Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/XETB6BcYwJj7Q6AciulTcQoxI2Q.roa
File:                     XETB6BcYwJj7Q6AciulTcQoxI2Q.roa (raw, json)
Hash identifier:          KCSIFCwvuWPjMxVBGOrAatWyrHqLoGtUvFK0hmbuO+Y=
Subject key identifier:   5C:44:C1:E8:17:18:C0:98:FB:43:A0:1C:8A:E9:53:71:0A:31:23:64
Certificate issuer:       /CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
Certificate serial:       0190B5E3F6EA0986461323F16D332C465752
Authority key identifier: E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/XETB6BcYwJj7Q6AciulTcQoxI2Q.roa
Signing time:             Mon 15 Jul 2024 10:15:34 +0000
ROA not before:           Mon 15 Jul 2024 10:15:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39686
IP address blocks:        185.144.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b5:e3:f6:ea:09:86:46:13:23:f1:6d:33:2c:46:57:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
        Validity
            Not Before: Jul 15 10:15:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c44c1e81718c098fb43a01c8ae953710a312364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b4:54:d3:f1:e5:33:11:a8:e0:71:35:91:98:
                    09:d0:af:bd:e6:d5:cc:15:06:5b:f1:63:cb:97:54:
                    df:c8:80:8e:aa:eb:bc:65:b5:07:ad:23:96:ab:d9:
                    c9:8d:d4:0a:8f:b7:b7:d6:90:91:3a:71:36:11:f1:
                    90:db:2d:7b:f1:4c:0a:ff:0d:f7:35:88:5a:88:ef:
                    f7:35:e1:f4:dc:ba:1d:7b:e2:05:1b:07:b7:5f:dd:
                    70:ae:69:ad:78:90:57:6f:d8:14:95:b4:8f:24:76:
                    3a:2c:00:40:91:70:09:90:c6:ee:4e:4c:32:f8:7c:
                    09:fe:73:b4:5e:64:10:3d:44:12:96:11:2a:30:1d:
                    49:6c:29:e9:3b:cd:4f:aa:69:26:10:a8:36:d8:d9:
                    10:3d:d5:db:79:f4:02:7e:75:8a:20:d9:06:95:14:
                    fd:9c:d5:fc:01:9b:9c:db:34:7b:59:99:a4:cb:90:
                    ca:ba:16:40:a2:95:7d:0a:8e:11:1b:dc:6d:8d:a2:
                    2b:24:17:79:d7:18:2a:88:27:25:0e:17:92:12:2f:
                    e1:43:8a:0f:0a:bf:0a:28:4f:ab:42:d8:3d:b2:82:
                    14:8f:ae:0f:53:2a:62:f2:b5:fa:4c:d8:c8:2c:55:
                    37:51:ca:e5:0e:64:70:0d:41:62:ac:6d:9a:3e:55:
                    8b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:44:C1:E8:17:18:C0:98:FB:43:A0:1C:8A:E9:53:71:0A:31:23:64
            X509v3 Authority Key Identifier:
                keyid:E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/XETB6BcYwJj7Q6AciulTcQoxI2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:30:26:f1:ab:3d:67:d5:c6:86:04:7d:52:e5:8d:60:3c:6b:
         b0:18:ee:2c:e8:3d:31:b3:6c:d8:f3:60:a3:c0:c1:33:56:54:
         63:35:70:45:82:7a:8e:a1:e5:fd:b0:f3:d6:18:d4:52:ef:24:
         ef:6b:a7:21:60:48:72:f5:fd:6b:23:84:32:4f:c5:5a:53:35:
         42:79:0d:5f:45:a1:c7:22:ba:81:93:c1:a5:49:f9:e8:6c:70:
         5a:b7:6f:2e:20:5c:09:c2:a2:51:f0:e9:eb:56:ab:cf:c5:dc:
         0a:8c:62:a8:31:de:c9:9e:b0:5c:03:84:fa:5b:e1:16:f2:95:
         90:85:ef:5f:a9:3f:96:6a:a0:24:81:62:75:ea:d5:6f:e9:14:
         08:3e:63:45:43:73:51:34:54:0b:4b:d9:26:43:8d:db:2e:ae:
         a8:bd:5a:a4:fa:e8:17:e9:14:56:12:94:59:f9:93:d4:cd:b1:
         db:b9:f8:c3:db:ce:71:92:ea:11:04:f0:dc:1f:23:20:4b:35:
         fe:0b:7d:28:ab:69:e9:ce:f3:2c:05:1d:f8:d9:11:a1:39:16:
         35:15:c7:8d:7d:5b:d9:90:03:a2:2e:bc:04:f5:b3:f9:c0:a3:
         42:55:cc:9b:d4:a0:9c:7a:2d:0a:8d:85:ab:d7:aa:7a:c8:1e:
         1d:1a:f7:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC14/bqCYZGEyPxbTMsRldSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzFiMDgwZDRlYTZmZDA2MTZhNmU3MDFjN2M4MTVkNmZm
ODdjMDAwHhcNMjQwNzE1MTAxNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ0YzFlODE3MThjMDk4ZmI0M2EwMWM4YWU5NTM3MTBhMzEyMzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rRU0/HlMxGo4HE1kZgJ0K+95tXM
FQZb8WPLl1TfyICOquu8ZbUHrSOWq9nJjdQKj7e31pCROnE2EfGQ2y178UwK/w33
NYhaiO/3NeH03Lode+IFGwe3X91wrmmteJBXb9gUlbSPJHY6LABAkXAJkMbuTkwy
+HwJ/nO0XmQQPUQSlhEqMB1JbCnpO81PqmkmEKg22NkQPdXbefQCfnWKINkGlRT9
nNX8AZuc2zR7WZmky5DKuhZAopV9Co4RG9xtjaIrJBd51xgqiCclDheSEi/hQ4oP
Cr8KKE+rQtg9soIUj64PUypi8rX6TNjILFU3UcrlDmRwDUFirG2aPlWLvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxEwegXGMCY+0OgHIrpU3EKMSNkMB8GA1UdIwQY
MBaAFOYxsIDU6m/QYWpucBx8gV1v+HwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWIt
OTNiM2EzNjk2ZDk2LzEvWEVUQjZCY1l3Smo3UTZBY2l1bFRjUW94STJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWItOTNiM2EzNjk2ZDk2
LzEvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZDEMA0G
CSqGSIb3DQEBCwUAA4IBAQCKMCbxqz1n1caGBH1S5Y1gPGuwGO4s6D0xs2zY82Cj
wMEzVlRjNXBFgnqOoeX9sPPWGNRS7yTva6chYEhy9f1rI4QyT8VaUzVCeQ1fRaHH
IrqBk8GlSfnobHBat28uIFwJwqJR8OnrVqvPxdwKjGKoMd7JnrBcA4T6W+EW8pWQ
he9fqT+WaqAkgWJ16tVv6RQIPmNFQ3NRNFQLS9kmQ43bLq6ovVqk+ugX6RRWEpRZ
+ZPUzbHbufjD285xkuoRBPDcHyMgSzX+C30oq2npzvMsBR342RGhORY1FceNfVvZ
kAOiLrwE9bP5wKNCVcyb1KCcei0KjYWr16p6yB4dGvfj
-----END CERTIFICATE-----