Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/XHOttDDchq7OiOnHo7-HIRVEOT0.roa
File:                     XHOttDDchq7OiOnHo7-HIRVEOT0.roa (raw, json)
Hash identifier:          f0bmJO7jCa6VyMQPPkc0PM12ZRTR3cxB0xD48ofJ2gU=
Subject key identifier:   5C:73:AD:B4:30:DC:86:AE:CE:88:E9:C7:A3:BF:87:21:15:44:39:3D
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018E9E128838998A92DF91C3A745210ED484
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/XHOttDDchq7OiOnHo7-HIRVEOT0.roa
Signing time:             Tue 02 Apr 2024 09:09:58 +0000
ROA not before:           Tue 02 Apr 2024 09:09:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204286
IP address blocks:        109.205.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:12:88:38:99:8a:92:df:91:c3:a7:45:21:0e:d4:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Apr  2 09:09:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c73adb430dc86aece88e9c7a3bf87211544393d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:dc:a3:3d:16:58:fb:4a:c1:97:3f:cd:11:4d:
                    2d:44:e4:8a:06:b6:70:05:82:10:c0:65:04:01:1a:
                    02:31:dc:4b:a5:0e:9b:05:6c:f2:dc:e0:d2:92:88:
                    5c:f7:9e:bc:d1:68:db:dd:f0:d0:22:91:45:a6:67:
                    10:e8:ea:9e:50:0b:f5:dc:a7:6b:56:08:35:73:b3:
                    4e:30:f5:b1:fb:1b:5a:e7:66:8b:5b:a3:48:d2:a9:
                    89:fb:6f:33:ff:5a:5e:ff:de:75:20:0b:cf:a6:3b:
                    44:19:88:fe:8c:c7:11:93:8e:df:7b:81:fc:84:c6:
                    5b:db:ca:5c:1f:33:0c:83:27:db:5b:bb:84:91:1b:
                    1e:8e:9b:1e:80:0e:f6:77:b0:c8:31:b8:39:21:d4:
                    52:bd:03:86:ea:62:f2:fd:c1:18:e2:9f:03:3a:3e:
                    cf:aa:7d:74:8a:71:eb:9d:80:3a:15:4a:36:9a:1e:
                    68:ff:d5:1b:84:4b:5b:2f:92:74:17:d6:91:fa:ed:
                    98:17:9a:84:40:2d:3f:32:c3:f5:fd:c3:ad:28:46:
                    12:c0:30:6d:04:5a:8e:8e:19:2e:3e:28:f9:d6:f5:
                    ef:ee:23:70:0f:71:8f:a4:dd:dd:72:77:52:26:e4:
                    44:0b:d3:fb:d2:33:2c:bc:5d:52:cc:1f:03:fd:c5:
                    15:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:73:AD:B4:30:DC:86:AE:CE:88:E9:C7:A3:BF:87:21:15:44:39:3D
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/XHOttDDchq7OiOnHo7-HIRVEOT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:f2:a3:c0:35:cd:f8:de:e0:1b:d2:72:c2:80:75:72:2c:4e:
         04:85:c4:5d:17:89:72:67:8b:ae:f8:a4:c1:50:85:cf:5f:c8:
         d4:61:6a:e0:c1:c1:4b:75:3e:6b:f6:66:d9:11:29:b7:0d:a6:
         3c:22:38:c4:cb:3e:e1:d5:4e:20:3d:81:52:97:a8:8a:9a:2e:
         f1:13:bb:d7:c1:b1:6f:2a:2f:f8:59:3b:51:48:74:33:a4:db:
         0a:40:de:b3:4b:17:d2:7f:2b:ae:8e:19:a2:4a:b9:8d:27:23:
         bc:d8:0e:96:8f:d9:6a:47:ed:13:38:44:0a:3b:1c:51:83:31:
         1e:b0:1b:9b:80:aa:4f:15:df:23:85:9a:56:e1:78:55:ba:bd:
         70:da:24:d5:0d:bc:a7:10:df:92:26:76:a4:e6:47:7f:d6:5a:
         dd:34:0c:86:66:fd:50:11:53:d4:32:0c:c6:0f:2c:f2:46:2e:
         ce:3e:88:41:6b:a1:18:d8:bb:81:7f:df:78:7b:9e:54:43:ec:
         d2:3a:e3:03:47:d7:67:8d:e0:dc:e1:92:19:c6:41:d7:51:70:
         6e:20:63:9a:fe:23:af:34:c3:0d:15:bf:97:29:9d:9c:ff:b2:
         bb:7b:ee:85:b8:e1:b6:a3:89:72:71:c2:08:96:ee:b2:ae:4d:
         82:a2:bb:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6eEog4mYqS35HDp0UhDtSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwNDAyMDkwOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzczYWRiNDMwZGM4NmFlY2U4OGU5YzdhM2JmODcyMTE1NDQzOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodyjPRZY+0rBlz/NEU0tROSKBrZw
BYIQwGUEARoCMdxLpQ6bBWzy3ODSkohc95680Wjb3fDQIpFFpmcQ6OqeUAv13Kdr
Vgg1c7NOMPWx+xta52aLW6NI0qmJ+28z/1pe/951IAvPpjtEGYj+jMcRk47fe4H8
hMZb28pcHzMMgyfbW7uEkRsejpsegA72d7DIMbg5IdRSvQOG6mLy/cEY4p8DOj7P
qn10inHrnYA6FUo2mh5o/9UbhEtbL5J0F9aR+u2YF5qEQC0/MsP1/cOtKEYSwDBt
BFqOjhkuPij51vXv7iNwD3GPpN3dcndSJuREC9P70jMsvF1SzB8D/cUV8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxzrbQw3Iauzojpx6O/hyEVRDk9MB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvWEhPdHRERGNocTdPaU9uSG83LUhJUlZFT1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc08MA0G
CSqGSIb3DQEBCwUAA4IBAQBy8qPANc343uAb0nLCgHVyLE4EhcRdF4lyZ4uu+KTB
UIXPX8jUYWrgwcFLdT5r9mbZESm3DaY8IjjEyz7h1U4gPYFSl6iKmi7xE7vXwbFv
Ki/4WTtRSHQzpNsKQN6zSxfSfyuujhmiSrmNJyO82A6Wj9lqR+0TOEQKOxxRgzEe
sBubgKpPFd8jhZpW4XhVur1w2iTVDbynEN+SJnak5kd/1lrdNAyGZv1QEVPUMgzG
DyzyRi7OPohBa6EY2LuBf994e55UQ+zSOuMDR9dnjeDc4ZIZxkHXUXBuIGOa/iOv
NMMNFb+XKZ2c/7K7e+6FuOG2o4lyccIIlu6yrk2CortL
-----END CERTIFICATE-----