Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Xmu3rnWYf9kD0wPEXRctrPR_Kiw.roa
File:                     Xmu3rnWYf9kD0wPEXRctrPR_Kiw.roa (raw, json)
Hash identifier:          PiqxFxgvUG3XfW37ciZJ6nPwcL9Kn2BvpTdmi4KfmXE=
Subject key identifier:   5E:6B:B7:AE:75:98:7F:D9:03:D3:03:C4:5D:17:2D:AC:F4:7F:2A:2C
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EC46E15A2B23120EC6BBDE6A43A64451C
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Xmu3rnWYf9kD0wPEXRctrPR_Kiw.roa
Signing time:             Tue 09 Apr 2024 19:55:32 +0000
ROA not before:           Tue 09 Apr 2024 19:55:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38974
IP address blocks:        195.216.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:6e:15:a2:b2:31:20:ec:6b:bd:e6:a4:3a:64:45:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  9 19:55:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e6bb7ae75987fd903d303c45d172dacf47f2a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:a9:fd:f6:b4:db:06:c5:d3:e2:bd:45:d5:
                    a4:73:4d:a4:d4:f8:42:2f:36:88:52:8c:d8:7b:ab:
                    dc:4a:46:41:5c:3f:0c:9b:02:50:0b:96:3e:dd:49:
                    30:b1:c7:4b:3b:c6:8c:f9:9e:35:e8:13:ef:73:b9:
                    a3:ab:01:4d:f2:d0:16:8e:a4:78:97:a6:7a:68:80:
                    61:55:d8:83:49:33:58:97:f2:5b:1e:5e:ee:99:42:
                    04:6b:28:78:ae:54:70:aa:f7:21:d4:d6:e7:85:53:
                    ab:7b:33:0f:17:cf:43:38:86:b9:fb:f8:19:97:5d:
                    c1:0d:40:f4:2a:5f:18:33:1e:41:90:a3:e3:4d:43:
                    b8:42:5c:5d:f1:a8:71:32:53:fb:44:40:f2:14:6c:
                    1d:ec:4f:44:58:cb:12:ec:1f:1f:32:be:1f:66:71:
                    86:0e:f0:9c:62:d0:0c:fb:e2:bf:b5:2e:eb:6e:5a:
                    d5:9d:51:68:85:a3:ec:91:f2:c2:a8:0b:b1:41:62:
                    6d:48:78:27:d2:99:4f:41:e3:c4:9e:6f:22:cc:6b:
                    cc:a3:8c:8e:f2:69:59:c5:86:ab:58:17:79:66:09:
                    3a:c7:93:9b:d5:d3:db:77:47:ba:d8:dd:e5:9c:6a:
                    7f:3a:52:42:9f:c3:41:cb:bd:f1:b5:a3:f3:4f:57:
                    dd:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6B:B7:AE:75:98:7F:D9:03:D3:03:C4:5D:17:2D:AC:F4:7F:2A:2C
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Xmu3rnWYf9kD0wPEXRctrPR_Kiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:02:9a:5c:38:ad:dd:65:a3:f3:a9:d8:0d:70:f0:cc:c3:25:
         27:5d:14:96:a1:55:3e:f2:03:b1:ad:ad:e4:88:60:ea:25:7a:
         10:9f:8f:5b:3a:2a:9b:66:e9:8e:8d:90:7d:67:0c:b7:8f:ce:
         8f:60:6d:f6:82:b9:d1:25:1b:84:1a:43:55:ce:6f:e8:2b:1f:
         2e:e3:9b:e5:30:80:d3:fd:e4:93:2b:5a:2b:22:85:11:cf:f8:
         f9:86:4c:f4:44:4a:26:e5:47:e8:2e:56:f3:19:50:9e:e5:85:
         c9:de:7b:22:38:0f:e5:d3:9b:44:b2:1a:9a:3d:7b:00:b3:f1:
         07:44:ce:95:5b:8b:d5:9d:c7:72:44:77:96:9b:d2:83:4b:a5:
         57:53:df:fa:72:38:23:29:73:33:fa:44:0d:e2:19:d6:fe:bd:
         a3:f5:67:d4:b7:57:c0:ec:82:c4:26:05:16:5c:24:c9:b5:59:
         00:06:de:39:36:27:c2:d0:c5:63:bc:99:c3:62:35:f4:17:1e:
         e0:4c:70:b7:8a:ce:5f:d9:55:42:cd:5a:04:f1:d3:d4:7a:11:
         dc:b3:94:c2:2d:d9:99:d6:3a:ed:1b:4f:ae:7a:fe:93:e9:5b:
         0f:ae:30:5a:2d:d4:0a:6f:51:aa:15:6a:94:ff:de:93:b3:07:
         e8:a2:48:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7EbhWisjEg7Gu95qQ6ZEUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA5MTk1NTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTZiYjdhZTc1OTg3ZmQ5MDNkMzAzYzQ1ZDE3MmRhY2Y0N2YyYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyCp/fa02wbF0+K9RdWkc02k1PhC
LzaIUozYe6vcSkZBXD8MmwJQC5Y+3UkwscdLO8aM+Z416BPvc7mjqwFN8tAWjqR4
l6Z6aIBhVdiDSTNYl/JbHl7umUIEayh4rlRwqvch1NbnhVOrezMPF89DOIa5+/gZ
l13BDUD0Kl8YMx5BkKPjTUO4Qlxd8ahxMlP7REDyFGwd7E9EWMsS7B8fMr4fZnGG
DvCcYtAM++K/tS7rblrVnVFohaPskfLCqAuxQWJtSHgn0plPQePEnm8izGvMo4yO
8mlZxYarWBd5Zgk6x5Ob1dPbd0e62N3lnGp/OlJCn8NBy73xtaPzT1fdxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5rt651mH/ZA9MDxF0XLaz0fyosMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWG11M3JuV1lmOWtEMHdQRVhSY3RyUFJfS2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9iYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtAppcOK3dZaPzqdgNcPDMwyUnXRSWoVU+8gOxra3k
iGDqJXoQn49bOiqbZumOjZB9Zwy3j86PYG32grnRJRuEGkNVzm/oKx8u45vlMIDT
/eSTK1orIoURz/j5hkz0REom5UfoLlbzGVCe5YXJ3nsiOA/l05tEshqaPXsAs/EH
RM6VW4vVncdyRHeWm9KDS6VXU9/6cjgjKXMz+kQN4hnW/r2j9WfUt1fA7ILEJgUW
XCTJtVkABt45NifC0MVjvJnDYjX0Fx7gTHC3is5f2VVCzVoE8dPUehHcs5TCLdmZ
1jrtG0+uev6T6VsPrjBaLdQKb1GqFWqU/96Tswfookj9
-----END CERTIFICATE-----