Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/5SqWjHscrg3lxkNMqBUWXJNj-Bk.roa
File:                     5SqWjHscrg3lxkNMqBUWXJNj-Bk.roa (raw, json)
Hash identifier:          8nsMcx4jb2eu8QgFhzgyrymMsTU7nxUIjCeuln31m3k=
Subject key identifier:   E5:2A:96:8C:7B:1C:AE:0D:E5:C6:43:4C:A8:15:16:5C:93:63:F8:19
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       01932E63C2D2FA232B9993B8915B4B6D2C5D
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/5SqWjHscrg3lxkNMqBUWXJNj-Bk.roa
Signing time:             Fri 15 Nov 2024 05:55:10 +0000
ROA not before:           Fri 15 Nov 2024 05:55:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     65593
IP address blocks:        84.44.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:63:c2:d2:fa:23:2b:99:93:b8:91:5b:4b:6d:2c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Nov 15 05:55:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e52a968c7b1cae0de5c6434ca815165c9363f819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:7d:53:5e:39:0b:12:71:69:a6:9a:93:7c:
                    58:59:18:93:a5:7b:71:ba:6e:1b:a4:28:be:76:94:
                    c4:58:0c:2c:96:67:c5:32:81:6c:7c:a1:2a:6a:9e:
                    5c:4c:85:88:e9:e0:8e:d9:4a:0c:8d:93:3d:56:1b:
                    8f:aa:41:8c:c2:37:ca:5f:4f:40:09:0b:9b:15:30:
                    d7:32:c4:d5:ab:44:28:88:a3:6f:46:cf:2f:e6:db:
                    98:51:a4:65:40:94:b5:68:c6:04:41:de:70:99:61:
                    cb:0a:43:5f:60:c1:a7:89:c3:d2:ec:fd:47:a8:47:
                    7a:08:89:9d:fa:70:01:d2:0f:c9:9c:0e:de:2a:89:
                    2e:cb:65:44:af:a4:52:98:39:97:9b:9f:52:80:c2:
                    b6:73:04:7f:db:6c:9e:1d:b6:89:50:fc:83:b0:60:
                    45:63:16:76:af:77:fc:a7:86:e5:af:d7:1c:ca:e4:
                    58:0b:b7:ca:10:57:bb:72:9c:45:cc:99:ac:d3:b3:
                    44:bc:94:e8:22:b5:90:10:7f:bf:b3:a7:bc:ab:e5:
                    2e:82:d1:35:9f:24:5f:1c:10:02:87:1a:c4:47:5c:
                    b9:43:dc:32:c7:cc:21:c7:d5:eb:92:c9:5d:a2:d5:
                    67:53:b9:22:3b:64:51:b4:46:54:5d:f8:61:a9:89:
                    70:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:2A:96:8C:7B:1C:AE:0D:E5:C6:43:4C:A8:15:16:5C:93:63:F8:19
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/5SqWjHscrg3lxkNMqBUWXJNj-Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.44.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:5f:c5:c0:f6:14:5f:10:b9:ce:06:bc:58:e5:66:6a:b5:05:
         bb:9d:d5:f9:87:9a:83:45:ec:fe:bf:8d:ff:77:9e:4f:43:57:
         80:30:f8:d3:59:ea:4e:00:df:e7:a9:87:c3:e1:57:16:80:00:
         6e:35:e2:9b:14:e6:04:f6:a0:22:3b:43:c1:72:96:4d:f3:21:
         e4:e3:ee:88:3b:89:95:48:63:2c:2c:bc:00:48:76:1f:5b:0a:
         7e:d5:5e:6b:84:88:97:57:99:31:e8:46:02:35:32:b1:83:f6:
         dd:a9:bb:07:de:d6:66:87:c1:75:5d:70:95:47:93:8b:a3:38:
         84:c0:eb:61:87:2e:e6:71:d2:d1:92:f4:6b:69:1f:3f:d9:26:
         7a:2e:ee:02:d8:d3:92:ca:01:93:0b:ea:5d:2d:ef:a5:f6:d1:
         af:b0:fd:65:e3:b1:47:94:b8:25:9e:13:32:5f:ad:67:84:bf:
         a9:96:52:be:21:7b:29:ba:85:4d:a0:48:62:e6:2a:d8:a1:3f:
         b6:67:bd:80:d8:6b:4e:d4:b5:cd:06:3c:8c:3d:2e:f9:64:b6:
         c6:07:bb:1e:9e:bb:67:09:87:07:ab:5b:89:e9:f7:f4:8c:4b:
         15:23:51:46:1e:e1:62:b5:c6:8c:65:0e:41:8e:a5:82:5d:15:
         f8:58:d7:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMuY8LS+iMrmZO4kVtLbSxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQxMTE1MDU1NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTJhOTY4YzdiMWNhZTBkZTVjNjQzNGNhODE1MTY1YzkzNjNmODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCF9U145CxJxaaaak3xYWRiTpXtx
um4bpCi+dpTEWAwslmfFMoFsfKEqap5cTIWI6eCO2UoMjZM9VhuPqkGMwjfKX09A
CQubFTDXMsTVq0QoiKNvRs8v5tuYUaRlQJS1aMYEQd5wmWHLCkNfYMGnicPS7P1H
qEd6CImd+nAB0g/JnA7eKokuy2VEr6RSmDmXm59SgMK2cwR/22yeHbaJUPyDsGBF
YxZ2r3f8p4blr9ccyuRYC7fKEFe7cpxFzJms07NEvJToIrWQEH+/s6e8q+UugtE1
nyRfHBAChxrER1y5Q9wyx8whx9XrksldotVnU7kiO2RRtEZUXfhhqYlwoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUqlox7HK4N5cZDTKgVFlyTY/gZMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvNVNxV2pIc2NyZzNseGtOTXFCVVdYSk5qLUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCxQMA0G
CSqGSIb3DQEBCwUAA4IBAQAPX8XA9hRfELnOBrxY5WZqtQW7ndX5h5qDRez+v43/
d55PQ1eAMPjTWepOAN/nqYfD4VcWgABuNeKbFOYE9qAiO0PBcpZN8yHk4+6IO4mV
SGMsLLwASHYfWwp+1V5rhIiXV5kx6EYCNTKxg/bdqbsH3tZmh8F1XXCVR5OLoziE
wOthhy7mcdLRkvRraR8/2SZ6Lu4C2NOSygGTC+pdLe+l9tGvsP1l47FHlLglnhMy
X61nhL+pllK+IXspuoVNoEhi5irYoT+2Z72A2GtO1LXNBjyMPS75ZLbGB7senrtn
CYcHq1uJ6ff0jEsVI1FGHuFitcaMZQ5BjqWCXRX4WNfv
-----END CERTIFICATE-----