Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/XTe83PCMDlVwWEQK7xepbfsP3D8.roa
File:                     XTe83PCMDlVwWEQK7xepbfsP3D8.roa (raw, json)
Hash identifier:          mpqro3wh5Ob0vYVm2fKRtchqV9n+ZQ+eboWoX1sysGI=
Subject key identifier:   5D:37:BC:DC:F0:8C:0E:55:70:58:44:0A:EF:17:A9:6D:FB:0F:DC:3F
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0190175610F70D32693CE69F2E05C70EB9EC
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/XTe83PCMDlVwWEQK7xepbfsP3D8.roa
Signing time:             Fri 14 Jun 2024 15:20:34 +0000
ROA not before:           Fri 14 Jun 2024 15:20:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        91.236.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:56:10:f7:0d:32:69:3c:e6:9f:2e:05:c7:0e:b9:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jun 14 15:20:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d37bcdcf08c0e557058440aef17a96dfb0fdc3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d1:3c:41:b6:d0:9c:5b:7c:65:66:84:6a:51:
                    8d:88:dc:4b:bb:48:2e:d8:e4:88:04:7c:c5:02:63:
                    c8:05:4b:cc:31:8d:99:1f:a6:c1:28:90:1a:a4:90:
                    aa:77:4d:ff:82:53:90:9d:a5:6d:8e:08:70:bf:20:
                    12:ac:2a:a2:1c:f4:1a:39:fe:68:31:62:c1:88:0f:
                    e0:d8:00:2a:9b:a0:f6:7e:0c:9f:f9:b2:c0:75:da:
                    ed:ba:f8:c1:50:cc:4d:a7:41:67:65:9b:c6:52:ae:
                    25:b7:98:f4:1e:20:6f:92:06:74:d5:e4:3f:a8:d8:
                    14:99:ba:32:1b:52:d8:aa:4c:a9:29:3a:39:9e:f6:
                    4b:5e:fc:aa:10:34:d2:7d:d4:9e:f3:7c:a6:2b:c6:
                    19:9e:d7:06:67:86:f1:35:79:67:73:1c:3f:f7:98:
                    02:7a:44:11:57:92:8c:c9:e3:0a:20:26:f0:2a:95:
                    83:c3:2a:bb:47:37:38:38:95:f3:4a:33:73:cf:55:
                    b6:25:63:c9:91:39:34:85:1e:f4:2b:e4:62:c3:e3:
                    7e:26:ea:df:54:95:df:a6:a1:26:92:a7:88:8e:6d:
                    88:8b:28:59:ba:4f:c1:e7:d5:9d:c4:2f:eb:ee:40:
                    19:28:d9:56:c7:1e:f5:7c:9f:54:77:80:70:dc:34:
                    d7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:37:BC:DC:F0:8C:0E:55:70:58:44:0A:EF:17:A9:6D:FB:0F:DC:3F
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/XTe83PCMDlVwWEQK7xepbfsP3D8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:24:1e:61:7e:5e:00:89:3d:2a:48:b9:e9:71:44:c8:ce:e2:
         10:bf:f9:e7:e6:0f:8f:09:0e:cf:1f:72:41:9c:95:77:fa:b8:
         a7:43:8c:09:a9:54:81:57:ff:af:df:39:d7:3f:26:5c:f2:65:
         f4:08:69:52:13:d7:1b:d2:31:91:fb:06:c7:33:50:e6:c4:a9:
         58:97:02:35:cc:cc:7a:28:3d:26:73:7e:61:83:ac:3d:0b:d6:
         0d:bf:e4:81:eb:ac:11:97:77:64:5f:20:69:70:65:6d:bc:a4:
         4b:0f:4a:46:f9:67:56:3d:06:61:f2:30:4f:86:35:89:b2:21:
         03:7e:a1:de:da:c9:73:66:c0:97:5e:e1:67:94:30:f3:5e:57:
         1b:71:5c:64:de:48:2a:cf:4d:12:33:21:b6:93:02:1b:36:f7:
         cb:03:4a:b3:cc:d5:4a:c2:31:e1:16:55:b4:43:9a:52:7d:c6:
         36:fc:77:cb:17:54:d4:99:5b:1f:85:98:a7:80:ee:11:5f:c3:
         1e:11:50:11:68:a7:d2:9a:06:6b:30:54:03:9f:46:48:d6:8f:
         1e:78:7b:1f:54:03:a7:e7:38:7f:3b:10:22:f8:ab:5e:2e:7a:
         0f:45:36:19:01:8d:65:b4:1d:79:41:36:1a:ca:e9:e5:c4:8e:
         cc:67:8d:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAXVhD3DTJpPOafLgXHDrnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNjE0MTUyMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM3YmNkY2YwOGMwZTU1NzA1ODQ0MGFlZjE3YTk2ZGZiMGZkYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNE8QbbQnFt8ZWaEalGNiNxLu0gu
2OSIBHzFAmPIBUvMMY2ZH6bBKJAapJCqd03/glOQnaVtjghwvyASrCqiHPQaOf5o
MWLBiA/g2AAqm6D2fgyf+bLAddrtuvjBUMxNp0FnZZvGUq4lt5j0HiBvkgZ01eQ/
qNgUmboyG1LYqkypKTo5nvZLXvyqEDTSfdSe83ymK8YZntcGZ4bxNXlncxw/95gC
ekQRV5KMyeMKICbwKpWDwyq7Rzc4OJXzSjNzz1W2JWPJkTk0hR70K+Riw+N+Jurf
VJXfpqEmkqeIjm2IiyhZuk/B59WdxC/r7kAZKNlWxx71fJ9Ud4Bw3DTXRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF03vNzwjA5VcFhECu8XqW37D9w/MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvWFRlODNQQ01EbFZ3V0VRSzd4ZXBiZnNQM0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+x4MA0G
CSqGSIb3DQEBCwUAA4IBAQA8JB5hfl4AiT0qSLnpcUTIzuIQv/nn5g+PCQ7PH3JB
nJV3+rinQ4wJqVSBV/+v3znXPyZc8mX0CGlSE9cb0jGR+wbHM1DmxKlYlwI1zMx6
KD0mc35hg6w9C9YNv+SB66wRl3dkXyBpcGVtvKRLD0pG+WdWPQZh8jBPhjWJsiED
fqHe2slzZsCXXuFnlDDzXlcbcVxk3kgqz00SMyG2kwIbNvfLA0qzzNVKwjHhFlW0
Q5pSfcY2/HfLF1TUmVsfhZingO4RX8MeEVARaKfSmgZrMFQDn0ZI1o8eeHsfVAOn
5zh/OxAi+KteLnoPRTYZAY1ltB15QTYayunlxI7MZ43u
-----END CERTIFICATE-----