Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/xIkOEF3iRfOI6K-jKQ-MsZhPUWE.roa
File:                     xIkOEF3iRfOI6K-jKQ-MsZhPUWE.roa (raw, json)
Hash identifier:          JUkzjOVtCoqbn2+5EKQRbfWOq3VQ+mh1knk95m5giqg=
Subject key identifier:   C4:89:0E:10:5D:E2:45:F3:88:E8:AF:A3:29:0F:8C:B1:98:4F:51:61
Certificate issuer:       /CN=57c0bd9f8331ea8438fd2a2f671b71af4a2dec17
Certificate serial:       01931BFE70F948F458F67117281C34B5A4F4
Authority key identifier: 57:C0:BD:9F:83:31:EA:84:38:FD:2A:2F:67:1B:71:AF:4A:2D:EC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/xIkOEF3iRfOI6K-jKQ-MsZhPUWE.roa
Signing time:             Mon 11 Nov 2024 16:11:20 +0000
ROA not before:           Mon 11 Nov 2024 16:11:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50245
IP address blocks:        91.216.220.0/24 maxlen: 24
                          2a13:f980::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1b:fe:70:f9:48:f4:58:f6:71:17:28:1c:34:b5:a4:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c0bd9f8331ea8438fd2a2f671b71af4a2dec17
        Validity
            Not Before: Nov 11 16:11:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4890e105de245f388e8afa3290f8cb1984f5161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5d:fa:f0:4a:76:8b:be:61:5d:a0:e7:2a:83:
                    84:7d:d4:54:d0:c6:0b:c2:b3:19:dc:99:a0:72:0e:
                    24:a0:43:e1:20:6f:4c:0c:94:d4:23:8e:d0:22:8f:
                    e4:8f:72:0b:9c:75:d7:18:b2:4b:99:66:79:44:c9:
                    bc:1f:42:8c:b1:d6:97:64:90:04:9b:52:00:4f:ce:
                    6b:c1:e1:2c:b6:43:58:1e:5e:95:fe:cc:6e:47:a9:
                    ed:93:2a:2b:83:03:d7:4a:ae:07:5c:92:6d:df:b2:
                    63:17:7d:2a:9f:27:72:63:da:fc:44:9a:20:5c:07:
                    bb:88:56:80:b8:95:4a:3f:c7:8d:7f:f0:10:dd:20:
                    70:b8:5a:79:90:42:3c:68:af:8d:13:09:b9:1c:91:
                    2e:e3:e1:bf:76:96:d6:7f:98:1f:7e:2e:a1:73:69:
                    26:cd:e2:68:77:59:4a:96:49:36:2d:02:9b:52:f9:
                    0b:cf:e8:d4:76:93:1f:c3:48:0b:26:6e:6c:e5:e7:
                    e0:fb:76:f1:85:ee:06:72:02:3d:9f:8a:03:4a:73:
                    b5:cd:11:6a:5f:a2:46:8e:b7:41:f0:3d:73:c3:7e:
                    15:08:2f:84:a7:7a:74:22:52:a2:59:76:8a:41:0a:
                    ba:f0:46:58:79:8f:f7:74:63:78:f3:bb:1f:84:a8:
                    f3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:89:0E:10:5D:E2:45:F3:88:E8:AF:A3:29:0F:8C:B1:98:4F:51:61
            X509v3 Authority Key Identifier:
                keyid:57:C0:BD:9F:83:31:EA:84:38:FD:2A:2F:67:1B:71:AF:4A:2D:EC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/xIkOEF3iRfOI6K-jKQ-MsZhPUWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.220.0/24
                IPv6:
                  2a13:f980::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:02:57:31:35:5a:d1:f5:21:de:05:df:cc:6a:41:a6:53:f5:
         4a:a4:8d:de:1d:77:44:ed:6d:ce:63:bc:63:91:5b:df:a0:2e:
         8c:d7:db:11:c0:da:9c:2a:c8:63:51:2d:ff:cb:3d:d6:6a:99:
         b3:b2:a2:4c:89:e4:ae:7d:7e:2d:9b:4a:cb:80:8b:a7:c1:f9:
         b3:ea:46:b7:7e:f8:2c:12:8a:71:a7:dd:4a:68:b5:c0:15:db:
         ca:29:86:8e:61:78:b0:7c:75:d9:0a:84:1d:1d:68:bd:38:f6:
         3a:cb:63:bc:7a:d3:32:18:52:73:33:34:3e:05:61:29:71:d4:
         a8:0c:3f:bb:6c:64:71:ac:9f:4f:c9:07:1c:6f:43:92:0b:ea:
         b5:65:53:64:b4:6a:f1:dd:30:be:09:40:9f:e5:c2:9e:b1:7e:
         df:44:11:e1:20:6f:b2:9f:bb:b6:ad:26:33:25:5a:2f:27:11:
         28:ba:b9:93:1a:cf:b7:6f:43:3a:93:b7:a7:15:27:47:a1:26:
         c5:73:b2:ff:b0:fc:fb:38:b3:59:3b:f8:e1:99:c1:97:a0:b1:
         02:03:c4:e3:88:58:f1:69:da:54:e5:3b:bd:20:50:e7:ab:c5:
         6b:0e:a2:f3:36:55:0e:ed:40:95:90:95:8f:23:fe:d8:37:2c:
         3f:0f:6e:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMb/nD5SPRY9nEXKBw0taT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzBiZDlmODMzMWVhODQzOGZkMmEyZjY3MWI3MWFmNGEy
ZGVjMTcwHhcNMjQxMTExMTYxMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDg5MGUxMDVkZTI0NWYzODhlOGFmYTMyOTBmOGNiMTk4NGY1MTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl368Ep2i75hXaDnKoOEfdRU0MYL
wrMZ3Jmgcg4koEPhIG9MDJTUI47QIo/kj3ILnHXXGLJLmWZ5RMm8H0KMsdaXZJAE
m1IAT85rweEstkNYHl6V/sxuR6ntkyorgwPXSq4HXJJt37JjF30qnydyY9r8RJog
XAe7iFaAuJVKP8eNf/AQ3SBwuFp5kEI8aK+NEwm5HJEu4+G/dpbWf5gffi6hc2km
zeJod1lKlkk2LQKbUvkLz+jUdpMfw0gLJm5s5efg+3bxhe4GcgI9n4oDSnO1zRFq
X6JGjrdB8D1zw34VCC+Ep3p0IlKiWXaKQQq68EZYeY/3dGN487sfhKjzswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMSJDhBd4kXziOivoykPjLGYT1FhMB8GA1UdIwQY
MBaAFFfAvZ+DMeqEOP0qL2cbca9KLewXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhDOW40TXg2b1E0X1Nvdlp4dHhyMG90N0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kNWU5ZjYtM2Y2ZC00Njk0LTg5Yjgt
YTA5M2QxMDA4NzRjLzEveElrT0VGM2lSZk9JNkstaktRLU1zWmhQVVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kNWU5ZjYtM2Y2ZC00Njk0LTg5YjgtYTA5M2QxMDA4NzRj
LzEvVjhDOW40TXg2b1E0X1Nvdlp4dHhyMG90N0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9jcMA0E
AgACMAcDBQMqE/mAMA0GCSqGSIb3DQEBCwUAA4IBAQCOAlcxNVrR9SHeBd/MakGm
U/VKpI3eHXdE7W3OY7xjkVvfoC6M19sRwNqcKshjUS3/yz3WapmzsqJMieSufX4t
m0rLgIunwfmz6ka3fvgsEopxp91KaLXAFdvKKYaOYXiwfHXZCoQdHWi9OPY6y2O8
etMyGFJzMzQ+BWEpcdSoDD+7bGRxrJ9PyQccb0OSC+q1ZVNktGrx3TC+CUCf5cKe
sX7fRBHhIG+yn7u2rSYzJVovJxEourmTGs+3b0M6k7enFSdHoSbFc7L/sPz7OLNZ
O/jhmcGXoLECA8TjiFjxadpU5Tu9IFDnq8VrDqLzNlUO7UCVkJWPI/7YNyw/D278
-----END CERTIFICATE-----