Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/X1X4I6xtC4Tyzz9jxci5NVZVFuk.roa
File:                     X1X4I6xtC4Tyzz9jxci5NVZVFuk.roa (raw, json)
Hash identifier:          Y7rSJ5Le7s/lA/Q7YQ3ZJcSkf2udL6S8lMTSgJ0RabQ=
Subject key identifier:   5F:55:F8:23:AC:6D:0B:84:F2:CF:3F:63:C5:C8:B9:35:56:55:16:E9
Certificate issuer:       /CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
Certificate serial:       01941FFA94BECEEEF86CB9A33B65CB75CDB4
Authority key identifier: 2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/X1X4I6xtC4Tyzz9jxci5NVZVFuk.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42630
IP address blocks:        193.200.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:94:be:ce:ee:f8:6c:b9:a3:3b:65:cb:75:cd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f55f823ac6d0b84f2cf3f63c5c8b935565516e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2a:be:40:43:d5:38:cb:d6:67:7c:6b:4d:77:
                    73:a5:ed:23:f8:08:38:48:46:57:fa:3d:d5:95:99:
                    95:6f:c1:f8:fc:c0:e0:8d:a1:a7:f3:bd:32:6b:08:
                    47:9a:fd:15:87:4e:5f:b3:13:61:47:00:0c:7d:91:
                    e2:9a:e0:de:7a:fc:ca:ec:18:7e:bf:22:08:dd:d7:
                    81:86:98:16:c0:68:09:51:82:f5:2a:23:36:a6:13:
                    4c:2f:2e:8f:3a:7f:ce:8e:9d:e3:7c:2c:5f:35:d1:
                    e1:d9:4f:98:e9:90:a2:ba:a9:47:66:8e:60:97:01:
                    e6:73:d6:6b:0b:01:ad:cc:64:bb:d5:8f:de:0a:4d:
                    09:b3:39:60:37:6c:54:45:58:74:4b:3b:27:a2:44:
                    ae:31:8e:55:6c:44:e0:20:36:40:1c:b0:11:e7:d4:
                    89:f5:8a:53:b2:4a:ec:b6:cf:38:37:35:ff:03:fe:
                    8e:13:b1:f5:35:10:aa:fd:97:85:db:7e:37:25:45:
                    ad:44:fa:6d:1e:01:a8:31:bb:39:c1:13:89:44:19:
                    95:f3:95:03:34:fa:de:3d:9b:13:b9:61:9d:df:c6:
                    64:3f:e8:93:de:f5:23:c3:fb:d3:95:95:0d:45:7d:
                    c1:40:49:91:bb:f4:13:34:92:7d:84:05:6e:75:d8:
                    ab:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:55:F8:23:AC:6D:0B:84:F2:CF:3F:63:C5:C8:B9:35:56:55:16:E9
            X509v3 Authority Key Identifier:
                keyid:2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/X1X4I6xtC4Tyzz9jxci5NVZVFuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:80:93:d2:9a:4e:8f:05:8f:42:40:0f:b3:42:df:7a:b4:a1:
         75:fd:86:26:22:da:8b:3e:14:76:ad:2a:6b:9b:31:40:15:58:
         3d:0b:08:86:5e:b5:ad:12:c4:9d:26:ec:0c:d3:ca:d4:8c:74:
         17:f6:5d:51:a7:c3:7f:53:04:19:05:f4:34:54:fe:26:8b:5f:
         bf:6e:a0:8d:5c:84:a0:71:71:f0:bf:68:69:c5:78:97:6f:98:
         04:3a:20:c7:58:65:1d:e6:20:6b:09:91:e6:59:ab:98:f3:df:
         41:06:70:db:f4:1d:30:57:21:73:d5:03:d3:ef:c1:51:58:23:
         ff:f2:d3:cd:f8:35:1a:e8:9a:db:a6:28:3a:8a:ed:8e:d7:24:
         e0:12:69:af:d1:c5:4d:86:9c:79:d7:2c:8d:8a:aa:3c:6f:b1:
         be:3b:38:02:0a:44:2f:7b:53:d4:65:53:3f:72:99:9a:a0:21:
         52:f9:ff:cd:93:84:84:32:e8:04:e2:6a:0e:10:a7:a1:83:04:
         28:a9:66:7a:12:a8:25:10:a5:13:ed:cc:5f:a9:85:9d:c0:84:
         e7:1f:1b:cd:ed:66:2d:d8:55:a0:70:ee:c0:8d:1e:52:93:39:
         a9:8a:17:f1:0e:e4:9a:ab:26:5a:43:38:4a:01:0e:2f:72:eb:
         7d:0c:27:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pS+zu74bLmjO2XLdc20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYzEyMWUxNTQ1ZGYzZTViYjg2ZTkxODhmMjgyNWZhZDc0
NzdmNzUwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU1ZjgyM2FjNmQwYjg0ZjJjZjNmNjNjNWM4YjkzNTU2NTUxNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCq+QEPVOMvWZ3xrTXdzpe0j+Ag4
SEZX+j3VlZmVb8H4/MDgjaGn870yawhHmv0Vh05fsxNhRwAMfZHimuDeevzK7Bh+
vyII3deBhpgWwGgJUYL1KiM2phNMLy6POn/Ojp3jfCxfNdHh2U+Y6ZCiuqlHZo5g
lwHmc9ZrCwGtzGS71Y/eCk0JszlgN2xURVh0SzsnokSuMY5VbETgIDZAHLAR59SJ
9YpTskrsts84NzX/A/6OE7H1NRCq/ZeF2343JUWtRPptHgGoMbs5wROJRBmV85UD
NPrePZsTuWGd38ZkP+iT3vUjw/vTlZUNRX3BQEmRu/QTNJJ9hAVuddirGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9V+COsbQuE8s8/Y8XIuTVWVRbpMB8GA1UdIwQY
MBaAFC7BIeFUXfPlu4bpGI8oJfrXR391MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgt
OWY1MjJhMjg0NTk1LzEvWDFYNEk2eHRDNFR5eno5anhjaTVOVlpWRnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgtOWY1MjJhMjg0NTk1
LzEvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcg6MA0G
CSqGSIb3DQEBCwUAA4IBAQB9gJPSmk6PBY9CQA+zQt96tKF1/YYmItqLPhR2rSpr
mzFAFVg9CwiGXrWtEsSdJuwM08rUjHQX9l1Rp8N/UwQZBfQ0VP4mi1+/bqCNXISg
cXHwv2hpxXiXb5gEOiDHWGUd5iBrCZHmWauY899BBnDb9B0wVyFz1QPT78FRWCP/
8tPN+DUa6Jrbpig6iu2O1yTgEmmv0cVNhpx51yyNiqo8b7G+OzgCCkQve1PUZVM/
cpmaoCFS+f/Nk4SEMugE4moOEKehgwQoqWZ6EqglEKUT7cxfqYWdwITnHxvN7WYt
2FWgcO7AjR5SkzmpihfxDuSaqyZaQzhKAQ4vcut9DCe0
-----END CERTIFICATE-----