Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/xQG52uNkuRpKHvoFHnhA90xXWTk.roa
File:                     xQG52uNkuRpKHvoFHnhA90xXWTk.roa (raw, json)
Hash identifier:          /R0mjr3iQSCsoV5Dwf+B1KoNAwCtxONSBcFxuSz95mI=
Subject key identifier:   C5:01:B9:DA:E3:64:B9:1A:4A:1E:FA:05:1E:78:40:F7:4C:57:59:39
Certificate issuer:       /CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
Certificate serial:       018CC56E01223968A3BEB2C0EC9C7C8C6440
Authority key identifier: A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/xQG52uNkuRpKHvoFHnhA90xXWTk.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20676
IP address blocks:        153.98.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:01:22:39:68:a3:be:b2:c0:ec:9c:7c:8c:64:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76fcfad966ae7e8171cfce26db3f65776d26fe8
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c501b9dae364b91a4a1efa051e7840f74c575939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1c:28:33:41:ca:34:42:65:46:73:6e:17:d4:
                    b2:c9:8b:ac:ee:86:0d:4e:46:33:44:9a:ad:5a:22:
                    f3:0e:2a:6f:b3:b7:ef:40:9d:fb:c1:d1:f1:15:3e:
                    38:47:f2:c7:c8:21:b5:67:ce:24:c5:e0:4a:74:d1:
                    ac:1a:d4:c8:e7:2a:b5:e4:4e:99:c4:2e:10:d5:b4:
                    8c:95:aa:72:f9:1e:c1:1a:fa:d7:97:27:7b:05:43:
                    86:03:03:c8:9f:e4:98:66:7b:0e:e5:56:66:c5:91:
                    c8:bc:bf:ea:c0:8f:b8:44:f0:16:fa:72:a4:bf:35:
                    05:f9:3b:1d:5f:34:ce:5a:68:d8:59:be:0d:2e:8d:
                    48:8c:7b:37:f3:68:37:e2:26:fe:82:51:d1:a6:f9:
                    28:bb:ef:9b:18:e0:69:8e:c3:c3:70:68:ed:52:39:
                    b5:9a:7d:18:61:82:04:22:7a:7f:1f:12:a5:22:0c:
                    3d:cf:67:71:26:f6:56:e7:7e:0e:a9:56:56:d3:07:
                    1d:6d:be:5d:5f:b0:7f:54:46:83:4e:c6:d1:7b:20:
                    c3:86:d9:a7:c7:83:de:be:64:a7:87:3f:8c:91:d9:
                    b7:cb:0d:f7:cd:93:ab:ca:ef:8e:2c:10:b9:63:ac:
                    96:da:07:7d:61:3e:8e:b1:ae:4d:8d:25:7c:dc:58:
                    73:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:01:B9:DA:E3:64:B9:1A:4A:1E:FA:05:1E:78:40:F7:4C:57:59:39
            X509v3 Authority Key Identifier:
                keyid:A7:6F:CF:AD:96:6A:E7:E8:17:1C:FC:E2:6D:B3:F6:57:76:D2:6F:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2_PrZZq5-gXHPzibbP2V3bSb-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/xQG52uNkuRpKHvoFHnhA90xXWTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/db8752-84b2-438a-9bc1-c5401f6d91d1/1/p2_PrZZq5-gXHPzibbP2V3bSb-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.98.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:fb:ff:0a:af:ec:a2:e1:42:3a:b5:00:7a:72:b2:c2:2d:07:
         97:46:6e:e7:42:3b:fa:80:b2:30:20:b9:da:a7:e5:64:a0:96:
         52:00:83:dc:04:cf:20:a6:51:4e:99:d2:43:78:26:fa:12:01:
         a5:49:cc:d5:49:45:c9:dc:c0:4e:c9:c4:77:e5:24:f6:65:9d:
         33:c3:8d:61:3a:d3:80:f6:d3:e1:97:c0:37:16:dc:0e:f5:e2:
         da:fa:00:c2:64:f6:a0:38:b3:6e:17:fa:02:db:fd:1a:16:b0:
         37:87:b4:dc:7d:91:b3:da:98:c8:49:c7:f9:2f:0b:78:f4:27:
         3c:d3:14:0f:6c:a4:c9:6a:cd:6c:98:09:9a:fc:50:14:4e:9c:
         b7:db:21:ab:01:d8:a7:20:83:d5:12:1d:7a:a5:b1:76:4d:7b:
         ca:bf:57:4f:47:d7:d0:e8:e8:0d:2b:bd:7a:68:e2:d9:18:42:
         f1:56:b5:46:34:99:a6:28:4b:bb:bf:de:c8:b8:66:27:ea:0b:
         af:d1:45:4f:a3:19:2b:b8:5e:dc:10:9a:01:63:27:e7:cc:fc:
         02:5c:a9:e9:94:d5:9d:4c:4b:e7:c6:f5:94:09:23:cf:67:31:
         be:94:4b:a8:f5:73:38:d1:00:44:e3:60:91:82:40:f4:7c:fb:
         eb:4b:2f:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgEiOWijvrLA7Jx8jGRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmZjZmFkOTY2YWU3ZTgxNzFjZmNlMjZkYjNmNjU3NzZk
MjZmZTgwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTAxYjlkYWUzNjRiOTFhNGExZWZhMDUxZTc4NDBmNzRjNTc1OTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxwoM0HKNEJlRnNuF9SyyYus7oYN
TkYzRJqtWiLzDipvs7fvQJ37wdHxFT44R/LHyCG1Z84kxeBKdNGsGtTI5yq15E6Z
xC4Q1bSMlapy+R7BGvrXlyd7BUOGAwPIn+SYZnsO5VZmxZHIvL/qwI+4RPAW+nKk
vzUF+TsdXzTOWmjYWb4NLo1IjHs382g34ib+glHRpvkou++bGOBpjsPDcGjtUjm1
mn0YYYIEInp/HxKlIgw9z2dxJvZW534OqVZW0wcdbb5dX7B/VEaDTsbReyDDhtmn
x4PevmSnhz+Mkdm3yw33zZOryu+OLBC5Y6yW2gd9YT6Osa5NjSV83FhzpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUBudrjZLkaSh76BR54QPdMV1k5MB8GA1UdIwQY
MBaAFKdvz62WaufoFxz84m2z9ld20m/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEt
YzU0MDFmNmQ5MWQxLzEveFFHNTJ1Tmt1UnBLSHZvRkhuaEE5MHhYV1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kYjg3NTItODRiMi00MzhhLTliYzEtYzU0MDFmNmQ5MWQx
LzEvcDJfUHJaWnE1LWdYSFB6aWJiUDJWM2JTYi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmWLLMA0G
CSqGSIb3DQEBCwUAA4IBAQB3+/8Kr+yi4UI6tQB6crLCLQeXRm7nQjv6gLIwILna
p+VkoJZSAIPcBM8gplFOmdJDeCb6EgGlSczVSUXJ3MBOycR35ST2ZZ0zw41hOtOA
9tPhl8A3FtwO9eLa+gDCZPagOLNuF/oC2/0aFrA3h7TcfZGz2pjIScf5Lwt49Cc8
0xQPbKTJas1smAma/FAUTpy32yGrAdinIIPVEh16pbF2TXvKv1dPR9fQ6OgNK716
aOLZGELxVrVGNJmmKEu7v97IuGYn6guv0UVPoxkruF7cEJoBYyfnzPwCXKnplNWd
TEvnxvWUCSPPZzG+lEuo9XM40QBE42CRgkD0fPvrSy9U
-----END CERTIFICATE-----