Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/5c92d5-a7eb-4929-ae19-da138ade222b/1/XnTFhvX9JC6QsARUZAMPL9Tfkfo.roa
File:                     XnTFhvX9JC6QsARUZAMPL9Tfkfo.roa (raw, json)
Hash identifier:          gTdC1xdi4W/LWzkmhovKNm3/jNnNHSH2VxgUTUHA1kU=
Subject key identifier:   5E:74:C5:86:F5:FD:24:2E:90:B0:04:54:64:03:0F:2F:D4:DF:91:FA
Certificate issuer:       /CN=40f872e4cdb07d6839147e43a4a419bc84ba3214
Certificate serial:       018CC56E25007E4E18B530029B1E8D14DC51
Authority key identifier: 40:F8:72:E4:CD:B0:7D:68:39:14:7E:43:A4:A4:19:BC:84:BA:32:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPhy5M2wfWg5FH5DpKQZvIS6MhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/5c92d5-a7eb-4929-ae19-da138ade222b/1/XnTFhvX9JC6QsARUZAMPL9Tfkfo.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31126
IP address blocks:        185.91.96.0/24 maxlen: 24
                          185.91.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/5c92d5-a7eb-4929-ae19-da138ade222b/1/QPhy5M2wfWg5FH5DpKQZvIS6MhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/5c92d5-a7eb-4929-ae19-da138ade222b/1/QPhy5M2wfWg5FH5DpKQZvIS6MhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPhy5M2wfWg5FH5DpKQZvIS6MhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:25:00:7e:4e:18:b5:30:02:9b:1e:8d:14:dc:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40f872e4cdb07d6839147e43a4a419bc84ba3214
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e74c586f5fd242e90b0045464030f2fd4df91fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:01:ac:8a:9b:0e:a1:e1:e7:ac:c7:7a:e4:59:
                    7a:33:b0:f4:d0:06:54:38:1a:ec:2e:5d:27:d4:4d:
                    b3:c9:37:9e:91:3f:19:09:c6:c9:25:f4:53:0c:87:
                    d0:c4:fb:42:9c:05:ed:d8:4f:2c:fd:25:40:ed:b5:
                    d2:5a:eb:1c:e1:7c:dd:af:d5:7f:f3:d7:4c:43:dd:
                    ad:78:95:cc:b8:d8:25:07:50:29:ba:11:89:bf:33:
                    32:c3:df:0a:88:0f:7e:a2:79:89:1f:90:c4:f6:fe:
                    33:6f:7f:41:b5:20:ae:03:7e:17:9c:6a:9d:2f:e1:
                    c2:fb:ab:a3:a5:3d:42:a1:1e:76:4a:6a:70:5a:ae:
                    d4:43:e4:56:f4:9f:ce:a5:49:d1:4a:e4:08:93:b6:
                    37:34:40:d8:13:44:5b:45:a2:bd:44:93:66:1d:eb:
                    3b:3a:be:ce:a1:c2:2a:0c:50:9b:f5:dc:f4:9b:66:
                    8e:21:8d:99:03:9e:26:45:b8:db:58:d1:62:b9:31:
                    d4:c6:60:2d:7f:96:a3:69:2f:c8:31:66:9b:73:38:
                    61:99:95:c3:79:a2:ba:d2:ba:9a:74:82:64:35:4d:
                    d0:e6:34:22:cc:4e:0e:15:bb:a5:db:6f:f0:3c:6b:
                    9e:27:9a:da:93:3a:70:42:7e:0e:86:ac:3a:15:1f:
                    82:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:74:C5:86:F5:FD:24:2E:90:B0:04:54:64:03:0F:2F:D4:DF:91:FA
            X509v3 Authority Key Identifier:
                keyid:40:F8:72:E4:CD:B0:7D:68:39:14:7E:43:A4:A4:19:BC:84:BA:32:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPhy5M2wfWg5FH5DpKQZvIS6MhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/5c92d5-a7eb-4929-ae19-da138ade222b/1/XnTFhvX9JC6QsARUZAMPL9Tfkfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/5c92d5-a7eb-4929-ae19-da138ade222b/1/QPhy5M2wfWg5FH5DpKQZvIS6MhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.96.0/24
                  185.91.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:2f:07:05:41:9e:13:9f:e5:31:01:f4:d4:2d:40:6f:ad:48:
         7f:c4:d4:ed:d6:03:27:c3:72:31:1c:33:61:af:ce:d2:a0:8e:
         46:fc:04:94:f3:63:41:63:78:85:01:19:18:19:26:16:5c:4c:
         fa:e8:3d:63:a3:6c:ea:d2:b0:6b:44:71:3d:3e:ca:46:6e:34:
         25:56:aa:e5:43:8b:c4:71:42:f2:70:48:11:d3:40:9a:2c:53:
         e1:11:1a:73:e5:af:69:dd:f0:40:88:be:af:89:fd:7f:fd:ba:
         c2:ec:26:66:7b:c9:7b:87:f2:3e:cf:79:9a:72:72:bf:26:9e:
         66:96:3c:13:56:c1:a9:b5:c3:31:62:3a:22:9a:e3:bb:c3:a0:
         4e:5d:b3:50:1e:c5:5f:fa:72:2d:8c:b5:4b:31:65:de:56:2c:
         96:fd:88:a6:93:7f:9f:8d:79:ac:fa:a4:bc:66:ac:84:cf:ac:
         43:98:4d:58:d3:60:50:32:20:a1:6a:c8:63:87:e4:c8:0c:26:
         01:c3:08:3a:02:6c:cb:c3:81:eb:23:1a:24:f9:58:f5:4d:a1:
         8a:e0:4b:53:d1:93:46:7d:31:bc:7d:61:fd:01:b4:38:20:23:
         6b:71:5a:15:15:32:02:4b:40:03:75:c6:dc:40:73:90:00:7d:
         31:41:f6:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbiUAfk4YtTACmx6NFNxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZjg3MmU0Y2RiMDdkNjgzOTE0N2U0M2E0YTQxOWJjODRi
YTMyMTQwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTc0YzU4NmY1ZmQyNDJlOTBiMDA0NTQ2NDAzMGYyZmQ0ZGY5MWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwGsipsOoeHnrMd65Fl6M7D00AZU
OBrsLl0n1E2zyTeekT8ZCcbJJfRTDIfQxPtCnAXt2E8s/SVA7bXSWusc4Xzdr9V/
89dMQ92teJXMuNglB1ApuhGJvzMyw98KiA9+onmJH5DE9v4zb39BtSCuA34XnGqd
L+HC+6ujpT1CoR52SmpwWq7UQ+RW9J/OpUnRSuQIk7Y3NEDYE0RbRaK9RJNmHes7
Or7OocIqDFCb9dz0m2aOIY2ZA54mRbjbWNFiuTHUxmAtf5ajaS/IMWabczhhmZXD
eaK60rqadIJkNU3Q5jQizE4OFbul22/wPGueJ5rakzpwQn4Ohqw6FR+CSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF50xYb1/SQukLAEVGQDDy/U35H6MB8GA1UdIwQY
MBaAFED4cuTNsH1oORR+Q6SkGbyEujIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVBoeTVNMndmV2c1Rkg1RHBLUVp2SVM2TWhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC81YzkyZDUtYTdlYi00OTI5LWFlMTkt
ZGExMzhhZGUyMjJiLzEvWG5URmh2WDlKQzZRc0FSVVpBTVBMOVRma2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC81YzkyZDUtYTdlYi00OTI5LWFlMTktZGExMzhhZGUyMjJi
LzEvUVBoeTVNMndmV2c1Rkg1RHBLUVp2SVM2TWhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVtgAwQA
uVtjMA0GCSqGSIb3DQEBCwUAA4IBAQAsLwcFQZ4Tn+UxAfTULUBvrUh/xNTt1gMn
w3IxHDNhr87SoI5G/ASU82NBY3iFARkYGSYWXEz66D1jo2zq0rBrRHE9PspGbjQl
VqrlQ4vEcULycEgR00CaLFPhERpz5a9p3fBAiL6vif1//brC7CZme8l7h/I+z3ma
cnK/Jp5mljwTVsGptcMxYjoimuO7w6BOXbNQHsVf+nItjLVLMWXeViyW/Yimk3+f
jXms+qS8ZqyEz6xDmE1Y02BQMiChashjh+TIDCYBwwg6AmzLw4HrIxok+Vj1TaGK
4EtT0ZNGfTG8fWH9AbQ4ICNrcVoVFTICS0ADdcbcQHOQAH0xQfZH
-----END CERTIFICATE-----