Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/22ad4c-0b05-474d-919f-3b540a6bc3dc/1/XjhX2RWMLw-HTRDK9-d8pbtlRec.roa
File:                     XjhX2RWMLw-HTRDK9-d8pbtlRec.roa (raw, json)
Hash identifier:          nbVSKB0FHX6MmK2krZupIghrP/PWByhQcaWUjeHBueI=
Subject key identifier:   5E:38:57:D9:15:8C:2F:0F:87:4D:10:CA:F7:E7:7C:A5:BB:65:45:E7
Certificate issuer:       /CN=30c45fc3147102824f9d2d547766a809aeaf245a
Certificate serial:       018CC4255A57628250E1B789C4F9818AE97F
Authority key identifier: 30:C4:5F:C3:14:71:02:82:4F:9D:2D:54:77:66:A8:09:AE:AF:24:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMRfwxRxAoJPnS1Ud2aoCa6vJFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/22ad4c-0b05-474d-919f-3b540a6bc3dc/1/XjhX2RWMLw-HTRDK9-d8pbtlRec.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58350
IP address blocks:        176.115.0.0/19 maxlen: 19
                          2001:678:258::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/22ad4c-0b05-474d-919f-3b540a6bc3dc/1/MMRfwxRxAoJPnS1Ud2aoCa6vJFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/22ad4c-0b05-474d-919f-3b540a6bc3dc/1/MMRfwxRxAoJPnS1Ud2aoCa6vJFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMRfwxRxAoJPnS1Ud2aoCa6vJFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:57:62:82:50:e1:b7:89:c4:f9:81:8a:e9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c45fc3147102824f9d2d547766a809aeaf245a
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e3857d9158c2f0f874d10caf7e77ca5bb6545e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b5:08:80:cc:4c:f0:92:c5:0a:a7:2f:8e:e2:
                    54:98:19:4e:44:fa:57:af:17:a6:c4:91:41:4f:dd:
                    f8:fe:ad:ce:79:a9:36:80:8e:59:4d:35:7f:97:97:
                    90:69:9b:26:a2:6a:67:25:c3:1b:c9:df:10:01:20:
                    21:aa:8c:cf:95:29:0d:2f:9c:b6:9f:b8:d8:a6:45:
                    d9:83:35:4f:01:3a:6e:49:b2:2c:9e:8a:9d:3e:db:
                    4f:91:70:61:99:18:e4:44:33:a4:c7:1d:3c:c2:b3:
                    03:0c:e5:0b:4b:9c:22:42:fd:a7:e4:ba:ba:71:0c:
                    13:58:56:75:93:12:cb:6f:86:20:a8:e9:7e:30:11:
                    95:c1:15:43:c0:2b:4b:ef:27:5c:d0:ea:32:de:13:
                    f0:61:0c:ca:4a:85:4e:9b:d8:1f:8f:cf:b2:36:75:
                    0a:2c:c8:e0:b0:6b:b3:b0:a8:59:c8:82:ce:6c:d8:
                    2e:43:ea:8a:d2:bb:c3:61:39:95:bc:f0:7d:62:a4:
                    37:82:69:90:91:ce:d2:18:b7:bd:bb:4d:0e:32:93:
                    c8:11:62:88:dc:af:4a:11:79:35:e4:a0:25:6e:d9:
                    9c:56:32:e6:2d:12:8b:4a:af:74:c6:f7:9b:0b:d3:
                    12:2f:f6:49:6c:dd:c9:fe:27:bf:2d:48:d8:86:50:
                    02:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:38:57:D9:15:8C:2F:0F:87:4D:10:CA:F7:E7:7C:A5:BB:65:45:E7
            X509v3 Authority Key Identifier:
                keyid:30:C4:5F:C3:14:71:02:82:4F:9D:2D:54:77:66:A8:09:AE:AF:24:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMRfwxRxAoJPnS1Ud2aoCa6vJFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/22ad4c-0b05-474d-919f-3b540a6bc3dc/1/XjhX2RWMLw-HTRDK9-d8pbtlRec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/22ad4c-0b05-474d-919f-3b540a6bc3dc/1/MMRfwxRxAoJPnS1Ud2aoCa6vJFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.115.0.0/19
                IPv6:
                  2001:678:258::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:e5:31:d5:ee:f7:3b:1a:b5:52:4c:fe:7f:f8:b5:d4:84:bc:
         31:3a:48:af:a8:20:ac:e6:6b:8d:65:1d:ef:5b:a8:2f:c1:1e:
         90:80:39:e8:a7:99:48:f9:f7:f3:a5:69:e4:7a:e9:2e:86:8d:
         4e:18:69:61:4c:3e:cf:ca:f5:4c:d0:15:f4:17:e6:c8:c6:ad:
         09:33:12:5a:5c:ca:9a:dc:dd:ca:f3:30:cb:9b:44:9f:d3:18:
         35:fb:d4:07:b8:41:f0:bf:09:92:cf:62:aa:41:80:5d:6b:5f:
         6f:9c:c4:80:d4:f3:72:f0:90:18:89:25:a6:26:2e:21:e5:b6:
         c4:d7:70:e7:5a:47:3b:14:46:c3:5c:ad:07:59:1e:c5:18:f1:
         03:93:31:35:f3:ac:b6:02:99:f0:5a:55:29:66:db:af:41:2a:
         2e:da:c8:0a:65:f6:39:56:d1:62:cd:b0:aa:7a:73:b6:34:8f:
         49:a7:36:18:b4:1c:1b:2f:e8:2c:02:f8:0f:37:91:ec:1a:8c:
         28:0d:2c:a4:f8:4a:bf:1f:83:7a:66:cb:6c:26:6a:0b:c1:4f:
         32:83:5f:7a:b2:21:06:5a:f6:ac:44:99:d1:df:83:a9:5a:4c:
         7e:55:67:e8:d6:d1:84:15:a1:c2:ab:c5:8c:1d:f4:3c:74:82:
         4e:67:f3:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJVpXYoJQ4beJxPmBiul/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQ1ZmMzMTQ3MTAyODI0ZjlkMmQ1NDc3NjZhODA5YWVh
ZjI0NWEwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTM4NTdkOTE1OGMyZjBmODc0ZDEwY2FmN2U3N2NhNWJiNjU0NWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibUIgMxM8JLFCqcvjuJUmBlORPpX
rxemxJFBT934/q3Oeak2gI5ZTTV/l5eQaZsmompnJcMbyd8QASAhqozPlSkNL5y2
n7jYpkXZgzVPATpuSbIsnoqdPttPkXBhmRjkRDOkxx08wrMDDOULS5wiQv2n5Lq6
cQwTWFZ1kxLLb4YgqOl+MBGVwRVDwCtL7ydc0Ooy3hPwYQzKSoVOm9gfj8+yNnUK
LMjgsGuzsKhZyILObNguQ+qK0rvDYTmVvPB9YqQ3gmmQkc7SGLe9u00OMpPIEWKI
3K9KEXk15KAlbtmcVjLmLRKLSq90xvebC9MSL/ZJbN3J/ie/LUjYhlAC8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF44V9kVjC8Ph00QyvfnfKW7ZUXnMB8GA1UdIwQY
MBaAFDDEX8MUcQKCT50tVHdmqAmuryRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1SZnd4UnhBb0pQblMxVWQyYW9DYTZ2SkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yMmFkNGMtMGIwNS00NzRkLTkxOWYt
M2I1NDBhNmJjM2RjLzEvWGpoWDJSV01Mdy1IVFJESzktZDhwYnRsUmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yMmFkNGMtMGIwNS00NzRkLTkxOWYtM2I1NDBhNmJjM2Rj
LzEvTU1SZnd4UnhBb0pQblMxVWQyYW9DYTZ2SkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQFsHMAMA8E
AgACMAkDBwAgAQZ4AlgwDQYJKoZIhvcNAQELBQADggEBAHvlMdXu9zsatVJM/n/4
tdSEvDE6SK+oIKzma41lHe9bqC/BHpCAOeinmUj59/OlaeR66S6GjU4YaWFMPs/K
9UzQFfQX5sjGrQkzElpcyprc3crzMMubRJ/TGDX71Ae4QfC/CZLPYqpBgF1rX2+c
xIDU83LwkBiJJaYmLiHltsTXcOdaRzsURsNcrQdZHsUY8QOTMTXzrLYCmfBaVSlm
269BKi7ayApl9jlW0WLNsKp6c7Y0j0mnNhi0HBsv6CwC+A83kewajCgNLKT4Sr8f
g3pmy2wmagvBTzKDX3qyIQZa9qxEmdHfg6laTH5VZ+jW0YQVocKrxYwd9Dx0gk5n
8xs=
-----END CERTIFICATE-----