Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/XmHvyFbs-t7Bsyvl2szoQbIm-_Q.roa
File:                     XmHvyFbs-t7Bsyvl2szoQbIm-_Q.roa (raw, json)
Hash identifier:          9U018il846o2Yf2EG6RaV6mdphp8P/rOKaFe5b2qZTw=
Subject key identifier:   5E:61:EF:C8:56:EC:FA:DE:C1:B3:2B:E5:DA:CC:E8:41:B2:26:FB:F4
Certificate issuer:       /CN=f59d56c52c7733f83be774afa47bbd55d28797ac
Certificate serial:       018CC2DAF065609041D62B8D03F5BBC24F13
Authority key identifier: F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/XmHvyFbs-t7Bsyvl2szoQbIm-_Q.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202368
IP address blocks:        194.34.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f0:65:60:90:41:d6:2b:8d:03:f5:bb:c2:4f:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f59d56c52c7733f83be774afa47bbd55d28797ac
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e61efc856ecfadec1b32be5dacce841b226fbf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4f:a3:60:76:1a:45:f3:6e:2d:48:43:11:73:
                    46:e5:71:75:e5:39:bf:95:b4:e9:7a:fd:f3:86:04:
                    43:08:7a:7a:06:67:a7:eb:42:33:80:ec:b8:e8:8e:
                    7a:dc:22:42:8d:7e:2e:95:70:7a:41:b8:fe:14:20:
                    e9:d2:e2:92:90:1b:3d:00:aa:34:bc:e0:6d:cd:86:
                    3f:55:77:73:31:79:9d:f0:1e:cb:e1:bd:c9:25:04:
                    5c:a9:cc:0b:b9:70:7e:18:8b:28:28:eb:57:b2:1d:
                    83:7f:a1:dc:40:6a:cb:d5:bc:89:06:a2:89:c6:ce:
                    1f:6f:75:9d:51:c5:0a:2b:3a:b7:7e:ab:6c:3d:48:
                    05:a9:e3:77:49:db:a9:71:f4:77:9b:60:14:75:25:
                    ad:1f:97:0b:9c:a4:82:b5:69:f9:b7:33:60:41:5b:
                    0e:02:3a:7e:94:29:b4:1c:7d:ed:df:8b:b2:6d:1c:
                    de:fe:9d:79:0c:e0:cc:af:1c:a4:1e:3c:b0:b6:68:
                    1b:02:47:60:ca:c5:be:a5:64:f6:cc:bb:8d:21:2a:
                    d5:1c:63:36:a4:4f:fc:1c:f4:28:80:fb:0f:df:9c:
                    af:90:f4:fb:0e:4f:5e:11:2c:1d:6c:56:fb:26:17:
                    4c:d5:d7:24:79:5c:82:dc:03:98:10:cc:05:d5:7c:
                    8f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:61:EF:C8:56:EC:FA:DE:C1:B3:2B:E5:DA:CC:E8:41:B2:26:FB:F4
            X509v3 Authority Key Identifier:
                keyid:F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/XmHvyFbs-t7Bsyvl2szoQbIm-_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:09:e8:fa:0e:50:a7:26:92:36:33:7c:26:a1:94:7d:cb:26:
         4e:8e:2b:9c:79:31:df:0f:94:04:4d:cf:57:9c:09:86:bd:1b:
         db:44:06:3d:fb:f0:7d:e4:68:4c:6d:d6:81:6c:37:92:ee:3d:
         09:1e:98:46:9a:ad:73:32:5a:56:53:24:70:16:5d:e8:c4:3b:
         47:78:f7:60:a1:29:a6:0c:8b:6a:c2:d8:22:f6:34:59:62:8d:
         54:60:1d:8e:75:80:e1:83:42:48:f6:e1:77:06:ea:80:5f:6e:
         cb:48:31:c2:bf:67:e4:35:30:2f:02:b9:e1:5c:80:fc:0b:cb:
         1e:41:0d:2a:2d:c8:1b:ca:be:0b:d3:79:a1:84:1b:6e:44:c1:
         72:a4:bb:d8:3e:09:56:bc:61:59:9e:9f:41:79:21:d7:35:38:
         f1:1a:3f:8d:f5:56:7f:c9:0e:ac:ec:16:ef:c1:17:54:ac:9b:
         62:9f:b1:47:2a:d0:6a:cf:c9:a7:5b:37:63:9b:96:81:78:38:
         ab:4b:df:ad:16:b1:99:25:2c:b6:c4:96:b5:85:5a:78:63:9e:
         13:df:9f:94:44:66:47:6d:16:80:e8:65:7f:b3:18:f1:6b:06:
         37:d6:4c:5c:a8:59:e4:31:43:99:14:30:aa:ee:38:d5:77:c2:
         e1:e9:a4:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vBlYJBB1iuNA/W7wk8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OWQ1NmM1MmM3NzMzZjgzYmU3NzRhZmE0N2JiZDU1ZDI4
Nzk3YWMwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYxZWZjODU2ZWNmYWRlYzFiMzJiZTVkYWNjZTg0MWIyMjZmYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU+jYHYaRfNuLUhDEXNG5XF15Tm/
lbTpev3zhgRDCHp6Bmen60IzgOy46I563CJCjX4ulXB6Qbj+FCDp0uKSkBs9AKo0
vOBtzYY/VXdzMXmd8B7L4b3JJQRcqcwLuXB+GIsoKOtXsh2Df6HcQGrL1byJBqKJ
xs4fb3WdUcUKKzq3fqtsPUgFqeN3SdupcfR3m2AUdSWtH5cLnKSCtWn5tzNgQVsO
Ajp+lCm0HH3t34uybRze/p15DODMrxykHjywtmgbAkdgysW+pWT2zLuNISrVHGM2
pE/8HPQogPsP35yvkPT7Dk9eESwdbFb7JhdM1dckeVyC3AOYEMwF1XyPOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5h78hW7PrewbMr5drM6EGyJvv0MB8GA1UdIwQY
MBaAFPWdVsUsdzP4O+d0r6R7vVXSh5esMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUt
NWMwNjdiOGI5MWE1LzEvWG1IdnlGYnMtdDdCc3l2bDJzem9RYkltLV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYzEwMTMtNWRjYi00ZWJjLWI3OWUtNWMwNjdiOGI5MWE1
LzEvOVoxV3hTeDNNX2c3NTNTdnBIdTlWZEtIbDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiKjMA0G
CSqGSIb3DQEBCwUAA4IBAQCHCej6DlCnJpI2M3wmoZR9yyZOjiuceTHfD5QETc9X
nAmGvRvbRAY9+/B95GhMbdaBbDeS7j0JHphGmq1zMlpWUyRwFl3oxDtHePdgoSmm
DItqwtgi9jRZYo1UYB2OdYDhg0JI9uF3BuqAX27LSDHCv2fkNTAvArnhXID8C8se
QQ0qLcgbyr4L03mhhBtuRMFypLvYPglWvGFZnp9BeSHXNTjxGj+N9VZ/yQ6s7Bbv
wRdUrJtin7FHKtBqz8mnWzdjm5aBeDirS9+tFrGZJSy2xJa1hVp4Y54T35+URGZH
bRaA6GV/sxjxawY31kxcqFnkMUOZFDCq7jjVd8Lh6aRX
-----END CERTIFICATE-----