Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/908143-f916-4718-8f97-4bd3392d55d1/1/XCNeQd7Y8IAtSvrMWwBxsYCBbMw.roa
File:                     XCNeQd7Y8IAtSvrMWwBxsYCBbMw.roa (raw, json)
Hash identifier:          H9DzuSqupPCHtER3HPswiJACgIrMw5Fjm4h+WwNPBAE=
Subject key identifier:   5C:23:5E:41:DE:D8:F0:80:2D:4A:FA:CC:5B:00:71:B1:80:81:6C:CC
Certificate issuer:       /CN=46fe7b56722245116d4234be484a02a48a1dde1f
Certificate serial:       018CC2DAD83CF1AADD9226CEDABE779D6A52
Authority key identifier: 46:FE:7B:56:72:22:45:11:6D:42:34:BE:48:4A:02:A4:8A:1D:DE:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rv57VnIiRRFtQjS-SEoCpIod3h8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/908143-f916-4718-8f97-4bd3392d55d1/1/XCNeQd7Y8IAtSvrMWwBxsYCBbMw.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205029
IP address blocks:        185.79.201.0/24 maxlen: 24
                          185.79.200.0/24 maxlen: 24
                          2a03:5e20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/908143-f916-4718-8f97-4bd3392d55d1/1/Rv57VnIiRRFtQjS-SEoCpIod3h8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/908143-f916-4718-8f97-4bd3392d55d1/1/Rv57VnIiRRFtQjS-SEoCpIod3h8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rv57VnIiRRFtQjS-SEoCpIod3h8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d8:3c:f1:aa:dd:92:26:ce:da:be:77:9d:6a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46fe7b56722245116d4234be484a02a48a1dde1f
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c235e41ded8f0802d4afacc5b0071b180816ccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:98:04:6b:20:ab:38:a2:66:b7:8e:00:13:07:
                    34:65:2c:a2:f8:f1:ef:07:11:d2:01:19:ba:4e:4d:
                    d7:7b:02:48:a8:01:f4:3c:a7:3d:a3:27:f0:94:5f:
                    0d:de:d3:c0:e1:f2:e2:b0:f4:80:7d:f0:4a:09:bc:
                    25:3f:77:73:cf:c3:62:ac:25:bf:76:24:c7:f4:9c:
                    2d:fe:9d:2c:b8:ff:0e:f5:07:fd:4d:6a:10:fc:14:
                    78:cb:af:c7:48:18:cd:59:9d:d0:8b:2d:15:0a:d7:
                    f2:f6:35:fb:12:94:53:f3:14:e8:5f:d4:4c:ad:86:
                    cb:6e:da:a2:96:4c:73:83:13:08:cf:cb:d4:d7:68:
                    2b:d7:1f:b4:de:f8:36:e2:05:33:b4:7d:32:e5:b9:
                    f3:37:aa:fd:e1:41:93:09:7d:84:ac:6a:24:ec:1d:
                    74:1f:1a:d2:7a:ad:3b:a1:41:4d:3c:21:5f:83:82:
                    be:01:f3:83:95:70:cc:69:8e:46:6f:e1:55:04:ab:
                    03:34:a8:98:c4:b2:dc:23:03:59:57:be:7d:ce:a6:
                    ef:b3:3a:aa:f9:50:13:1b:b1:32:54:f6:8b:04:ba:
                    c2:e1:e7:0f:59:c7:f3:c9:81:01:13:96:a5:d6:0a:
                    32:7c:f6:38:30:af:a4:ed:eb:30:5c:63:25:31:bb:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:23:5E:41:DE:D8:F0:80:2D:4A:FA:CC:5B:00:71:B1:80:81:6C:CC
            X509v3 Authority Key Identifier:
                keyid:46:FE:7B:56:72:22:45:11:6D:42:34:BE:48:4A:02:A4:8A:1D:DE:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rv57VnIiRRFtQjS-SEoCpIod3h8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/908143-f916-4718-8f97-4bd3392d55d1/1/XCNeQd7Y8IAtSvrMWwBxsYCBbMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/908143-f916-4718-8f97-4bd3392d55d1/1/Rv57VnIiRRFtQjS-SEoCpIod3h8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.200.0/23
                IPv6:
                  2a03:5e20::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:29:dd:d9:9d:13:59:0d:c7:20:39:f5:a5:98:83:3c:49:0a:
         31:ab:59:57:fe:ba:dc:5b:fc:e5:2d:27:d4:29:f7:a7:72:b2:
         ac:61:9a:cd:35:64:60:e7:a5:25:05:0c:1d:8c:78:31:b0:13:
         09:55:73:b0:69:da:4e:46:eb:eb:7d:f4:61:e8:dd:11:be:df:
         62:5b:9c:b6:79:20:1b:05:73:21:f5:ca:e4:cb:31:1f:f0:65:
         1f:6e:4f:5d:04:2c:51:43:09:f8:ae:6f:40:2e:7c:68:60:80:
         af:ed:b3:49:86:cd:08:af:6f:c8:b8:0d:ae:ad:55:61:76:f0:
         aa:29:80:9c:ff:f1:2e:8b:13:b6:9f:f6:ce:0b:d6:e0:fd:a4:
         fe:8a:de:5a:2f:8a:b2:bf:81:da:9b:7e:06:47:f9:62:ca:e6:
         3a:0d:38:c1:48:da:c1:38:21:95:93:84:9e:d5:25:17:1e:14:
         9e:e1:1e:5f:c5:6e:e1:0e:a1:80:d1:a0:cb:93:34:f9:65:d4:
         d9:62:5b:f8:13:a8:57:d4:12:2a:6c:7b:ce:85:c4:b5:b9:38:
         b6:bf:69:22:21:b8:28:65:19:49:f2:8b:51:04:dd:59:a5:21:
         14:a6:04:ed:47:5b:f8:f3:74:b7:18:ea:7d:6f:27:de:be:f4:
         25:d0:47:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2tg88ardkibO2r53nWpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZmU3YjU2NzIyMjQ1MTE2ZDQyMzRiZTQ4NGEwMmE0OGEx
ZGRlMWYwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzIzNWU0MWRlZDhmMDgwMmQ0YWZhY2M1YjAwNzFiMTgwODE2Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5gEayCrOKJmt44AEwc0ZSyi+PHv
BxHSARm6Tk3XewJIqAH0PKc9oyfwlF8N3tPA4fLisPSAffBKCbwlP3dzz8NirCW/
diTH9Jwt/p0suP8O9Qf9TWoQ/BR4y6/HSBjNWZ3Qiy0VCtfy9jX7EpRT8xToX9RM
rYbLbtqilkxzgxMIz8vU12gr1x+03vg24gUztH0y5bnzN6r94UGTCX2ErGok7B10
HxrSeq07oUFNPCFfg4K+AfODlXDMaY5Gb+FVBKsDNKiYxLLcIwNZV759zqbvszqq
+VATG7EyVPaLBLrC4ecPWcfzyYEBE5al1goyfPY4MK+k7eswXGMlMbv7XQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFwjXkHe2PCALUr6zFsAcbGAgWzMMB8GA1UdIwQY
MBaAFEb+e1ZyIkURbUI0vkhKAqSKHd4fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnY1N1ZuSWlSUkZ0UWpTLVNFb0NwSW9kM2g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85MDgxNDMtZjkxNi00NzE4LThmOTct
NGJkMzM5MmQ1NWQxLzEvWENOZVFkN1k4SUF0U3ZyTVd3QnhzWUNCYk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85MDgxNDMtZjkxNi00NzE4LThmOTctNGJkMzM5MmQ1NWQx
LzEvUnY1N1ZuSWlSUkZ0UWpTLVNFb0NwSW9kM2g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuU/IMA0E
AgACMAcDBQAqA14gMA0GCSqGSIb3DQEBCwUAA4IBAQA+Kd3ZnRNZDccgOfWlmIM8
SQoxq1lX/rrcW/zlLSfUKfencrKsYZrNNWRg56UlBQwdjHgxsBMJVXOwadpORuvr
ffRh6N0Rvt9iW5y2eSAbBXMh9crkyzEf8GUfbk9dBCxRQwn4rm9ALnxoYICv7bNJ
hs0Ir2/IuA2urVVhdvCqKYCc//EuixO2n/bOC9bg/aT+it5aL4qyv4Ham34GR/li
yuY6DTjBSNrBOCGVk4Se1SUXHhSe4R5fxW7hDqGA0aDLkzT5ZdTZYlv4E6hX1BIq
bHvOhcS1uTi2v2kiIbgoZRlJ8otRBN1ZpSEUpgTtR1v483S3GOp9byfevvQl0EcK
-----END CERTIFICATE-----