Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/XidLEp4drgCR-XK0vciYQg3nZ_c.roa
File:                     XidLEp4drgCR-XK0vciYQg3nZ_c.roa (raw, json)
Hash identifier:          9kzAhBw8CycglCQJCTNRQFhSX1gGSYzE+gZ2IvdnZXg=
Subject key identifier:   5E:27:4B:12:9E:1D:AE:00:91:F9:72:B4:BD:C8:98:42:0D:E7:67:F7
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018FF1BD056128AC82B3453447A7D8A8F65B
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/XidLEp4drgCR-XK0vciYQg3nZ_c.roa
Signing time:             Fri 07 Jun 2024 08:07:27 +0000
ROA not before:           Fri 07 Jun 2024 08:07:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29612
IP address blocks:        213.99.54.0/24 maxlen: 24
                          213.99.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f1:bd:05:61:28:ac:82:b3:45:34:47:a7:d8:a8:f6:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jun  7 08:07:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e274b129e1dae0091f972b4bdc898420de767f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:49:bb:df:1c:0b:d2:a0:49:0e:b8:a3:d8:49:
                    c8:1c:05:c6:af:06:76:b8:c1:18:0c:7a:b0:d1:6e:
                    02:7c:3a:f0:d0:a9:6d:62:b7:e6:00:c5:14:71:74:
                    e0:81:7d:5a:8a:7c:1d:a4:02:1d:61:d0:87:8d:95:
                    c9:16:09:7d:ad:35:e3:69:eb:5e:c0:5e:bf:2a:f7:
                    10:31:3b:3f:a6:c0:4a:ab:e8:e4:b6:e7:23:cc:e3:
                    e0:47:fd:a6:77:4b:6f:5d:ea:b8:e0:ce:a9:fb:d0:
                    6c:83:68:d5:85:34:04:55:db:74:6d:4e:a2:e9:25:
                    21:cf:06:5e:1c:26:d7:be:fc:01:3e:b9:4c:7c:a8:
                    bc:29:b0:f1:92:20:86:9d:ec:76:0b:d6:57:10:df:
                    04:70:7b:de:45:29:f8:b2:f1:e2:57:62:b3:ca:c0:
                    94:1a:8f:92:81:af:a2:2b:42:6f:d0:d8:0c:ed:99:
                    1b:b8:66:8a:0c:79:8f:3f:b9:0c:58:21:7a:89:ab:
                    8b:af:21:97:51:02:98:99:fc:c6:d7:41:f4:e4:93:
                    a3:b9:ff:66:9c:3e:2e:20:55:fd:28:cc:7c:2b:2b:
                    ad:8f:df:79:40:8f:a7:79:8d:93:a7:4f:d2:47:84:
                    d8:ef:d0:f3:69:9b:06:47:78:c9:76:f9:14:7c:51:
                    d1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:27:4B:12:9E:1D:AE:00:91:F9:72:B4:BD:C8:98:42:0D:E7:67:F7
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/XidLEp4drgCR-XK0vciYQg3nZ_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.99.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:70:54:4d:e0:f0:a9:94:eb:f8:8a:0b:90:c9:84:85:78:1f:
         f0:d6:6a:36:4f:24:47:72:6e:11:e7:10:12:92:6d:39:86:67:
         a9:4b:5a:d3:d7:00:4b:4b:d1:77:c4:d4:47:d6:f0:4c:e8:b2:
         72:44:8e:ff:0f:17:6c:e0:ca:a3:6c:6d:02:a5:9f:ad:9c:c1:
         b1:77:83:8f:5f:65:66:dd:3b:31:11:1a:72:4e:73:8b:bb:b2:
         55:07:03:1f:1e:8d:0a:cd:dd:8d:d6:be:f2:29:4c:7d:45:90:
         85:f3:a0:8b:8a:4a:75:ca:e9:09:fc:8b:7a:d7:3d:d0:37:4e:
         5c:01:91:b4:6f:36:12:7c:df:ac:74:c1:93:2b:c3:12:74:f3:
         cd:48:43:81:db:a7:17:37:b4:76:69:19:63:9d:ea:51:af:90:
         d3:de:b7:b2:3f:14:b3:71:cb:8f:c7:86:e7:ae:c3:ea:72:08:
         cb:e2:1b:87:2c:5b:28:29:2d:5c:d0:80:bc:02:7f:0d:89:10:
         de:87:e7:2a:f2:de:c6:5f:86:a7:31:fa:3c:e2:a6:7d:fb:a1:
         18:99:47:ad:95:92:c5:a3:01:2d:2d:34:3b:ee:11:a8:57:c7:
         53:19:2a:e5:95:eb:ad:0c:d4:f2:6c:85:9c:82:a1:c2:99:17:
         9e:68:e7:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/xvQVhKKyCs0U0R6fYqPZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwNjA3MDgwNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTI3NGIxMjllMWRhZTAwOTFmOTcyYjRiZGM4OTg0MjBkZTc2N2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Em73xwL0qBJDrij2EnIHAXGrwZ2
uMEYDHqw0W4CfDrw0KltYrfmAMUUcXTggX1ainwdpAIdYdCHjZXJFgl9rTXjaete
wF6/KvcQMTs/psBKq+jktucjzOPgR/2md0tvXeq44M6p+9Bsg2jVhTQEVdt0bU6i
6SUhzwZeHCbXvvwBPrlMfKi8KbDxkiCGnex2C9ZXEN8EcHveRSn4svHiV2KzysCU
Go+Sga+iK0Jv0NgM7ZkbuGaKDHmPP7kMWCF6iauLryGXUQKYmfzG10H05JOjuf9m
nD4uIFX9KMx8Kyutj995QI+neY2Tp0/SR4TY79DzaZsGR3jJdvkUfFHRzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4nSxKeHa4AkflytL3ImEIN52f3MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvWGlkTEVwNGRyZ0NSLVhLMHZjaVlRZzNuWl9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1WM2MA0G
CSqGSIb3DQEBCwUAA4IBAQCVcFRN4PCplOv4iguQyYSFeB/w1mo2TyRHcm4R5xAS
km05hmepS1rT1wBLS9F3xNRH1vBM6LJyRI7/Dxds4MqjbG0CpZ+tnMGxd4OPX2Vm
3TsxERpyTnOLu7JVBwMfHo0Kzd2N1r7yKUx9RZCF86CLikp1yukJ/It61z3QN05c
AZG0bzYSfN+sdMGTK8MSdPPNSEOB26cXN7R2aRljnepRr5DT3reyPxSzccuPx4bn
rsPqcgjL4huHLFsoKS1c0IC8An8NiRDeh+cq8t7GX4anMfo84qZ9+6EYmUetlZLF
owEtLTQ77hGoV8dTGSrlleutDNTybIWcgqHCmReeaOe1
-----END CERTIFICATE-----