Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/XqeB_PzgpdGueS9zmgP2Oz-QLP4.roa
File:                     XqeB_PzgpdGueS9zmgP2Oz-QLP4.roa (raw, json)
Hash identifier:          ykWXfGaaha45acJ3GqX8WNaZ0tRswEGKxCQEpgFqRxA=
Subject key identifier:   5E:A7:81:FC:FC:E0:A5:D1:AE:79:2F:73:9A:03:F6:3B:3F:90:2C:FE
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018E22EB9EE0ED80C77995F4FF4521B1040A
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/XqeB_PzgpdGueS9zmgP2Oz-QLP4.roa
Signing time:             Sat 09 Mar 2024 11:14:10 +0000
ROA not before:           Sat 09 Mar 2024 11:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        159.148.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:22:eb:9e:e0:ed:80:c7:79:95:f4:ff:45:21:b1:04:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar  9 11:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ea781fcfce0a5d1ae792f739a03f63b3f902cfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:03:93:a7:58:b4:e5:be:e7:61:6e:22:c0:99:
                    3f:2c:2c:56:14:8f:1e:92:f4:c6:9a:82:16:72:3f:
                    61:40:42:ed:49:82:0e:2a:5e:98:7f:9e:2a:69:60:
                    f3:24:8b:26:84:77:92:ed:84:a3:39:41:78:03:9b:
                    dd:7d:8d:b4:76:d2:77:28:31:2c:1a:1e:81:a8:51:
                    4a:d3:e5:ac:19:d8:ae:38:ba:2c:d9:69:0b:15:e2:
                    db:9c:88:5d:e4:20:23:2f:c3:cb:3a:58:90:0c:70:
                    08:1f:7d:33:20:50:8c:d3:5b:85:f5:8e:17:29:fb:
                    8b:e8:e2:24:86:28:1a:2f:01:75:9f:98:0d:32:7b:
                    b6:05:d4:cf:80:67:ab:8c:a8:a9:85:d2:8b:3a:62:
                    4f:3e:4a:2f:3d:90:7e:68:d4:df:a3:2b:e0:39:6e:
                    5f:9b:36:42:88:2b:03:8d:63:d6:a0:15:14:43:d8:
                    67:91:6d:aa:b6:86:3e:45:78:3f:66:ab:6b:38:89:
                    a8:e3:35:8d:7e:50:f4:8b:1a:bd:4d:da:7f:19:e1:
                    23:53:99:9a:8a:e6:f4:22:ad:fe:b6:2c:bd:f7:1d:
                    42:43:39:da:67:46:cd:9f:e8:18:2d:b5:e3:3f:37:
                    1a:b7:d9:f9:46:99:87:0c:f0:ce:ee:39:cd:71:a3:
                    6a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:A7:81:FC:FC:E0:A5:D1:AE:79:2F:73:9A:03:F6:3B:3F:90:2C:FE
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/XqeB_PzgpdGueS9zmgP2Oz-QLP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:be:d6:fd:40:ee:a6:8c:47:ac:50:a2:a7:f0:5f:d4:8d:aa:
         14:58:62:2b:90:47:84:45:72:d1:31:64:32:35:ce:63:c9:96:
         8a:e0:35:38:f4:ae:d2:62:00:46:3b:87:9e:4c:b5:7f:e7:d8:
         8a:b9:f9:b6:33:51:61:2d:fe:65:8d:14:57:bd:a1:52:c6:ae:
         17:13:3c:fc:a1:67:d5:5e:56:c3:00:1b:73:8b:4f:9a:76:41:
         f2:f2:94:2d:ae:69:da:26:55:1f:17:58:92:72:08:d1:8a:97:
         f1:cb:5f:0f:65:7f:91:03:a2:d3:59:03:55:a0:bb:10:c0:63:
         db:ee:d5:5d:19:ec:76:50:17:c0:96:21:80:ef:cf:63:9f:45:
         0c:b8:f8:98:98:c4:4a:79:fb:d4:43:cb:e4:6d:68:5f:4a:c1:
         ef:f6:7e:00:5f:89:e8:88:4a:8f:d6:06:77:84:a7:e1:22:d9:
         3b:a7:81:20:cf:51:3c:59:cd:6c:31:bb:12:c0:10:1f:e3:99:
         7f:be:ce:07:45:d7:71:e0:61:34:ef:36:82:45:01:95:74:cc:
         12:06:12:8c:f7:27:fc:10:5d:2e:b2:c0:c1:72:b3:30:b3:db:
         b4:1b:0e:2c:73:f4:12:97:bf:06:c1:64:64:05:c4:57:e5:44:
         3f:27:80:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4i657g7YDHeZX0/0UhsQQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMzA5MTExNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWE3ODFmY2ZjZTBhNWQxYWU3OTJmNzM5YTAzZjYzYjNmOTAyY2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQOTp1i05b7nYW4iwJk/LCxWFI8e
kvTGmoIWcj9hQELtSYIOKl6Yf54qaWDzJIsmhHeS7YSjOUF4A5vdfY20dtJ3KDEs
Gh6BqFFK0+WsGdiuOLos2WkLFeLbnIhd5CAjL8PLOliQDHAIH30zIFCM01uF9Y4X
KfuL6OIkhigaLwF1n5gNMnu2BdTPgGerjKiphdKLOmJPPkovPZB+aNTfoyvgOW5f
mzZCiCsDjWPWoBUUQ9hnkW2qtoY+RXg/ZqtrOImo4zWNflD0ixq9Tdp/GeEjU5ma
iub0Iq3+tiy99x1CQznaZ0bNn+gYLbXjPzcat9n5RpmHDPDO7jnNcaNq2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6ngfz84KXRrnkvc5oD9js/kCz+MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvWHFlQl9QemdwZEd1ZVM5em1nUDJPei1RTFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5T9MA0G
CSqGSIb3DQEBCwUAA4IBAQCOvtb9QO6mjEesUKKn8F/UjaoUWGIrkEeERXLRMWQy
Nc5jyZaK4DU49K7SYgBGO4eeTLV/59iKufm2M1FhLf5ljRRXvaFSxq4XEzz8oWfV
XlbDABtzi0+adkHy8pQtrmnaJlUfF1iScgjRipfxy18PZX+RA6LTWQNVoLsQwGPb
7tVdGex2UBfAliGA789jn0UMuPiYmMRKefvUQ8vkbWhfSsHv9n4AX4noiEqP1gZ3
hKfhItk7p4Egz1E8Wc1sMbsSwBAf45l/vs4HRddx4GE07zaCRQGVdMwSBhKM9yf8
EF0ussDBcrMws9u0Gw4sc/QSl78GwWRkBcRX5UQ/J4AX
-----END CERTIFICATE-----