Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/XKmt73sfllF_ngdCBPXSWxzOZMc.roa
File:                     XKmt73sfllF_ngdCBPXSWxzOZMc.roa (raw, json)
Hash identifier:          bA9ld5LC0O/I+6/EBiuU/X/9gScWVxboPOwC3mecyMc=
Subject key identifier:   5C:A9:AD:EF:7B:1F:96:51:7F:9E:07:42:04:F5:D2:5B:1C:CE:64:C7
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC795200E0BF3E5197D9E9BE5BB0AA45F
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/XKmt73sfllF_ngdCBPXSWxzOZMc.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50089
IP address blocks:        80.242.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:20:0e:0b:f3:e5:19:7d:9e:9b:e5:bb:0a:a4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ca9adef7b1f96517f9e074204f5d25b1cce64c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ec:8d:5f:3c:28:01:9f:d0:5e:f3:5a:80:18:
                    1c:24:19:2b:07:e7:b1:46:9f:ca:41:05:d5:5b:ea:
                    f0:8a:1e:c0:2c:1c:19:a1:55:be:71:91:8c:7a:aa:
                    1e:e1:27:ed:8f:9f:f1:0f:dc:d5:34:b2:25:fe:b1:
                    14:4d:53:02:45:a7:45:0b:77:e8:08:39:1e:5a:e7:
                    cd:70:7e:71:95:26:da:33:b5:f5:d7:9a:e4:4b:f8:
                    6d:12:2d:7c:00:81:57:b9:62:24:69:ec:18:3d:ae:
                    ef:60:03:a3:da:ab:e7:60:f9:a3:25:19:3e:f4:90:
                    de:fe:ac:61:0a:e9:89:8f:2d:76:82:f9:97:1c:0f:
                    da:31:99:89:9b:66:77:e0:bd:aa:90:9e:4a:00:94:
                    b6:61:6f:37:35:ff:c4:76:cd:3d:d3:5e:43:c7:d0:
                    38:81:90:9a:bc:ec:74:a8:8a:a4:4e:ef:b3:c1:8c:
                    ad:2d:7d:92:8c:2a:9d:90:cb:2a:86:12:4b:69:dc:
                    b8:45:15:bd:f1:33:64:2e:02:6e:2e:4a:58:0a:be:
                    ba:e2:ce:a2:19:3c:04:e9:3c:38:c4:d9:d1:fa:5f:
                    b7:15:85:c9:ce:7b:a7:0b:5b:87:ef:15:e2:d2:23:
                    b5:9b:69:8d:6d:2c:9f:8f:0f:f5:bb:d8:91:17:bd:
                    b7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A9:AD:EF:7B:1F:96:51:7F:9E:07:42:04:F5:D2:5B:1C:CE:64:C7
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/XKmt73sfllF_ngdCBPXSWxzOZMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.242.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:a7:37:fe:b5:af:83:1d:05:47:70:08:44:4b:47:08:e0:0f:
         74:ed:ff:1e:95:bd:89:ec:47:0d:be:b0:24:43:f1:50:e9:87:
         b5:86:98:b2:dd:04:a5:7d:30:89:a5:4b:38:4a:c9:99:28:44:
         32:42:f6:68:56:12:67:53:e5:ac:2b:81:dd:e6:a0:6a:05:34:
         3e:e3:b9:4c:6f:df:30:f4:98:c0:9e:c2:7c:43:2e:b8:b1:79:
         11:f3:39:51:ef:40:18:02:d3:4f:ab:26:03:33:42:d6:5f:bb:
         59:6a:65:08:9b:2d:13:ad:7d:3c:ac:f0:ff:6a:6d:bc:b0:d4:
         ff:a7:42:a8:c9:73:ac:95:26:da:73:5f:88:5c:05:9c:f1:b6:
         c1:50:93:16:bb:cf:0c:d2:5a:be:ce:aa:eb:9c:74:68:56:ed:
         2b:ca:2f:ce:56:dc:4d:19:9d:a4:d0:82:3b:06:a0:36:e7:56:
         40:6f:20:a9:54:71:d8:b1:d2:69:27:db:59:a5:5e:d4:df:15:
         27:b2:a9:94:8d:44:4b:81:bd:f3:71:c3:95:6b:49:b8:31:81:
         39:82:29:64:2b:db:e8:42:8d:2d:21:2c:26:2c:93:d6:ef:f6:
         da:80:e1:d8:76:63:35:71:cc:fd:f6:94:75:28:c4:09:9b:39:
         22:72:ae:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSAOC/PlGX2em+W7CqRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E5YWRlZjdiMWY5NjUxN2Y5ZTA3NDIwNGY1ZDI1YjFjY2U2NGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+yNXzwoAZ/QXvNagBgcJBkrB+ex
Rp/KQQXVW+rwih7ALBwZoVW+cZGMeqoe4Sftj5/xD9zVNLIl/rEUTVMCRadFC3fo
CDkeWufNcH5xlSbaM7X115rkS/htEi18AIFXuWIkaewYPa7vYAOj2qvnYPmjJRk+
9JDe/qxhCumJjy12gvmXHA/aMZmJm2Z34L2qkJ5KAJS2YW83Nf/Eds09015Dx9A4
gZCavOx0qIqkTu+zwYytLX2SjCqdkMsqhhJLady4RRW98TNkLgJuLkpYCr664s6i
GTwE6Tw4xNnR+l+3FYXJznunC1uH7xXi0iO1m2mNbSyfjw/1u9iRF723+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFypre97H5ZRf54HQgT10lsczmTHMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvWEttdDczc2ZsbEZfbmdkQ0JQWFNXeHpPWk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPI8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5pzf+ta+DHQVHcAhES0cI4A907f8elb2J7EcNvrAk
Q/FQ6Ye1hpiy3QSlfTCJpUs4SsmZKEQyQvZoVhJnU+WsK4Hd5qBqBTQ+47lMb98w
9JjAnsJ8Qy64sXkR8zlR70AYAtNPqyYDM0LWX7tZamUImy0TrX08rPD/am28sNT/
p0KoyXOslSbac1+IXAWc8bbBUJMWu88M0lq+zqrrnHRoVu0ryi/OVtxNGZ2k0II7
BqA251ZAbyCpVHHYsdJpJ9tZpV7U3xUnsqmUjURLgb3zccOVa0m4MYE5gilkK9vo
Qo0tISwmLJPW7/bagOHYdmM1ccz99pR1KMQJmzkicq7w
-----END CERTIFICATE-----