:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/DuhLj+ZZHCSbMWSl4q/u5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyY2I1ZDE4MWFmZWE2OWYzOWUxNzExMjU5M2JlNGIwMGU1
ODRiNGQwHhcNMjQwNTI5MDk0MTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjBhMDI1OWZiNTJmYTlkZjdiOWJlYjc0ZDhmNmU0YmIwOTI1MzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9PoV+AxLSeLvAlZ9TBOehnUmRsUl
olk18tWnvVzDEmXzW4/XrGj+Aba7exfTSdAeyh/YTDfx9WHdTa2viQTw2ZzWQYE/
SaeuI3PgHm7gMA7s+5YG5Jf+582bXgtri0Ie6Igf+/g4m6rMzZnCQHjFGF7qWCjL
k/DgtCXnTyQuNaQWwVZI1hEUV2oFH3xjKnItaBKAblFm5At1AGgweKJGMgewgprs
wKvKJCwxOoFdcPfb/F4BTnYC8ZVMM26z6rFXLul/znt9rWz2pkhD7KUHasDyoHhs
wt8oKCrweKqSjhJW99XYUeVb1XfTSPw4q3XCoPzfNxtu7PgJZHkzuLqzDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYKAln7Uvqd97m+t02PbkuwklNNMB8GA1UdIwQY
MBaAFNLLXRga/qafOeFxElk75LAOWEtNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHN0ZEdCci1wcDg1NFhFU1dUdmtzQTVZUzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hYTllOTctNDAwMS00OGE0LWJmODAt
M2QyNTQ1OGIzOWVlLzEveGdvQ1dmdFMtcDMzdWI2M1RZOXVTN0NTVTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hYTllOTctNDAwMS00OGE0LWJmODAtM2QyNTQ1OGIzOWVl
LzEvMHN0ZEdCci1wcDg1NFhFU1dUdmtzQTVZUzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaTQMA0G
CSqGSIb3DQEBCwUAA4IBAQB5rfM/0U0RSbbgOH27/3jCFmnFnzl8/u3/EFSv1wLS
HXU2yvgCpl2DaFifL3kMgzRn418EHh0On0kNhE+JoX2c74/FlfJesyJfvhh36oQs
BLmJMbDblP5K5ks3d6sdeVAtJ9ZUWWQlFixNUtqmB9t1+PeVN0m4nXZG6gPFlfpw
EJRuA+szENF/IAk8v6qCsVLQ4LcE6ZwS0SAtdkxyzDDUUnAx73V0YqTLVfkSe8Ho
mc7Q+1S/eYacwl14QOIw+gv5u7C2GqdVI7JAiA1Qj7jeApHAf9jydHNEb38C2aLQ
SRl7Ol11EIqCSyiIrubHTYT/5jOG30j6PSFy4ClPbm1T
-----END CERTIFICATE-----