Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/073b19-0839-43ac-8b5b-08ced92c9770/1/xQDcBIXXmcYV6FdmZn5C0BISNSE.roa
File:                     xQDcBIXXmcYV6FdmZn5C0BISNSE.roa (raw, json)
Hash identifier:          L4saB/u2JjvxWYT0sVssgO/46jPomr8remtGZr+/gGs=
Subject key identifier:   C5:00:DC:04:85:D7:99:C6:15:E8:57:66:66:7E:42:D0:12:12:35:21
Certificate issuer:       /CN=a733bd111fd8cb76f4883bbbcbfda59db66ed2de
Certificate serial:       018CC2DB5857561EFDB16A8E01EE7BF920D0
Authority key identifier: A7:33:BD:11:1F:D8:CB:76:F4:88:3B:BB:CB:FD:A5:9D:B6:6E:D2:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pzO9ER_Yy3b0iDu7y_2lnbZu0t4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/073b19-0839-43ac-8b5b-08ced92c9770/1/xQDcBIXXmcYV6FdmZn5C0BISNSE.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201010
IP address blocks:        185.89.24.0/22 maxlen: 24
                          2a05:d500::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/073b19-0839-43ac-8b5b-08ced92c9770/1/pzO9ER_Yy3b0iDu7y_2lnbZu0t4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/073b19-0839-43ac-8b5b-08ced92c9770/1/pzO9ER_Yy3b0iDu7y_2lnbZu0t4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pzO9ER_Yy3b0iDu7y_2lnbZu0t4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:57:56:1e:fd:b1:6a:8e:01:ee:7b:f9:20:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a733bd111fd8cb76f4883bbbcbfda59db66ed2de
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c500dc0485d799c615e85766667e42d012123521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4c:4e:25:28:c0:ee:e6:6a:31:df:5e:52:0b:
                    13:24:9a:0a:a4:98:82:98:5c:d8:38:55:5d:77:3c:
                    26:c1:47:53:f3:cb:51:45:0e:ee:b1:8e:6e:b0:03:
                    10:1c:83:4d:08:e8:8e:3e:85:8f:86:f9:70:33:6f:
                    25:9c:71:b5:44:85:c6:9b:1a:99:26:d9:66:1d:1d:
                    9d:28:c1:9c:98:42:12:a2:b5:c8:98:72:34:3d:76:
                    f9:e7:36:fd:41:84:ce:02:15:cf:85:cd:c7:94:68:
                    bc:c8:c1:4b:23:3d:18:00:ce:0a:c0:0c:a4:e0:0d:
                    b4:87:0f:52:fc:5d:ee:bf:d1:a2:f2:81:b1:f6:fe:
                    5a:42:78:ba:5a:00:4b:26:89:f4:0d:0a:8f:c8:49:
                    89:2b:34:da:10:ef:ad:08:93:7c:0f:14:64:e7:98:
                    14:74:e1:4c:59:54:14:b6:4d:e0:46:c2:c9:51:11:
                    ad:cd:2d:17:be:4a:6e:d6:b7:1f:d9:bc:f0:c9:84:
                    df:31:ba:4b:ca:08:3f:87:1b:0c:23:28:f7:23:db:
                    90:95:96:82:a0:05:91:e7:22:83:ff:c0:9a:12:b3:
                    80:c8:6a:7c:11:75:c2:e8:ad:5a:bb:eb:46:74:81:
                    a1:b4:5f:f8:46:f0:54:89:32:53:69:23:9c:1f:c1:
                    3e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:00:DC:04:85:D7:99:C6:15:E8:57:66:66:7E:42:D0:12:12:35:21
            X509v3 Authority Key Identifier:
                keyid:A7:33:BD:11:1F:D8:CB:76:F4:88:3B:BB:CB:FD:A5:9D:B6:6E:D2:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pzO9ER_Yy3b0iDu7y_2lnbZu0t4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/073b19-0839-43ac-8b5b-08ced92c9770/1/xQDcBIXXmcYV6FdmZn5C0BISNSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/073b19-0839-43ac-8b5b-08ced92c9770/1/pzO9ER_Yy3b0iDu7y_2lnbZu0t4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.24.0/22
                IPv6:
                  2a05:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:87:cf:ed:55:21:53:f8:72:09:36:2e:fc:b4:2f:26:3c:f0:
         e2:f0:d2:34:62:df:0e:60:1b:d6:fc:d7:4c:ae:f2:60:93:fd:
         34:ef:c6:14:2a:ef:a9:1a:be:19:62:a2:6d:51:3b:10:eb:0c:
         14:2c:fa:fd:ab:58:2a:b3:f0:c5:84:57:6f:e9:78:af:43:2e:
         a1:c7:79:d2:19:67:b5:2f:c2:77:77:c4:ca:3c:4f:77:fe:37:
         b4:c4:0a:d7:f0:f7:0d:22:6a:bd:52:6f:4d:11:f4:3a:c8:49:
         d9:e9:5b:15:56:55:03:8c:bb:e8:d1:1f:ad:67:e2:5e:93:fa:
         ef:6a:c1:81:44:17:1b:43:44:50:4a:ca:45:f4:5c:6f:29:f3:
         10:6f:31:75:06:74:71:0e:35:c1:53:dd:7d:43:a8:32:1e:75:
         0a:5e:e3:3d:98:fc:2a:e9:21:d4:09:25:a2:84:7b:56:94:73:
         63:54:cb:6b:48:1e:5c:36:61:47:34:f2:b2:9a:ca:5b:0d:19:
         0f:38:5e:b8:7f:96:94:ac:11:31:20:37:49:06:35:bf:df:1d:
         01:9e:54:b3:d2:f1:7d:0d:14:e6:5d:66:31:31:46:d3:4a:e9:
         a7:d8:af:0d:ea:86:14:7f:33:f9:2d:67:f5:ba:09:70:2f:f7:
         9d:89:ee:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC21hXVh79sWqOAe57+SDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MzNiZDExMWZkOGNiNzZmNDg4M2JiYmNiZmRhNTlkYjY2
ZWQyZGUwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTAwZGMwNDg1ZDc5OWM2MTVlODU3NjY2NjdlNDJkMDEyMTIzNTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApExOJSjA7uZqMd9eUgsTJJoKpJiC
mFzYOFVddzwmwUdT88tRRQ7usY5usAMQHINNCOiOPoWPhvlwM28lnHG1RIXGmxqZ
JtlmHR2dKMGcmEISorXImHI0PXb55zb9QYTOAhXPhc3HlGi8yMFLIz0YAM4KwAyk
4A20hw9S/F3uv9Gi8oGx9v5aQni6WgBLJon0DQqPyEmJKzTaEO+tCJN8DxRk55gU
dOFMWVQUtk3gRsLJURGtzS0Xvkpu1rcf2bzwyYTfMbpLygg/hxsMIyj3I9uQlZaC
oAWR5yKD/8CaErOAyGp8EXXC6K1au+tGdIGhtF/4RvBUiTJTaSOcH8E+wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMUA3ASF15nGFehXZmZ+QtASEjUhMB8GA1UdIwQY
MBaAFKczvREf2Mt29Ig7u8v9pZ22btLeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHpPOUVSX1l5M2IwaUR1N3lfMmxuYlp1MHQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wNzNiMTktMDgzOS00M2FjLThiNWIt
MDhjZWQ5MmM5NzcwLzEveFFEY0JJWFhtY1lWNkZkbVpuNUMwQklTTlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wNzNiMTktMDgzOS00M2FjLThiNWItMDhjZWQ5MmM5Nzcw
LzEvcHpPOUVSX1l5M2IwaUR1N3lfMmxuYlp1MHQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVkYMA0E
AgACMAcDBQMqBdUAMA0GCSqGSIb3DQEBCwUAA4IBAQCPh8/tVSFT+HIJNi78tC8m
PPDi8NI0Yt8OYBvW/NdMrvJgk/0078YUKu+pGr4ZYqJtUTsQ6wwULPr9q1gqs/DF
hFdv6XivQy6hx3nSGWe1L8J3d8TKPE93/je0xArX8PcNImq9Um9NEfQ6yEnZ6VsV
VlUDjLvo0R+tZ+Jek/rvasGBRBcbQ0RQSspF9FxvKfMQbzF1BnRxDjXBU919Q6gy
HnUKXuM9mPwq6SHUCSWihHtWlHNjVMtrSB5cNmFHNPKymspbDRkPOF64f5aUrBEx
IDdJBjW/3x0BnlSz0vF9DRTmXWYxMUbTSumn2K8N6oYUfzP5LWf1uglwL/edie50
-----END CERTIFICATE-----