Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XkB-NKuCSJlERneCoeVDOH-WQ7A.roa
File:                     XkB-NKuCSJlERneCoeVDOH-WQ7A.roa (raw, json)
Hash identifier:          6k1Ns4DGcjISCg7YM8mPZLzZh/bjnC0wGqOhG0W6zXs=
Subject key identifier:   5E:40:7E:34:AB:82:48:99:44:46:77:82:A1:E5:43:38:7F:96:43:B0
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DACE72E4841272BA84EA2C5F619AC6
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XkB-NKuCSJlERneCoeVDOH-WQ7A.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204464
IP address blocks:        185.248.96.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ce:72:e4:84:12:72:ba:84:ea:2c:5f:61:9a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e407e34ab82489944467782a1e543387f9643b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2e:8d:f4:c3:ac:df:4f:6a:b6:38:73:12:59:
                    8e:54:d0:4e:ff:23:76:1b:34:fb:66:b9:53:90:ed:
                    7e:0a:2e:b3:b9:16:6f:03:a0:18:03:b2:4b:57:9b:
                    63:22:b6:ce:0e:c4:5b:40:ff:bc:11:fb:59:67:f8:
                    87:8e:71:dc:9e:0d:14:99:82:b7:ba:1d:69:7f:56:
                    9c:e0:11:68:b0:6c:81:10:5e:d9:86:a7:ef:97:94:
                    c0:bd:8b:3c:f6:58:50:5c:01:05:79:da:ea:5a:10:
                    13:ec:62:cd:0f:95:49:c8:e6:65:cf:63:88:bf:1f:
                    b7:c7:ff:05:5f:ec:6f:20:18:65:54:0c:f4:fb:67:
                    15:23:94:c9:58:b7:dc:d2:1e:f6:e6:c1:63:95:ed:
                    d8:9a:60:a9:a8:68:93:e5:ca:a9:1b:f2:18:94:c1:
                    2c:65:df:5d:10:ac:c1:87:54:6e:fe:af:34:fc:dd:
                    06:c0:7e:af:1a:e7:84:27:9a:05:b8:a9:cf:f9:84:
                    1b:fc:e8:59:05:3f:6f:a4:55:bd:20:be:53:10:bc:
                    fd:9f:92:8a:1f:e6:9d:64:e2:af:39:38:4b:ec:e0:
                    12:ea:ed:7a:80:78:ff:d7:74:3a:61:81:05:ad:df:
                    54:47:55:48:4e:db:79:7e:f2:33:bf:e2:74:44:06:
                    eb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:40:7E:34:AB:82:48:99:44:46:77:82:A1:E5:43:38:7F:96:43:B0
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XkB-NKuCSJlERneCoeVDOH-WQ7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:49:7d:1a:36:a0:d9:8e:2b:8e:08:de:f9:ac:75:5f:03:88:
         1d:0d:9f:b7:e3:c3:7a:9f:01:f1:e2:3a:90:6c:21:27:27:ba:
         69:a1:e4:08:b7:cb:73:b2:99:27:0e:0d:d5:d7:6f:c3:c2:f8:
         8f:61:da:e6:8f:e4:b7:cf:4a:b4:54:e4:0b:7e:b9:04:6c:d0:
         63:50:96:83:15:16:c0:85:29:85:1b:0b:c3:1f:29:e4:8a:fe:
         08:49:eb:19:c8:48:a7:11:63:18:b5:e7:ad:8a:9a:63:e2:be:
         5d:4d:de:a0:ec:1c:b1:ba:cc:8f:f6:82:90:ba:30:32:b5:35:
         05:c9:d9:b2:5d:99:99:fc:25:5a:2a:1d:6d:73:ed:7b:73:27:
         f1:06:f0:55:ad:d3:cf:53:03:87:55:cf:7f:75:b6:56:a6:5f:
         af:6d:75:d2:39:19:4f:93:8a:1a:df:d9:67:4b:39:7d:e2:3a:
         a6:03:f6:f0:ae:16:25:2f:54:9a:4c:39:d5:0a:ca:56:b2:f7:
         4d:21:5b:84:f3:91:2f:51:cf:2f:90:b8:71:91:16:cc:7e:8d:
         70:18:c7:c0:0c:d6:76:dd:68:d7:47:a8:6e:a0:9f:c3:bd:49:
         0f:05:00:c3:5d:64:56:18:9f:af:fe:6a:e5:4a:2d:93:3e:61:
         d1:ef:65:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s5y5IQScrqE6ixfYZrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQwN2UzNGFiODI0ODk5NDQ0Njc3ODJhMWU1NDMzODdmOTY0M2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC6N9MOs309qtjhzElmOVNBO/yN2
GzT7ZrlTkO1+Ci6zuRZvA6AYA7JLV5tjIrbODsRbQP+8EftZZ/iHjnHcng0UmYK3
uh1pf1ac4BFosGyBEF7Zhqfvl5TAvYs89lhQXAEFedrqWhAT7GLND5VJyOZlz2OI
vx+3x/8FX+xvIBhlVAz0+2cVI5TJWLfc0h725sFjle3YmmCpqGiT5cqpG/IYlMEs
Zd9dEKzBh1Ru/q80/N0GwH6vGueEJ5oFuKnP+YQb/OhZBT9vpFW9IL5TELz9n5KK
H+adZOKvOThL7OAS6u16gHj/13Q6YYEFrd9UR1VITtt5fvIzv+J0RAbr2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5AfjSrgkiZREZ3gqHlQzh/lkOwMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvWGtCLU5LdUNTSmxFUm5lQ29lVkRPSC1XUTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufhgMA0G
CSqGSIb3DQEBCwUAA4IBAQBiSX0aNqDZjiuOCN75rHVfA4gdDZ+348N6nwHx4jqQ
bCEnJ7ppoeQIt8tzspknDg3V12/DwviPYdrmj+S3z0q0VOQLfrkEbNBjUJaDFRbA
hSmFGwvDHynkiv4ISesZyEinEWMYteetippj4r5dTd6g7ByxusyP9oKQujAytTUF
ydmyXZmZ/CVaKh1tc+17cyfxBvBVrdPPUwOHVc9/dbZWpl+vbXXSORlPk4oa39ln
Szl94jqmA/bwrhYlL1SaTDnVCspWsvdNIVuE85EvUc8vkLhxkRbMfo1wGMfADNZ2
3WjXR6huoJ/DvUkPBQDDXWRWGJ+v/mrlSi2TPmHR72Ut
-----END CERTIFICATE-----