Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/xkbuLbmsXLCQ-l6bciy-ZzWAdT0.roa
File:                     xkbuLbmsXLCQ-l6bciy-ZzWAdT0.roa (raw, json)
Hash identifier:          vayMyJoYxbpt/hNPnLKfOFPXYnDXSImDD6pyJsljYRg=
Subject key identifier:   C6:46:EE:2D:B9:AC:5C:B0:90:FA:5E:9B:72:2C:BE:67:35:80:75:3D
Certificate issuer:       /CN=98901c7cffd19a4fea78f79b1004999266dcc224
Certificate serial:       019035A352FA1624AD5731B80406BEB82282
Authority key identifier: 98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/xkbuLbmsXLCQ-l6bciy-ZzWAdT0.roa
Signing time:             Thu 20 Jun 2024 12:33:34 +0000
ROA not before:           Thu 20 Jun 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29550
IP address blocks:        185.43.232.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:a3:52:fa:16:24:ad:57:31:b8:04:06:be:b8:22:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98901c7cffd19a4fea78f79b1004999266dcc224
        Validity
            Not Before: Jun 20 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c646ee2db9ac5cb090fa5e9b722cbe673580753d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f3:b2:cb:b4:7a:7c:1b:5b:9b:46:46:ca:e8:
                    c7:75:11:b2:33:df:d8:aa:54:c4:d7:eb:45:5f:77:
                    d9:fe:f5:3a:bb:b5:ad:8f:c7:ad:71:ca:de:cb:54:
                    8c:e3:d0:dc:d7:4f:8a:72:d8:9f:c3:5e:32:c1:5a:
                    03:25:fe:f2:20:ac:4d:d9:4d:a0:6d:5d:58:42:9f:
                    40:f8:33:2b:b2:c2:53:7e:78:b2:ce:91:2a:4e:c5:
                    16:33:8e:f6:50:d0:a5:a6:84:2a:10:fd:60:c4:dd:
                    49:44:1f:3b:79:79:0d:93:87:0f:a8:61:7a:d5:64:
                    ba:6e:2a:5f:cd:09:18:53:c8:9f:cf:52:65:2d:6b:
                    1d:bd:a9:2e:a9:89:d2:a0:e0:3a:dd:e2:1d:c8:ca:
                    98:36:2b:8a:f9:b3:63:27:74:8d:95:ff:af:66:c7:
                    7a:7f:d0:31:cd:a8:65:e9:45:af:fd:75:c9:40:a1:
                    85:2d:14:79:a0:55:50:d5:41:12:9b:0f:ae:d3:f9:
                    47:9a:0c:dc:98:12:dd:1f:54:41:cc:33:91:c1:dd:
                    86:9b:b0:4a:d0:12:f9:76:08:fc:af:f0:cd:49:06:
                    24:57:e1:9c:78:88:66:0c:2e:8a:d2:5a:cc:04:a3:
                    07:62:34:f8:b0:0c:f1:9c:93:96:11:15:3c:ff:46:
                    88:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:46:EE:2D:B9:AC:5C:B0:90:FA:5E:9B:72:2C:BE:67:35:80:75:3D
            X509v3 Authority Key Identifier:
                keyid:98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/xkbuLbmsXLCQ-l6bciy-ZzWAdT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:ad:2b:35:15:8d:fd:49:b8:bd:4b:87:14:ff:3c:9e:ee:81:
         3d:99:88:72:a4:dc:b0:c5:47:2d:62:75:ec:2d:ff:56:cd:c7:
         fb:1a:e7:5f:ed:75:06:d9:38:ee:bd:a2:04:14:3c:57:25:7f:
         6a:1d:27:e9:05:73:cf:b6:59:e4:43:49:75:13:44:6f:89:79:
         53:78:db:54:1c:d8:6f:22:d8:3a:1e:54:dd:33:85:41:c8:d5:
         80:ba:68:a9:d7:f9:b1:1f:b1:85:9e:69:49:2e:d9:15:fe:ce:
         5d:02:5f:ab:51:9c:dd:ff:67:5a:27:61:22:dd:39:2f:3c:aa:
         f7:3c:74:60:b9:04:64:2b:44:1b:04:fb:1e:43:5e:8c:8f:d0:
         68:c4:aa:c4:c3:15:90:46:59:1f:b4:7b:4e:37:ce:93:8e:63:
         55:f5:04:0f:a0:4a:aa:58:e0:33:a9:47:0d:5f:03:f1:e9:bc:
         ab:d7:67:14:06:a0:c8:79:a9:fd:9d:1d:91:3e:f2:23:02:d2:
         9e:0f:7d:06:5e:70:77:26:31:7f:e2:21:3f:84:41:a7:1d:f0:
         ef:4b:99:58:9f:85:15:50:25:4d:33:97:64:96:f7:04:b8:79:
         bb:79:53:63:ce:50:07:03:07:63:a0:d5:84:14:f1:66:6e:48:
         96:0f:7f:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA1o1L6FiStVzG4BAa+uCKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTAxYzdjZmZkMTlhNGZlYTc4Zjc5YjEwMDQ5OTkyNjZk
Y2MyMjQwHhcNMjQwNjIwMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQ2ZWUyZGI5YWM1Y2IwOTBmYTVlOWI3MjJjYmU2NzM1ODA3NTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fOyy7R6fBtbm0ZGyujHdRGyM9/Y
qlTE1+tFX3fZ/vU6u7Wtj8etccrey1SM49Dc10+Kctifw14ywVoDJf7yIKxN2U2g
bV1YQp9A+DMrssJTfniyzpEqTsUWM472UNClpoQqEP1gxN1JRB87eXkNk4cPqGF6
1WS6bipfzQkYU8ifz1JlLWsdvakuqYnSoOA63eIdyMqYNiuK+bNjJ3SNlf+vZsd6
f9Axzahl6UWv/XXJQKGFLRR5oFVQ1UESmw+u0/lHmgzcmBLdH1RBzDORwd2Gm7BK
0BL5dgj8r/DNSQYkV+GceIhmDC6K0lrMBKMHYjT4sAzxnJOWERU8/0aIHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZG7i25rFywkPpem3Isvmc1gHU9MB8GA1UdIwQY
MBaAFJiQHHz/0ZpP6nj3mxAEmZJm3MIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYt
Y2JjMjc5N2MxZDBhLzEveGtidUxibXNYTENRLWw2YmNpeS1aeldBZFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYtY2JjMjc5N2MxZDBh
LzEvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSvoMA0G
CSqGSIb3DQEBCwUAA4IBAQA2rSs1FY39Sbi9S4cU/zye7oE9mYhypNywxUctYnXs
Lf9Wzcf7Gudf7XUG2TjuvaIEFDxXJX9qHSfpBXPPtlnkQ0l1E0RviXlTeNtUHNhv
Itg6HlTdM4VByNWAumip1/mxH7GFnmlJLtkV/s5dAl+rUZzd/2daJ2Ei3TkvPKr3
PHRguQRkK0QbBPseQ16Mj9BoxKrEwxWQRlkftHtON86TjmNV9QQPoEqqWOAzqUcN
XwPx6byr12cUBqDIean9nR2RPvIjAtKeD30GXnB3JjF/4iE/hEGnHfDvS5lYn4UV
UCVNM5dklvcEuHm7eVNjzlAHAwdjoNWEFPFmbkiWD39l
-----END CERTIFICATE-----