Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/XPfuP8C1_VUfQ9aiern0eOqzUlg.roa
File:                     XPfuP8C1_VUfQ9aiern0eOqzUlg.roa (raw, json)
Hash identifier:          pJ5A8nqzWaygHWGIOwVXSIPDZR5MVbMspIKdFxKMtrI=
Subject key identifier:   5C:F7:EE:3F:C0:B5:FD:55:1F:43:D6:A2:7A:B9:F4:78:EA:B3:52:58
Certificate issuer:       /CN=fd1196d98decd38eb03f5f06b48e556c74f231f4
Certificate serial:       018CC793E5FBE2B455DA148AD3E20521BE22
Authority key identifier: FD:11:96:D9:8D:EC:D3:8E:B0:3F:5F:06:B4:8E:55:6C:74:F2:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_RGW2Y3s046wP18GtI5VbHTyMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/XPfuP8C1_VUfQ9aiern0eOqzUlg.roa
Signing time:             Tue 02 Jan 2024 00:30:07 +0000
ROA not before:           Tue 02 Jan 2024 00:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202339
IP address blocks:        185.47.96.0/22 maxlen: 22
                          185.47.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/_RGW2Y3s046wP18GtI5VbHTyMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/_RGW2Y3s046wP18GtI5VbHTyMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_RGW2Y3s046wP18GtI5VbHTyMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:e5:fb:e2:b4:55:da:14:8a:d3:e2:05:21:be:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd1196d98decd38eb03f5f06b48e556c74f231f4
        Validity
            Not Before: Jan  2 00:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cf7ee3fc0b5fd551f43d6a27ab9f478eab35258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e4:3f:26:a9:31:7c:7d:48:c5:9b:4a:99:ee:
                    91:31:dc:61:f5:b7:1c:92:32:b3:f3:01:1c:62:ad:
                    e6:c0:ff:a5:f9:35:2b:54:dc:d2:02:da:46:c8:66:
                    e9:55:91:2b:64:79:41:33:97:5f:48:cc:e8:ec:d4:
                    16:28:53:f5:ba:3f:c5:6b:af:99:37:a6:ac:80:fb:
                    f8:95:bf:ac:ad:08:df:b2:a5:aa:91:de:3c:a1:ef:
                    b8:c5:03:4d:97:a5:2b:50:00:d5:25:78:70:3e:e5:
                    ea:e4:69:f3:97:49:f3:db:96:5b:b2:13:1b:04:46:
                    e5:a7:3b:2d:20:31:eb:9a:6b:f1:96:3b:18:3e:0e:
                    9a:91:c2:15:23:4e:3c:9d:0d:28:d8:d5:d4:38:84:
                    f1:ae:f1:f1:d6:b4:d9:e7:88:1f:b8:df:30:c6:d8:
                    87:04:65:0c:b7:4e:f3:50:b3:b7:58:b0:73:2a:ee:
                    66:2b:9b:f6:c1:d7:97:16:ab:e0:e8:ca:08:f7:ca:
                    e1:e2:d7:b7:8d:15:2c:43:25:ef:d7:c7:72:17:88:
                    a1:17:d3:ce:97:32:60:ee:b9:bc:7d:6e:db:89:1b:
                    a3:77:84:39:0b:44:e4:3a:c6:2a:58:88:be:85:47:
                    ea:6b:5b:9c:a5:bd:35:57:ba:a2:68:d9:a5:d2:5e:
                    ef:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F7:EE:3F:C0:B5:FD:55:1F:43:D6:A2:7A:B9:F4:78:EA:B3:52:58
            X509v3 Authority Key Identifier:
                keyid:FD:11:96:D9:8D:EC:D3:8E:B0:3F:5F:06:B4:8E:55:6C:74:F2:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_RGW2Y3s046wP18GtI5VbHTyMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/XPfuP8C1_VUfQ9aiern0eOqzUlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4d5660-5364-4454-a9be-4f8902bfe172/1/_RGW2Y3s046wP18GtI5VbHTyMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:f7:2d:d8:6d:74:6d:e2:b1:68:ce:de:7b:98:11:e9:41:d7:
         91:a9:b3:f7:8a:54:c2:c2:fe:de:f6:12:f4:b3:cd:59:67:cc:
         1d:e7:f0:06:c3:26:a3:28:a9:4a:15:e3:bd:88:3b:0b:c2:1d:
         d2:12:d3:6a:5d:92:a9:44:79:e7:db:9d:8b:c7:d8:8d:6a:50:
         f6:1c:fb:54:6f:60:c4:68:22:2e:1c:9b:1f:63:3a:af:d4:49:
         27:01:2e:b4:17:22:21:da:9b:49:ac:ea:55:23:82:67:b1:79:
         00:e7:25:a4:ef:1c:22:f1:c3:37:87:8e:89:89:4e:cb:0b:c2:
         b2:73:38:74:e9:33:a5:ad:a7:de:b9:e9:23:41:d7:d8:45:ff:
         82:1e:09:de:52:ed:6f:b8:a7:3d:c4:08:f5:5e:f8:ba:7d:a0:
         00:2e:6d:02:42:57:f0:d0:ee:47:95:16:b6:da:03:93:3b:0a:
         52:d5:ea:e1:39:1f:43:52:f6:a8:43:f2:b7:1e:e5:7b:d6:46:
         97:43:63:80:f0:e9:29:12:5a:7f:24:71:21:05:ac:7b:59:80:
         e5:c4:be:c5:aa:54:6b:a5:57:4a:8e:e7:24:1b:3b:16:9e:ea:
         3d:b2:f9:70:b7:3f:34:83:78:83:4c:1b:a8:9c:fa:b1:7b:c7:
         11:6b:6b:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk+X74rRV2hSK0+IFIb4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMTE5NmQ5OGRlY2QzOGViMDNmNWYwNmI0OGU1NTZjNzRm
MjMxZjQwHhcNMjQwMTAyMDAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Y3ZWUzZmMwYjVmZDU1MWY0M2Q2YTI3YWI5ZjQ3OGVhYjM1MjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+Q/JqkxfH1IxZtKme6RMdxh9bcc
kjKz8wEcYq3mwP+l+TUrVNzSAtpGyGbpVZErZHlBM5dfSMzo7NQWKFP1uj/Fa6+Z
N6asgPv4lb+srQjfsqWqkd48oe+4xQNNl6UrUADVJXhwPuXq5Gnzl0nz25ZbshMb
BEblpzstIDHrmmvxljsYPg6akcIVI048nQ0o2NXUOITxrvHx1rTZ54gfuN8wxtiH
BGUMt07zULO3WLBzKu5mK5v2wdeXFqvg6MoI98rh4te3jRUsQyXv18dyF4ihF9PO
lzJg7rm8fW7biRujd4Q5C0TkOsYqWIi+hUfqa1ucpb01V7qiaNml0l7v5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFz37j/Atf1VH0PWonq59Hjqs1JYMB8GA1UdIwQY
MBaAFP0RltmN7NOOsD9fBrSOVWx08jH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1JHVzJZM3MwNDZ3UDE4R3RJNVZiSFR5TWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80ZDU2NjAtNTM2NC00NDU0LWE5YmUt
NGY4OTAyYmZlMTcyLzEvWFBmdVA4QzFfVlVmUTlhaWVybjBlT3F6VWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80ZDU2NjAtNTM2NC00NDU0LWE5YmUtNGY4OTAyYmZlMTcy
LzEvX1JHVzJZM3MwNDZ3UDE4R3RJNVZiSFR5TWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS9gMA0G
CSqGSIb3DQEBCwUAA4IBAQBq9y3YbXRt4rFozt57mBHpQdeRqbP3ilTCwv7e9hL0
s81ZZ8wd5/AGwyajKKlKFeO9iDsLwh3SEtNqXZKpRHnn252Lx9iNalD2HPtUb2DE
aCIuHJsfYzqv1EknAS60FyIh2ptJrOpVI4JnsXkA5yWk7xwi8cM3h46JiU7LC8Ky
czh06TOlrafeuekjQdfYRf+CHgneUu1vuKc9xAj1Xvi6faAALm0CQlfw0O5HlRa2
2gOTOwpS1erhOR9DUvaoQ/K3HuV71kaXQ2OA8OkpElp/JHEhBax7WYDlxL7FqlRr
pVdKjuckGzsWnuo9svlwtz80g3iDTBuonPqxe8cRa2tC
-----END CERTIFICATE-----