Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/X6hpALPvB09npx39S49umMA-THA.roa
File:                     X6hpALPvB09npx39S49umMA-THA.roa (raw, json)
Hash identifier:          PoYWJMZDu5dCmNIBFkjyxLfCTBJCBDYsgzUbvy53DiA=
Subject key identifier:   5F:A8:69:00:B3:EF:07:4F:67:A7:1D:FD:4B:8F:6E:98:C0:3E:4C:70
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0194258F0F8D115615CB42B0A423A7883124
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/X6hpALPvB09npx39S49umMA-THA.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        84.19.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0f:8d:11:56:15:cb:42:b0:a4:23:a7:88:31:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fa86900b3ef074f67a71dfd4b8f6e98c03e4c70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:00:e6:f2:bc:95:4d:f2:92:ae:79:85:78:38:
                    25:82:c7:78:7a:67:8d:db:a9:55:83:78:eb:cd:ee:
                    d0:41:b7:9f:c3:32:84:94:25:7e:1e:d0:38:07:34:
                    87:85:b8:17:33:de:8f:0b:71:7e:ac:95:d1:af:02:
                    eb:c4:06:32:76:68:54:38:b2:0a:2d:0e:39:21:fb:
                    a7:0d:6e:96:d2:e3:ab:b3:52:88:7e:88:a2:46:ff:
                    01:7b:48:db:72:82:59:d9:be:70:21:0c:44:a9:34:
                    96:77:84:8d:43:c3:cf:d1:66:6e:10:99:62:0b:b9:
                    c6:74:00:fb:1d:bc:12:7f:51:a4:18:ad:ab:60:6f:
                    40:2d:85:ea:1b:97:90:67:6b:10:42:15:aa:4b:1e:
                    1d:fb:8e:b7:58:49:42:74:91:46:2b:bf:ea:46:9c:
                    39:12:9c:9f:a3:a0:1f:8e:30:a7:f8:7f:92:1d:38:
                    d7:59:46:2b:2a:4e:b8:f2:ee:97:9b:f3:62:03:2b:
                    4c:bc:20:b3:4e:78:2b:47:f4:be:fe:a7:7a:6b:c4:
                    38:25:e4:f0:0f:ce:b3:da:ee:90:70:35:65:b5:aa:
                    e2:1c:f8:e3:f4:f3:83:f9:cc:20:7d:cf:de:14:29:
                    1b:3a:67:95:de:75:52:0d:ef:6b:28:ab:0a:05:f6:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A8:69:00:B3:EF:07:4F:67:A7:1D:FD:4B:8F:6E:98:C0:3E:4C:70
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/X6hpALPvB09npx39S49umMA-THA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.19.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:f2:72:06:0e:6e:65:01:ec:f8:7f:28:b6:7e:75:f7:ae:6f:
         fd:43:05:1a:cd:f4:d6:97:f4:26:8e:35:f5:5b:60:f0:f6:6e:
         c5:ab:20:a6:e7:b1:e5:5b:8d:b3:6e:42:f9:70:66:68:55:ff:
         c5:cc:48:03:b2:3c:4f:82:a8:63:0d:00:10:ed:8f:b3:2e:12:
         e4:89:fb:3a:f7:0f:10:4c:31:da:f3:a1:93:65:67:64:6a:76:
         bd:af:c1:9c:4f:88:6f:2f:3b:fc:d4:a4:d7:7b:89:59:27:df:
         28:52:cf:b9:17:05:bc:a0:0e:80:27:ea:75:dc:4f:6d:4d:00:
         6b:03:49:7f:44:2c:fa:26:e2:8d:53:93:b0:ed:6c:29:38:0c:
         c2:9d:31:6e:2b:bf:8c:a4:e5:9e:50:5e:8b:f5:68:51:7e:30:
         f5:a3:a0:da:b2:db:aa:4a:9f:bc:25:3a:21:68:73:2c:88:3e:
         7e:2d:b5:0e:6c:86:32:f6:05:25:10:50:cf:ee:4c:7a:c5:a6:
         6b:1e:16:73:ad:07:3c:f9:01:98:2a:f4:d1:a6:06:e3:38:dd:
         6e:ec:df:60:c5:7c:68:50:6e:56:5f:ad:2e:db:36:de:6e:5f:
         52:d9:80:92:1c:3a:42:43:4b:f2:29:8c:54:76:66:22:eb:68:
         36:f8:8a:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljw+NEVYVy0KwpCOniDEkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmE4NjkwMGIzZWYwNzRmNjdhNzFkZmQ0YjhmNmU5OGMwM2U0YzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgDm8ryVTfKSrnmFeDglgsd4emeN
26lVg3jrze7QQbefwzKElCV+HtA4BzSHhbgXM96PC3F+rJXRrwLrxAYydmhUOLIK
LQ45IfunDW6W0uOrs1KIfoiiRv8Be0jbcoJZ2b5wIQxEqTSWd4SNQ8PP0WZuEJli
C7nGdAD7HbwSf1GkGK2rYG9ALYXqG5eQZ2sQQhWqSx4d+463WElCdJFGK7/qRpw5
Epyfo6AfjjCn+H+SHTjXWUYrKk648u6Xm/NiAytMvCCzTngrR/S+/qd6a8Q4JeTw
D86z2u6QcDVltariHPjj9POD+cwgfc/eFCkbOmeV3nVSDe9rKKsKBfaqGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+oaQCz7wdPZ6cd/UuPbpjAPkxwMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvWDZocEFMUHZCMDlucHgzOVM0OXVtTUEtVEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBMDMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ8nIGDm5lAez4fyi2fnX3rm/9QwUazfTWl/QmjjX1
W2Dw9m7FqyCm57HlW42zbkL5cGZoVf/FzEgDsjxPgqhjDQAQ7Y+zLhLkifs69w8Q
TDHa86GTZWdkana9r8GcT4hvLzv81KTXe4lZJ98oUs+5FwW8oA6AJ+p13E9tTQBr
A0l/RCz6JuKNU5Ow7WwpOAzCnTFuK7+MpOWeUF6L9WhRfjD1o6DastuqSp+8JToh
aHMsiD5+LbUObIYy9gUlEFDP7kx6xaZrHhZzrQc8+QGYKvTRpgbjON1u7N9gxXxo
UG5WX60u2zbebl9S2YCSHDpCQ0vyKYxUdmYi62g2+Io9
-----END CERTIFICATE-----