Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/XzG0wK6NKOomj9iAgqAl48XVloQ.roa
File:                     XzG0wK6NKOomj9iAgqAl48XVloQ.roa (raw, json)
Hash identifier:          tM7PFJNzwDdoePfyF/2D6qDSesfIEJ6J2o4dD63N2CA=
Subject key identifier:   5F:31:B4:C0:AE:8D:28:EA:26:8F:D8:80:82:A0:25:E3:C5:D5:96:84
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018CC348EFAEA0586342ABDD97F2666587D0
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/XzG0wK6NKOomj9iAgqAl48XVloQ.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        148.222.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ef:ae:a0:58:63:42:ab:dd:97:f2:66:65:87:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f31b4c0ae8d28ea268fd88082a025e3c5d59684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4a:c8:fd:48:e8:f5:7f:4a:91:d0:15:16:2a:
                    63:43:9c:c0:9f:0b:d6:66:b3:5a:cb:fe:ec:3d:aa:
                    76:3b:96:2c:9c:6d:6e:6e:9d:69:f6:a9:62:1f:ee:
                    1f:f8:35:5a:30:a1:93:e9:80:65:30:18:d2:e8:cc:
                    92:c8:22:d6:88:d3:92:41:c8:96:b8:ff:0b:1d:f9:
                    ce:15:a7:c9:97:62:05:9a:5e:ad:0f:e5:77:26:be:
                    6d:e6:54:52:6a:63:38:7b:3c:ea:44:bd:ec:7a:11:
                    a1:91:8c:05:72:58:11:57:80:98:6c:c7:ec:b5:2b:
                    50:25:4b:98:20:98:71:ef:cd:25:c2:c3:06:6d:3e:
                    36:f4:38:ae:42:5d:84:d4:16:45:ea:81:6b:0f:26:
                    a4:a6:c2:fc:cf:db:4b:f1:cd:3e:9f:75:51:ba:b0:
                    0a:75:65:bf:a1:46:c5:7d:32:ea:9a:7f:bf:f2:4e:
                    4e:c1:00:09:ce:60:f7:25:3e:de:39:ad:33:45:ad:
                    0a:6e:ef:0a:42:cd:0f:ab:a9:b5:0d:14:67:1e:49:
                    f3:65:d8:b4:b3:d9:9d:69:10:1f:29:6f:9f:1c:23:
                    85:87:d1:1a:0f:fe:39:dd:ba:28:62:ec:1b:5a:d2:
                    e5:40:ef:f2:06:95:0c:e0:0f:8c:6e:17:23:c0:15:
                    af:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:31:B4:C0:AE:8D:28:EA:26:8F:D8:80:82:A0:25:E3:C5:D5:96:84
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/XzG0wK6NKOomj9iAgqAl48XVloQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.222.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:ef:f9:d1:5f:24:49:1a:9f:9d:e3:52:15:13:53:b0:df:ab:
         a3:c0:4b:dc:00:7a:5f:74:05:20:fb:c0:3f:20:7e:a1:f7:c7:
         0d:09:30:8c:ab:8f:4c:aa:96:ff:e9:44:0f:4d:8a:72:c9:d9:
         a4:0a:28:af:ca:b6:ec:40:6b:63:1b:c1:a4:c0:6f:5e:21:61:
         62:34:a8:95:f3:87:84:6a:27:52:d3:52:83:44:b9:be:89:f1:
         e4:ec:7c:be:82:35:8d:bd:b4:64:ac:9c:0a:96:ae:11:24:19:
         25:e8:64:27:4b:f5:01:db:fb:08:66:b4:db:66:b9:af:2b:8c:
         00:70:9d:9b:0c:82:0b:04:c2:55:28:69:30:6f:c7:f4:9f:04:
         9f:1a:c4:d0:b4:23:a8:88:77:a9:92:2d:63:3f:bd:61:8a:2b:
         5c:ab:e8:d9:86:e7:59:9d:c0:01:7c:de:4b:c9:ed:cd:35:2a:
         25:2c:6f:25:66:86:f5:5d:17:64:17:30:c0:98:ae:52:00:e0:
         44:f0:68:f1:68:2f:ba:31:75:1b:9f:4b:1e:a8:d9:96:ed:22:
         d4:c2:32:80:ba:3b:3c:c9:f9:d0:0f:6a:92:bf:08:05:a4:b0:
         6c:9e:3f:e8:44:12:31:4a:b6:cf:7a:1d:ee:b2:df:e1:43:bd:
         e1:37:97:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSO+uoFhjQqvdl/JmZYfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjMxYjRjMGFlOGQyOGVhMjY4ZmQ4ODA4MmEwMjVlM2M1ZDU5Njg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkrI/Ujo9X9KkdAVFipjQ5zAnwvW
ZrNay/7sPap2O5YsnG1ubp1p9qliH+4f+DVaMKGT6YBlMBjS6MySyCLWiNOSQciW
uP8LHfnOFafJl2IFml6tD+V3Jr5t5lRSamM4ezzqRL3sehGhkYwFclgRV4CYbMfs
tStQJUuYIJhx780lwsMGbT429DiuQl2E1BZF6oFrDyakpsL8z9tL8c0+n3VRurAK
dWW/oUbFfTLqmn+/8k5OwQAJzmD3JT7eOa0zRa0Kbu8KQs0Pq6m1DRRnHknzZdi0
s9mdaRAfKW+fHCOFh9EaD/453booYuwbWtLlQO/yBpUM4A+MbhcjwBWv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8xtMCujSjqJo/YgIKgJePF1ZaEMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvWHpHMHdLNk5LT29tajlpQWdxQWw0OFhWbG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClN70MA0G
CSqGSIb3DQEBCwUAA4IBAQBv7/nRXyRJGp+d41IVE1Ow36ujwEvcAHpfdAUg+8A/
IH6h98cNCTCMq49Mqpb/6UQPTYpyydmkCiivyrbsQGtjG8GkwG9eIWFiNKiV84eE
aidS01KDRLm+ifHk7Hy+gjWNvbRkrJwKlq4RJBkl6GQnS/UB2/sIZrTbZrmvK4wA
cJ2bDIILBMJVKGkwb8f0nwSfGsTQtCOoiHepki1jP71hiitcq+jZhudZncABfN5L
ye3NNSolLG8lZob1XRdkFzDAmK5SAOBE8GjxaC+6MXUbn0seqNmW7SLUwjKAujs8
yfnQD2qSvwgFpLBsnj/oRBIxSrbPeh3ust/hQ73hN5cb
-----END CERTIFICATE-----