Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/xb_KH-TXH9L2pdZa6nT76ypnAXw.roa
File:                     xb_KH-TXH9L2pdZa6nT76ypnAXw.roa (raw, json)
Hash identifier:          yYrX3uCd9XfvTP+YGAtYy/6GIfxiPoNCVXPYsU/G1j0=
Subject key identifier:   C5:BF:CA:1F:E4:D7:1F:D2:F6:A5:D6:5A:EA:74:FB:EB:2A:67:01:7C
Certificate issuer:       /CN=cb6f2040d94c995b0461dc5114a4c087351e99f2
Certificate serial:       018CC64B73F5F96E5D21C7EBD9B6D0289556
Authority key identifier: CB:6F:20:40:D9:4C:99:5B:04:61:DC:51:14:A4:C0:87:35:1E:99:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/xb_KH-TXH9L2pdZa6nT76ypnAXw.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34226
IP address blocks:        185.81.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/y28gQNlMmVsEYdxRFKTAhzUemfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/y28gQNlMmVsEYdxRFKTAhzUemfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:73:f5:f9:6e:5d:21:c7:eb:d9:b6:d0:28:95:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb6f2040d94c995b0461dc5114a4c087351e99f2
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5bfca1fe4d71fd2f6a5d65aea74fbeb2a67017c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3a:24:e0:62:ec:97:86:0c:2a:6c:f7:04:30:
                    46:82:77:58:8d:86:80:4f:66:a5:64:7a:57:e9:ff:
                    83:fc:62:b5:b4:39:5a:ec:bc:da:3d:55:94:b3:ad:
                    51:3e:e6:e0:d5:b7:53:b0:20:f0:a4:ce:43:c1:44:
                    b6:ab:8b:2a:7c:31:c0:af:95:c9:44:74:38:8c:c6:
                    85:1d:1e:b4:26:5a:e8:f0:63:fb:d8:62:4a:be:1d:
                    d2:bd:02:cc:2f:92:8b:b4:55:3d:f2:c8:3e:94:ea:
                    ab:49:ca:1f:e1:f3:fd:e1:73:53:1f:3d:10:d0:84:
                    82:c0:0a:a3:e5:a9:56:5c:fb:7a:0b:6f:ff:e2:ed:
                    6f:0d:02:45:7c:44:6c:26:4e:2c:62:6a:da:86:c0:
                    e5:96:b0:36:2f:ea:be:90:be:f0:ac:1c:e3:62:35:
                    83:84:0b:11:0e:e5:35:f2:ff:0f:4e:fc:0c:fe:45:
                    c9:31:58:b1:dc:b8:bd:d9:68:1d:14:5a:55:55:ae:
                    e1:e2:e1:c4:e9:56:e2:6f:02:de:0e:dd:8e:2c:6b:
                    5c:22:ad:76:9b:40:9b:67:7d:e3:26:7a:62:fc:d7:
                    f3:ea:81:66:69:b8:6a:a6:69:52:1d:ce:79:c3:23:
                    ab:bf:eb:74:91:e1:30:60:37:a5:c8:8e:f9:3e:be:
                    22:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BF:CA:1F:E4:D7:1F:D2:F6:A5:D6:5A:EA:74:FB:EB:2A:67:01:7C
            X509v3 Authority Key Identifier:
                keyid:CB:6F:20:40:D9:4C:99:5B:04:61:DC:51:14:A4:C0:87:35:1E:99:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/xb_KH-TXH9L2pdZa6nT76ypnAXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/y28gQNlMmVsEYdxRFKTAhzUemfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:1b:2f:ab:27:15:e8:db:08:59:c1:96:21:3a:2d:0e:3c:e6:
         1f:85:7f:bc:e0:cc:e5:81:dc:8e:20:6f:c7:bb:09:10:c3:47:
         71:cb:f8:88:2e:b0:b2:f4:f7:b4:1b:31:52:fd:9f:20:27:1b:
         75:1f:48:b3:5a:75:bc:bf:61:7f:d2:04:6f:bb:5b:d0:31:66:
         73:d0:95:59:0b:07:c3:df:f3:53:8d:db:e1:06:3c:af:db:53:
         c7:b0:69:7f:16:fe:0b:4e:55:8a:26:7d:af:4e:b8:b3:43:e0:
         46:64:9a:8f:41:c3:08:fb:73:8e:d3:d5:c4:60:5e:99:7e:24:
         c4:88:d5:2b:e6:59:cf:f9:26:e3:61:3d:26:67:7a:48:f0:df:
         be:ba:ff:b3:9c:68:6d:e4:06:7d:b0:69:10:11:49:0c:5e:a5:
         ac:cb:9f:f8:b2:52:2f:4e:19:02:18:65:64:8d:1e:ea:af:52:
         8a:7a:bf:d8:12:47:5e:d9:0f:c8:53:65:8f:81:6d:d7:d3:ca:
         20:46:77:73:bd:8c:2b:3a:8d:64:07:33:22:0f:b1:fa:3f:e8:
         a8:b0:73:31:50:33:07:24:44:ed:4b:1a:8d:26:c9:af:33:f3:
         d2:cb:2e:42:a2:e3:df:2f:c3:a9:24:5d:e4:16:0b:82:ed:48:
         2c:37:e9:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3P1+W5dIcfr2bbQKJVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNmYyMDQwZDk0Yzk5NWIwNDYxZGM1MTE0YTRjMDg3MzUx
ZTk5ZjIwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWJmY2ExZmU0ZDcxZmQyZjZhNWQ2NWFlYTc0ZmJlYjJhNjcwMTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDok4GLsl4YMKmz3BDBGgndYjYaA
T2alZHpX6f+D/GK1tDla7LzaPVWUs61RPubg1bdTsCDwpM5DwUS2q4sqfDHAr5XJ
RHQ4jMaFHR60Jlro8GP72GJKvh3SvQLML5KLtFU98sg+lOqrScof4fP94XNTHz0Q
0ISCwAqj5alWXPt6C2//4u1vDQJFfERsJk4sYmrahsDllrA2L+q+kL7wrBzjYjWD
hAsRDuU18v8PTvwM/kXJMVix3Li92WgdFFpVVa7h4uHE6VbibwLeDt2OLGtcIq12
m0CbZ33jJnpi/Nfz6oFmabhqpmlSHc55wyOrv+t0keEwYDelyI75Pr4iswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMW/yh/k1x/S9qXWWup0++sqZwF8MB8GA1UdIwQY
MBaAFMtvIEDZTJlbBGHcURSkwIc1HpnyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTI4Z1FObE1tVnNFWWR4UkZLVEFoelVlbWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81MTRhYTUtYzUxZC00OGIxLWFlMDYt
MTk4MDhiZjQ0NDcxLzEveGJfS0gtVFhIOUwycGRaYTZuVDc2eXBuQVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81MTRhYTUtYzUxZC00OGIxLWFlMDYtMTk4MDhiZjQ0NDcx
LzEveTI4Z1FObE1tVnNFWWR4UkZLVEFoelVlbWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEUMA0G
CSqGSIb3DQEBCwUAA4IBAQAiGy+rJxXo2whZwZYhOi0OPOYfhX+84MzlgdyOIG/H
uwkQw0dxy/iILrCy9Pe0GzFS/Z8gJxt1H0izWnW8v2F/0gRvu1vQMWZz0JVZCwfD
3/NTjdvhBjyv21PHsGl/Fv4LTlWKJn2vTrizQ+BGZJqPQcMI+3OO09XEYF6ZfiTE
iNUr5lnP+SbjYT0mZ3pI8N++uv+znGht5AZ9sGkQEUkMXqWsy5/4slIvThkCGGVk
jR7qr1KKer/YEkde2Q/IU2WPgW3X08ogRndzvYwrOo1kBzMiD7H6P+iosHMxUDMH
JETtSxqNJsmvM/PSyy5CouPfL8OpJF3kFguC7UgsN+mu
-----END CERTIFICATE-----