Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/Xphuxb3ZHiAcH14SU0H2dPa7wGU.roa
File:                     Xphuxb3ZHiAcH14SU0H2dPa7wGU.roa (raw, json)
Hash identifier:          fskTfLMye2YnzVPKA2js1cbn/OHkvibZGvCYgelanVs=
Subject key identifier:   5E:98:6E:C5:BD:D9:1E:20:1C:1F:5E:12:53:41:F6:74:F6:BB:C0:65
Certificate issuer:       /CN=f050a20e30ec915ded1df20055af6b5f26672ea9
Certificate serial:       018CC64A3CFDA0F02B75B12E9EF769735BCC
Authority key identifier: F0:50:A2:0E:30:EC:91:5D:ED:1D:F2:00:55:AF:6B:5F:26:67:2E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FCiDjDskV3tHfIAVa9rXyZnLqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/Xphuxb3ZHiAcH14SU0H2dPa7wGU.roa
Signing time:             Mon 01 Jan 2024 18:30:03 +0000
ROA not before:           Mon 01 Jan 2024 18:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8478
IP address blocks:        185.90.212.0/22 maxlen: 22
                          109.74.176.0/20 maxlen: 20
                          2a00:17a8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/8FCiDjDskV3tHfIAVa9rXyZnLqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/8FCiDjDskV3tHfIAVa9rXyZnLqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FCiDjDskV3tHfIAVa9rXyZnLqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:3c:fd:a0:f0:2b:75:b1:2e:9e:f7:69:73:5b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f050a20e30ec915ded1df20055af6b5f26672ea9
        Validity
            Not Before: Jan  1 18:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e986ec5bdd91e201c1f5e125341f674f6bbc065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2c:87:71:84:ff:a0:62:a0:83:d3:44:70:24:
                    d8:16:7f:c7:f8:1b:a8:75:53:c2:b1:94:a2:ab:17:
                    d0:7e:7e:be:c0:e5:b8:9e:99:db:b0:28:62:df:27:
                    37:88:23:14:09:67:53:2f:f2:26:e7:78:63:fe:39:
                    56:81:54:98:71:ad:2f:67:fd:51:6b:1f:14:4a:46:
                    a0:57:5f:89:69:13:a7:e0:5f:87:2d:6b:3b:64:06:
                    a8:18:f0:7a:ad:69:8e:46:ea:74:22:04:e9:27:93:
                    46:c5:06:51:5a:60:e3:7c:29:ee:fd:2b:ad:a5:09:
                    ce:5b:52:90:45:cc:d0:9d:bf:64:9e:79:25:a6:fb:
                    ec:88:c5:e6:9a:a4:8d:24:36:a3:af:59:fa:d3:01:
                    a4:bc:07:1b:19:a2:7c:58:d2:03:8d:fe:98:87:6a:
                    4e:4c:6f:1b:22:1f:4a:a7:3d:c4:66:50:42:5b:f3:
                    a9:b8:77:ae:36:a3:7e:c6:68:b3:53:f7:fe:ed:2b:
                    ef:ea:1d:7f:c8:69:8e:69:ce:d7:a0:9c:d1:1b:7f:
                    24:07:79:63:11:be:a5:5f:e0:53:12:42:a7:de:4b:
                    cb:26:bf:97:5b:67:34:54:6d:96:2e:3d:e6:26:12:
                    7f:f4:03:f0:d2:d6:b5:8f:ea:c8:40:00:00:ba:3b:
                    af:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:98:6E:C5:BD:D9:1E:20:1C:1F:5E:12:53:41:F6:74:F6:BB:C0:65
            X509v3 Authority Key Identifier:
                keyid:F0:50:A2:0E:30:EC:91:5D:ED:1D:F2:00:55:AF:6B:5F:26:67:2E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FCiDjDskV3tHfIAVa9rXyZnLqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/Xphuxb3ZHiAcH14SU0H2dPa7wGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/8FCiDjDskV3tHfIAVa9rXyZnLqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.74.176.0/20
                  185.90.212.0/22
                IPv6:
                  2a00:17a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:a0:ba:a1:9b:43:77:1a:78:77:d0:b6:f6:0d:73:50:96:ea:
         a9:ff:10:f3:5b:39:be:80:b0:2f:ba:72:dc:33:f8:d5:e6:e3:
         a9:e9:c7:ab:6d:00:0d:07:8e:30:b2:37:f9:76:4d:25:f7:ca:
         dd:1b:1c:33:de:f6:a5:ad:1e:20:11:a2:f5:65:22:d8:6c:5f:
         b8:8f:af:5d:d2:c5:12:de:04:fe:da:76:43:f5:5d:64:0c:10:
         b1:88:f4:49:27:85:c6:6c:c4:4c:79:af:dc:87:20:fb:35:f0:
         1c:b9:f2:1e:56:66:24:31:1a:28:79:18:6b:c6:bc:fa:61:f6:
         b8:91:92:9c:8a:1c:41:48:dd:2f:85:eb:23:3a:d5:2c:72:64:
         e4:02:91:5e:a1:1a:15:ca:68:27:bf:36:d7:c8:c3:96:c9:79:
         12:dd:d4:75:4f:fc:dc:05:ab:c4:c3:4e:8a:32:92:d9:21:31:
         54:c6:9f:f7:9d:6f:c8:e8:eb:95:1b:4a:2e:fd:87:e3:02:85:
         57:20:3a:70:8e:ff:b1:30:47:12:63:d8:b8:13:51:89:d9:88:
         71:45:e1:72:64:f5:a2:64:54:43:8b:e8:76:a2:1f:be:20:bd:
         67:33:6b:9b:0b:3f:53:b4:47:56:62:9f:40:1a:5d:9a:02:a2:
         1e:1c:ce:8c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSjz9oPArdbEunvdpc1vMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTBhMjBlMzBlYzkxNWRlZDFkZjIwMDU1YWY2YjVmMjY2
NzJlYTkwHhcNMjQwMTAxMTgzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk4NmVjNWJkZDkxZTIwMWMxZjVlMTI1MzQxZjY3NGY2YmJjMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSyHcYT/oGKgg9NEcCTYFn/H+Buo
dVPCsZSiqxfQfn6+wOW4npnbsChi3yc3iCMUCWdTL/Im53hj/jlWgVSYca0vZ/1R
ax8USkagV1+JaROn4F+HLWs7ZAaoGPB6rWmORup0IgTpJ5NGxQZRWmDjfCnu/Sut
pQnOW1KQRczQnb9knnklpvvsiMXmmqSNJDajr1n60wGkvAcbGaJ8WNIDjf6Yh2pO
TG8bIh9Kpz3EZlBCW/OpuHeuNqN+xmizU/f+7Svv6h1/yGmOac7XoJzRG38kB3lj
Eb6lX+BTEkKn3kvLJr+XW2c0VG2WLj3mJhJ/9APw0ta1j+rIQAAAujuvGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF6YbsW92R4gHB9eElNB9nT2u8BlMB8GA1UdIwQY
MBaAFPBQog4w7JFd7R3yAFWva18mZy6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZDaURqRHNrVjN0SGZJQVZhOXJYeVpuTHFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9iNWQ4MDktMmRiMC00ZmJmLThhMGQt
OWQzMTY3ODMxOTM0LzEvWHBodXhiM1pIaUFjSDE0U1UwSDJkUGE3d0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9iNWQ4MDktMmRiMC00ZmJmLThhMGQtOWQzMTY3ODMxOTM0
LzEvOEZDaURqRHNrVjN0SGZJQVZhOXJYeVpuTHFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEbUqwAwQC
uVrUMA0EAgACMAcDBQAqABeoMA0GCSqGSIb3DQEBCwUAA4IBAQAhoLqhm0N3Gnh3
0Lb2DXNQluqp/xDzWzm+gLAvunLcM/jV5uOp6cerbQANB44wsjf5dk0l98rdGxwz
3valrR4gEaL1ZSLYbF+4j69d0sUS3gT+2nZD9V1kDBCxiPRJJ4XGbMRMea/chyD7
NfAcufIeVmYkMRooeRhrxrz6Yfa4kZKcihxBSN0vhesjOtUscmTkApFeoRoVymgn
vzbXyMOWyXkS3dR1T/zcBavEw06KMpLZITFUxp/3nW/I6OuVG0ou/YfjAoVXIDpw
jv+xMEcSY9i4E1GJ2YhxReFyZPWiZFRDi+h2oh++IL1nM2ubCz9TtEdWYp9AGl2a
AqIeHM6M
-----END CERTIFICATE-----