Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xAl-C-vKj8moKjxjE43m3ubsEPs.roa
File:                     xAl-C-vKj8moKjxjE43m3ubsEPs.roa (raw, json)
Hash identifier:          mkTSDNTJodAddtUkrdpGyQXSapEMnBi+EBez9BqcAAo=
Subject key identifier:   C4:09:7E:0B:EB:CA:8F:C9:A8:2A:3C:63:13:8D:E6:DE:E6:EC:10:FB
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018FC5476A2177505715FD83CE50C6C4D8AF
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xAl-C-vKj8moKjxjE43m3ubsEPs.roa
Signing time:             Wed 29 May 2024 16:55:42 +0000
ROA not before:           Wed 29 May 2024 16:55:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.225.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c5:47:6a:21:77:50:57:15:fd:83:ce:50:c6:c4:d8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: May 29 16:55:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4097e0bebca8fc9a82a3c63138de6dee6ec10fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e8:32:3b:c7:a7:0f:76:f7:be:70:93:0b:dc:
                    04:c3:b3:f4:d5:2f:3e:13:c4:4f:96:65:b9:b9:32:
                    91:76:f6:c3:fd:36:28:7f:a9:fd:09:d9:fb:08:4e:
                    50:54:d5:a0:f7:e1:1a:62:60:67:97:0d:7a:bb:b9:
                    79:25:47:b7:d2:ec:7e:2b:39:89:34:bd:37:91:66:
                    64:1c:cc:e0:06:54:05:a9:fb:b0:5c:36:48:6f:0c:
                    99:f9:83:a6:c5:b1:e8:33:53:3d:34:38:21:8e:44:
                    30:a0:d2:f9:f1:4b:bd:48:05:4a:0c:e7:8d:7e:20:
                    f3:ec:a2:36:dd:a9:08:c2:4e:92:c8:6b:07:24:37:
                    73:91:16:40:a4:98:e4:80:55:48:b3:4e:83:6e:75:
                    fe:fd:4e:63:a8:66:ef:f7:94:49:a5:92:e8:e9:82:
                    87:e8:c7:94:92:97:95:11:f2:60:7f:95:c9:21:d0:
                    bb:7f:fc:6f:3f:1a:ff:95:4c:87:b1:ec:3a:86:e1:
                    12:6b:83:f9:90:3d:09:1e:3c:9d:0f:46:83:0a:6c:
                    64:ea:87:41:0d:73:2b:50:c5:0a:8d:f7:7f:ab:24:
                    0d:f7:6d:b1:98:b6:ab:8f:f4:f1:38:68:fe:d1:67:
                    c8:be:6f:1b:7b:2c:cf:ec:6e:52:cc:e9:09:a7:3c:
                    c8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:09:7E:0B:EB:CA:8F:C9:A8:2A:3C:63:13:8D:E6:DE:E6:EC:10:FB
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xAl-C-vKj8moKjxjE43m3ubsEPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:4c:6d:69:8b:e3:1b:9e:42:41:b3:35:5b:27:f5:21:1e:c8:
         09:b3:bc:05:2a:95:93:62:91:20:5d:84:0e:21:28:e9:ea:11:
         6e:ce:30:a3:df:d8:48:ce:e9:38:1e:a0:5b:cb:57:69:2e:a2:
         7a:f9:00:89:56:6a:41:68:04:7a:30:3d:4d:84:b5:80:e0:4d:
         e6:65:32:15:08:84:05:03:67:b0:13:fd:4e:51:5c:0f:83:7e:
         ac:87:2a:c5:1a:e0:0f:9a:a3:7c:50:35:25:a3:13:4c:c3:dd:
         b3:cd:7c:5c:1a:23:ec:e1:0d:0d:a8:6e:bc:54:5f:37:4e:fc:
         cd:49:56:96:86:a2:71:88:58:88:26:46:00:de:84:68:61:d8:
         57:7d:14:c9:b8:af:02:12:01:2b:0f:a2:b1:f4:ee:21:13:4e:
         e4:e4:bb:a3:6c:aa:85:bb:32:95:27:e8:4e:f4:7e:fb:34:48:
         f0:9b:96:06:80:b0:ca:bd:28:24:4b:00:58:14:cc:4c:84:ed:
         f3:c3:c7:75:5c:aa:3b:41:94:f7:18:d1:75:81:5e:6c:f7:2b:
         53:8c:c4:f5:2f:28:5e:12:12:c9:81:f8:df:81:ec:3c:a1:df:
         87:b5:7e:af:65:20:38:bd:d3:e7:52:13:2b:88:09:ac:cf:c9:
         43:e9:a2:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/FR2ohd1BXFf2DzlDGxNivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwNTI5MTY1NTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDA5N2UwYmViY2E4ZmM5YTgyYTNjNjMxMzhkZTZkZWU2ZWMxMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OgyO8enD3b3vnCTC9wEw7P01S8+
E8RPlmW5uTKRdvbD/TYof6n9Cdn7CE5QVNWg9+EaYmBnlw16u7l5JUe30ux+KzmJ
NL03kWZkHMzgBlQFqfuwXDZIbwyZ+YOmxbHoM1M9NDghjkQwoNL58Uu9SAVKDOeN
fiDz7KI23akIwk6SyGsHJDdzkRZApJjkgFVIs06DbnX+/U5jqGbv95RJpZLo6YKH
6MeUkpeVEfJgf5XJIdC7f/xvPxr/lUyHsew6huESa4P5kD0JHjydD0aDCmxk6odB
DXMrUMUKjfd/qyQN922xmLarj/TxOGj+0WfIvm8beyzP7G5SzOkJpzzIEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQJfgvryo/JqCo8YxON5t7m7BD7MB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEveEFsLUMtdktqOG1vS2p4akU0M20zdWJzRVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHOMA0G
CSqGSIb3DQEBCwUAA4IBAQCiTG1pi+MbnkJBszVbJ/UhHsgJs7wFKpWTYpEgXYQO
ISjp6hFuzjCj39hIzuk4HqBby1dpLqJ6+QCJVmpBaAR6MD1NhLWA4E3mZTIVCIQF
A2ewE/1OUVwPg36shyrFGuAPmqN8UDUloxNMw92zzXxcGiPs4Q0NqG68VF83TvzN
SVaWhqJxiFiIJkYA3oRoYdhXfRTJuK8CEgErD6Kx9O4hE07k5LujbKqFuzKVJ+hO
9H77NEjwm5YGgLDKvSgkSwBYFMxMhO3zw8d1XKo7QZT3GNF1gV5s9ytTjMT1Lyhe
EhLJgfjfgew8od+HtX6vZSA4vdPnUhMriAmsz8lD6aKE
-----END CERTIFICATE-----