Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/X0XI-J9d4R22ll8pjjXzCiQAGio.roa
File:                     X0XI-J9d4R22ll8pjjXzCiQAGio.roa (raw, json)
Hash identifier:          4CIjzxogz2nCwVLjK8gwb3Y4Pry/bBepsljvpElj1so=
Subject key identifier:   5F:45:C8:F8:9F:5D:E1:1D:B6:96:5F:29:8E:35:F3:0A:24:00:1A:2A
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0191B76914A27DF599C190BCA1453DD22883
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/X0XI-J9d4R22ll8pjjXzCiQAGio.roa
Signing time:             Tue 03 Sep 2024 10:23:22 +0000
ROA not before:           Tue 03 Sep 2024 10:23:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57433
IP address blocks:        5.83.157.0/24 maxlen: 24
                          77.90.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 01:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b7:69:14:a2:7d:f5:99:c1:90:bc:a1:45:3d:d2:28:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep  3 10:23:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f45c8f89f5de11db6965f298e35f30a24001a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8e:59:03:a5:1f:d1:0b:83:43:f4:c5:01:32:
                    07:c0:37:f4:61:f0:d6:db:dc:04:92:75:a4:fb:d8:
                    cb:d7:67:42:e6:4e:6f:a3:f4:36:f5:5a:7f:c7:45:
                    b6:6a:16:15:40:17:9f:23:de:40:10:c5:29:85:ec:
                    50:52:c6:bd:a5:dd:55:d0:eb:35:dc:30:fe:47:10:
                    34:e0:f3:e2:d9:b3:18:c4:53:99:c6:03:7a:41:62:
                    da:a5:a1:08:c3:a1:d9:6d:b2:55:dd:83:7f:21:0c:
                    1f:b0:10:c6:55:5e:a8:8f:82:45:0a:3b:87:d0:77:
                    d5:5c:12:e8:70:cd:eb:68:f8:84:79:71:dc:8a:87:
                    35:1f:76:3a:27:6a:f1:27:6e:c3:c1:18:23:03:7d:
                    27:66:2f:02:98:e1:d5:58:ed:41:56:44:ab:d1:8a:
                    76:85:64:68:cc:d1:93:39:2d:d5:54:88:76:2e:00:
                    25:e9:27:9f:b9:78:e4:9c:7f:35:6b:d8:81:00:f4:
                    9b:5f:67:c2:cf:9c:b3:ee:1f:e7:18:0c:7b:f1:69:
                    f1:4f:0a:fd:35:f7:34:e3:5f:e1:09:19:98:e3:84:
                    60:16:cb:2b:0d:eb:21:bb:79:11:95:d0:4b:44:fc:
                    fc:3b:00:3a:1a:87:6e:dd:03:aa:cc:5a:ab:19:e6:
                    d0:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:45:C8:F8:9F:5D:E1:1D:B6:96:5F:29:8E:35:F3:0A:24:00:1A:2A
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/X0XI-J9d4R22ll8pjjXzCiQAGio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.157.0/24
                  77.90.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:84:24:d8:fc:39:fa:77:99:17:d8:10:1b:d8:9c:08:4c:23:
         07:14:96:c1:82:4a:d5:7a:31:6f:56:b3:60:6d:f9:54:5f:ce:
         dc:c7:2f:df:fa:7a:a0:4f:9d:31:8c:4a:13:72:83:82:6e:28:
         6c:f0:bd:76:34:c8:13:79:c5:f2:ad:b3:35:57:69:0f:03:7c:
         51:98:7a:c7:ec:0b:b6:e7:b2:92:70:57:02:1f:44:eb:45:7c:
         f4:1d:74:ac:f1:cc:a0:5b:e0:1a:a8:6f:98:79:45:e2:58:ae:
         35:7f:60:75:79:2f:fb:76:92:90:f2:20:ef:bd:6d:c6:00:03:
         b0:80:db:89:b6:4b:16:0a:3c:7f:18:aa:aa:09:ac:d0:f4:51:
         d9:a7:ae:2d:3e:a4:5d:73:30:4b:3f:78:1e:f1:17:ef:03:b3:
         d1:26:cb:86:1f:75:3f:20:0e:26:ea:54:b2:04:94:1d:a0:af:
         18:e6:e0:62:6a:dd:be:6a:c1:b9:4c:c4:d1:3f:c0:d7:8b:3a:
         93:21:06:25:25:c9:76:d3:1e:08:62:fd:39:3c:a7:20:fe:ce:
         e7:d4:41:56:59:e8:6c:43:44:c0:0a:54:8c:ba:55:fd:50:db:
         46:ed:c3:f5:b0:d2:1c:f2:4c:bc:29:4a:69:a0:3f:54:17:fa:
         04:ac:72:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZG3aRSiffWZwZC8oUU90iiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwOTAzMTAyMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjQ1YzhmODlmNWRlMTFkYjY5NjVmMjk4ZTM1ZjMwYTI0MDAxYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxI5ZA6Uf0QuDQ/TFATIHwDf0YfDW
29wEknWk+9jL12dC5k5vo/Q29Vp/x0W2ahYVQBefI95AEMUphexQUsa9pd1V0Os1
3DD+RxA04PPi2bMYxFOZxgN6QWLapaEIw6HZbbJV3YN/IQwfsBDGVV6oj4JFCjuH
0HfVXBLocM3raPiEeXHcioc1H3Y6J2rxJ27DwRgjA30nZi8CmOHVWO1BVkSr0Yp2
hWRozNGTOS3VVIh2LgAl6SefuXjknH81a9iBAPSbX2fCz5yz7h/nGAx78WnxTwr9
Nfc041/hCRmY44RgFssrDeshu3kRldBLRPz8OwA6Godu3QOqzFqrGebQJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF9FyPifXeEdtpZfKY418wokABoqMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWDBYSS1KOWQ0UjIybGw4cGpqWHpDaVFBR2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOdAwQA
TVo6MA0GCSqGSIb3DQEBCwUAA4IBAQCChCTY/Dn6d5kX2BAb2JwITCMHFJbBgkrV
ejFvVrNgbflUX87cxy/f+nqgT50xjEoTcoOCbihs8L12NMgTecXyrbM1V2kPA3xR
mHrH7Au257KScFcCH0TrRXz0HXSs8cygW+AaqG+YeUXiWK41f2B1eS/7dpKQ8iDv
vW3GAAOwgNuJtksWCjx/GKqqCazQ9FHZp64tPqRdczBLP3ge8RfvA7PRJsuGH3U/
IA4m6lSyBJQdoK8Y5uBiat2+asG5TMTRP8DXizqTIQYlJcl20x4IYv05PKcg/s7n
1EFWWehsQ0TAClSMulX9UNtG7cP1sNIc8ky8KUppoD9UF/oErHJ5
-----END CERTIFICATE-----