Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/XOMMN3FJmgpFH5gC7LamC2T0o1A.roa
File:                     XOMMN3FJmgpFH5gC7LamC2T0o1A.roa (raw, json)
Hash identifier:          Yselrg1zLbUl8IpOGDUGcshxFxSkqYZALQH6EJ9j64A=
Subject key identifier:   5C:E3:0C:37:71:49:9A:0A:45:1F:98:02:EC:B6:A6:0B:64:F4:A3:50
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E8F8D60F8EEE043C1D96C4854C5E2
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/XOMMN3FJmgpFH5gC7LamC2T0o1A.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200093
IP address blocks:        83.125.118.0/23 maxlen: 23
                          83.125.24.0/24 maxlen: 24
                          83.125.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8f:8d:60:f8:ee:e0:43:c1:d9:6c:48:54:c5:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ce30c3771499a0a451f9802ecb6a60b64f4a350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5d:67:9d:de:b8:9e:33:18:f3:ac:2d:bc:f7:
                    2b:b4:a6:47:ba:2c:a9:2a:0a:21:8f:25:1d:be:02:
                    2d:03:92:c3:77:92:b2:f3:00:b1:7b:bc:be:96:4f:
                    6e:85:13:ea:50:b4:a3:90:dc:86:78:cc:76:db:ce:
                    fb:2d:36:f2:ea:07:3f:c9:b3:fb:0a:57:3a:d6:0e:
                    d0:32:cd:0b:6e:6d:1b:27:6f:81:86:4c:93:8d:80:
                    69:04:7f:cb:84:cd:5e:30:7c:05:dc:84:bb:c1:10:
                    97:60:0b:cc:af:02:be:fe:ee:3d:34:6a:9e:2c:c8:
                    f1:71:56:63:b3:95:a9:bb:c7:6e:72:2b:ad:f6:db:
                    ff:34:52:d2:79:b4:5b:d3:61:92:5a:b0:6f:fd:7f:
                    e6:e1:17:8b:d8:a7:f7:5f:7b:d8:64:6d:20:d4:06:
                    86:0b:8e:2a:83:80:df:cf:48:7f:70:0f:86:d8:be:
                    d0:6b:3e:7e:31:ba:9e:94:da:dc:e8:c8:2e:23:91:
                    5e:16:10:e9:f5:c7:55:b2:07:c9:9c:1f:5c:5b:0d:
                    77:f9:ba:72:2b:f3:a8:46:26:bc:bc:dc:f4:47:09:
                    f9:4e:b0:94:d6:56:42:86:ac:68:1a:6d:95:46:23:
                    82:7b:16:7a:76:bd:93:ad:4e:57:35:e1:87:0a:66:
                    54:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E3:0C:37:71:49:9A:0A:45:1F:98:02:EC:B6:A6:0B:64:F4:A3:50
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/XOMMN3FJmgpFH5gC7LamC2T0o1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.125.24.0/24
                  83.125.32.0/22
                  83.125.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:d8:db:af:c2:4a:bd:1f:1d:4d:fb:e7:14:88:8b:7b:d2:7e:
         2f:3a:6a:07:5f:67:31:7f:b0:9d:cb:e2:32:e4:72:69:6a:52:
         e5:ac:9a:ad:f7:4e:12:68:76:ef:1e:45:14:43:bc:1e:1d:8a:
         de:2c:db:20:1c:90:f6:cd:19:e4:a7:b9:00:4a:79:11:62:14:
         a6:a7:8a:b7:8d:a9:f1:a4:00:1d:9e:37:27:3b:e5:6e:c3:99:
         51:b4:39:ce:c0:65:7d:25:7d:42:dc:9c:db:08:e6:71:82:2f:
         f0:d1:4c:82:01:7f:3d:2c:9d:0c:82:3e:c1:db:4d:1b:52:d7:
         ae:16:81:e5:ff:39:77:91:0e:ae:ce:dd:6c:ec:09:35:dd:95:
         0c:4c:bb:5b:0f:fd:7e:93:ab:4f:0a:f1:19:28:75:c0:99:cf:
         e8:a0:ab:2f:d1:c8:0e:3b:fb:8f:5b:d0:d2:4b:74:33:51:75:
         d1:18:b6:8d:03:16:92:62:15:56:19:e2:a4:0f:68:55:19:42:
         94:94:33:e6:ad:26:0b:4e:0f:1a:5f:a2:e5:2b:cf:69:90:c1:
         e1:a4:1d:2b:58:fc:c7:7e:a0:f7:d2:95:96:3e:be:83:f9:cb:
         fa:b1:1f:88:08:76:c1:be:72:2c:72:c3:75:0b:e6:70:41:1c:
         a2:4c:22:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbo+NYPju4EPB2WxIVMXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2UzMGMzNzcxNDk5YTBhNDUxZjk4MDJlY2I2YTYwYjY0ZjRhMzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt11nnd64njMY86wtvPcrtKZHuiyp
KgohjyUdvgItA5LDd5Ky8wCxe7y+lk9uhRPqULSjkNyGeMx22877LTby6gc/ybP7
Clc61g7QMs0Lbm0bJ2+BhkyTjYBpBH/LhM1eMHwF3IS7wRCXYAvMrwK+/u49NGqe
LMjxcVZjs5Wpu8duciut9tv/NFLSebRb02GSWrBv/X/m4ReL2Kf3X3vYZG0g1AaG
C44qg4Dfz0h/cA+G2L7Qaz5+MbqelNrc6MguI5FeFhDp9cdVsgfJnB9cWw13+bpy
K/OoRia8vNz0Rwn5TrCU1lZChqxoGm2VRiOCexZ6dr2TrU5XNeGHCmZU0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFzjDDdxSZoKRR+YAuy2pgtk9KNQMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvWE9NTU4zRkptZ3BGSDVnQzdMYW1DMlQwbzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU30YAwQC
U30gAwQBU312MA0GCSqGSIb3DQEBCwUAA4IBAQAT2Nuvwkq9Hx1N++cUiIt70n4v
OmoHX2cxf7Cdy+Iy5HJpalLlrJqt904SaHbvHkUUQ7weHYreLNsgHJD2zRnkp7kA
SnkRYhSmp4q3janxpAAdnjcnO+Vuw5lRtDnOwGV9JX1C3JzbCOZxgi/w0UyCAX89
LJ0Mgj7B200bUteuFoHl/zl3kQ6uzt1s7Ak13ZUMTLtbD/1+k6tPCvEZKHXAmc/o
oKsv0cgOO/uPW9DSS3QzUXXRGLaNAxaSYhVWGeKkD2hVGUKUlDPmrSYLTg8aX6Ll
K89pkMHhpB0rWPzHfqD30pWWPr6D+cv6sR+ICHbBvnIscsN1C+ZwQRyiTCJZ
-----END CERTIFICATE-----