Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/91dd41-0090-4679-9dbf-ee3b581aaa07/1/X5OsVdeU53A4XbeUZHV7Yi7l_TY.roa
File:                     X5OsVdeU53A4XbeUZHV7Yi7l_TY.roa (raw, json)
Hash identifier:          IWB5Tynj2S+jXqjZLFJTahM5y2zR1M/a8Tri4o8XWBk=
Subject key identifier:   5F:93:AC:55:D7:94:E7:70:38:5D:B7:94:64:75:7B:62:2E:E5:FD:36
Certificate issuer:       /CN=3ab79a94103c03e99b5201a798d338865be63574
Certificate serial:       018CC794FD1814EBBEB223CD48A1702E5F8C
Authority key identifier: 3A:B7:9A:94:10:3C:03:E9:9B:52:01:A7:98:D3:38:86:5B:E6:35:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OrealBA8A-mbUgGnmNM4hlvmNXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/91dd41-0090-4679-9dbf-ee3b581aaa07/1/X5OsVdeU53A4XbeUZHV7Yi7l_TY.roa
Signing time:             Tue 02 Jan 2024 00:31:19 +0000
ROA not before:           Tue 02 Jan 2024 00:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        185.140.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/91dd41-0090-4679-9dbf-ee3b581aaa07/1/OrealBA8A-mbUgGnmNM4hlvmNXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/91dd41-0090-4679-9dbf-ee3b581aaa07/1/OrealBA8A-mbUgGnmNM4hlvmNXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OrealBA8A-mbUgGnmNM4hlvmNXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:fd:18:14:eb:be:b2:23:cd:48:a1:70:2e:5f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ab79a94103c03e99b5201a798d338865be63574
        Validity
            Not Before: Jan  2 00:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f93ac55d794e770385db79464757b622ee5fd36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0b:b9:1e:f9:0d:89:3d:24:e5:2b:30:09:57:
                    c9:07:88:f2:ff:5d:4d:50:2d:87:48:2a:44:6a:04:
                    d3:a8:78:fd:41:0b:d7:15:ac:f6:60:94:f9:7f:29:
                    d8:6f:81:49:96:33:81:3c:7f:b1:cb:3f:ae:60:6f:
                    94:88:02:2a:6f:78:65:ab:de:28:18:e4:40:21:5c:
                    70:5b:a2:d2:a2:58:78:1b:40:96:ca:5b:ed:00:83:
                    ab:d5:f2:c9:48:34:a8:cc:64:30:33:b3:72:96:bc:
                    89:70:e4:56:19:2e:a8:3c:29:4e:fb:9d:03:89:a2:
                    30:cf:a9:ae:53:d4:27:56:8b:f9:42:50:ac:79:6a:
                    4f:17:e0:07:57:69:ef:1d:89:2b:ba:b1:c1:d2:1f:
                    a5:26:de:cf:f7:ad:93:6b:f6:23:c9:1d:0d:36:12:
                    84:53:b1:5a:f4:4d:cb:3d:b9:22:c5:08:3f:eb:3b:
                    fe:16:44:f2:cb:65:35:78:11:e2:d2:5a:42:1c:ae:
                    a6:f1:07:7f:23:32:95:5e:47:05:5b:51:cf:2e:45:
                    53:94:95:0d:29:05:ba:dd:37:f1:35:99:4c:73:f1:
                    32:34:41:41:d5:10:1a:7b:88:c4:a5:9a:26:94:45:
                    35:c1:60:84:14:57:a1:e7:d8:83:9f:0d:9e:ba:79:
                    20:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:93:AC:55:D7:94:E7:70:38:5D:B7:94:64:75:7B:62:2E:E5:FD:36
            X509v3 Authority Key Identifier:
                keyid:3A:B7:9A:94:10:3C:03:E9:9B:52:01:A7:98:D3:38:86:5B:E6:35:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OrealBA8A-mbUgGnmNM4hlvmNXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/91dd41-0090-4679-9dbf-ee3b581aaa07/1/X5OsVdeU53A4XbeUZHV7Yi7l_TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/91dd41-0090-4679-9dbf-ee3b581aaa07/1/OrealBA8A-mbUgGnmNM4hlvmNXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:9d:63:dc:ce:f8:aa:d8:d3:ef:c5:32:f2:02:c5:5a:bf:ab:
         7c:73:d9:72:72:ff:3f:ef:9b:f6:80:7a:4e:7d:de:0a:1c:ba:
         8e:cd:9a:49:60:90:03:4b:8d:cc:42:66:7b:3f:86:d4:96:db:
         48:e2:28:d9:8c:d6:c9:6c:66:fb:f6:b3:1c:78:bc:5f:8a:83:
         9d:e1:12:d2:e3:0c:dc:7d:8d:27:0b:8c:57:5d:41:30:55:7b:
         8d:fb:a2:df:20:b5:66:14:28:7e:fa:39:b9:c4:50:d5:47:f1:
         48:9d:10:eb:96:ed:0f:61:82:8d:dc:35:da:78:5c:aa:98:a4:
         69:c3:d1:2a:af:bf:c7:38:40:25:36:90:a3:ae:5f:12:10:28:
         7a:8d:90:be:5c:08:84:4f:0a:c2:61:56:a7:9a:2b:d0:47:d1:
         d7:68:e5:52:8a:fe:10:82:45:d0:8f:6b:52:73:5f:8b:3a:54:
         44:52:17:53:f3:bb:0b:97:1c:52:52:a1:b3:fb:40:85:fe:80:
         8c:72:d9:55:cc:23:9f:1f:e3:41:82:26:ad:77:22:cd:87:1b:
         06:f2:41:cb:e5:4f:5d:db:ab:15:c3:3f:52:40:a7:43:63:46:
         22:f7:27:62:50:9a:18:2e:4a:ce:d9:ea:64:12:38:08:11:03:
         4a:df:30:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlP0YFOu+siPNSKFwLl+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYjc5YTk0MTAzYzAzZTk5YjUyMDFhNzk4ZDMzODg2NWJl
NjM1NzQwHhcNMjQwMTAyMDAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkzYWM1NWQ3OTRlNzcwMzg1ZGI3OTQ2NDc1N2I2MjJlZTVmZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgu5HvkNiT0k5SswCVfJB4jy/11N
UC2HSCpEagTTqHj9QQvXFaz2YJT5fynYb4FJljOBPH+xyz+uYG+UiAIqb3hlq94o
GORAIVxwW6LSolh4G0CWylvtAIOr1fLJSDSozGQwM7NylryJcORWGS6oPClO+50D
iaIwz6muU9QnVov5QlCseWpPF+AHV2nvHYkrurHB0h+lJt7P962Ta/YjyR0NNhKE
U7Fa9E3LPbkixQg/6zv+FkTyy2U1eBHi0lpCHK6m8Qd/IzKVXkcFW1HPLkVTlJUN
KQW63TfxNZlMc/EyNEFB1RAae4jEpZomlEU1wWCEFFeh59iDnw2eunkgLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+TrFXXlOdwOF23lGR1e2Iu5f02MB8GA1UdIwQY
MBaAFDq3mpQQPAPpm1IBp5jTOIZb5jV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JlYWxCQThBLW1iVWdHbm1OTTRobHZtTlhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85MWRkNDEtMDA5MC00Njc5LTlkYmYt
ZWUzYjU4MWFhYTA3LzEvWDVPc1ZkZVU1M0E0WGJlVVpIVjdZaTdsX1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85MWRkNDEtMDA5MC00Njc5LTlkYmYtZWUzYjU4MWFhYTA3
LzEvT3JlYWxCQThBLW1iVWdHbm1OTTRobHZtTlhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYytMA0G
CSqGSIb3DQEBCwUAA4IBAQCxnWPczviq2NPvxTLyAsVav6t8c9lycv8/75v2gHpO
fd4KHLqOzZpJYJADS43MQmZ7P4bUlttI4ijZjNbJbGb79rMceLxfioOd4RLS4wzc
fY0nC4xXXUEwVXuN+6LfILVmFCh++jm5xFDVR/FInRDrlu0PYYKN3DXaeFyqmKRp
w9Eqr7/HOEAlNpCjrl8SECh6jZC+XAiETwrCYVanmivQR9HXaOVSiv4QgkXQj2tS
c1+LOlREUhdT87sLlxxSUqGz+0CF/oCMctlVzCOfH+NBgiatdyLNhxsG8kHL5U9d
26sVwz9SQKdDY0Yi9ydiUJoYLkrO2epkEjgIEQNK3zA4
-----END CERTIFICATE-----