Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/xmXVIqQ238_dSyLBXBPNB6Lu9fo.roa
File:                     xmXVIqQ238_dSyLBXBPNB6Lu9fo.roa (raw, json)
Hash identifier:          mIw86KZhvTaFmdo9SmVjUQrapT2ABnnhEDujWMzArSE=
Subject key identifier:   C6:65:D5:22:A4:36:DF:CF:DD:4B:22:C1:5C:13:CD:07:A2:EE:F5:FA
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       018CC6B79899B20986E2B5991F5B78B8A5AF
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/xmXVIqQ238_dSyLBXBPNB6Lu9fo.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50299
IP address blocks:        62.140.231.0/24 maxlen: 24
                          62.140.251.0/24 maxlen: 24
                          80.77.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:98:99:b2:09:86:e2:b5:99:1f:5b:78:b8:a5:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c665d522a436dfcfdd4b22c15c13cd07a2eef5fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:56:ee:df:db:3e:43:34:d1:e4:ba:de:f8:4e:
                    49:35:99:68:40:f2:16:82:6a:19:7b:06:90:b9:1e:
                    b1:b9:b1:3f:24:cf:2c:fc:b2:9d:f7:43:17:90:64:
                    a1:cd:ac:56:d6:ae:1d:0b:1b:49:ab:e4:0e:c3:70:
                    7d:8d:ec:7a:1b:03:64:53:fd:e1:c1:bc:8d:c5:e2:
                    ed:c9:be:ac:3e:af:8b:0f:aa:09:29:4d:89:c3:5f:
                    60:78:1b:62:bd:b7:41:af:60:f7:68:d6:13:d0:e7:
                    21:e5:58:f5:d6:f5:20:ea:23:c4:b6:ff:9a:a2:03:
                    03:9b:10:96:5f:6c:f9:d3:52:83:aa:8c:c3:39:7a:
                    a6:36:ee:5d:d8:e8:5c:8e:4a:96:36:2e:aa:75:ce:
                    6d:76:90:89:6e:55:f4:d0:e2:1e:40:59:b9:e2:27:
                    8f:60:d3:89:be:7c:a5:37:f3:a8:11:94:f1:69:83:
                    3d:03:fe:e9:f5:33:d2:9c:17:65:88:99:a2:7e:20:
                    e3:0f:23:19:60:f7:ea:fd:d9:01:1a:b7:b9:2a:03:
                    e1:15:df:be:19:bd:bb:22:8a:56:8e:09:3b:bb:4b:
                    ba:a2:d3:b4:96:62:f8:ee:d9:17:53:58:b2:3b:64:
                    20:32:52:6f:91:91:c4:45:95:b6:30:0a:f6:50:11:
                    73:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:65:D5:22:A4:36:DF:CF:DD:4B:22:C1:5C:13:CD:07:A2:EE:F5:FA
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/xmXVIqQ238_dSyLBXBPNB6Lu9fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.140.231.0/24
                  62.140.251.0/24
                  80.77.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:2d:6c:b4:a4:ce:5d:db:29:af:c6:41:e2:5a:e6:20:90:bf:
         8e:cf:d9:12:bf:8c:d4:a0:54:76:1c:d3:69:ff:e7:5b:c8:6b:
         a8:ab:e0:6b:05:bd:5a:f8:af:6d:d9:d2:02:5a:e6:da:d7:e3:
         91:c9:b3:8c:82:89:24:35:7c:81:78:06:4f:42:7a:07:b8:59:
         da:79:36:11:8c:69:32:58:0e:b6:53:a6:6e:a0:8d:ca:20:02:
         d0:7d:b9:20:9f:9e:94:95:fa:a9:3b:f9:c3:31:bf:34:56:35:
         32:75:14:67:4d:4b:75:03:48:8e:0b:f0:44:85:e5:a0:8d:51:
         0f:0b:2c:32:ba:dc:0e:17:9f:66:59:c9:5f:9e:0b:0c:15:e0:
         ec:69:04:c2:cc:26:ce:12:02:5c:e7:2d:bb:c7:df:14:18:2c:
         f3:95:53:d2:b4:04:1f:de:57:4b:e5:88:35:22:5b:50:94:e5:
         f9:12:c8:8e:b0:0c:cc:39:2d:af:89:6e:f6:d2:4e:28:ca:48:
         fe:bb:08:1e:69:b0:30:62:ca:ba:76:57:64:8a:0a:86:d9:16:
         e8:56:c5:cc:40:57:d1:56:b8:3a:9a:55:32:d5:48:34:3f:99:
         da:13:4d:55:e6:f6:d9:45:6c:9c:04:2a:3c:bf:cd:20:56:9e:
         7e:32:a0:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGt5iZsgmG4rWZH1t4uKWvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY1ZDUyMmE0MzZkZmNmZGQ0YjIyYzE1YzEzY2QwN2EyZWVmNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVbu39s+QzTR5Lre+E5JNZloQPIW
gmoZewaQuR6xubE/JM8s/LKd90MXkGShzaxW1q4dCxtJq+QOw3B9jex6GwNkU/3h
wbyNxeLtyb6sPq+LD6oJKU2Jw19geBtivbdBr2D3aNYT0Och5Vj11vUg6iPEtv+a
ogMDmxCWX2z501KDqozDOXqmNu5d2OhcjkqWNi6qdc5tdpCJblX00OIeQFm54ieP
YNOJvnylN/OoEZTxaYM9A/7p9TPSnBdliJmifiDjDyMZYPfq/dkBGre5KgPhFd++
Gb27IopWjgk7u0u6otO0lmL47tkXU1iyO2QgMlJvkZHERZW2MAr2UBFzzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMZl1SKkNt/P3UsiwVwTzQei7vX6MB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEveG1YVklxUTIzOF9kU3lMQlhCUE5CNkx1OWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPoznAwQA
Poz7AwQBUE2qMA0GCSqGSIb3DQEBCwUAA4IBAQCqLWy0pM5d2ymvxkHiWuYgkL+O
z9kSv4zUoFR2HNNp/+dbyGuoq+BrBb1a+K9t2dICWuba1+ORybOMgokkNXyBeAZP
QnoHuFnaeTYRjGkyWA62U6ZuoI3KIALQfbkgn56UlfqpO/nDMb80VjUydRRnTUt1
A0iOC/BEheWgjVEPCywyutwOF59mWclfngsMFeDsaQTCzCbOEgJc5y27x98UGCzz
lVPStAQf3ldL5Yg1IltQlOX5EsiOsAzMOS2viW720k4oykj+uwgeabAwYsq6dldk
igqG2RboVsXMQFfRVrg6mlUy1Ug0P5naE01V5vbZRWycBCo8v80gVp5+MqDP
-----END CERTIFICATE-----