Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/XTQ-pW0rIBZZrSGMKBZdD55V7k0.roa
File:                     XTQ-pW0rIBZZrSGMKBZdD55V7k0.roa (raw, json)
Hash identifier:          biDgPWe6mAk2kmNaNFUvEjQ1RCXFSa3DU4WQXWRS7Hg=
Subject key identifier:   5D:34:3E:A5:6D:2B:20:16:59:AD:21:8C:28:16:5D:0F:9E:55:EE:4D
Certificate issuer:       /CN=1ea0a9eb47d824b51f154442481a257168394551
Certificate serial:       018CCA2B9514A7637713EBDDB9F9593285A5
Authority key identifier: 1E:A0:A9:EB:47:D8:24:B5:1F:15:44:42:48:1A:25:71:68:39:45:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/XTQ-pW0rIBZZrSGMKBZdD55V7k0.roa
Signing time:             Tue 02 Jan 2024 12:35:02 +0000
ROA not before:           Tue 02 Jan 2024 12:35:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205563
IP address blocks:        217.113.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:03:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:95:14:a7:63:77:13:eb:dd:b9:f9:59:32:85:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ea0a9eb47d824b51f154442481a257168394551
        Validity
            Not Before: Jan  2 12:35:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d343ea56d2b201659ad218c28165d0f9e55ee4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:04:c9:62:9b:1c:83:57:b7:46:3d:be:04:ea:
                    63:0e:d6:51:89:db:2b:3e:f1:b3:35:77:7c:bf:e5:
                    8e:a8:9e:25:ea:f6:a8:eb:00:26:e3:c5:f6:56:10:
                    65:50:58:fe:ab:9e:29:b8:89:04:0d:e2:69:42:ab:
                    95:ed:b8:86:cb:b7:cb:b7:74:5d:b9:f1:67:5e:20:
                    9d:b0:a2:28:a0:9f:63:b4:05:0c:2b:4e:a9:6a:65:
                    be:ad:e0:e0:80:9f:56:05:f3:31:ce:3f:0d:c0:4e:
                    bf:fe:40:95:2b:41:24:58:90:bf:19:d0:e0:7f:f0:
                    15:5f:1f:c8:16:26:c8:b0:29:58:1b:e3:81:86:89:
                    0a:bf:51:c0:9e:20:69:2d:fc:0d:df:ea:63:ae:f9:
                    21:6d:75:e9:23:d7:77:ca:48:5b:f3:4a:d5:3e:a9:
                    19:bb:f8:b6:3c:49:86:5a:64:43:12:6f:58:6e:67:
                    ea:24:f4:67:c3:d2:03:e5:75:70:33:4c:77:fa:b9:
                    10:aa:76:d1:37:b5:d0:80:5e:65:ab:53:f4:64:0b:
                    4a:64:b5:57:72:e8:ce:e2:f6:96:b4:2e:92:fe:f0:
                    bb:27:63:3a:1b:a9:02:2a:ec:78:c5:f4:e0:d6:b1:
                    aa:75:63:76:84:60:84:f5:55:e0:97:dc:a8:d9:6f:
                    9d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:34:3E:A5:6D:2B:20:16:59:AD:21:8C:28:16:5D:0F:9E:55:EE:4D
            X509v3 Authority Key Identifier:
                keyid:1E:A0:A9:EB:47:D8:24:B5:1F:15:44:42:48:1A:25:71:68:39:45:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HqCp60fYJLUfFURCSBolcWg5RVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/XTQ-pW0rIBZZrSGMKBZdD55V7k0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3033c6-cce8-450d-a0c9-8418a96f6795/1/HqCp60fYJLUfFURCSBolcWg5RVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:58:0e:ba:09:c1:2d:fd:2d:16:f9:ec:72:5a:2b:a6:91:9a:
         57:3e:58:b4:4f:7f:8a:d8:c1:dc:54:08:a8:74:29:5e:fa:ba:
         6e:9f:18:79:b1:06:f0:4a:53:4f:47:c2:0f:a5:02:14:b5:33:
         bf:df:1e:b5:7f:f7:9e:cd:bf:28:aa:6d:52:e3:9a:ef:68:89:
         2e:0d:17:1c:6c:55:c8:43:a7:8e:3b:ea:02:4f:d0:94:d0:16:
         0e:17:08:82:12:7b:0b:0d:89:70:82:b2:af:fd:c8:33:f6:63:
         72:01:be:b8:26:67:10:ed:d3:c5:00:64:aa:ee:a4:bb:2f:01:
         7e:c0:06:85:6b:69:95:e8:e5:c4:37:85:0d:36:ee:73:35:5e:
         55:97:bc:b4:bd:63:96:e9:9a:3e:8b:bc:e4:69:9a:c5:23:42:
         37:00:a2:bc:c0:33:2b:44:a8:33:35:2e:44:c4:fc:4a:35:2b:
         91:c9:ed:d9:39:24:1f:b6:21:89:a0:76:ac:6b:8d:16:ca:26:
         86:aa:57:7e:ad:9d:9c:9b:fd:6b:ab:0e:96:b5:9c:cd:4f:25:
         7d:9c:8f:bb:18:6e:df:ed:8e:09:dc:e2:f4:6f:fb:83:43:6f:
         27:63:35:64:ea:6f:85:26:84:1b:23:fe:00:0d:e9:62:42:0d:
         6f:6a:01:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5UUp2N3E+vduflZMoWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYTBhOWViNDdkODI0YjUxZjE1NDQ0MjQ4MWEyNTcxNjgz
OTQ1NTEwHhcNMjQwMTAyMTIzNTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM0M2VhNTZkMmIyMDE2NTlhZDIxOGMyODE2NWQwZjllNTVlZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnATJYpscg1e3Rj2+BOpjDtZRidsr
PvGzNXd8v+WOqJ4l6vao6wAm48X2VhBlUFj+q54puIkEDeJpQquV7biGy7fLt3Rd
ufFnXiCdsKIooJ9jtAUMK06pamW+reDggJ9WBfMxzj8NwE6//kCVK0EkWJC/GdDg
f/AVXx/IFibIsClYG+OBhokKv1HAniBpLfwN3+pjrvkhbXXpI9d3ykhb80rVPqkZ
u/i2PEmGWmRDEm9YbmfqJPRnw9ID5XVwM0x3+rkQqnbRN7XQgF5lq1P0ZAtKZLVX
cujO4vaWtC6S/vC7J2M6G6kCKux4xfTg1rGqdWN2hGCE9VXgl9yo2W+d8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF00PqVtKyAWWa0hjCgWXQ+eVe5NMB8GA1UdIwQY
MBaAFB6gqetH2CS1HxVEQkgaJXFoOUVRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHFDcDYwZllKTFVmRlVSQ1NCb2xjV2c1UlZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8zMDMzYzYtY2NlOC00NTBkLWEwYzkt
ODQxOGE5NmY2Nzk1LzEvWFRRLXBXMHJJQlpaclNHTUtCWmRENTVWN2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8zMDMzYzYtY2NlOC00NTBkLWEwYzktODQxOGE5NmY2Nzk1
LzEvSHFDcDYwZllKTFVmRlVSQ1NCb2xjV2c1UlZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XHEMA0G
CSqGSIb3DQEBCwUAA4IBAQAjWA66CcEt/S0W+exyWiumkZpXPli0T3+K2MHcVAio
dCle+rpunxh5sQbwSlNPR8IPpQIUtTO/3x61f/eezb8oqm1S45rvaIkuDRccbFXI
Q6eOO+oCT9CU0BYOFwiCEnsLDYlwgrKv/cgz9mNyAb64JmcQ7dPFAGSq7qS7LwF+
wAaFa2mV6OXEN4UNNu5zNV5Vl7y0vWOW6Zo+i7zkaZrFI0I3AKK8wDMrRKgzNS5E
xPxKNSuRye3ZOSQftiGJoHasa40WyiaGqld+rZ2cm/1rqw6WtZzNTyV9nI+7GG7f
7Y4J3OL0b/uDQ28nYzVk6m+FJoQbI/4ADeliQg1vagH+
-----END CERTIFICATE-----