Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/xAiHlevOokX8J0kkdUdsBruDWiM.roa
File:                     xAiHlevOokX8J0kkdUdsBruDWiM.roa (raw, json)
Hash identifier:          7DGaIEXdMHsuGHt/CsRE1f7NYPb9h0HWaEPobFvNBl0=
Subject key identifier:   C4:08:87:95:EB:CE:A2:45:FC:27:49:24:75:47:6C:06:BB:83:5A:23
Certificate issuer:       /CN=d15a1098c5c8535c9758f128d8a082df7cf8510b
Certificate serial:       018DC7DC4CD65F4EA66600BCEE72474B00D2
Authority key identifier: D1:5A:10:98:C5:C8:53:5C:97:58:F1:28:D8:A0:82:DF:7C:F8:51:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0VoQmMXIU1yXWPEo2KCC33z4UQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/xAiHlevOokX8J0kkdUdsBruDWiM.roa
Signing time:             Tue 20 Feb 2024 18:52:00 +0000
ROA not before:           Tue 20 Feb 2024 18:52:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200186
IP address blocks:        185.144.97.0/24 maxlen: 24
                          194.164.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/0VoQmMXIU1yXWPEo2KCC33z4UQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/0VoQmMXIU1yXWPEo2KCC33z4UQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0VoQmMXIU1yXWPEo2KCC33z4UQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:dc:4c:d6:5f:4e:a6:66:00:bc:ee:72:47:4b:00:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d15a1098c5c8535c9758f128d8a082df7cf8510b
        Validity
            Not Before: Feb 20 18:52:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4088795ebcea245fc27492475476c06bb835a23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cf:bf:44:5d:9c:2e:b8:96:ec:b0:59:6c:22:
                    8d:70:49:2d:71:8f:03:cf:f8:cf:89:52:1e:f2:1d:
                    44:ee:ba:6c:0a:52:9e:32:44:b2:cd:d0:ce:e1:2c:
                    93:3d:41:44:32:a4:43:2d:63:73:ff:97:03:dd:96:
                    c4:a0:ca:3d:57:0a:c2:99:9f:25:5a:84:83:c7:41:
                    50:d4:2b:a0:22:74:04:27:b0:a8:e1:05:d3:5c:c3:
                    3a:bd:ee:48:16:96:0a:26:8b:2b:68:5d:be:fa:20:
                    cb:58:c5:06:fb:ba:50:65:af:0b:d0:23:ad:9f:8c:
                    bf:9a:38:16:5b:95:48:72:54:88:2d:c6:1d:62:8f:
                    ee:fd:da:7e:41:f4:b4:6d:e7:6a:99:fc:e2:f5:b5:
                    e6:bd:a2:54:5a:a5:05:94:a6:e3:22:92:5c:43:8b:
                    79:ee:5b:98:5c:92:e8:0b:c4:23:fa:57:d6:57:82:
                    06:95:6c:44:2f:ee:e8:37:0c:91:8a:18:ad:8a:76:
                    68:2b:ac:e8:d5:33:4c:a7:9c:15:34:be:06:98:79:
                    20:dc:cd:ef:71:90:80:f9:6f:e0:e2:8b:55:38:fc:
                    87:2d:d4:9c:4b:0f:53:16:e4:3d:56:d2:81:f8:58:
                    cd:8e:67:fa:e4:41:2d:87:6e:bd:94:2b:7a:4d:a8:
                    d8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:08:87:95:EB:CE:A2:45:FC:27:49:24:75:47:6C:06:BB:83:5A:23
            X509v3 Authority Key Identifier:
                keyid:D1:5A:10:98:C5:C8:53:5C:97:58:F1:28:D8:A0:82:DF:7C:F8:51:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0VoQmMXIU1yXWPEo2KCC33z4UQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/xAiHlevOokX8J0kkdUdsBruDWiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/0VoQmMXIU1yXWPEo2KCC33z4UQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.97.0/24
                  194.164.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:0f:be:f3:85:9d:d9:0b:88:f3:1e:50:3f:9d:1b:f4:38:ca:
         32:40:ad:e7:da:2f:40:77:43:9d:94:28:cc:8e:7c:73:f1:67:
         cf:6b:42:87:4f:d6:cf:0d:fb:f7:08:c9:9a:3e:2d:4b:a7:32:
         7d:f0:cb:f0:f7:d6:5f:0e:43:c4:2e:88:df:81:67:c0:ce:86:
         98:ed:fa:8c:1b:c4:82:47:ac:f6:9d:96:db:b2:ae:d1:3b:1a:
         a1:19:95:d8:5d:0d:46:6a:d4:64:d6:ef:f1:cf:75:f5:29:df:
         25:8c:79:b1:c3:b0:21:bc:7c:99:05:5f:86:13:22:8c:c7:f0:
         f4:d7:18:de:f3:22:14:4d:e1:68:34:37:74:40:1b:7a:8f:09:
         77:48:c7:d0:8f:f3:4c:ed:d0:e1:95:23:68:20:4e:70:46:40:
         dc:94:f9:21:df:ea:91:9c:c3:e8:dc:6b:c4:6e:3b:93:37:b7:
         b9:2b:e9:cc:0a:dd:79:8c:1b:1d:2a:c1:5c:e5:bd:e1:d0:ef:
         43:8b:45:60:53:0e:03:e1:8b:27:e3:49:0d:ff:b3:b5:83:88:
         a7:e1:c8:ac:de:ba:2d:be:f3:ec:60:51:07:42:ae:56:c7:32:
         67:77:be:b5:5d:2c:a2:48:87:f6:db:6c:38:dd:e9:e9:10:76:
         1d:1a:29:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3H3EzWX06mZgC87nJHSwDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxNWExMDk4YzVjODUzNWM5NzU4ZjEyOGQ4YTA4MmRmN2Nm
ODUxMGIwHhcNMjQwMjIwMTg1MjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDA4ODc5NWViY2VhMjQ1ZmMyNzQ5MjQ3NTQ3NmMwNmJiODM1YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmc+/RF2cLriW7LBZbCKNcEktcY8D
z/jPiVIe8h1E7rpsClKeMkSyzdDO4SyTPUFEMqRDLWNz/5cD3ZbEoMo9VwrCmZ8l
WoSDx0FQ1CugInQEJ7Co4QXTXMM6ve5IFpYKJosraF2++iDLWMUG+7pQZa8L0COt
n4y/mjgWW5VIclSILcYdYo/u/dp+QfS0bedqmfzi9bXmvaJUWqUFlKbjIpJcQ4t5
7luYXJLoC8Qj+lfWV4IGlWxEL+7oNwyRihitinZoK6zo1TNMp5wVNL4GmHkg3M3v
cZCA+W/g4otVOPyHLdScSw9TFuQ9VtKB+FjNjmf65EEth269lCt6TajYXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMQIh5XrzqJF/CdJJHVHbAa7g1ojMB8GA1UdIwQY
MBaAFNFaEJjFyFNcl1jxKNiggt98+FELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFZvUW1NWElVMXlYV1BFbzJLQ0MzM3o0VVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82YzQwMjEtMGI2Ny00NDg1LWI4MjMt
MGJkZGM4MDcxMWFlLzEveEFpSGxldk9va1g4SjBra2RVZHNCcnVEV2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82YzQwMjEtMGI2Ny00NDg1LWI4MjMtMGJkZGM4MDcxMWFl
LzEvMFZvUW1NWElVMXlYV1BFbzJLQ0MzM3o0VVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZBhAwQA
wqRlMA0GCSqGSIb3DQEBCwUAA4IBAQCbD77zhZ3ZC4jzHlA/nRv0OMoyQK3n2i9A
d0OdlCjMjnxz8WfPa0KHT9bPDfv3CMmaPi1LpzJ98Mvw99ZfDkPELojfgWfAzoaY
7fqMG8SCR6z2nZbbsq7ROxqhGZXYXQ1GatRk1u/xz3X1Kd8ljHmxw7AhvHyZBV+G
EyKMx/D01xje8yIUTeFoNDd0QBt6jwl3SMfQj/NM7dDhlSNoIE5wRkDclPkh3+qR
nMPo3GvEbjuTN7e5K+nMCt15jBsdKsFc5b3h0O9Di0VgUw4D4Ysn40kN/7O1g4in
4cis3rotvvPsYFEHQq5WxzJnd761XSyiSIf222w43enpEHYdGilN
-----END CERTIFICATE-----