Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/XQEKqqPoI71VgNdpY_n91ptU7hg.roa
File:                     XQEKqqPoI71VgNdpY_n91ptU7hg.roa (raw, json)
Hash identifier:          UGfUok2AnTYwl8P0VzHjVO8xqEGbxGwHrq+ErrPDTEY=
Subject key identifier:   5D:01:0A:AA:A3:E8:23:BD:55:80:D7:69:63:F9:FD:D6:9B:54:EE:18
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC7274F348301457E7CD1A71FB3B05262
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/XQEKqqPoI71VgNdpY_n91ptU7hg.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43391
IP address blocks:        213.238.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4f:34:83:01:45:7e:7c:d1:a7:1f:b3:b0:52:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d010aaaa3e823bd5580d76963f9fdd69b54ee18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:39:78:9a:23:bb:eb:c4:c4:2a:f6:f8:0a:36:
                    11:b9:78:b5:51:bb:38:47:d3:d9:bf:28:3b:5c:04:
                    e3:af:77:ff:bc:d8:7a:51:27:e9:0b:32:88:bb:03:
                    d7:c9:58:e1:ca:1d:28:6a:b5:10:51:92:9e:01:9a:
                    cd:a9:45:df:d8:8b:28:4a:79:d8:5c:93:4f:50:86:
                    f8:22:98:54:de:c2:e6:65:2b:b4:b9:1b:e9:f2:04:
                    c1:48:79:ec:a3:9c:3a:db:94:c1:44:ac:49:9b:10:
                    9e:a5:33:e0:c6:6d:7c:a0:fd:f9:be:d0:e0:54:0f:
                    e9:6b:19:ce:3b:bc:0e:9b:64:49:5d:84:64:de:a9:
                    ab:fe:be:82:b0:80:cc:81:81:81:f5:09:95:96:cb:
                    89:aa:80:f2:cc:24:f5:e2:01:e9:b8:7d:09:19:46:
                    f0:1a:9e:6d:b8:6a:06:31:40:51:6b:43:1d:61:74:
                    c6:c0:a0:ef:f3:1f:5c:fb:f1:59:99:a4:a7:68:cc:
                    0b:c5:95:12:40:02:7c:a9:d7:d3:6a:b2:42:f2:cc:
                    a4:ab:b3:f0:1e:50:94:65:f8:50:26:8b:4c:0b:95:
                    54:7f:7e:bb:b9:a9:63:ba:58:e8:b9:30:6d:d1:5d:
                    cc:41:30:8a:51:3e:34:24:e7:d4:e9:5c:69:2e:76:
                    76:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:01:0A:AA:A3:E8:23:BD:55:80:D7:69:63:F9:FD:D6:9B:54:EE:18
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/XQEKqqPoI71VgNdpY_n91ptU7hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:f6:60:40:38:6d:09:b8:39:a0:34:e2:8d:88:d5:45:12:6e:
         29:f3:14:79:86:09:10:1a:f6:78:15:ba:fe:8a:76:61:64:a5:
         97:ae:70:12:88:75:09:24:70:5f:29:2a:42:51:f5:76:c1:75:
         a7:63:6b:ef:15:0a:a9:d0:f8:d5:1c:f4:3f:d4:a6:ee:fc:b3:
         5e:3a:72:89:07:2a:ea:b5:3f:e5:e6:3d:bb:c4:40:4b:29:c7:
         4d:64:82:95:9f:51:d0:10:be:02:fd:79:5f:c6:d0:ca:cf:c1:
         9f:c3:e2:19:61:d3:db:78:02:ef:aa:6c:b5:68:62:81:5b:54:
         d1:6a:17:cd:38:01:7c:b0:4d:30:a1:b6:dd:90:9c:66:fb:94:
         8e:2a:50:6d:ec:ab:c0:26:ee:bb:da:b2:f6:6a:5e:49:fe:34:
         ff:8c:b9:d0:4c:5f:20:03:27:4b:13:0a:28:21:53:7c:ed:6c:
         d5:6b:44:57:36:fd:51:0e:5a:64:23:f2:d0:a7:84:63:67:e2:
         f2:d0:aa:64:a2:7b:3e:db:f1:7b:6e:37:9a:24:66:12:3e:58:
         d8:a7:db:95:ea:07:e0:6a:d3:63:84:a8:08:60:ec:1b:fb:58:
         04:9d:7c:92:1f:7b:90:a2:08:fb:d6:fc:9a:84:a2:61:9b:a0:
         02:ed:45:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ080gwFFfnzRpx+zsFJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAxMGFhYWEzZTgyM2JkNTU4MGQ3Njk2M2Y5ZmRkNjliNTRlZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjl4miO768TEKvb4CjYRuXi1Ubs4
R9PZvyg7XATjr3f/vNh6USfpCzKIuwPXyVjhyh0oarUQUZKeAZrNqUXf2IsoSnnY
XJNPUIb4IphU3sLmZSu0uRvp8gTBSHnso5w625TBRKxJmxCepTPgxm18oP35vtDg
VA/paxnOO7wOm2RJXYRk3qmr/r6CsIDMgYGB9QmVlsuJqoDyzCT14gHpuH0JGUbw
Gp5tuGoGMUBRa0MdYXTGwKDv8x9c+/FZmaSnaMwLxZUSQAJ8qdfTarJC8sykq7Pw
HlCUZfhQJotMC5VUf367ualjuljouTBt0V3MQTCKUT40JOfU6VxpLnZ27QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0BCqqj6CO9VYDXaWP5/dabVO4YMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvWFFFS3FxUG9JNzFWZ05kcFlfbjkxcHRVN2hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6pMA0G
CSqGSIb3DQEBCwUAA4IBAQCz9mBAOG0JuDmgNOKNiNVFEm4p8xR5hgkQGvZ4Fbr+
inZhZKWXrnASiHUJJHBfKSpCUfV2wXWnY2vvFQqp0PjVHPQ/1Kbu/LNeOnKJByrq
tT/l5j27xEBLKcdNZIKVn1HQEL4C/XlfxtDKz8Gfw+IZYdPbeALvqmy1aGKBW1TR
ahfNOAF8sE0wobbdkJxm+5SOKlBt7KvAJu672rL2al5J/jT/jLnQTF8gAydLEwoo
IVN87WzVa0RXNv1RDlpkI/LQp4RjZ+Ly0Kpkons+2/F7bjeaJGYSPljYp9uV6gfg
atNjhKgIYOwb+1gEnXySH3uQogj71vyahKJhm6AC7UUy
-----END CERTIFICATE-----