Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/XEK_8jYszrJhz6xFbV_wrDgGURA.roa
File:                     XEK_8jYszrJhz6xFbV_wrDgGURA.roa (raw, json)
Hash identifier:          YF6/kWWU+nq3Z1+YII4optWWO45xRwTrBvQMj875z/8=
Subject key identifier:   5C:42:BF:F2:36:2C:CE:B2:61:CF:AC:45:6D:5F:F0:AC:38:06:51:10
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A4DC435B9DBC150B64D272C952D54
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/XEK_8jYszrJhz6xFbV_wrDgGURA.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3302
IP address blocks:        185.133.209.0/24 maxlen: 24
                          185.197.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4d:c4:35:b9:db:c1:50:b6:4d:27:2c:95:2d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c42bff2362cceb261cfac456d5ff0ac38065110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:4b:0a:31:db:cc:ae:24:0a:d9:2a:85:33:
                    f0:d2:29:6a:0a:39:50:35:b4:61:ca:b1:39:18:54:
                    5b:fd:2b:e6:3c:e9:10:8c:30:f7:e8:ac:0f:b9:5e:
                    57:b8:36:ff:32:33:95:a1:da:d8:fd:76:da:f3:0c:
                    ca:cc:27:03:49:f1:36:63:5a:0a:0e:8f:0e:f4:90:
                    2d:dd:ac:db:85:4b:41:68:47:62:80:71:4d:4e:7e:
                    23:39:6f:ff:68:68:19:00:df:3f:f6:e0:58:45:3c:
                    ab:ec:a0:bd:0b:e4:70:97:3b:13:c2:03:f4:c0:8a:
                    02:f9:50:be:09:ab:ab:1c:11:94:b2:82:59:02:2b:
                    74:3d:f7:bd:bc:4d:a3:f9:49:13:aa:4d:d1:3e:99:
                    de:58:c0:8a:d5:9f:d0:1e:13:00:3b:d9:38:ad:cc:
                    63:a4:d1:a4:04:4b:3b:1b:d0:53:05:77:88:f2:fb:
                    c4:ee:7e:9c:63:ff:f3:e2:38:02:01:5f:37:aa:9e:
                    cf:e2:89:33:00:97:dd:2b:35:e2:9c:16:7e:76:cd:
                    f9:e3:9d:fa:31:3d:a5:1c:f6:b6:78:64:56:35:69:
                    90:32:33:1a:ff:e9:16:06:0f:41:ad:02:31:f7:8f:
                    44:68:6d:9c:3b:77:d1:1c:c9:05:36:39:30:eb:11:
                    62:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:42:BF:F2:36:2C:CE:B2:61:CF:AC:45:6D:5F:F0:AC:38:06:51:10
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/XEK_8jYszrJhz6xFbV_wrDgGURA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.209.0/24
                  185.197.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:76:47:a5:d6:0c:6d:ea:7a:a4:1e:d6:3c:b9:ef:27:3c:4a:
         6b:ad:f2:b4:4a:82:56:f5:c9:7d:33:66:9e:f4:27:9e:34:86:
         c5:95:50:e3:1e:70:fa:04:fd:32:5f:ba:de:91:59:35:2e:c3:
         48:0e:93:3e:8d:b1:01:74:01:ec:ee:7d:74:b4:7a:ec:51:1d:
         de:bc:ee:5b:05:cb:5d:8c:95:a3:1a:18:2e:f3:51:fa:e9:89:
         b4:7f:ac:b6:7f:4f:c5:8e:f3:88:29:9b:20:2f:f7:59:3a:b2:
         dd:45:fa:1e:37:b0:83:11:95:0c:19:64:8e:0a:49:a6:b3:ab:
         b0:cc:67:90:62:a2:2a:38:d8:5c:4a:b5:f4:01:76:27:ad:7b:
         5a:62:5e:c8:3f:52:09:25:3f:a7:20:e3:e7:6b:bb:b6:a7:58:
         1a:ba:00:bb:8a:eb:2c:b8:66:f2:5e:d9:6a:a1:92:32:74:57:
         09:e8:dd:f6:14:fa:fa:13:ef:e8:9a:f2:37:9c:99:26:bd:35:
         e8:b1:df:c7:83:8a:c0:9c:bf:dd:c5:f7:4c:cf:7e:2a:51:97:
         ce:16:2a:ca:c9:e5:a1:8c:c9:49:ce:43:ce:ce:35:eb:dc:7d:
         cb:8b:01:f0:57:7c:89:ce:c6:59:9c:ce:3d:87:85:fc:32:d3:
         1b:61:17:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKk3ENbnbwVC2TScslS1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQyYmZmMjM2MmNjZWIyNjFjZmFjNDU2ZDVmZjBhYzM4MDY1MTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthxLCjHbzK4kCtkqhTPw0ilqCjlQ
NbRhyrE5GFRb/SvmPOkQjDD36KwPuV5XuDb/MjOVodrY/Xba8wzKzCcDSfE2Y1oK
Do8O9JAt3azbhUtBaEdigHFNTn4jOW//aGgZAN8/9uBYRTyr7KC9C+RwlzsTwgP0
wIoC+VC+CaurHBGUsoJZAit0Pfe9vE2j+UkTqk3RPpneWMCK1Z/QHhMAO9k4rcxj
pNGkBEs7G9BTBXeI8vvE7n6cY//z4jgCAV83qp7P4okzAJfdKzXinBZ+ds354536
MT2lHPa2eGRWNWmQMjMa/+kWBg9BrQIx949EaG2cO3fRHMkFNjkw6xFiUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFxCv/I2LM6yYc+sRW1f8Kw4BlEQMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvWEVLXzhqWXN6ckpoejZ4RmJWX3dyRGdHVVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYXRAwQA
ucWGMA0GCSqGSIb3DQEBCwUAA4IBAQBOdkel1gxt6nqkHtY8ue8nPEprrfK0SoJW
9cl9M2ae9CeeNIbFlVDjHnD6BP0yX7rekVk1LsNIDpM+jbEBdAHs7n10tHrsUR3e
vO5bBctdjJWjGhgu81H66Ym0f6y2f0/FjvOIKZsgL/dZOrLdRfoeN7CDEZUMGWSO
Ckmms6uwzGeQYqIqONhcSrX0AXYnrXtaYl7IP1IJJT+nIOPna7u2p1gaugC7iuss
uGbyXtlqoZIydFcJ6N32FPr6E+/omvI3nJkmvTXosd/Hg4rAnL/dxfdMz34qUZfO
FirKyeWhjMlJzkPOzjXr3H3LiwHwV3yJzsZZnM49h4X8MtMbYRd3
-----END CERTIFICATE-----