Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/XKgG62zA_oErLALpzkCNI0DmTv0.roa
File:                     XKgG62zA_oErLALpzkCNI0DmTv0.roa (raw, json)
Hash identifier:          wJZ+gQJw5LYd0Ogyn/Nhy7AOAIhNmkdoMY4p8NT7WfA=
Subject key identifier:   5C:A8:06:EB:6C:C0:FE:81:2B:2C:02:E9:CE:40:8D:23:40:E6:4E:FD
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018CCA287688DB5EEF96148406FB57EBEBC4
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/XKgG62zA_oErLALpzkCNI0DmTv0.roa
Signing time:             Tue 02 Jan 2024 12:31:38 +0000
ROA not before:           Tue 02 Jan 2024 12:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210609
IP address blocks:        185.124.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:76:88:db:5e:ef:96:14:84:06:fb:57:eb:eb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 12:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ca806eb6cc0fe812b2c02e9ce408d2340e64efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:be:1f:e4:35:c3:13:78:0b:94:fd:0f:ae:0a:
                    d3:65:cb:40:c6:f0:b0:c1:ba:51:57:a5:c4:20:0a:
                    c9:cb:2b:1b:d7:98:24:19:af:43:54:10:ae:08:41:
                    c0:cb:99:da:97:18:53:36:89:60:bb:c2:02:31:44:
                    3c:54:12:82:45:4b:b3:02:9e:d9:db:a5:7e:1a:27:
                    cd:d8:4b:e2:fa:e1:36:d0:64:8f:30:30:ee:46:80:
                    11:89:7e:3e:e1:3f:c8:fa:a5:e8:b7:a3:45:c4:62:
                    87:00:99:88:2b:99:ba:d8:21:1e:13:15:91:7d:31:
                    bd:59:50:a8:c7:e9:42:dc:f2:b0:5d:c2:9c:f0:63:
                    2a:e9:f3:0c:77:45:ce:b9:a4:67:43:02:06:e6:f0:
                    c3:41:07:4f:29:47:48:05:30:c2:a1:77:d9:f8:03:
                    14:f5:da:10:64:30:68:c2:76:98:63:ff:37:34:fc:
                    d1:43:a0:25:7b:f3:fc:c8:a0:1c:d5:bd:31:49:18:
                    7e:3a:15:57:31:a1:99:bc:db:a8:bc:0b:fc:85:ae:
                    c9:c4:e2:ea:4f:76:59:e4:9f:c7:7e:67:15:da:92:
                    08:59:1d:2b:9a:e2:06:a4:3a:c7:f7:17:93:55:a1:
                    fd:61:1b:cd:73:c3:9b:8c:28:3e:65:23:0c:b1:4e:
                    50:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A8:06:EB:6C:C0:FE:81:2B:2C:02:E9:CE:40:8D:23:40:E6:4E:FD
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/XKgG62zA_oErLALpzkCNI0DmTv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:9c:ff:0e:05:89:02:f1:bd:65:3d:6c:de:7c:15:9c:3e:68:
         4a:63:b3:05:f9:48:7f:6d:a3:f1:b3:ee:69:16:db:cb:d2:3d:
         7d:40:55:b4:92:32:9e:a7:01:bd:99:dd:f1:5d:c8:49:1b:79:
         2c:1b:11:eb:d3:a3:62:38:50:f7:42:40:03:fc:13:69:36:75:
         15:eb:1b:9a:64:95:7e:65:73:0d:1f:23:6b:16:66:6c:eb:79:
         ec:d3:eb:7c:99:a2:1f:e9:fa:90:9d:c3:0b:21:53:cc:92:f9:
         d7:1d:5b:b6:2c:1f:fb:c2:cb:11:62:2e:a9:6a:f5:3c:54:9d:
         e3:da:ad:ae:fc:cd:c6:44:89:bb:b8:91:59:b4:86:91:d4:49:
         94:88:a9:8e:45:65:70:31:0b:9a:5f:4d:8d:d3:e4:ec:d5:eb:
         1c:e7:48:92:53:1e:2c:d9:18:8f:76:14:ae:fd:a6:19:11:6b:
         59:27:2b:dd:b2:12:c0:87:ee:92:ce:9a:1b:fd:4a:35:94:02:
         56:43:f7:fb:05:04:64:d1:be:b9:71:61:a1:a0:84:29:56:93:
         8e:1e:df:12:3c:3b:ee:5f:bb:a3:7b:a4:da:ce:fd:ce:fb:8c:
         e0:03:dc:9a:dc:f7:49:41:2b:20:5e:8b:a2:af:9d:a8:9e:e1:
         6b:d2:ec:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKHaI217vlhSEBvtX6+vEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwMTAyMTIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E4MDZlYjZjYzBmZTgxMmIyYzAyZTljZTQwOGQyMzQwZTY0ZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgb4f5DXDE3gLlP0PrgrTZctAxvCw
wbpRV6XEIArJyysb15gkGa9DVBCuCEHAy5nalxhTNolgu8ICMUQ8VBKCRUuzAp7Z
26V+GifN2Evi+uE20GSPMDDuRoARiX4+4T/I+qXot6NFxGKHAJmIK5m62CEeExWR
fTG9WVCox+lC3PKwXcKc8GMq6fMMd0XOuaRnQwIG5vDDQQdPKUdIBTDCoXfZ+AMU
9doQZDBownaYY/83NPzRQ6Ale/P8yKAc1b0xSRh+OhVXMaGZvNuovAv8ha7JxOLq
T3ZZ5J/HfmcV2pIIWR0rmuIGpDrH9xeTVaH9YRvNc8ObjCg+ZSMMsU5QmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyoButswP6BKywC6c5AjSNA5k79MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvWEtnRzYyekFfb0VyTEFMcHprQ05JMERtVHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXysMA0G
CSqGSIb3DQEBCwUAA4IBAQDOnP8OBYkC8b1lPWzefBWcPmhKY7MF+Uh/baPxs+5p
FtvL0j19QFW0kjKepwG9md3xXchJG3ksGxHr06NiOFD3QkAD/BNpNnUV6xuaZJV+
ZXMNHyNrFmZs63ns0+t8maIf6fqQncMLIVPMkvnXHVu2LB/7wssRYi6pavU8VJ3j
2q2u/M3GRIm7uJFZtIaR1EmUiKmORWVwMQuaX02N0+Ts1esc50iSUx4s2RiPdhSu
/aYZEWtZJyvdshLAh+6Szpob/Uo1lAJWQ/f7BQRk0b65cWGhoIQpVpOOHt8SPDvu
X7uje6Tazv3O+4zgA9ya3PdJQSsgXouir52onuFr0uxp
-----END CERTIFICATE-----