Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/XX2lPV5k0UF5kfU_UhvywdKjHYs.roa
File:                     XX2lPV5k0UF5kfU_UhvywdKjHYs.roa (raw, json)
Hash identifier:          b+p3gj6qXp3PpqYrYa2OqDJkOLaWTuB/AX9DkXwD1Xs=
Subject key identifier:   5D:7D:A5:3D:5E:64:D1:41:79:91:F5:3F:52:1B:F2:C1:D2:A3:1D:8B
Certificate issuer:       /CN=1366b960a6f1f04439f09186f9ecf531a9ce2648
Certificate serial:       018CC801471DBDFC1DDC0178578C53437D7F
Authority key identifier: 13:66:B9:60:A6:F1:F0:44:39:F0:91:86:F9:EC:F5:31:A9:CE:26:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/XX2lPV5k0UF5kfU_UhvywdKjHYs.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50321
IP address blocks:        194.150.220.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:47:1d:bd:fc:1d:dc:01:78:57:8c:53:43:7d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1366b960a6f1f04439f09186f9ecf531a9ce2648
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d7da53d5e64d1417991f53f521bf2c1d2a31d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:50:59:85:fe:4b:80:4d:57:82:b9:97:87:a9:
                    f8:69:5d:d3:bf:f7:db:55:eb:14:b7:85:79:18:6a:
                    73:df:98:af:73:fa:52:b5:90:72:ca:c3:24:cc:cb:
                    a5:cc:23:6b:dc:fd:3e:dd:63:55:ea:b5:b3:a4:62:
                    8e:24:f2:f1:66:7c:ea:10:3c:a4:98:e0:fe:33:50:
                    a8:25:38:bc:40:be:bf:85:66:df:d1:96:ed:5b:91:
                    0d:6c:58:b1:dd:ed:67:ea:bc:87:23:5f:c5:37:d8:
                    79:6a:2b:cc:c5:71:a4:c7:b6:46:6e:1c:b3:13:cd:
                    80:a3:2b:87:3e:57:e8:91:3d:d7:9e:54:94:f2:77:
                    07:62:20:04:61:a2:94:da:12:ef:9c:f0:b8:3e:d9:
                    4f:67:c8:83:57:b9:31:0a:44:6e:4f:26:5b:6e:4e:
                    5d:5c:67:b2:45:63:ae:92:80:ef:e0:98:40:da:73:
                    c0:84:e0:8f:66:6f:93:ed:76:c2:d1:58:84:7c:65:
                    e5:23:9e:31:01:87:58:c1:b4:c6:8c:62:23:e7:85:
                    12:5b:96:c3:bc:e9:c5:6d:b1:53:8e:ac:9a:9c:8b:
                    66:a5:44:a6:62:1f:33:68:52:7d:94:4b:b2:6c:fb:
                    ee:8c:60:83:15:cf:fa:64:a9:1a:71:0e:30:c4:f9:
                    f8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7D:A5:3D:5E:64:D1:41:79:91:F5:3F:52:1B:F2:C1:D2:A3:1D:8B
            X509v3 Authority Key Identifier:
                keyid:13:66:B9:60:A6:F1:F0:44:39:F0:91:86:F9:EC:F5:31:A9:CE:26:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/XX2lPV5k0UF5kfU_UhvywdKjHYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:50:92:b3:78:0b:e0:e3:d9:eb:ef:a8:1f:9f:85:14:65:94:
         dd:8c:e2:34:dc:04:c6:99:20:25:f8:e7:be:0e:47:5b:7f:f0:
         d1:57:f8:5f:b1:28:2c:12:17:fc:fd:03:b9:32:f8:2d:7b:b2:
         03:30:a4:fb:00:dd:4d:b5:2c:60:8d:90:f7:6d:58:57:11:ca:
         4a:c2:16:64:33:77:8e:48:7a:72:67:f9:d8:b6:88:3b:65:8b:
         19:b6:fb:d0:60:6c:e1:0a:91:83:f1:f9:5a:6e:16:9e:ee:56:
         9d:05:bd:3e:de:8c:fe:75:a7:c8:12:67:8f:c0:fc:c3:11:38:
         83:5f:20:fa:00:82:6e:18:b7:d9:fc:b8:03:91:47:1e:57:a8:
         c8:99:6e:99:d7:08:1d:93:80:21:1a:33:f2:17:c1:e0:11:02:
         92:11:ac:fe:ed:cc:47:28:ff:41:da:d8:9a:4e:00:ff:ba:75:
         09:52:ab:ae:fa:9a:29:bc:62:85:da:2f:d9:8a:a2:52:6e:d1:
         f4:37:5b:57:ca:0b:a5:a5:62:3f:99:af:37:23:98:fd:ac:92:
         10:ba:99:1f:19:0e:8b:fb:b4:e6:a3:39:a0:d3:0d:16:5d:33:
         bd:90:92:67:6a:ba:54:93:46:0b:f8:a5:c5:fa:d9:aa:8d:1f:
         02:5b:a6:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUcdvfwd3AF4V4xTQ31/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNjZiOTYwYTZmMWYwNDQzOWYwOTE4NmY5ZWNmNTMxYTlj
ZTI2NDgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdkYTUzZDVlNjRkMTQxNzk5MWY1M2Y1MjFiZjJjMWQyYTMxZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVBZhf5LgE1XgrmXh6n4aV3Tv/fb
VesUt4V5GGpz35ivc/pStZByysMkzMulzCNr3P0+3WNV6rWzpGKOJPLxZnzqEDyk
mOD+M1CoJTi8QL6/hWbf0ZbtW5ENbFix3e1n6ryHI1/FN9h5aivMxXGkx7ZGbhyz
E82AoyuHPlfokT3XnlSU8ncHYiAEYaKU2hLvnPC4PtlPZ8iDV7kxCkRuTyZbbk5d
XGeyRWOukoDv4JhA2nPAhOCPZm+T7XbC0ViEfGXlI54xAYdYwbTGjGIj54USW5bD
vOnFbbFTjqyanItmpUSmYh8zaFJ9lEuybPvujGCDFc/6ZKkacQ4wxPn4uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF19pT1eZNFBeZH1P1Ib8sHSox2LMB8GA1UdIwQY
MBaAFBNmuWCm8fBEOfCRhvns9TGpziZIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTJhNVlLYng4RVE1OEpHRy1lejFNYW5PSmtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80NDAyYjAtMmVjYS00ODM2LWJmMjIt
YTk2NzE1OWY4ODdkLzEvWFgybFBWNWswVUY1a2ZVX1Vodnl3ZEtqSFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80NDAyYjAtMmVjYS00ODM2LWJmMjItYTk2NzE1OWY4ODdk
LzEvRTJhNVlLYng4RVE1OEpHRy1lejFNYW5PSmtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpbcMA0G
CSqGSIb3DQEBCwUAA4IBAQCFUJKzeAvg49nr76gfn4UUZZTdjOI03ATGmSAl+Oe+
Dkdbf/DRV/hfsSgsEhf8/QO5Mvgte7IDMKT7AN1NtSxgjZD3bVhXEcpKwhZkM3eO
SHpyZ/nYtog7ZYsZtvvQYGzhCpGD8flabhae7ladBb0+3oz+dafIEmePwPzDETiD
XyD6AIJuGLfZ/LgDkUceV6jImW6Z1wgdk4AhGjPyF8HgEQKSEaz+7cxHKP9B2tia
TgD/unUJUquu+popvGKF2i/ZiqJSbtH0N1tXygulpWI/ma83I5j9rJIQupkfGQ6L
+7Tmozmg0w0WXTO9kJJnarpUk0YL+KXF+tmqjR8CW6Yy
-----END CERTIFICATE-----