Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/vIlpX8CjzZaU0PXwsXHzcKjVC04.roa
File:                     vIlpX8CjzZaU0PXwsXHzcKjVC04.roa (raw, json)
Hash identifier:          bO0HpkLfnWXQQ/bA0C9yZn4DJ1wV1jr8ERGayL0b1zM=
Subject key identifier:   BC:89:69:5F:C0:A3:CD:96:94:D0:F5:F0:B1:71:F3:70:A8:D5:0B:4E
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       01918E78201C865C724208EABA60A6D0EB4E
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/vIlpX8CjzZaU0PXwsXHzcKjVC04.roa
Signing time:             Mon 26 Aug 2024 11:35:22 +0000
ROA not before:           Mon 26 Aug 2024 11:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34205
IP address blocks:        81.89.112.0/20 maxlen: 20
                          109.236.224.0/20 maxlen: 20
                          212.14.192.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:78:20:1c:86:5c:72:42:08:ea:ba:60:a6:d0:eb:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Aug 26 11:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc89695fc0a3cd9694d0f5f0b171f370a8d50b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6a:31:6b:15:ff:7f:a7:18:e0:37:32:b7:33:
                    a1:2b:86:1f:d1:04:b0:4a:c0:2e:48:35:cb:1a:5e:
                    4d:6d:c2:f7:d3:fb:d1:f5:90:20:bd:b0:47:6d:86:
                    e9:7a:6c:e9:07:86:f0:1b:be:bc:18:5d:a6:90:69:
                    41:b6:98:20:f6:d5:0b:a6:4a:c5:68:b6:c0:24:cb:
                    40:9c:7b:69:46:71:f3:2d:65:cb:48:03:84:f0:79:
                    5d:3d:ae:1f:01:29:aa:72:49:e2:ac:e0:31:63:a9:
                    9b:97:c1:ed:e0:2f:05:a8:3f:69:bb:95:d9:26:64:
                    cf:c8:bf:ef:be:0b:79:93:f1:ed:f6:f7:eb:5b:4a:
                    f0:91:fb:b8:a4:5c:8d:53:c0:b1:7a:21:1a:87:ab:
                    6a:30:6d:f3:6e:cd:a6:e5:b4:bf:f1:7e:1d:53:7f:
                    76:53:a0:b4:9d:72:1f:16:a1:f9:53:ba:6c:82:2e:
                    bd:fe:59:b9:65:10:25:05:cd:e2:b8:d3:ae:bf:61:
                    cf:a3:8e:0f:6c:a8:a3:bb:79:75:1c:2c:1c:61:aa:
                    93:47:a7:47:1f:27:bb:11:bf:65:74:22:24:eb:bb:
                    b5:df:3c:6e:22:59:16:bb:de:06:f3:a5:5b:02:f4:
                    59:fe:df:6c:37:41:f5:51:bb:ad:83:70:f2:e7:76:
                    a7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:89:69:5F:C0:A3:CD:96:94:D0:F5:F0:B1:71:F3:70:A8:D5:0B:4E
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/vIlpX8CjzZaU0PXwsXHzcKjVC04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.112.0/20
                  109.236.224.0/20
                  212.14.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         30:26:f2:26:69:ca:37:6f:54:fb:cb:eb:08:78:1a:b2:53:90:
         70:74:2b:61:6f:b7:09:5d:c7:b1:b5:38:84:b9:e7:82:50:ca:
         f7:d4:3b:74:50:c5:e3:e5:3e:83:e5:70:89:b6:91:03:4b:4c:
         63:53:7b:f9:14:a4:92:34:39:cc:a0:ed:ac:03:3b:35:c0:5a:
         e2:b2:3d:4f:a4:ec:29:63:64:8c:5f:05:06:39:99:b5:cd:ba:
         d0:6d:cb:9a:72:8f:c7:09:5e:17:fe:c6:14:3a:af:b3:d4:fd:
         53:c0:02:8d:71:17:b2:cd:79:3d:09:d6:dd:36:65:75:71:13:
         54:eb:83:4e:fc:87:9a:ef:5a:e1:2b:b2:36:ff:bd:ea:93:28:
         9a:20:5e:be:d4:b0:20:63:e6:ad:ff:a0:04:9b:7e:ec:ca:38:
         65:85:d6:01:76:29:21:bf:57:c8:b1:26:7c:e6:af:d2:a7:9a:
         bf:88:5d:66:18:f2:ed:5d:0e:af:ef:9d:30:0a:f9:cf:a5:8e:
         96:07:44:9a:55:3d:dd:d4:41:75:66:27:cd:b1:6d:b5:8b:44:
         e7:c8:51:85:7d:46:ac:bb:b6:4c:e3:7c:55:a4:0d:09:7f:f9:
         93:7c:fa:a0:ae:0e:e4:93:35:a1:d5:44:bc:ef:8d:50:42:b0:
         ca:8c:9a:15
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGOeCAchlxyQgjqumCm0OtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwODI2MTEzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzg5Njk1ZmMwYTNjZDk2OTRkMGY1ZjBiMTcxZjM3MGE4ZDUwYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2oxaxX/f6cY4DcytzOhK4Yf0QSw
SsAuSDXLGl5NbcL30/vR9ZAgvbBHbYbpemzpB4bwG768GF2mkGlBtpgg9tULpkrF
aLbAJMtAnHtpRnHzLWXLSAOE8HldPa4fASmqcknirOAxY6mbl8Ht4C8FqD9pu5XZ
JmTPyL/vvgt5k/Ht9vfrW0rwkfu4pFyNU8CxeiEah6tqMG3zbs2m5bS/8X4dU392
U6C0nXIfFqH5U7psgi69/lm5ZRAlBc3iuNOuv2HPo44PbKiju3l1HCwcYaqTR6dH
Hye7Eb9ldCIk67u13zxuIlkWu94G86VbAvRZ/t9sN0H1Ubutg3Dy53an9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLyJaV/Ao82WlND18LFx83Co1QtOMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvdklscFg4Q2p6WmFVMFBYd3NYSHpjS2pWQzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEUVlwAwQE
bezgAwQF1A7AMA0GCSqGSIb3DQEBCwUAA4IBAQAwJvImaco3b1T7y+sIeBqyU5Bw
dCthb7cJXcextTiEueeCUMr31Dt0UMXj5T6D5XCJtpEDS0xjU3v5FKSSNDnMoO2s
Azs1wFrisj1PpOwpY2SMXwUGOZm1zbrQbcuaco/HCV4X/sYUOq+z1P1TwAKNcRey
zXk9CdbdNmV1cRNU64NO/Iea71rhK7I2/73qkyiaIF6+1LAgY+at/6AEm37syjhl
hdYBdikhv1fIsSZ85q/Sp5q/iF1mGPLtXQ6v750wCvnPpY6WB0SaVT3d1EF1ZifN
sW21i0TnyFGFfUasu7ZM43xVpA0Jf/mTfPqgrg7kkzWh1US8741QQrDKjJoV
-----END CERTIFICATE-----