Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xtnns6uedorFNw6jhfiqTss72uk.roa
File:                     xtnns6uedorFNw6jhfiqTss72uk.roa (raw, json)
Hash identifier:          bHWJE0KJi0bdPyspF+UnrN479te2u3z/C0HNf+PRqv8=
Subject key identifier:   C6:D9:E7:B3:AB:9E:76:8A:C5:37:0E:A3:85:F8:AA:4E:CB:3B:DA:E9
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018EBE62D8E47A32383337431A7276CAC528
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xtnns6uedorFNw6jhfiqTss72uk.roa
Signing time:             Mon 08 Apr 2024 15:45:32 +0000
ROA not before:           Mon 08 Apr 2024 15:45:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215155
IP address blocks:        5.178.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:62:d8:e4:7a:32:38:33:37:43:1a:72:76:ca:c5:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Apr  8 15:45:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6d9e7b3ab9e768ac5370ea385f8aa4ecb3bdae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fc:ac:c6:b6:17:5c:84:bd:34:14:93:a3:9f:
                    95:7b:c3:80:87:cf:1f:64:fd:a2:35:ea:2b:8c:c7:
                    1b:d7:f8:3d:12:e7:1b:58:27:6d:20:7f:76:44:9d:
                    a7:5f:e8:3d:a7:6c:b9:90:4f:5a:89:b9:de:31:ef:
                    24:10:16:d5:9b:97:da:1a:73:71:29:3c:2d:06:8d:
                    79:1c:fd:ad:7a:a3:10:9c:1a:c6:b8:03:30:94:73:
                    6e:08:eb:12:56:8a:f1:f8:89:56:d8:19:db:19:74:
                    a0:a7:69:d6:75:2f:5d:5e:1c:18:3d:fd:21:f9:a8:
                    83:1b:78:57:af:0e:a2:28:16:03:96:6c:d2:b2:80:
                    6c:c3:ce:5a:9b:83:98:2e:68:df:73:70:90:aa:20:
                    b5:ef:83:31:43:d0:45:4c:6b:34:cd:10:58:b8:10:
                    5a:bc:c6:5d:c7:be:78:f5:81:a9:0d:60:2e:76:cf:
                    b2:76:28:2a:fb:d5:24:2a:a4:70:29:72:2c:50:49:
                    65:e9:75:73:8b:9b:c1:82:19:d4:b1:ab:46:91:df:
                    e0:99:4c:c6:2a:3c:96:b1:06:a2:1e:df:0d:6a:d7:
                    d5:86:f9:90:5b:aa:4e:10:fc:fc:47:87:34:96:67:
                    52:f1:aa:45:f2:d4:75:3a:4e:70:de:56:dd:1c:20:
                    93:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D9:E7:B3:AB:9E:76:8A:C5:37:0E:A3:85:F8:AA:4E:CB:3B:DA:E9
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xtnns6uedorFNw6jhfiqTss72uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:6e:33:0e:65:7f:2b:09:dd:8c:93:8e:20:29:fb:94:01:75:
         19:13:75:36:42:91:1e:63:89:22:64:97:1f:f7:15:53:e6:a4:
         17:79:32:0a:08:fa:54:13:d5:bf:14:25:ea:bf:2b:b4:6d:59:
         0d:07:74:ee:30:dd:1d:1f:89:e9:4a:bd:c8:0b:f1:59:c5:48:
         f0:b2:70:39:c3:2c:79:d6:0c:a7:6d:71:86:9c:2d:01:4e:bc:
         66:81:88:f1:06:2d:73:f0:1d:3a:92:c4:f4:9b:e4:55:98:0d:
         2b:dc:f5:8c:9c:7c:6f:96:4b:8c:b2:35:4a:20:01:3f:32:50:
         b2:00:f6:02:39:25:00:86:00:b2:c1:fb:f7:24:1f:27:13:ab:
         28:b4:3d:42:4b:ca:22:7b:80:c4:fa:ef:f5:aa:5c:9e:84:e8:
         2c:e8:54:a0:15:66:71:8f:44:9c:c5:bc:2f:5d:0a:a0:56:1d:
         15:eb:37:41:d3:1c:97:18:fc:86:30:3b:44:40:d6:94:f8:27:
         d5:8c:64:a6:25:c5:85:8c:b8:cd:89:9e:02:a6:cb:bb:79:53:
         08:25:20:7e:26:78:79:c9:ac:6b:d7:00:61:0d:b1:37:fd:b3:
         39:9e:8c:5e:ea:64:5c:1a:f8:8d:86:f0:25:42:c6:d4:13:9d:
         30:61:9a:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+YtjkejI4MzdDGnJ2ysUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNDA4MTU0NTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ5ZTdiM2FiOWU3NjhhYzUzNzBlYTM4NWY4YWE0ZWNiM2JkYWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPysxrYXXIS9NBSTo5+Ve8OAh88f
ZP2iNeorjMcb1/g9EucbWCdtIH92RJ2nX+g9p2y5kE9aibneMe8kEBbVm5faGnNx
KTwtBo15HP2teqMQnBrGuAMwlHNuCOsSVorx+IlW2BnbGXSgp2nWdS9dXhwYPf0h
+aiDG3hXrw6iKBYDlmzSsoBsw85am4OYLmjfc3CQqiC174MxQ9BFTGs0zRBYuBBa
vMZdx7549YGpDWAuds+ydigq+9UkKqRwKXIsUEll6XVzi5vBghnUsatGkd/gmUzG
KjyWsQaiHt8NatfVhvmQW6pOEPz8R4c0lmdS8apF8tR1Ok5w3lbdHCCTGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbZ57OrnnaKxTcOo4X4qk7LO9rpMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEveHRubnM2dWVkb3JGTnc2amhmaXFUc3M3MnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJgMA0G
CSqGSIb3DQEBCwUAA4IBAQA7bjMOZX8rCd2Mk44gKfuUAXUZE3U2QpEeY4kiZJcf
9xVT5qQXeTIKCPpUE9W/FCXqvyu0bVkNB3TuMN0dH4npSr3IC/FZxUjwsnA5wyx5
1gynbXGGnC0BTrxmgYjxBi1z8B06ksT0m+RVmA0r3PWMnHxvlkuMsjVKIAE/MlCy
APYCOSUAhgCywfv3JB8nE6sotD1CS8oie4DE+u/1qlyehOgs6FSgFWZxj0Scxbwv
XQqgVh0V6zdB0xyXGPyGMDtEQNaU+CfVjGSmJcWFjLjNiZ4Cpsu7eVMIJSB+Jnh5
yaxr1wBhDbE3/bM5noxe6mRcGviNhvAlQsbUE50wYZqV
-----END CERTIFICATE-----