Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/XC-C_qwH53TbHfwnSnJJwhqR6k8.roa
File:                     XC-C_qwH53TbHfwnSnJJwhqR6k8.roa (raw, json)
Hash identifier:          4iF2dwPDW9twB52FpVdSplYisRj//F8pn6TLF2wGFWw=
Subject key identifier:   5C:2F:82:FE:AC:07:E7:74:DB:1D:FC:27:4A:72:49:C2:1A:91:EA:4F
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018CC50076D67A9ED3CE97DE6F6B81305793
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/XC-C_qwH53TbHfwnSnJJwhqR6k8.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51280
IP address blocks:        212.80.27.0/24 maxlen: 24
                          212.80.26.0/23 maxlen: 24
                          212.80.26.0/24 maxlen: 24
                          212.80.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:76:d6:7a:9e:d3:ce:97:de:6f:6b:81:30:57:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c2f82feac07e774db1dfc274a7249c21a91ea4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:18:3c:f7:49:ea:a8:01:0b:f2:56:64:e9:57:
                    8f:49:d7:d2:bf:32:81:b3:66:c1:ae:9d:e0:a2:33:
                    5d:a5:8b:84:85:8e:94:9f:96:1e:e4:21:30:8f:40:
                    ed:7f:3a:c5:d5:06:73:10:5c:33:c6:ef:1c:97:02:
                    6b:47:41:32:54:8f:8c:fa:3c:3e:95:ad:e3:43:3d:
                    88:4e:9c:8d:d4:bc:a7:40:20:03:a0:93:55:69:bd:
                    6b:d8:54:90:fc:63:c2:ee:f3:a8:4d:ef:f3:ae:f8:
                    09:00:8a:91:bf:45:e7:35:d4:40:8f:50:39:fa:82:
                    64:91:44:c2:88:1e:51:96:dc:3b:a8:24:f7:51:e7:
                    c2:11:3a:49:df:96:16:03:b9:e5:46:cd:0b:97:26:
                    2d:26:f4:14:95:9b:1a:d5:31:de:7d:f7:cf:9d:a4:
                    3e:35:b3:7e:ab:95:f6:4b:29:a1:b5:6e:33:b7:15:
                    bf:0f:80:37:c9:fb:0c:83:62:9e:2a:6f:63:da:d8:
                    6e:7d:04:c6:1c:1f:98:d8:35:d5:3f:d6:67:5a:1f:
                    97:96:1d:03:2a:24:55:2b:2d:7d:b2:e6:c1:70:7b:
                    ac:37:6b:15:c6:97:b7:b3:60:85:6e:af:02:05:9d:
                    1b:b8:17:62:bd:e2:24:1b:f0:f1:56:2d:0c:53:45:
                    33:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2F:82:FE:AC:07:E7:74:DB:1D:FC:27:4A:72:49:C2:1A:91:EA:4F
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/XC-C_qwH53TbHfwnSnJJwhqR6k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.25.0-212.80.27.255

    Signature Algorithm: sha256WithRSAEncryption
         37:41:31:54:54:dd:5b:70:04:57:a1:74:65:63:ba:12:b1:bc:
         bb:e5:02:e2:b1:3c:c7:73:7f:78:a3:44:10:4c:ce:50:6b:fa:
         f1:67:3c:d9:f3:56:a1:84:fd:34:bf:09:ac:7b:aa:b9:8c:92:
         86:3f:04:e1:b9:6e:27:a6:7e:3f:08:34:5a:b3:b4:86:d9:67:
         1e:3a:04:f6:65:28:1e:d5:85:fa:e1:74:21:2d:73:5c:05:31:
         dc:10:ba:a3:23:bd:97:f0:6a:36:d7:29:eb:39:09:4a:3e:fa:
         1f:da:56:ea:78:80:2a:c3:e8:e6:21:cf:e7:db:7c:55:5d:27:
         fe:ef:95:cf:38:41:13:61:bc:28:5b:fb:49:cd:91:69:1d:76:
         17:46:96:3d:55:db:c4:13:9c:f3:8f:72:28:44:e9:67:5c:2f:
         c8:5b:d2:2a:14:27:41:db:d8:d9:cc:64:6d:99:f2:9f:88:7d:
         7d:f2:8f:c3:88:a0:d8:a4:10:7c:78:17:f4:69:6e:76:0e:38:
         8c:01:9b:9e:a1:9e:2d:14:0e:09:25:e8:b7:9c:c5:52:02:63:
         c6:59:e9:5c:df:a3:0a:89:f7:fb:31:df:33:71:dd:fa:7c:03:
         85:25:73:85:a3:90:a3:05:51:91:32:9a:8a:cf:44:c1:14:77:
         e5:eb:fe:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFAHbWep7Tzpfeb2uBMFeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJmODJmZWFjMDdlNzc0ZGIxZGZjMjc0YTcyNDljMjFhOTFlYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hg890nqqAEL8lZk6VePSdfSvzKB
s2bBrp3gojNdpYuEhY6Un5Ye5CEwj0DtfzrF1QZzEFwzxu8clwJrR0EyVI+M+jw+
la3jQz2ITpyN1LynQCADoJNVab1r2FSQ/GPC7vOoTe/zrvgJAIqRv0XnNdRAj1A5
+oJkkUTCiB5Rltw7qCT3UefCETpJ35YWA7nlRs0LlyYtJvQUlZsa1THefffPnaQ+
NbN+q5X2SymhtW4ztxW/D4A3yfsMg2KeKm9j2thufQTGHB+Y2DXVP9ZnWh+Xlh0D
KiRVKy19subBcHusN2sVxpe3s2CFbq8CBZ0buBdiveIkG/DxVi0MU0UzHQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFwvgv6sB+d02x38J0pyScIakepPMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvWEMtQ19xd0g1M1RiSGZ3blNuSkp3aHFSNms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUUBkD
BALUUBgwDQYJKoZIhvcNAQELBQADggEBADdBMVRU3VtwBFehdGVjuhKxvLvlAuKx
PMdzf3ijRBBMzlBr+vFnPNnzVqGE/TS/Cax7qrmMkoY/BOG5biemfj8INFqztIbZ
Zx46BPZlKB7VhfrhdCEtc1wFMdwQuqMjvZfwajbXKes5CUo++h/aVup4gCrD6OYh
z+fbfFVdJ/7vlc84QRNhvChb+0nNkWkddhdGlj1V28QTnPOPcihE6WdcL8hb0ioU
J0Hb2NnMZG2Z8p+IfX3yj8OIoNikEHx4F/RpbnYOOIwBm56hni0UDgkl6LecxVIC
Y8ZZ6VzfowqJ9/sx3zNx3fp8A4Ulc4WjkKMFUZEymorPRMEUd+Xr/n0=
-----END CERTIFICATE-----