Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/XXKSMBfdtj4wckKpZqtviuU7xFg.roa
File:                     XXKSMBfdtj4wckKpZqtviuU7xFg.roa (raw, json)
Hash identifier:          AnVa68j0ow0iry2rgLMUfSnCOuwaBZQrrfYMJBvfaO0=
Subject key identifier:   5D:72:92:30:17:DD:B6:3E:30:72:42:A9:66:AB:6F:8A:E5:3B:C4:58
Certificate issuer:       /CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
Certificate serial:       018CC49315DCE519DA21CEB621D450804393
Authority key identifier: FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/XXKSMBfdtj4wckKpZqtviuU7xFg.roa
Signing time:             Mon 01 Jan 2024 10:30:22 +0000
ROA not before:           Mon 01 Jan 2024 10:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        193.26.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:15:dc:e5:19:da:21:ce:b6:21:d4:50:80:43:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
        Validity
            Not Before: Jan  1 10:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d72923017ddb63e307242a966ab6f8ae53bc458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:e9:1f:6e:21:53:f6:08:7b:b5:bc:04:f8:
                    5a:8f:37:ea:4f:26:f2:56:bc:3f:c4:87:29:ae:8e:
                    d7:1f:6b:21:c3:62:f8:0c:94:96:1f:1e:11:50:41:
                    79:8c:9e:bd:4e:c4:6d:f7:31:e7:13:a2:9c:48:6c:
                    cf:5d:bd:9f:59:7d:9b:44:40:49:d8:3e:5c:4a:10:
                    39:22:90:85:1a:d5:87:cc:21:24:9a:3d:60:e2:18:
                    7a:71:f2:f6:e9:3f:4c:ec:54:2b:34:21:81:83:6d:
                    55:b9:04:ea:3f:71:1b:16:5e:85:0f:c4:55:eb:36:
                    13:9e:c1:5b:f1:9d:9e:59:62:27:6b:53:36:58:98:
                    f8:bf:2d:02:98:4a:6c:02:df:50:63:a2:c3:fc:cf:
                    e9:98:c3:8d:5b:40:44:18:ed:aa:16:db:da:37:d4:
                    5a:52:be:20:89:f2:fc:58:45:76:47:51:79:63:a0:
                    6b:64:1c:57:36:cb:03:44:45:fa:3f:90:56:2f:91:
                    22:77:33:6b:fa:14:a4:ca:b8:f8:c0:31:61:32:61:
                    db:e7:71:e3:bb:a9:74:74:08:26:c6:81:c2:4f:de:
                    16:d7:e6:11:32:86:68:c4:40:13:9b:68:1e:0f:d8:
                    65:9e:41:d8:71:d7:9c:bc:67:97:54:e1:1a:74:4a:
                    50:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:72:92:30:17:DD:B6:3E:30:72:42:A9:66:AB:6F:8A:E5:3B:C4:58
            X509v3 Authority Key Identifier:
                keyid:FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/XXKSMBfdtj4wckKpZqtviuU7xFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:02:eb:cf:e4:8d:bb:eb:3e:b0:a5:28:99:64:34:1b:9e:e0:
         d1:ce:40:e0:fa:f6:69:17:06:90:ef:73:cb:77:a3:6e:96:c8:
         c7:52:2f:66:c4:29:ce:97:43:53:6a:b2:d6:99:40:a2:fa:01:
         75:cf:9e:c2:82:1d:86:cb:af:e8:da:13:e5:62:26:cd:9e:84:
         31:c4:3d:7f:ff:e4:83:f6:26:00:99:77:1e:e7:ae:63:89:6c:
         f2:95:46:a3:7d:eb:65:18:37:d8:98:49:a9:cb:a2:f9:0b:61:
         45:45:ce:31:6d:4f:01:0d:b2:ec:10:59:20:00:b1:e2:ec:04:
         c6:16:6c:ce:49:af:87:a1:00:61:ee:fb:22:92:f4:21:a4:a4:
         20:0b:ee:f8:21:e6:03:a8:7f:c7:f0:bb:85:33:08:95:20:53:
         6f:af:2c:4d:e5:22:1d:e4:26:77:46:3b:2f:68:16:25:ca:28:
         21:f7:17:a2:70:30:0f:d2:f0:3a:a8:ac:39:04:2b:3b:e5:b6:
         78:5a:4d:21:8c:f3:ba:64:26:f4:67:20:81:2c:2a:62:e4:65:
         3a:d5:f2:f3:f0:65:c0:70:9a:49:1d:7f:66:26:e0:d8:41:bf:
         f5:b8:a6:6f:aa:91:8d:e2:08:b8:e2:83:8c:ea:e7:1f:da:3d:
         44:e3:a4:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxXc5RnaIc62IdRQgEOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGM5ZjMwZTNiNDZkNTBiOGQxYmY3OWI5ZDFkYjg0ZjI1
MTM0YmEwHhcNMjQwMTAxMTAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDcyOTIzMDE3ZGRiNjNlMzA3MjQyYTk2NmFiNmY4YWU1M2JjNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWvpH24hU/YIe7W8BPhajzfqTyby
Vrw/xIcpro7XH2shw2L4DJSWHx4RUEF5jJ69TsRt9zHnE6KcSGzPXb2fWX2bREBJ
2D5cShA5IpCFGtWHzCEkmj1g4hh6cfL26T9M7FQrNCGBg21VuQTqP3EbFl6FD8RV
6zYTnsFb8Z2eWWIna1M2WJj4vy0CmEpsAt9QY6LD/M/pmMONW0BEGO2qFtvaN9Ra
Ur4gifL8WEV2R1F5Y6BrZBxXNssDREX6P5BWL5EidzNr+hSkyrj4wDFhMmHb53Hj
u6l0dAgmxoHCT94W1+YRMoZoxEATm2geD9hlnkHYcdecvGeXVOEadEpQKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1ykjAX3bY+MHJCqWarb4rlO8RYMB8GA1UdIwQY
MBaAFP4MnzDjtG1QuNG/ebnR24TyUTS6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgt
ZjUyMDBmNTQ5Mzc3LzEvWFhLU01CZmR0ajR3Y2tLcFpxdHZpdVU3eEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgtZjUyMDBmNTQ5Mzc3
LzEvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoVMA0G
CSqGSIb3DQEBCwUAA4IBAQBkAuvP5I276z6wpSiZZDQbnuDRzkDg+vZpFwaQ73PL
d6NulsjHUi9mxCnOl0NTarLWmUCi+gF1z57Cgh2Gy6/o2hPlYibNnoQxxD1//+SD
9iYAmXce565jiWzylUajfetlGDfYmEmpy6L5C2FFRc4xbU8BDbLsEFkgALHi7ATG
FmzOSa+HoQBh7vsikvQhpKQgC+74IeYDqH/H8LuFMwiVIFNvryxN5SId5CZ3Rjsv
aBYlyigh9xeicDAP0vA6qKw5BCs75bZ4Wk0hjPO6ZCb0ZyCBLCpi5GU61fLz8GXA
cJpJHX9mJuDYQb/1uKZvqpGN4gi44oOM6ucf2j1E46Sw
-----END CERTIFICATE-----