Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/3d9777-c996-46fc-9d67-a720af861fee/1/xI3HInWGMtg2qoaWEr3ywJxnILs.roa
File:                     xI3HInWGMtg2qoaWEr3ywJxnILs.roa (raw, json)
Hash identifier:          FLAk5dMKlIaIY/qP2u8A8Z2CEIso38KM/YY0h0hmmgs=
Subject key identifier:   C4:8D:C7:22:75:86:32:D8:36:AA:86:96:12:BD:F2:C0:9C:67:20:BB
Certificate issuer:       /CN=84b5a40b274a963e5ed3ef02e8399cb9b1bb0c7b
Certificate serial:       018CC8012CE8261D3697B9002CE693C52C10
Authority key identifier: 84:B5:A4:0B:27:4A:96:3E:5E:D3:EF:02:E8:39:9C:B9:B1:BB:0C:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLWkCydKlj5e0-8C6DmcubG7DHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/3d9777-c996-46fc-9d67-a720af861fee/1/xI3HInWGMtg2qoaWEr3ywJxnILs.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57119
IP address blocks:        185.215.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/3d9777-c996-46fc-9d67-a720af861fee/1/hLWkCydKlj5e0-8C6DmcubG7DHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/3d9777-c996-46fc-9d67-a720af861fee/1/hLWkCydKlj5e0-8C6DmcubG7DHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLWkCydKlj5e0-8C6DmcubG7DHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2c:e8:26:1d:36:97:b9:00:2c:e6:93:c5:2c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b5a40b274a963e5ed3ef02e8399cb9b1bb0c7b
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c48dc722758632d836aa869612bdf2c09c6720bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5b:b2:85:fd:f3:03:51:24:10:45:b1:ed:3d:
                    82:cd:4d:f5:83:35:40:59:58:06:02:f7:d6:28:7d:
                    8a:d9:14:c5:a7:7f:f2:1a:17:0a:3d:ec:41:3c:67:
                    0c:ad:7d:df:04:f0:65:8b:5e:cb:b3:55:6b:6a:89:
                    9f:47:30:63:3c:31:8b:60:be:0a:a9:cb:ea:19:a9:
                    e3:8e:25:8e:ef:70:bf:c0:3a:ad:5b:6a:3f:48:78:
                    44:f8:72:3e:d5:8a:aa:5c:a2:e7:ec:18:11:c8:e0:
                    ac:47:b8:ae:eb:2e:b6:8a:8a:a2:67:08:41:f5:2b:
                    e1:90:95:9f:8e:a5:65:8a:5d:df:97:8a:39:23:c9:
                    7c:05:dc:73:7f:5e:a3:3f:a9:1a:f0:30:28:6f:34:
                    41:2c:b1:e6:17:9c:f1:3d:ee:fb:eb:04:6d:55:e1:
                    59:33:ca:8c:70:69:30:a7:22:17:34:a8:f7:c8:0f:
                    e6:ad:ae:3f:19:92:b8:74:fc:8e:2d:d8:77:63:a1:
                    41:96:c6:da:a9:8a:cc:4d:b4:01:e5:c1:a7:d7:1a:
                    09:b3:55:ff:40:62:3c:ba:d4:a3:96:17:ae:91:8c:
                    4b:be:87:6d:79:9c:8f:40:99:a7:36:d7:e6:a1:83:
                    fb:41:7c:11:2f:ac:4a:d0:80:58:26:35:1e:ca:18:
                    1a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8D:C7:22:75:86:32:D8:36:AA:86:96:12:BD:F2:C0:9C:67:20:BB
            X509v3 Authority Key Identifier:
                keyid:84:B5:A4:0B:27:4A:96:3E:5E:D3:EF:02:E8:39:9C:B9:B1:BB:0C:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLWkCydKlj5e0-8C6DmcubG7DHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3d9777-c996-46fc-9d67-a720af861fee/1/xI3HInWGMtg2qoaWEr3ywJxnILs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3d9777-c996-46fc-9d67-a720af861fee/1/hLWkCydKlj5e0-8C6DmcubG7DHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:d9:b0:af:d5:51:e7:8d:95:a4:0d:b1:6b:74:e0:9a:56:1d:
         26:60:5f:6f:dd:b7:eb:b3:63:09:4c:83:b0:5a:a4:da:14:8a:
         61:fe:dc:3c:ef:69:bf:d0:69:fd:f3:ea:b4:9a:c7:e8:10:88:
         3a:df:b3:62:60:f4:d8:db:3d:d2:16:e5:11:9c:48:1e:c3:c3:
         02:63:31:e4:0b:ce:9e:db:00:39:96:0c:b1:f8:0a:51:6e:15:
         1c:77:d7:16:79:4e:17:be:f7:f9:61:14:7b:de:81:de:fa:cd:
         8d:40:9f:85:36:aa:0e:53:59:12:84:98:dc:46:c2:39:8d:86:
         9c:85:dd:83:83:a6:f7:b5:89:8f:38:83:4c:6e:0f:c6:96:44:
         c7:f5:af:88:8e:5d:ba:21:72:c0:dd:7f:06:de:fe:12:84:77:
         8d:31:dc:27:b1:5e:88:76:e3:09:bb:b1:95:d9:02:12:8c:d6:
         f7:a4:5c:ba:a9:a8:7f:02:37:fa:2d:8a:17:45:38:d8:ae:17:
         17:90:c6:0c:82:3c:31:93:70:4a:cb:86:c8:2a:0c:ff:43:4a:
         45:5e:d6:10:d9:0a:a5:b7:54:43:bc:6d:42:e7:68:92:75:76:
         cb:01:47:de:53:b8:03:06:54:83:ed:39:ec:60:c8:04:ea:9e:
         9e:d2:d3:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASzoJh02l7kALOaTxSwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjVhNDBiMjc0YTk2M2U1ZWQzZWYwMmU4Mzk5Y2I5YjFi
YjBjN2IwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDhkYzcyMjc1ODYzMmQ4MzZhYTg2OTYxMmJkZjJjMDljNjcyMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21uyhf3zA1EkEEWx7T2CzU31gzVA
WVgGAvfWKH2K2RTFp3/yGhcKPexBPGcMrX3fBPBli17Ls1VraomfRzBjPDGLYL4K
qcvqGanjjiWO73C/wDqtW2o/SHhE+HI+1YqqXKLn7BgRyOCsR7iu6y62ioqiZwhB
9SvhkJWfjqVlil3fl4o5I8l8Bdxzf16jP6ka8DAobzRBLLHmF5zxPe776wRtVeFZ
M8qMcGkwpyIXNKj3yA/mra4/GZK4dPyOLdh3Y6FBlsbaqYrMTbQB5cGn1xoJs1X/
QGI8utSjlheukYxLvodteZyPQJmnNtfmoYP7QXwRL6xK0IBYJjUeyhgaWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSNxyJ1hjLYNqqGlhK98sCcZyC7MB8GA1UdIwQY
MBaAFIS1pAsnSpY+XtPvAug5nLmxuwx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExXa0N5ZEtsajVlMC04QzZEbWN1Ykc3REhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zZDk3NzctYzk5Ni00NmZjLTlkNjct
YTcyMGFmODYxZmVlLzEveEkzSEluV0dNdGcycW9hV0VyM3l3SnhuSUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zZDk3NzctYzk5Ni00NmZjLTlkNjctYTcyMGFmODYxZmVl
LzEvaExXa0N5ZEtsajVlMC04QzZEbWN1Ykc3REhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudcYMA0G
CSqGSIb3DQEBCwUAA4IBAQAr2bCv1VHnjZWkDbFrdOCaVh0mYF9v3bfrs2MJTIOw
WqTaFIph/tw872m/0Gn98+q0msfoEIg637NiYPTY2z3SFuURnEgew8MCYzHkC86e
2wA5lgyx+ApRbhUcd9cWeU4Xvvf5YRR73oHe+s2NQJ+FNqoOU1kShJjcRsI5jYac
hd2Dg6b3tYmPOINMbg/GlkTH9a+Ijl26IXLA3X8G3v4ShHeNMdwnsV6IduMJu7GV
2QISjNb3pFy6qah/Ajf6LYoXRTjYrhcXkMYMgjwxk3BKy4bIKgz/Q0pFXtYQ2Qql
t1RDvG1C52iSdXbLAUfeU7gDBlSD7TnsYMgE6p6e0tNJ
-----END CERTIFICATE-----