Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/XLc80JRDxgzyNvPwkPwYkVxgxaA.roa
File:                     XLc80JRDxgzyNvPwkPwYkVxgxaA.roa (raw, json)
Hash identifier:          rkQOFRdIwqr84VkYIIpZav/BWDookY+UJNAAhwAdqJs=
Subject key identifier:   5C:B7:3C:D0:94:43:C6:0C:F2:36:F3:F0:90:FC:18:91:5C:60:C5:A0
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01926F74B467E496ADB03D7FBD9DB5902435
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/XLc80JRDxgzyNvPwkPwYkVxgxaA.roa
Signing time:             Wed 09 Oct 2024 04:06:12 +0000
ROA not before:           Wed 09 Oct 2024 04:06:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213382
IP address blocks:        46.38.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6f:74:b4:67:e4:96:ad:b0:3d:7f:bd:9d:b5:90:24:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct  9 04:06:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cb73cd09443c60cf236f3f090fc18915c60c5a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e9:9b:21:16:ba:d1:87:e0:49:ac:cf:ef:20:
                    4e:e8:cb:b7:9c:a7:34:30:00:53:f0:94:5d:55:5e:
                    a7:ce:21:9f:c7:7c:76:93:b8:14:aa:f3:3c:98:5c:
                    0d:fe:f6:52:56:b9:f4:f9:3a:1e:22:ae:24:b4:e6:
                    61:c0:63:10:75:82:25:99:b8:45:fb:ec:a2:cd:88:
                    3e:77:10:99:e0:a6:aa:98:e5:ef:9c:c1:a7:89:4c:
                    b1:97:87:4b:7c:6d:06:6f:f5:9c:01:6b:6a:84:4c:
                    e9:67:07:52:39:68:11:e2:7b:01:12:f5:05:ec:d9:
                    85:8c:e8:de:4f:9a:20:d3:7e:ee:7b:63:02:25:30:
                    b7:26:6b:09:eb:02:3c:6f:ab:e0:22:f3:ec:dc:cc:
                    5c:62:a7:ba:24:3a:0c:14:99:fd:82:92:ac:7d:ca:
                    d4:34:64:c8:93:13:71:6e:27:06:d6:b7:48:cc:d0:
                    62:d6:ae:a9:65:78:97:df:9c:22:87:42:aa:08:bd:
                    ee:de:32:de:ab:d4:c7:87:81:2d:ac:58:1b:30:f5:
                    3e:dc:88:d1:00:bf:f6:4e:2c:c2:f9:e6:47:ea:1b:
                    55:86:0f:e9:84:62:27:2c:55:3d:b6:c9:5f:e5:46:
                    14:d0:03:17:10:d1:b0:b4:54:d9:72:9b:e0:5f:28:
                    15:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B7:3C:D0:94:43:C6:0C:F2:36:F3:F0:90:FC:18:91:5C:60:C5:A0
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/XLc80JRDxgzyNvPwkPwYkVxgxaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:86:70:99:b7:91:8c:41:75:27:28:9f:81:34:6c:bf:65:2b:
         93:94:1b:43:d4:55:29:40:f0:03:42:2d:97:d8:c5:dd:48:14:
         33:62:7f:ff:95:91:8f:2e:cc:dc:34:29:d7:7e:52:0e:43:6f:
         58:7c:e8:ed:28:0c:60:63:06:e0:04:23:13:ee:26:ce:02:6d:
         f7:a3:72:d0:43:07:7c:1c:12:86:1f:b6:1e:a6:1a:4c:94:9f:
         18:f3:17:f8:54:87:de:b6:71:d0:b0:60:95:d2:ed:b6:5a:17:
         d6:4b:ee:21:57:0e:45:53:81:a1:a6:e7:b7:5c:73:5e:4b:da:
         76:c5:0d:fc:d4:fd:19:c3:c6:80:c2:a5:72:ae:61:dc:be:f6:
         db:6f:f8:ca:8b:3b:f5:9d:d2:0a:08:6b:fa:8c:44:ae:ff:c0:
         32:04:f0:73:ac:60:7e:fb:90:bd:96:b4:71:e0:49:13:cd:bd:
         08:40:98:66:db:8b:ab:f0:48:a5:c2:92:90:f5:70:5c:85:56:
         35:63:72:38:68:65:fa:39:e8:03:40:f9:60:51:bc:1c:9d:d6:
         92:fe:38:b7:ee:32:29:66:45:15:c1:4a:58:fc:f1:8f:74:0b:
         8d:28:7f:07:13:0a:7b:30:17:a0:d2:d4:ac:7a:3c:35:ee:92:
         ab:2c:ec:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJvdLRn5JatsD1/vZ21kCQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQxMDA5MDQwNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2I3M2NkMDk0NDNjNjBjZjIzNmYzZjA5MGZjMTg5MTVjNjBjNWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsembIRa60YfgSazP7yBO6Mu3nKc0
MABT8JRdVV6nziGfx3x2k7gUqvM8mFwN/vZSVrn0+ToeIq4ktOZhwGMQdYIlmbhF
++yizYg+dxCZ4KaqmOXvnMGniUyxl4dLfG0Gb/WcAWtqhEzpZwdSOWgR4nsBEvUF
7NmFjOjeT5og037ue2MCJTC3JmsJ6wI8b6vgIvPs3MxcYqe6JDoMFJn9gpKsfcrU
NGTIkxNxbicG1rdIzNBi1q6pZXiX35wih0KqCL3u3jLeq9THh4EtrFgbMPU+3IjR
AL/2TizC+eZH6htVhg/phGInLFU9tslf5UYU0AMXENGwtFTZcpvgXygVUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFy3PNCUQ8YM8jbz8JD8GJFcYMWgMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvWExjODBKUkR4Z3p5TnZQd2tQd1lrVnhneGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiacMA0G
CSqGSIb3DQEBCwUAA4IBAQCOhnCZt5GMQXUnKJ+BNGy/ZSuTlBtD1FUpQPADQi2X
2MXdSBQzYn//lZGPLszcNCnXflIOQ29YfOjtKAxgYwbgBCMT7ibOAm33o3LQQwd8
HBKGH7YephpMlJ8Y8xf4VIfetnHQsGCV0u22WhfWS+4hVw5FU4Ghpue3XHNeS9p2
xQ381P0Zw8aAwqVyrmHcvvbbb/jKizv1ndIKCGv6jESu/8AyBPBzrGB++5C9lrRx
4EkTzb0IQJhm24ur8EilwpKQ9XBchVY1Y3I4aGX6OegDQPlgUbwcndaS/ji37jIp
ZkUVwUpY/PGPdAuNKH8HEwp7MBeg0tSsejw17pKrLOzQ
-----END CERTIFICATE-----