Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/XpskFtbGqsGii3mfGRQg11TRcSA.roa
File:                     XpskFtbGqsGii3mfGRQg11TRcSA.roa (raw, json)
Hash identifier:          BDDOL6alPTkMg1KMQUqZGnrfzs/q9LrFZS9zNd0F0Jk=
Subject key identifier:   5E:9B:24:16:D6:C6:AA:C1:A2:8B:79:9F:19:14:20:D7:54:D1:71:20
Certificate issuer:       /CN=6dc0d05f8ee9e958fc95de65dc59a2141c5f1efd
Certificate serial:       018CCA2A6D33503ACBA5B893B3289D8EF664
Authority key identifier: 6D:C0:D0:5F:8E:E9:E9:58:FC:95:DE:65:DC:59:A2:14:1C:5F:1E:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bcDQX47p6Vj8ld5l3FmiFBxfHv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/XpskFtbGqsGii3mfGRQg11TRcSA.roa
Signing time:             Tue 02 Jan 2024 12:33:47 +0000
ROA not before:           Tue 02 Jan 2024 12:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43298
IP address blocks:        185.71.67.0/24 maxlen: 24
                          185.71.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/bcDQX47p6Vj8ld5l3FmiFBxfHv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/bcDQX47p6Vj8ld5l3FmiFBxfHv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bcDQX47p6Vj8ld5l3FmiFBxfHv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6d:33:50:3a:cb:a5:b8:93:b3:28:9d:8e:f6:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dc0d05f8ee9e958fc95de65dc59a2141c5f1efd
        Validity
            Not Before: Jan  2 12:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e9b2416d6c6aac1a28b799f191420d754d17120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:79:03:62:c4:f9:a6:45:76:6b:1d:79:d0:44:
                    1d:87:55:6e:86:61:05:cc:a8:d0:24:d6:b6:cd:f3:
                    63:29:46:c9:96:88:16:be:d2:a1:55:eb:64:d4:ba:
                    0e:a4:f1:a8:f4:85:4f:a3:b6:5d:0e:37:50:ae:bc:
                    48:7f:82:5e:66:fa:0a:9f:36:02:0a:fe:36:f1:1b:
                    ef:37:22:79:40:71:d8:03:c6:6f:99:17:ea:fa:33:
                    b3:64:0a:36:e0:02:7d:89:22:1a:92:c2:df:17:28:
                    6f:00:e7:48:e1:4e:b3:7b:8b:5f:9b:dc:df:f9:a1:
                    1d:f8:50:40:9e:88:e8:83:10:10:3c:12:99:26:43:
                    c6:c1:c1:ff:9d:05:1a:13:cd:73:cb:e0:b9:3a:a2:
                    1f:22:0f:bd:75:1c:2b:e6:54:49:90:06:c0:32:3e:
                    d3:40:8f:44:4c:47:9b:a7:40:c5:7d:aa:82:c3:c2:
                    92:fd:5d:b1:79:be:fc:62:2b:a3:36:45:97:08:98:
                    77:fe:4b:c7:5f:a5:91:7e:3d:20:49:11:51:52:85:
                    b5:8f:37:f8:96:37:a3:89:a3:ef:6f:4c:d5:cf:97:
                    01:1b:16:a3:30:b8:f6:d1:95:b0:85:35:68:c9:25:
                    b6:54:0f:d7:43:22:10:cd:2e:f5:fd:ab:a3:de:bf:
                    82:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9B:24:16:D6:C6:AA:C1:A2:8B:79:9F:19:14:20:D7:54:D1:71:20
            X509v3 Authority Key Identifier:
                keyid:6D:C0:D0:5F:8E:E9:E9:58:FC:95:DE:65:DC:59:A2:14:1C:5F:1E:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bcDQX47p6Vj8ld5l3FmiFBxfHv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/XpskFtbGqsGii3mfGRQg11TRcSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1d57dd-5599-45a7-ab03-4d6ce0766eb5/1/bcDQX47p6Vj8ld5l3FmiFBxfHv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.65.0/24
                  185.71.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:d9:43:6c:86:0e:50:25:1f:99:b6:25:a4:1a:82:2e:0c:b8:
         e3:b3:0e:25:24:c6:62:96:fe:9b:ab:f8:2c:06:de:ea:c4:5c:
         54:44:f0:78:bf:3d:37:4c:d5:85:07:c0:99:2a:f7:ab:2a:d3:
         ab:1d:da:d2:17:db:d8:08:84:f7:af:fe:63:06:0b:58:1a:8c:
         12:0b:6f:3f:45:3f:fa:70:94:3e:06:eb:d5:47:fa:1a:fd:ef:
         b5:d6:39:75:fc:1c:2d:c5:23:9c:9e:19:3e:1f:08:33:c7:6f:
         03:8f:23:5e:71:91:35:19:6d:a6:36:97:0e:72:1a:50:79:9a:
         5d:51:3a:35:c9:d7:a4:f4:93:0c:d2:fb:d4:47:40:84:d2:5b:
         06:db:77:8e:df:11:d2:50:0e:eb:0a:2f:c3:c1:62:0c:98:72:
         fe:92:2c:98:20:40:0a:31:d3:b9:5a:4b:ac:68:49:ad:5b:36:
         ce:b5:ce:bf:ef:73:9c:30:be:29:b5:d2:49:9c:2f:b0:8a:b8:
         8f:94:1e:f2:df:af:56:5f:c6:7c:98:0b:2e:68:62:54:6c:2d:
         0a:14:9b:bf:52:41:1d:1c:66:ef:4d:b1:d8:59:f6:b0:ba:9a:
         24:d2:5a:09:f1:b9:66:2c:f8:23:27:59:cb:1c:1f:b7:e0:1a:
         66:f7:d1:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKm0zUDrLpbiTsyidjvZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYzBkMDVmOGVlOWU5NThmYzk1ZGU2NWRjNTlhMjE0MWM1
ZjFlZmQwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTliMjQxNmQ2YzZhYWMxYTI4Yjc5OWYxOTE0MjBkNzU0ZDE3MTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHkDYsT5pkV2ax150EQdh1VuhmEF
zKjQJNa2zfNjKUbJlogWvtKhVetk1LoOpPGo9IVPo7ZdDjdQrrxIf4JeZvoKnzYC
Cv428RvvNyJ5QHHYA8ZvmRfq+jOzZAo24AJ9iSIaksLfFyhvAOdI4U6ze4tfm9zf
+aEd+FBAnojogxAQPBKZJkPGwcH/nQUaE81zy+C5OqIfIg+9dRwr5lRJkAbAMj7T
QI9ETEebp0DFfaqCw8KS/V2xeb78YiujNkWXCJh3/kvHX6WRfj0gSRFRUoW1jzf4
ljejiaPvb0zVz5cBGxajMLj20ZWwhTVoySW2VA/XQyIQzS71/auj3r+C4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF6bJBbWxqrBoot5nxkUINdU0XEgMB8GA1UdIwQY
MBaAFG3A0F+O6elY/JXeZdxZohQcXx79MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmNEUVg0N3A2Vmo4bGQ1bDNGbWlGQnhmSHYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xZDU3ZGQtNTU5OS00NWE3LWFiMDMt
NGQ2Y2UwNzY2ZWI1LzEvWHBza0Z0Ykdxc0dpaTNtZkdSUWcxMVRSY1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xZDU3ZGQtNTU5OS00NWE3LWFiMDMtNGQ2Y2UwNzY2ZWI1
LzEvYmNEUVg0N3A2Vmo4bGQ1bDNGbWlGQnhmSHYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUdBAwQA
uUdDMA0GCSqGSIb3DQEBCwUAA4IBAQBd2UNshg5QJR+ZtiWkGoIuDLjjsw4lJMZi
lv6bq/gsBt7qxFxURPB4vz03TNWFB8CZKverKtOrHdrSF9vYCIT3r/5jBgtYGowS
C28/RT/6cJQ+BuvVR/oa/e+11jl1/BwtxSOcnhk+Hwgzx28DjyNecZE1GW2mNpcO
chpQeZpdUTo1ydek9JMM0vvUR0CE0lsG23eO3xHSUA7rCi/DwWIMmHL+kiyYIEAK
MdO5WkusaEmtWzbOtc6/73OcML4ptdJJnC+wiriPlB7y369WX8Z8mAsuaGJUbC0K
FJu/UkEdHGbvTbHYWfawupok0loJ8blmLPgjJ1nLHB+34Bpm99Gy
-----END CERTIFICATE-----