Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/X1R374SpH4jxvOw93rTfISae0WA.roa
File:                     X1R374SpH4jxvOw93rTfISae0WA.roa (raw, json)
Hash identifier:          MFYIrozhHAbo4IPt3KG0eroqdkOgMOdVvPUtUhHJyLQ=
Subject key identifier:   5F:54:77:EF:84:A9:1F:88:F1:BC:EC:3D:DE:B4:DF:21:26:9E:D1:60
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       019091E2714F5F375B6B834AD3AE9DCA07C6
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/X1R374SpH4jxvOw93rTfISae0WA.roa
Signing time:             Mon 08 Jul 2024 10:27:34 +0000
ROA not before:           Mon 08 Jul 2024 10:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5391
IP address blocks:        213.202.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:91:e2:71:4f:5f:37:5b:6b:83:4a:d3:ae:9d:ca:07:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jul  8 10:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f5477ef84a91f88f1bcec3ddeb4df21269ed160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:cd:b4:58:19:a3:8f:b1:16:a1:68:d9:5d:
                    c3:57:72:a3:37:e1:65:97:ca:30:e6:b5:33:52:ad:
                    e3:b0:ae:11:59:97:7a:51:9d:c0:d2:95:90:69:88:
                    6d:4d:aa:e5:d5:41:6c:dd:f7:21:fb:6c:3c:56:64:
                    38:5e:45:2d:b1:1f:5c:54:b2:a2:ed:98:f1:1c:fb:
                    00:13:33:94:92:57:5f:64:cb:c7:f5:0b:1b:b2:fc:
                    b9:d0:d1:8d:0c:56:08:dd:28:8d:7c:bf:71:54:0a:
                    e2:10:31:80:04:4a:35:c7:9e:77:fc:8c:f9:2d:87:
                    1a:6e:28:0c:c9:7d:1a:db:b1:bf:58:2c:33:b1:f2:
                    43:26:04:32:19:3e:48:b0:f1:c3:2b:98:d2:51:53:
                    fb:0c:54:00:d5:39:94:1c:24:84:77:a4:d1:b8:99:
                    bf:22:59:fe:5d:ad:50:99:55:0c:aa:62:90:07:d3:
                    79:0c:be:1a:be:ce:2e:9f:39:d0:58:de:e3:ce:72:
                    6c:7d:e9:da:05:83:47:9b:37:70:c0:29:c7:13:5a:
                    71:12:e4:fe:0b:5c:b2:bb:e6:68:f9:38:22:fa:f8:
                    a5:24:49:e9:f6:f0:1b:6c:ed:18:0d:ce:aa:be:aa:
                    81:24:23:0c:ff:b8:a3:7d:f5:0e:d7:4e:97:3b:96:
                    52:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:54:77:EF:84:A9:1F:88:F1:BC:EC:3D:DE:B4:DF:21:26:9E:D1:60
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/X1R374SpH4jxvOw93rTfISae0WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.202.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:22:b7:d8:8c:9b:82:db:b4:8b:2c:49:88:aa:40:c5:e1:3d:
         06:cf:ec:d2:b5:c3:4b:53:d2:ca:4f:2e:8b:30:b3:3e:67:93:
         2e:a1:cc:fa:54:da:27:2a:eb:23:99:05:a6:41:5e:f6:23:26:
         e6:8a:3d:51:3a:74:be:4a:d0:95:c0:86:79:25:20:c8:c4:9b:
         4d:95:7d:f2:79:fe:28:8a:6d:e1:a5:10:38:8b:ce:b3:67:10:
         4f:2b:a3:93:9b:d1:61:ef:99:fd:67:32:7d:2a:26:3f:42:55:
         9e:d3:20:a6:b4:4b:49:ef:d2:d8:ed:c0:ea:9a:d8:c8:c9:16:
         50:d0:cf:0b:03:24:e6:f4:fe:2a:29:53:d9:70:8a:15:36:8f:
         77:31:93:70:03:7f:93:11:df:c0:68:ee:a7:3f:4d:75:eb:ff:
         a5:29:13:c4:64:3e:c0:8e:5d:c2:5c:64:5d:16:34:88:2a:0f:
         d3:8c:e4:44:22:83:3c:70:ef:e9:4a:6e:14:95:95:e7:03:5a:
         0f:86:81:36:44:61:57:18:10:3e:8c:81:30:73:f8:22:6f:fb:
         1d:32:1b:f7:4b:b3:69:f3:8f:55:cb:a8:3b:aa:80:b2:ff:b4:
         b8:71:1a:c2:79:74:0c:b4:42:6e:e2:15:a2:70:17:c5:f8:92:
         1c:e0:df:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCR4nFPXzdba4NK066dygfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjQwNzA4MTAyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU0NzdlZjg0YTkxZjg4ZjFiY2VjM2RkZWI0ZGYyMTI2OWVkMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwLNtFgZo4+xFqFo2V3DV3KjN+Fl
l8ow5rUzUq3jsK4RWZd6UZ3A0pWQaYhtTarl1UFs3fch+2w8VmQ4XkUtsR9cVLKi
7ZjxHPsAEzOUkldfZMvH9Qsbsvy50NGNDFYI3SiNfL9xVAriEDGABEo1x553/Iz5
LYcabigMyX0a27G/WCwzsfJDJgQyGT5IsPHDK5jSUVP7DFQA1TmUHCSEd6TRuJm/
Iln+Xa1QmVUMqmKQB9N5DL4avs4unznQWN7jznJsfenaBYNHmzdwwCnHE1pxEuT+
C1yyu+Zo+Tgi+vilJEnp9vAbbO0YDc6qvqqBJCMM/7ijffUO106XO5ZSywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9Ud++EqR+I8bzsPd603yEmntFgMB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvWDFSMzc0U3BINGp4dk93OTNyVGZJU2FlMFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cpHMA0G
CSqGSIb3DQEBCwUAA4IBAQBUIrfYjJuC27SLLEmIqkDF4T0Gz+zStcNLU9LKTy6L
MLM+Z5Muocz6VNonKusjmQWmQV72Iybmij1ROnS+StCVwIZ5JSDIxJtNlX3yef4o
im3hpRA4i86zZxBPK6OTm9Fh75n9ZzJ9KiY/QlWe0yCmtEtJ79LY7cDqmtjIyRZQ
0M8LAyTm9P4qKVPZcIoVNo93MZNwA3+TEd/AaO6nP0116/+lKRPEZD7Ajl3CXGRd
FjSIKg/TjOREIoM8cO/pSm4UlZXnA1oPhoE2RGFXGBA+jIEwc/gib/sdMhv3S7Np
849Vy6g7qoCy/7S4cRrCeXQMtEJu4hWicBfF+JIc4N/r
-----END CERTIFICATE-----