Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/xNhw1lF5NNVmw87JYxO8gG-_4uU.roa
File:                     xNhw1lF5NNVmw87JYxO8gG-_4uU.roa (raw, json)
Hash identifier:          5coXeFFqPmIYT6knq01A4/KB4+XISjPzWhqBWNjYBvk=
Subject key identifier:   C4:D8:70:D6:51:79:34:D5:66:C3:CE:C9:63:13:BC:80:6F:BF:E2:E5
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018CC56DF46C333DCCE229F6D62DE372D9C4
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/xNhw1lF5NNVmw87JYxO8gG-_4uU.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26636
IP address blocks:        92.118.114.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:6c:33:3d:cc:e2:29:f6:d6:2d:e3:72:d9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4d870d6517934d566c3cec96313bc806fbfe2e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:31:c6:b7:de:03:ae:3a:d8:b8:40:3b:f2:d4:
                    f2:c9:4d:17:08:e7:99:7b:d4:c2:1d:3a:f2:01:15:
                    38:ee:71:35:04:f7:c0:75:22:09:83:e9:06:62:5f:
                    7e:2d:e1:62:3b:a1:e3:da:d2:bc:ce:fa:32:ff:f7:
                    1b:36:0e:75:b7:f1:78:61:cc:be:c7:52:23:47:01:
                    cd:eb:75:b4:10:a0:80:12:d7:cc:21:77:99:cf:66:
                    43:a7:c1:20:3c:02:f9:75:e0:58:8a:2e:f3:90:30:
                    d6:30:ad:eb:96:78:4c:b9:54:d6:13:2b:c5:84:1e:
                    f1:ff:e8:83:88:2b:d1:09:86:ae:2c:e7:69:ee:c9:
                    35:6f:99:1b:fb:2e:51:36:22:4f:20:cc:8a:b3:22:
                    65:72:38:f1:8c:53:60:69:7c:2f:73:8a:2a:b2:42:
                    c6:9e:58:c6:ce:be:f8:aa:85:95:9e:20:53:09:a8:
                    0d:7f:32:fd:9a:04:a3:d0:fb:e1:ed:d2:78:8f:dd:
                    62:18:fe:fc:2e:05:3a:35:22:95:60:3e:2c:37:c7:
                    6d:0a:f5:af:d9:08:22:e9:5c:6a:80:cf:3a:82:ee:
                    4a:75:f4:1b:d0:8c:db:4f:38:80:fe:c6:64:04:45:
                    cf:ab:ee:7e:a1:ca:57:47:06:a2:a1:1c:b6:1c:50:
                    35:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D8:70:D6:51:79:34:D5:66:C3:CE:C9:63:13:BC:80:6F:BF:E2:E5
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/xNhw1lF5NNVmw87JYxO8gG-_4uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:c7:e0:85:3d:43:25:34:5f:4d:4c:e5:b8:d4:83:57:3a:bc:
         84:5d:e8:14:ba:5f:ff:9f:ca:f7:aa:0d:4f:00:0a:5d:bf:88:
         48:56:57:38:09:30:d0:dc:b3:4d:d1:a7:0e:db:b9:3e:77:7a:
         97:58:5f:74:5b:23:6e:1f:ce:cf:a8:98:b6:99:e5:d7:7a:c1:
         84:1c:95:c7:d1:31:58:77:56:60:96:6d:b5:4a:be:33:7b:3d:
         f9:ea:d5:f7:53:c3:6b:c7:fa:8a:23:c9:41:a9:34:03:e5:fe:
         c2:f2:dc:0b:bc:80:ee:88:56:ad:e1:a2:c1:e0:97:b6:a2:b4:
         0b:c0:af:55:a7:cf:5e:af:fe:da:03:b3:8f:d6:fb:4e:0c:e9:
         63:9d:72:94:f8:99:e1:28:b7:7b:8b:6d:a1:90:c3:c3:bd:eb:
         22:dc:f1:22:b8:f2:c0:b8:ca:48:f1:9c:6c:c6:7b:6c:98:bd:
         b9:73:67:64:d0:6a:1d:da:a0:66:bb:9e:cb:f7:ca:ad:25:bd:
         7c:45:42:a5:47:45:af:b5:6d:8e:65:be:67:61:2a:92:11:ad:
         d9:be:57:01:0b:a9:ce:61:96:9e:0a:b8:ec:5e:5c:84:ad:40:
         19:cd:91:57:f2:6a:8c:6f:c9:a4:08:31:0a:22:87:42:b7:bf:
         e1:01:de:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfRsMz3M4in21i3jctnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGQ4NzBkNjUxNzkzNGQ1NjZjM2NlYzk2MzEzYmM4MDZmYmZlMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTHGt94DrjrYuEA78tTyyU0XCOeZ
e9TCHTryARU47nE1BPfAdSIJg+kGYl9+LeFiO6Hj2tK8zvoy//cbNg51t/F4Ycy+
x1IjRwHN63W0EKCAEtfMIXeZz2ZDp8EgPAL5deBYii7zkDDWMK3rlnhMuVTWEyvF
hB7x/+iDiCvRCYauLOdp7sk1b5kb+y5RNiJPIMyKsyJlcjjxjFNgaXwvc4oqskLG
nljGzr74qoWVniBTCagNfzL9mgSj0Pvh7dJ4j91iGP78LgU6NSKVYD4sN8dtCvWv
2Qgi6VxqgM86gu5KdfQb0IzbTziA/sZkBEXPq+5+ocpXRwaioRy2HFA1QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTYcNZReTTVZsPOyWMTvIBvv+LlMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEveE5odzFsRjVOTlZtdzg3Sll4TzhnRy1fNHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXHZyMA0G
CSqGSIb3DQEBCwUAA4IBAQCGx+CFPUMlNF9NTOW41INXOryEXegUul//n8r3qg1P
AApdv4hIVlc4CTDQ3LNN0acO27k+d3qXWF90WyNuH87PqJi2meXXesGEHJXH0TFY
d1Zglm21Sr4zez356tX3U8Nrx/qKI8lBqTQD5f7C8twLvIDuiFat4aLB4Je2orQL
wK9Vp89er/7aA7OP1vtODOljnXKU+JnhKLd7i22hkMPDvesi3PEiuPLAuMpI8Zxs
xntsmL25c2dk0God2qBmu57L98qtJb18RUKlR0WvtW2OZb5nYSqSEa3ZvlcBC6nO
YZaeCrjsXlyErUAZzZFX8mqMb8mkCDEKIodCt7/hAd5/
-----END CERTIFICATE-----