Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/d90be8-f605-4fc8-8f09-021040aa3c8a/1/XPo4e0UmRRltedavpSnNAfSGwEo.roa
File:                     XPo4e0UmRRltedavpSnNAfSGwEo.roa (raw, json)
Hash identifier:          6JpYLElZV4fHyVJXstUVTmpH/3NsNCJQ5TwXWPlV4mg=
Subject key identifier:   5C:FA:38:7B:45:26:45:19:6D:79:D6:AF:A5:29:CD:01:F4:86:C0:4A
Certificate issuer:       /CN=eeb320be89726831f3fd900740f1f906f9b19c6a
Certificate serial:       018CC94D514BA4E8679E9EA8AF82EFF9C31F
Authority key identifier: EE:B3:20:BE:89:72:68:31:F3:FD:90:07:40:F1:F9:06:F9:B1:9C:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rMgvolyaDHz_ZAHQPH5BvmxnGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/d90be8-f605-4fc8-8f09-021040aa3c8a/1/XPo4e0UmRRltedavpSnNAfSGwEo.roa
Signing time:             Tue 02 Jan 2024 08:32:16 +0000
ROA not before:           Tue 02 Jan 2024 08:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200322
IP address blocks:        185.245.250.0/24 maxlen: 24
                          185.245.248.0/22 maxlen: 24
                          2a0d:7080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/d90be8-f605-4fc8-8f09-021040aa3c8a/1/7rMgvolyaDHz_ZAHQPH5BvmxnGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/d90be8-f605-4fc8-8f09-021040aa3c8a/1/7rMgvolyaDHz_ZAHQPH5BvmxnGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rMgvolyaDHz_ZAHQPH5BvmxnGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:51:4b:a4:e8:67:9e:9e:a8:af:82:ef:f9:c3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb320be89726831f3fd900740f1f906f9b19c6a
        Validity
            Not Before: Jan  2 08:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cfa387b452645196d79d6afa529cd01f486c04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:23:21:90:e1:13:c2:80:03:b7:d8:6d:93:2b:
                    67:b6:0f:8c:90:c6:6b:2a:f5:2a:d2:f9:08:d7:07:
                    91:ff:7e:4e:3a:5f:f9:ba:ba:4d:da:be:69:fd:c1:
                    61:14:b5:a4:04:ff:0a:eb:cc:51:c9:b7:8f:6f:ab:
                    d2:9e:0e:2d:f3:bb:df:48:58:fd:2d:48:4b:f5:b0:
                    59:ee:43:2c:e9:41:a6:fe:92:47:ac:17:07:a2:0f:
                    56:62:2f:a9:fa:e7:81:03:e8:f3:d9:d8:54:f4:8d:
                    18:8e:49:c2:73:6d:3e:86:0b:fd:50:3d:c6:d7:73:
                    a0:70:d7:b4:de:6b:1b:89:19:dd:34:45:e9:8e:e4:
                    3e:59:10:7c:b5:47:3f:32:70:9f:fa:80:2c:cd:90:
                    06:b9:58:fb:e2:8b:ae:59:b6:7d:91:df:0f:a0:bc:
                    6f:f4:08:bb:31:3a:85:32:bc:d7:69:02:4e:25:c6:
                    cf:3a:ea:5e:3b:10:b0:27:d2:1e:8f:97:07:a4:7a:
                    8f:f4:55:70:b5:e2:d9:07:1a:f2:e5:a9:5f:c7:d8:
                    81:16:53:32:02:5c:72:bd:22:cc:6c:da:58:68:4e:
                    bb:a7:44:d4:d5:fb:40:78:3e:f4:5e:cd:9f:5e:43:
                    37:5e:59:5e:98:77:85:4b:e3:d8:66:2c:e5:5c:ab:
                    47:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FA:38:7B:45:26:45:19:6D:79:D6:AF:A5:29:CD:01:F4:86:C0:4A
            X509v3 Authority Key Identifier:
                keyid:EE:B3:20:BE:89:72:68:31:F3:FD:90:07:40:F1:F9:06:F9:B1:9C:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rMgvolyaDHz_ZAHQPH5BvmxnGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/d90be8-f605-4fc8-8f09-021040aa3c8a/1/XPo4e0UmRRltedavpSnNAfSGwEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/d90be8-f605-4fc8-8f09-021040aa3c8a/1/7rMgvolyaDHz_ZAHQPH5BvmxnGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.248.0/22
                IPv6:
                  2a0d:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:65:b3:a3:40:cd:b6:ba:b9:c0:ff:d7:38:1e:a6:59:50:bd:
         0a:75:46:90:f8:b8:33:b7:f2:f7:3c:fa:1b:a7:92:48:6b:a9:
         c1:d3:f4:02:0e:93:9c:33:f5:43:7c:78:9c:bc:eb:64:8c:89:
         79:3d:9f:2a:a9:d2:59:0a:87:53:3a:ac:1f:cf:13:ea:3b:d8:
         1d:22:00:55:eb:d8:a1:c7:ed:d3:95:7e:c5:36:06:d5:a3:b5:
         39:25:9b:04:ad:17:42:b3:08:7a:69:ce:71:8b:69:87:f4:70:
         eb:91:28:a2:1e:18:a7:a6:e8:9d:45:cb:d8:91:fd:19:43:e6:
         fb:25:de:75:1e:3e:c5:f5:1b:95:cd:d1:09:1a:a6:63:73:97:
         7a:1c:2c:cf:76:09:c6:f1:c5:c0:8c:b6:f6:5f:f0:f2:65:09:
         0d:b7:b5:eb:1f:d0:d2:05:fc:e8:02:b4:1b:ce:82:32:0c:c7:
         ab:c2:e5:3e:c1:c9:d6:18:a0:9a:a5:02:7d:70:9b:d5:3f:f9:
         45:4b:3c:5b:c1:f9:75:e6:d4:0c:e8:30:4e:c7:e1:8e:e3:8f:
         67:56:84:77:c9:42:2c:e2:30:97:40:19:37:ae:7c:71:14:b1:
         09:81:ca:1a:ac:a4:ee:fd:49:26:78:87:4e:ef:14:84:ca:1c:
         5e:fc:48:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTVFLpOhnnp6or4Lv+cMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjMyMGJlODk3MjY4MzFmM2ZkOTAwNzQwZjFmOTA2Zjli
MTljNmEwHhcNMjQwMTAyMDgzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ZhMzg3YjQ1MjY0NTE5NmQ3OWQ2YWZhNTI5Y2QwMWY0ODZjMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiMhkOETwoADt9htkytntg+MkMZr
KvUq0vkI1weR/35OOl/5urpN2r5p/cFhFLWkBP8K68xRybePb6vSng4t87vfSFj9
LUhL9bBZ7kMs6UGm/pJHrBcHog9WYi+p+ueBA+jz2dhU9I0YjknCc20+hgv9UD3G
13OgcNe03msbiRndNEXpjuQ+WRB8tUc/MnCf+oAszZAGuVj74ouuWbZ9kd8PoLxv
9Ai7MTqFMrzXaQJOJcbPOupeOxCwJ9Iej5cHpHqP9FVwteLZBxry5alfx9iBFlMy
AlxyvSLMbNpYaE67p0TU1ftAeD70Xs2fXkM3XllemHeFS+PYZizlXKtH6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFz6OHtFJkUZbXnWr6UpzQH0hsBKMB8GA1UdIwQY
MBaAFO6zIL6Jcmgx8/2QB0Dx+Qb5sZxqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JNZ3ZvbHlhREh6X1pBSFFQSDVCdm14bkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9kOTBiZTgtZjYwNS00ZmM4LThmMDkt
MDIxMDQwYWEzYzhhLzEvWFBvNGUwVW1SUmx0ZWRhdnBTbk5BZlNHd0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9kOTBiZTgtZjYwNS00ZmM4LThmMDktMDIxMDQwYWEzYzhh
LzEvN3JNZ3ZvbHlhREh6X1pBSFFQSDVCdm14bkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufX4MA0E
AgACMAcDBQMqDXCAMA0GCSqGSIb3DQEBCwUAA4IBAQAwZbOjQM22urnA/9c4HqZZ
UL0KdUaQ+Lgzt/L3PPobp5JIa6nB0/QCDpOcM/VDfHicvOtkjIl5PZ8qqdJZCodT
OqwfzxPqO9gdIgBV69ihx+3TlX7FNgbVo7U5JZsErRdCswh6ac5xi2mH9HDrkSii
HhinpuidRcvYkf0ZQ+b7Jd51Hj7F9RuVzdEJGqZjc5d6HCzPdgnG8cXAjLb2X/Dy
ZQkNt7XrH9DSBfzoArQbzoIyDMerwuU+wcnWGKCapQJ9cJvVP/lFSzxbwfl15tQM
6DBOx+GO449nVoR3yUIs4jCXQBk3rnxxFLEJgcoarKTu/UkmeIdO7xSEyhxe/Egi
-----END CERTIFICATE-----