Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/XPo6j4yi2iTwUawiP-FGRXHwfjU.roa
File:                     XPo6j4yi2iTwUawiP-FGRXHwfjU.roa (raw, json)
Hash identifier:          nTjtDkSCeH6wR6Hq3A1vAtfvZLheHyrlyf6tUPctZEw=
Subject key identifier:   5C:FA:3A:8F:8C:A2:DA:24:F0:51:AC:22:3F:E1:46:45:71:F0:7E:35
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DF5BC342665F2329CC56F2679A63
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/XPo6j4yi2iTwUawiP-FGRXHwfjU.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        45.14.68.0/24 maxlen: 32
                          45.14.69.0/24 maxlen: 24
                          193.177.223.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:df:5b:c3:42:66:5f:23:29:cc:56:f2:67:9a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cfa3a8f8ca2da24f051ac223fe1464571f07e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6c:19:41:be:12:c9:68:5a:92:d2:8f:9a:eb:
                    fe:4c:f9:71:da:83:e4:ce:c6:d4:ec:1f:b0:e6:0d:
                    25:34:8f:fc:ea:31:1a:9d:42:3d:40:47:e9:3c:61:
                    b8:1a:c1:17:bf:92:5b:1b:d1:2f:f2:95:61:73:34:
                    02:0f:4e:9d:54:7b:d4:3d:1b:55:48:1b:ea:37:ab:
                    13:4f:a1:cb:83:c8:a2:c1:99:89:42:5b:91:8b:6f:
                    e7:09:0e:37:3c:86:cb:af:75:cf:5e:5f:4e:a6:e4:
                    a1:fa:f1:ad:d8:1c:dd:b1:c7:ca:aa:db:3a:a0:6c:
                    a0:67:8d:29:ae:44:a0:e2:15:67:7e:87:3a:bc:5b:
                    22:a6:51:eb:d5:e3:74:34:e1:68:48:65:31:d4:82:
                    8a:bc:57:cc:11:81:fd:12:ae:90:d1:71:7a:48:8c:
                    24:e9:e7:98:0b:ff:f4:7e:b7:f5:b6:5b:e0:77:15:
                    a6:06:59:6f:16:3e:3c:b8:e9:48:65:c2:1f:f6:d5:
                    b2:8d:25:4f:69:be:c6:eb:5a:b8:08:46:2c:4a:c6:
                    d9:53:33:a6:09:ec:d7:63:ff:c3:2f:66:5d:bb:4e:
                    29:3f:99:cb:d8:90:ed:39:4b:d4:e6:6e:4a:08:85:
                    4b:09:c5:83:aa:b1:f5:ed:70:a2:b1:58:72:48:a4:
                    c3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FA:3A:8F:8C:A2:DA:24:F0:51:AC:22:3F:E1:46:45:71:F0:7E:35
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/XPo6j4yi2iTwUawiP-FGRXHwfjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.68.0/23
                  193.177.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:18:7a:ec:69:44:57:8b:8b:17:15:95:d4:7d:ec:7a:40:cf:
         b7:cb:58:65:85:ac:10:b8:3e:57:3a:4b:41:4e:20:ac:1e:9d:
         16:a4:9f:4d:be:15:cc:f6:53:3f:ee:f7:58:02:00:66:22:f3:
         e4:02:bb:cf:d8:6b:81:70:b1:b4:8d:87:24:6a:53:e4:4b:1a:
         2c:a5:09:9d:83:8c:4e:3e:77:9c:16:78:9a:2e:4b:8b:80:3d:
         6a:fb:b8:32:33:9b:bf:7f:f4:d1:57:df:d6:28:39:20:64:15:
         24:20:0b:d8:ee:96:08:45:d7:64:3e:04:00:da:5d:15:2a:59:
         c7:ee:cc:72:ab:dc:4c:db:7e:cf:d5:d7:d3:e3:10:30:0b:d8:
         1e:26:37:70:b2:d8:90:1d:b6:ea:3d:c0:df:20:d7:4f:6b:3e:
         97:ba:c8:62:73:e8:f8:5b:29:ce:1f:1c:1d:27:92:cb:1b:9a:
         ae:83:c6:69:e4:66:a6:48:1a:39:2b:87:eb:01:a4:89:c9:c4:
         2d:1d:cc:7b:2a:d0:aa:f8:0e:d7:6b:27:a7:ee:54:55:35:cd:
         ae:1f:a9:bf:f1:1f:0c:d9:c5:df:b0:65:dc:0a:17:89:d0:e3:
         99:6b:a5:1c:5c:4e:72:fc:9f:00:a7:78:6b:5c:6c:da:5f:f7:
         ef:e6:a9:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAd9bw0JmXyMpzFbyZ5pjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ZhM2E4ZjhjYTJkYTI0ZjA1MWFjMjIzZmUxNDY0NTcxZjA3ZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWwZQb4SyWhaktKPmuv+TPlx2oPk
zsbU7B+w5g0lNI/86jEanUI9QEfpPGG4GsEXv5JbG9Ev8pVhczQCD06dVHvUPRtV
SBvqN6sTT6HLg8iiwZmJQluRi2/nCQ43PIbLr3XPXl9OpuSh+vGt2BzdscfKqts6
oGygZ40prkSg4hVnfoc6vFsiplHr1eN0NOFoSGUx1IKKvFfMEYH9Eq6Q0XF6SIwk
6eeYC//0frf1tlvgdxWmBllvFj48uOlIZcIf9tWyjSVPab7G61q4CEYsSsbZUzOm
CezXY//DL2Zdu04pP5nL2JDtOUvU5m5KCIVLCcWDqrH17XCisVhySKTDxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFz6Oo+Motok8FGsIj/hRkVx8H41MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvWFBvNmo0eWkyaVR3VWF3aVAtRkdSWEh3ZmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQ5EAwQA
wbHfMA0GCSqGSIb3DQEBCwUAA4IBAQAOGHrsaURXi4sXFZXUfex6QM+3y1hlhawQ
uD5XOktBTiCsHp0WpJ9NvhXM9lM/7vdYAgBmIvPkArvP2GuBcLG0jYckalPkSxos
pQmdg4xOPnecFniaLkuLgD1q+7gyM5u/f/TRV9/WKDkgZBUkIAvY7pYIRddkPgQA
2l0VKlnH7sxyq9xM237P1dfT4xAwC9geJjdwstiQHbbqPcDfINdPaz6Xushic+j4
WynOHxwdJ5LLG5qug8Zp5GamSBo5K4frAaSJycQtHcx7KtCq+A7Xayen7lRVNc2u
H6m/8R8M2cXfsGXcCheJ0OOZa6UcXE5y/J8Ap3hrXGzaX/fv5qn/
-----END CERTIFICATE-----