Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/Xp3_D7f9lF3bWgfowU74SzcjIEk.roa
File:                     Xp3_D7f9lF3bWgfowU74SzcjIEk.roa (raw, json)
Hash identifier:          oGOtRi7HB9ZvQCvGulOonkcSy0IcHCOlR2mNF6iNjoY=
Subject key identifier:   5E:9D:FF:0F:B7:FD:94:5D:DB:5A:07:E8:C1:4E:F8:4B:37:23:20:49
Certificate issuer:       /CN=6ce2ee84ccf56cdc00fc2caa5929279dae14888a
Certificate serial:       018EF5D7D2DD5F7BFDA3F4B287026B6868CA
Authority key identifier: 6C:E2:EE:84:CC:F5:6C:DC:00:FC:2C:AA:59:29:27:9D:AE:14:88:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOLuhMz1bNwA_CyqWSknna4UiIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/Xp3_D7f9lF3bWgfowU74SzcjIEk.roa
Signing time:             Fri 19 Apr 2024 10:12:25 +0000
ROA not before:           Fri 19 Apr 2024 10:12:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12450
IP address blocks:        185.162.132.0/22 maxlen: 22
                          2a0f:c900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/bOLuhMz1bNwA_CyqWSknna4UiIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/bOLuhMz1bNwA_CyqWSknna4UiIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOLuhMz1bNwA_CyqWSknna4UiIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:d7:d2:dd:5f:7b:fd:a3:f4:b2:87:02:6b:68:68:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce2ee84ccf56cdc00fc2caa5929279dae14888a
        Validity
            Not Before: Apr 19 10:12:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e9dff0fb7fd945ddb5a07e8c14ef84b37232049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:72:cc:f8:bf:b0:f9:33:d1:fb:a0:74:d3:ac:
                    ad:8e:23:5c:64:dc:3b:73:d5:11:0e:79:bf:60:a5:
                    05:c5:17:5a:74:49:f4:03:35:05:2d:24:be:1c:09:
                    83:f4:42:79:48:3e:4d:2d:f3:09:1a:30:3c:8d:42:
                    3d:1b:eb:37:59:b8:01:e6:c5:7d:de:dc:1f:c4:1e:
                    e0:6d:12:28:77:3a:23:d0:f2:8b:a2:90:05:b3:2a:
                    26:3e:9a:03:a9:72:10:a7:0b:bd:7d:97:62:48:c8:
                    1d:0f:c7:12:4b:de:82:80:bf:6b:f7:4e:0d:87:2f:
                    54:0c:5d:ef:ba:e6:5e:db:ea:86:e6:cf:3f:3b:9c:
                    d7:91:ef:e9:4e:7d:d0:d5:a4:20:07:c7:93:ff:8b:
                    39:3b:b6:b0:f1:ab:e3:78:2b:a3:9e:c5:5a:d4:cb:
                    7a:af:87:aa:92:bf:9b:d5:3f:4e:c2:06:43:10:11:
                    ff:2a:9c:a2:86:36:08:eb:24:ff:eb:40:4a:fd:a0:
                    9b:fc:a0:c3:35:77:22:a5:10:7e:c4:fa:44:8c:0a:
                    9f:76:91:c9:b7:f3:08:d9:00:1d:1b:7a:05:03:13:
                    e3:d0:01:b2:aa:09:41:77:fe:97:72:e4:53:1a:1d:
                    18:63:4e:f7:9c:e4:d5:38:ab:4b:44:db:d1:32:d9:
                    df:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9D:FF:0F:B7:FD:94:5D:DB:5A:07:E8:C1:4E:F8:4B:37:23:20:49
            X509v3 Authority Key Identifier:
                keyid:6C:E2:EE:84:CC:F5:6C:DC:00:FC:2C:AA:59:29:27:9D:AE:14:88:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOLuhMz1bNwA_CyqWSknna4UiIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/Xp3_D7f9lF3bWgfowU74SzcjIEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/bOLuhMz1bNwA_CyqWSknna4UiIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.132.0/22
                IPv6:
                  2a0f:c900::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:a1:d0:44:0c:d8:83:17:be:58:5b:d5:32:12:df:8d:b2:62:
         43:bf:21:36:a4:4a:9d:69:0a:e3:11:ee:f7:98:c0:a9:68:e3:
         94:66:0b:5b:31:21:49:3d:06:86:6d:d7:93:71:6d:af:01:81:
         d0:b7:9a:13:8c:bd:5d:31:c4:1d:9c:4c:d3:15:a8:82:6e:cb:
         81:8e:54:8d:47:d3:15:5d:95:68:ab:1d:38:d0:43:f6:43:a7:
         75:af:4f:e2:41:01:6c:cb:c6:d5:1a:87:cd:bb:3d:00:69:20:
         0f:8a:0f:0c:3c:63:5f:0d:02:94:8b:96:c0:53:01:d2:30:5e:
         15:52:9e:4e:e6:1b:df:e5:97:2b:a4:e5:08:1b:2e:6d:c1:63:
         da:6b:c7:6c:2e:20:0a:42:84:7e:80:d5:ba:5c:6f:c2:21:9f:
         4a:b0:6f:d4:df:a3:76:9d:95:fa:c3:40:a5:e2:ef:8a:ab:71:
         3a:8f:f1:ae:f5:df:51:3c:4d:98:52:aa:97:58:f8:2e:9e:1a:
         ff:93:e3:3e:3a:ed:ad:bb:bb:61:c4:d1:c1:a4:05:ec:60:18:
         9d:0c:2c:e0:33:f2:f4:6e:50:3d:33:b6:64:b8:13:7d:c6:02:
         81:31:ef:a6:11:3d:1f:55:a5:85:57:4a:43:ff:ae:ab:66:25:
         b1:b2:4d:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7119LdX3v9o/SyhwJraGjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTJlZTg0Y2NmNTZjZGMwMGZjMmNhYTU5MjkyNzlkYWUx
NDg4OGEwHhcNMjQwNDE5MTAxMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTlkZmYwZmI3ZmQ5NDVkZGI1YTA3ZThjMTRlZjg0YjM3MjMyMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXLM+L+w+TPR+6B006ytjiNcZNw7
c9URDnm/YKUFxRdadEn0AzUFLSS+HAmD9EJ5SD5NLfMJGjA8jUI9G+s3WbgB5sV9
3twfxB7gbRIodzoj0PKLopAFsyomPpoDqXIQpwu9fZdiSMgdD8cSS96CgL9r904N
hy9UDF3vuuZe2+qG5s8/O5zXke/pTn3Q1aQgB8eT/4s5O7aw8avjeCujnsVa1Mt6
r4eqkr+b1T9OwgZDEBH/KpyihjYI6yT/60BK/aCb/KDDNXcipRB+xPpEjAqfdpHJ
t/MI2QAdG3oFAxPj0AGyqglBd/6XcuRTGh0YY073nOTVOKtLRNvRMtnfEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF6d/w+3/ZRd21oH6MFO+Es3IyBJMB8GA1UdIwQY
MBaAFGzi7oTM9WzcAPwsqlkpJ52uFIiKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9MdWhNejFiTndBX0N5cVdTa25uYTRVaUlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83ZDZmMmYtOTg0ZC00OTYxLWE2M2It
NDk1YzZmMmM1MTczLzEvWHAzX0Q3ZjlsRjNiV2dmb3dVNzRTemNqSUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83ZDZmMmYtOTg0ZC00OTYxLWE2M2ItNDk1YzZmMmM1MTcz
LzEvYk9MdWhNejFiTndBX0N5cVdTa25uYTRVaUlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaKEMA0E
AgACMAcDBQMqD8kAMA0GCSqGSIb3DQEBCwUAA4IBAQBpodBEDNiDF75YW9UyEt+N
smJDvyE2pEqdaQrjEe73mMCpaOOUZgtbMSFJPQaGbdeTcW2vAYHQt5oTjL1dMcQd
nEzTFaiCbsuBjlSNR9MVXZVoqx040EP2Q6d1r0/iQQFsy8bVGofNuz0AaSAPig8M
PGNfDQKUi5bAUwHSMF4VUp5O5hvf5ZcrpOUIGy5twWPaa8dsLiAKQoR+gNW6XG/C
IZ9KsG/U36N2nZX6w0Cl4u+Kq3E6j/Gu9d9RPE2YUqqXWPgunhr/k+M+Ou2tu7th
xNHBpAXsYBidDCzgM/L0blA9M7ZkuBN9xgKBMe+mET0fVaWFV0pD/66rZiWxsk02
-----END CERTIFICATE-----