Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/8d6cb0-0396-4f2b-aec3-47e3049830b0/1/XnnWc3t1TrM3Ubz85jFHN9RP67A.roa
File:                     XnnWc3t1TrM3Ubz85jFHN9RP67A.roa (raw, json)
Hash identifier:          wUMfZwr24tVvjk9S23Mem8LTrke6ZHjmB+UP4Zg8tAk=
Subject key identifier:   5E:79:D6:73:7B:75:4E:B3:37:51:BC:FC:E6:31:47:37:D4:4F:EB:B0
Certificate issuer:       /CN=ef584b511d96a4ae6c96300197f84f96a3afc246
Certificate serial:       018CC80171554F69F99FF25B8FF333C339DF
Authority key identifier: EF:58:4B:51:1D:96:A4:AE:6C:96:30:01:97:F8:4F:96:A3:AF:C2:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71hLUR2WpK5sljABl_hPlqOvwkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/8d6cb0-0396-4f2b-aec3-47e3049830b0/1/XnnWc3t1TrM3Ubz85jFHN9RP67A.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41486
IP address blocks:        194.9.61.0/24 maxlen: 24
                          194.9.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/8d6cb0-0396-4f2b-aec3-47e3049830b0/1/71hLUR2WpK5sljABl_hPlqOvwkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/8d6cb0-0396-4f2b-aec3-47e3049830b0/1/71hLUR2WpK5sljABl_hPlqOvwkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71hLUR2WpK5sljABl_hPlqOvwkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:55:4f:69:f9:9f:f2:5b:8f:f3:33:c3:39:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef584b511d96a4ae6c96300197f84f96a3afc246
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e79d6737b754eb33751bcfce6314737d44febb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:d9:41:88:2f:d4:63:87:0e:d6:c9:34:32:
                    69:8a:70:07:cd:d2:76:93:2e:79:8f:79:45:7b:10:
                    c0:19:13:79:ad:b2:ba:ac:d3:5b:a6:f9:66:a6:34:
                    10:8c:65:39:fd:73:66:f4:34:a9:d7:ad:a6:28:5c:
                    b8:41:59:1f:3d:39:65:21:00:5c:21:33:2b:f7:19:
                    6e:5a:34:3b:de:b8:cf:33:20:96:db:71:e2:df:ba:
                    61:de:c8:9d:40:ac:92:91:fb:91:5f:30:8c:0b:ce:
                    15:66:0b:c7:e6:0a:42:52:ec:f2:38:fb:01:ae:c0:
                    de:e1:5d:2c:a3:e3:b1:c9:be:d7:d4:9e:da:9e:85:
                    c8:e6:ad:e2:c7:c5:9a:9e:6b:f6:f1:ff:0f:d7:92:
                    08:a8:b4:21:3e:77:ed:55:a3:50:df:29:76:19:1f:
                    61:42:8b:53:11:1e:b7:da:c3:fb:83:b3:b4:0f:d5:
                    a5:99:90:90:7b:7a:51:a9:1a:28:9c:c9:c4:7a:d8:
                    7f:36:78:c4:6b:2e:e9:67:29:de:36:ab:ff:ca:1d:
                    0d:e4:26:b3:7d:73:b7:c4:9b:b3:7b:26:01:77:38:
                    21:e4:a4:a4:64:78:29:a8:04:2e:f4:db:62:39:9b:
                    bf:5d:53:7a:3a:71:aa:31:6d:93:d3:ad:70:58:e7:
                    7b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:79:D6:73:7B:75:4E:B3:37:51:BC:FC:E6:31:47:37:D4:4F:EB:B0
            X509v3 Authority Key Identifier:
                keyid:EF:58:4B:51:1D:96:A4:AE:6C:96:30:01:97:F8:4F:96:A3:AF:C2:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71hLUR2WpK5sljABl_hPlqOvwkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/8d6cb0-0396-4f2b-aec3-47e3049830b0/1/XnnWc3t1TrM3Ubz85jFHN9RP67A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/8d6cb0-0396-4f2b-aec3-47e3049830b0/1/71hLUR2WpK5sljABl_hPlqOvwkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:cc:a5:14:29:39:65:c3:b3:0a:35:a8:e6:94:77:38:a1:02:
         4e:c1:36:6d:90:5c:ac:46:34:ea:a0:eb:d3:d4:3f:eb:ea:46:
         ca:41:bb:8b:2d:72:8f:87:3a:88:cb:50:72:c6:44:4a:25:ab:
         5c:4d:02:1e:81:db:95:b4:d2:54:9b:08:c6:5c:03:7e:9b:4d:
         ca:80:66:d2:5e:a5:bb:b2:63:82:d7:cd:e6:57:17:bf:37:78:
         b8:25:74:53:52:5f:91:61:99:cd:08:6b:86:57:f2:65:65:e3:
         5e:68:57:df:bb:01:49:29:75:90:92:5d:d1:9e:da:60:ab:94:
         68:50:8c:b0:0c:9b:c1:c0:c5:8e:be:fc:c0:0b:fb:f5:d2:b8:
         5a:d4:32:09:f0:9c:ff:b7:ca:89:8f:5d:77:ae:5d:25:e7:d3:
         35:82:cb:ad:6d:0c:d9:5c:3f:88:2d:e8:27:4b:20:41:f4:67:
         ff:9e:a5:74:31:cc:1c:ed:40:e1:5d:38:08:ed:fc:a4:54:43:
         4d:9e:50:6b:82:04:96:72:71:50:42:86:cd:f4:d5:ee:19:5d:
         ac:3c:70:fd:e6:2d:78:25:ad:82:cd:40:49:3f:59:8c:30:43:
         d4:54:f0:7f:96:d7:a5:66:a7:8e:03:2d:0f:70:31:f9:59:04:
         84:68:41:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXFVT2n5n/Jbj/MzwznfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTg0YjUxMWQ5NmE0YWU2Yzk2MzAwMTk3Zjg0Zjk2YTNh
ZmMyNDYwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTc5ZDY3MzdiNzU0ZWIzMzc1MWJjZmNlNjMxNDczN2Q0NGZlYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaXZQYgv1GOHDtbJNDJpinAHzdJ2
ky55j3lFexDAGRN5rbK6rNNbpvlmpjQQjGU5/XNm9DSp162mKFy4QVkfPTllIQBc
ITMr9xluWjQ73rjPMyCW23Hi37ph3sidQKySkfuRXzCMC84VZgvH5gpCUuzyOPsB
rsDe4V0so+Oxyb7X1J7anoXI5q3ix8Wanmv28f8P15IIqLQhPnftVaNQ3yl2GR9h
QotTER632sP7g7O0D9WlmZCQe3pRqRoonMnEeth/NnjEay7pZyneNqv/yh0N5Caz
fXO3xJuzeyYBdzgh5KSkZHgpqAQu9NtiOZu/XVN6OnGqMW2T061wWOd7qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF551nN7dU6zN1G8/OYxRzfUT+uwMB8GA1UdIwQY
MBaAFO9YS1EdlqSubJYwAZf4T5ajr8JGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFoTFVSMldwSzVzbGpBQmxfaFBscU92d2tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC84ZDZjYjAtMDM5Ni00ZjJiLWFlYzMt
NDdlMzA0OTgzMGIwLzEvWG5uV2MzdDFUck0zVWJ6ODVqRkhOOVJQNjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC84ZDZjYjAtMDM5Ni00ZjJiLWFlYzMtNDdlMzA0OTgzMGIw
LzEvNzFoTFVSMldwSzVzbGpBQmxfaFBscU92d2tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgk8MA0G
CSqGSIb3DQEBCwUAA4IBAQA8zKUUKTllw7MKNajmlHc4oQJOwTZtkFysRjTqoOvT
1D/r6kbKQbuLLXKPhzqIy1ByxkRKJatcTQIegduVtNJUmwjGXAN+m03KgGbSXqW7
smOC183mVxe/N3i4JXRTUl+RYZnNCGuGV/JlZeNeaFffuwFJKXWQkl3Rntpgq5Ro
UIywDJvBwMWOvvzAC/v10rha1DIJ8Jz/t8qJj113rl0l59M1gsutbQzZXD+ILegn
SyBB9Gf/nqV0Mcwc7UDhXTgI7fykVENNnlBrggSWcnFQQobN9NXuGV2sPHD95i14
Ja2CzUBJP1mMMEPUVPB/ltelZqeOAy0PcDH5WQSEaEEh
-----END CERTIFICATE-----