Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/xqli-up9tv-5EtufhnvT3Rz5sL4.roa
File:                     xqli-up9tv-5EtufhnvT3Rz5sL4.roa (raw, json)
Hash identifier:          pP72qtKSMiocfwloRf26k2gP6VXl5cipHpl00Ib3WMs=
Subject key identifier:   C6:A9:62:FA:EA:7D:B6:FF:B9:12:DB:9F:86:7B:D3:DD:1C:F9:B0:BE
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019092873AEE599A93636986FE886B262054
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/xqli-up9tv-5EtufhnvT3Rz5sL4.roa
Signing time:             Mon 08 Jul 2024 13:27:34 +0000
ROA not before:           Mon 08 Jul 2024 13:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51847
IP address blocks:        194.124.218.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:87:3a:ee:59:9a:93:63:69:86:fe:88:6b:26:20:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jul  8 13:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6a962faea7db6ffb912db9f867bd3dd1cf9b0be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:71:b1:a4:3f:7d:5b:57:eb:41:ab:54:92:78:
                    bb:a5:76:3e:49:ac:8d:24:7c:10:da:6b:f5:da:0c:
                    de:72:d1:9d:da:56:e9:de:a0:e4:41:64:d3:44:15:
                    be:a2:64:61:59:8f:c4:11:ef:40:65:cd:6d:87:65:
                    c8:6c:96:cd:88:fa:a0:5c:c3:a8:c7:76:3c:a2:9a:
                    a3:ad:2d:2e:d7:5d:8b:65:97:4b:b2:78:04:c3:6c:
                    b3:98:ed:4f:2c:5e:83:e4:83:06:c4:0d:19:ab:89:
                    a3:40:c9:ca:b0:10:20:d7:4a:ed:6d:c7:43:de:f0:
                    40:9b:48:00:5a:53:04:12:86:66:35:f2:81:ca:b1:
                    47:3e:53:57:e2:98:cf:75:18:3d:92:52:eb:d4:30:
                    35:8f:01:b3:ad:ae:31:1f:f0:99:d2:1a:76:99:c7:
                    d0:c6:a4:77:40:51:cc:44:ef:ca:86:f9:bf:c5:a2:
                    94:06:ed:e9:9d:47:c5:8d:55:97:89:ea:17:49:33:
                    51:1c:8f:c7:90:3a:d9:34:ea:32:2a:df:94:dd:d3:
                    16:3a:a3:31:1e:48:02:94:b8:7e:21:34:b6:a0:88:
                    92:9d:65:58:0d:50:dd:21:5d:01:54:5c:f1:97:35:
                    ba:d1:7f:1f:d4:bc:61:08:a7:8d:de:e6:1d:7b:7a:
                    43:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:A9:62:FA:EA:7D:B6:FF:B9:12:DB:9F:86:7B:D3:DD:1C:F9:B0:BE
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/xqli-up9tv-5EtufhnvT3Rz5sL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:54:63:5a:f5:62:5c:15:31:f9:55:78:e5:fe:6a:3b:92:19:
         5e:9b:65:3d:5c:7f:40:8a:7a:e6:da:30:0f:44:70:d6:12:1c:
         2f:48:bc:23:d9:86:1d:48:31:09:37:b0:3a:82:86:58:f6:14:
         87:b9:13:21:d5:de:c5:7d:30:d5:a8:40:72:b1:14:52:22:50:
         cf:08:c3:7e:cd:86:73:b2:7d:ad:7d:c2:50:af:8b:90:ae:f6:
         67:10:e1:e1:df:1c:83:4d:cb:0c:80:23:7b:30:8a:af:ae:bc:
         59:e9:e1:61:97:c1:8e:f0:c2:58:fa:37:27:00:20:16:7c:a1:
         e1:9f:5f:b9:e7:d6:7f:b4:5d:54:70:c8:72:36:0e:a0:b5:e3:
         24:24:ac:22:90:bf:30:75:41:d7:ae:51:33:9f:c6:5a:07:d1:
         0b:b8:66:4d:7b:ae:88:6d:14:a6:53:44:29:31:32:7d:e6:d0:
         12:d3:3a:6a:db:4c:5d:e6:17:6c:3a:bc:01:65:39:c5:18:4a:
         f1:08:02:15:17:69:f6:69:aa:76:56:bd:b1:d5:34:9d:4f:06:
         41:e6:06:42:0a:aa:9a:03:7b:4d:37:b0:ae:50:ea:4c:ae:b2:
         df:42:0e:a2:87:4f:ec:90:c9:bf:42:66:b8:ea:67:06:78:ef:
         93:fe:05:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCShzruWZqTY2mG/ohrJiBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwNzA4MTMyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmE5NjJmYWVhN2RiNmZmYjkxMmRiOWY4NjdiZDNkZDFjZjliMGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3GxpD99W1frQatUkni7pXY+SayN
JHwQ2mv12gzectGd2lbp3qDkQWTTRBW+omRhWY/EEe9AZc1th2XIbJbNiPqgXMOo
x3Y8opqjrS0u112LZZdLsngEw2yzmO1PLF6D5IMGxA0Zq4mjQMnKsBAg10rtbcdD
3vBAm0gAWlMEEoZmNfKByrFHPlNX4pjPdRg9klLr1DA1jwGzra4xH/CZ0hp2mcfQ
xqR3QFHMRO/Khvm/xaKUBu3pnUfFjVWXieoXSTNRHI/HkDrZNOoyKt+U3dMWOqMx
HkgClLh+ITS2oIiSnWVYDVDdIV0BVFzxlzW60X8f1LxhCKeN3uYde3pDPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMapYvrqfbb/uRLbn4Z7090c+bC+MB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEveHFsaS11cDl0di01RXR1ZmhudlQzUno1c0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnzaMA0G
CSqGSIb3DQEBCwUAA4IBAQBPVGNa9WJcFTH5VXjl/mo7khlem2U9XH9Ainrm2jAP
RHDWEhwvSLwj2YYdSDEJN7A6goZY9hSHuRMh1d7FfTDVqEBysRRSIlDPCMN+zYZz
sn2tfcJQr4uQrvZnEOHh3xyDTcsMgCN7MIqvrrxZ6eFhl8GO8MJY+jcnACAWfKHh
n1+559Z/tF1UcMhyNg6gteMkJKwikL8wdUHXrlEzn8ZaB9ELuGZNe66IbRSmU0Qp
MTJ95tAS0zpq20xd5hdsOrwBZTnFGErxCAIVF2n2aap2Vr2x1TSdTwZB5gZCCqqa
A3tNN7CuUOpMrrLfQg6ih0/skMm/Qma46mcGeO+T/gUP
-----END CERTIFICATE-----