Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/5Xmig3pncTc70x9-Q05GZxh_ezA.roa
File:                     5Xmig3pncTc70x9-Q05GZxh_ezA.roa (raw, json)
Hash identifier:          FrRZsRLVRfd9BZBk3IpFwKY3Qj9fTpHC5xmYWo/2ZMU=
Subject key identifier:   E5:79:A2:83:7A:67:71:37:3B:D3:1F:7E:43:4E:46:67:18:7F:7B:30
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       018E7B5C39DDA6A80C2748D70B03D3822561
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/5Xmig3pncTc70x9-Q05GZxh_ezA.roa
Signing time:             Tue 26 Mar 2024 15:23:45 +0000
ROA not before:           Tue 26 Mar 2024 15:23:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60064
IP address blocks:        185.188.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:5c:39:dd:a6:a8:0c:27:48:d7:0b:03:d3:82:25:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Mar 26 15:23:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e579a2837a6771373bd31f7e434e4667187f7b30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:89:6a:27:23:17:e8:1e:b6:c5:c0:2a:9c:f2:
                    57:69:d3:be:79:68:b7:a8:2e:10:65:ba:e9:79:4b:
                    f3:85:2e:dd:d8:89:44:aa:cb:b7:46:77:4a:9e:92:
                    94:b8:d3:ec:6b:3f:fe:a1:56:f7:68:ab:c6:18:2e:
                    b7:59:16:29:10:ca:1b:37:27:d7:0b:b1:0f:1f:32:
                    70:85:dd:97:20:48:44:9a:b5:6d:04:08:16:74:c3:
                    62:db:82:50:3a:cc:f5:f8:05:37:ec:6a:85:16:03:
                    66:22:1b:5d:b2:dd:08:b7:c7:d8:8b:f6:61:01:37:
                    b4:c0:51:9f:c3:2a:4f:f6:00:b5:66:67:4d:27:ca:
                    54:71:6b:1f:f6:26:77:e1:ca:3d:b0:8a:7f:61:6f:
                    9a:cf:e9:a0:75:20:df:d5:50:89:bf:75:ff:ef:62:
                    56:00:33:bc:8c:5a:eb:c9:cb:3a:9f:93:c8:58:2f:
                    26:52:07:3c:1b:2f:e3:af:21:5f:d5:32:74:e2:39:
                    0e:3b:e8:5d:97:6c:7a:e2:c8:be:0b:82:cf:28:d7:
                    79:37:f6:cc:ea:60:11:c4:48:4a:81:1d:f3:67:d5:
                    b8:23:6e:99:d8:16:6c:51:95:de:ab:6d:8b:97:be:
                    1a:d7:e0:2a:7f:7f:73:36:89:14:1d:00:29:44:83:
                    db:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:79:A2:83:7A:67:71:37:3B:D3:1F:7E:43:4E:46:67:18:7F:7B:30
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/5Xmig3pncTc70x9-Q05GZxh_ezA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f5:10:6c:79:ee:c6:f3:27:aa:0b:eb:88:b7:7a:0c:31:4c:
         1c:56:e8:75:7c:b3:cc:4f:32:b2:e4:74:79:74:cb:6d:21:c7:
         d0:1c:91:63:ef:17:73:4a:57:c7:ac:58:92:4f:38:45:98:0c:
         be:83:1b:2c:17:c7:9e:11:19:1c:41:37:6d:7b:9b:4d:a2:bc:
         11:ea:1c:cc:ec:59:70:65:ee:21:3d:04:b1:c6:3f:e8:8a:48:
         e7:c5:a2:f1:82:2a:fb:7e:18:da:56:71:42:d6:52:ee:5e:6f:
         d6:e2:a7:f0:f4:41:0f:dc:9a:5d:05:19:6c:a1:f2:83:20:b9:
         9b:25:33:0b:ad:02:bc:8d:65:07:11:67:8a:a1:b8:cc:3b:c3:
         2b:67:7d:93:58:45:dc:cc:31:44:a8:0e:ae:d3:4e:c7:4a:f5:
         0b:a7:95:80:96:de:f9:33:6b:19:51:77:34:dc:e6:69:cd:16:
         42:62:a8:78:eb:1a:9e:45:51:38:d2:93:6c:0a:5e:57:37:3d:
         33:90:55:7d:af:f6:a3:c1:a5:44:d9:aa:4a:4d:c8:a8:8e:1d:
         2d:4e:4a:44:62:06:fe:a0:b6:62:98:4d:21:aa:a2:b0:94:db:
         52:ef:02:bb:e3:7d:48:50:00:16:57:6e:a4:47:30:98:b2:af:
         da:c8:e7:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY57XDndpqgMJ0jXCwPTgiVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjQwMzI2MTUyMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTc5YTI4MzdhNjc3MTM3M2JkMzFmN2U0MzRlNDY2NzE4N2Y3YjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIlqJyMX6B62xcAqnPJXadO+eWi3
qC4QZbrpeUvzhS7d2IlEqsu3RndKnpKUuNPsaz/+oVb3aKvGGC63WRYpEMobNyfX
C7EPHzJwhd2XIEhEmrVtBAgWdMNi24JQOsz1+AU37GqFFgNmIhtdst0It8fYi/Zh
ATe0wFGfwypP9gC1ZmdNJ8pUcWsf9iZ34co9sIp/YW+az+mgdSDf1VCJv3X/72JW
ADO8jFrrycs6n5PIWC8mUgc8Gy/jryFf1TJ04jkOO+hdl2x64si+C4LPKNd5N/bM
6mARxEhKgR3zZ9W4I26Z2BZsUZXeq22Ll74a1+Aqf39zNokUHQApRIPb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV5ooN6Z3E3O9MffkNORmcYf3swMB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvNVhtaWczcG5jVGM3MHg5LVEwNUdaeGhfZXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubyMMA0G
CSqGSIb3DQEBCwUAA4IBAQB99RBsee7G8yeqC+uIt3oMMUwcVuh1fLPMTzKy5HR5
dMttIcfQHJFj7xdzSlfHrFiSTzhFmAy+gxssF8eeERkcQTdte5tNorwR6hzM7Flw
Ze4hPQSxxj/oikjnxaLxgir7fhjaVnFC1lLuXm/W4qfw9EEP3JpdBRlsofKDILmb
JTMLrQK8jWUHEWeKobjMO8MrZ32TWEXczDFEqA6u007HSvULp5WAlt75M2sZUXc0
3OZpzRZCYqh46xqeRVE40pNsCl5XNz0zkFV9r/ajwaVE2apKTciojh0tTkpEYgb+
oLZimE0hqqKwlNtS7wK7431IUAAWV26kRzCYsq/ayOfJ
-----END CERTIFICATE-----