Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XFE7vlLQBmzJZc1l5vHs4bwPMqc.roa
File:                     XFE7vlLQBmzJZc1l5vHs4bwPMqc.roa (raw, json)
Hash identifier:          qLSFKwb/lB7qwkyIoSUv9XJpnCetif9CbXA/zmT2Trc=
Subject key identifier:   5C:51:3B:BE:52:D0:06:6C:C9:65:CD:65:E6:F1:EC:E1:BC:0F:32:A7
Certificate issuer:       /CN=5cb90fd62bcc0fe929dae53036fc55e511c54b45
Certificate serial:       01941F8C7E7EC94711423554B50CDE9EBD33
Authority key identifier: 5C:B9:0F:D6:2B:CC:0F:E9:29:DA:E5:30:36:FC:55:E5:11:C5:4B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XFE7vlLQBmzJZc1l5vHs4bwPMqc.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50884
IP address blocks:        89.35.27.0/24 maxlen: 24
                          89.36.37.0/24 maxlen: 24
                          89.36.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7e:7e:c9:47:11:42:35:54:b5:0c:de:9e:bd:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cb90fd62bcc0fe929dae53036fc55e511c54b45
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c513bbe52d0066cc965cd65e6f1ece1bc0f32a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8a:36:70:0f:81:19:48:90:46:e6:26:79:66:
                    e8:83:c4:fb:cd:96:67:14:e7:ad:36:14:03:72:a6:
                    2f:a9:cc:51:e0:23:bc:76:fe:27:d8:cd:fb:9a:22:
                    72:75:a3:d4:c9:a8:bc:09:1f:7f:75:3a:31:bc:10:
                    ca:3d:eb:c0:09:09:54:16:3a:2f:12:59:4a:98:3e:
                    c4:db:8b:b4:df:3c:30:79:d3:80:c4:f9:19:cb:7e:
                    7a:55:72:81:3e:6d:bc:8f:52:c4:ad:ef:5d:25:cb:
                    b1:e3:6c:5d:3e:56:72:c4:c3:fb:7b:42:31:8c:74:
                    32:65:87:34:1c:18:4f:36:f4:75:46:5e:01:0b:6a:
                    24:39:0a:3c:d2:fa:18:af:21:6a:72:81:89:73:f0:
                    77:38:6a:55:96:86:67:e5:a0:4c:b3:32:59:4d:8b:
                    aa:15:81:31:5d:1c:c0:fb:63:ab:e8:db:09:3f:dc:
                    80:bb:78:e8:1c:21:77:96:52:fe:3b:b5:3b:e8:a2:
                    2e:e3:d6:11:24:7a:dc:2e:b1:38:f7:d5:44:67:d5:
                    98:20:2e:f7:bc:1d:3c:ee:12:31:cb:77:c9:f9:8a:
                    c8:9d:ba:51:79:03:9c:ba:ac:db:11:c4:06:8b:e8:
                    62:c0:99:6e:c3:84:60:f7:96:44:96:30:8b:1c:88:
                    eb:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:51:3B:BE:52:D0:06:6C:C9:65:CD:65:E6:F1:EC:E1:BC:0F:32:A7
            X509v3 Authority Key Identifier:
                keyid:5C:B9:0F:D6:2B:CC:0F:E9:29:DA:E5:30:36:FC:55:E5:11:C5:4B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XLkP1ivMD-kp2uUwNvxV5RHFS0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XFE7vlLQBmzJZc1l5vHs4bwPMqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3dac73-d7c7-40bb-ab55-95135daf5147/1/XLkP1ivMD-kp2uUwNvxV5RHFS0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.27.0/24
                  89.36.37.0/24
                  89.36.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:58:42:57:88:47:38:12:37:40:6c:01:d4:c7:2c:98:2d:0d:
         f1:53:21:c9:32:e9:e2:7e:2e:36:c7:03:fb:46:95:e5:78:6f:
         f8:b4:bc:ce:38:16:df:55:0e:15:39:08:cf:47:22:ac:dc:c2:
         69:ba:e3:c7:3d:4f:94:1b:fb:1a:40:bb:09:8d:59:fb:50:20:
         0a:86:8c:8a:d2:14:5d:ce:2f:3c:f1:e5:8e:ec:e9:33:ec:eb:
         83:bb:ab:95:52:32:38:ab:e1:b2:7c:b6:2c:05:6b:62:a0:b6:
         d1:97:18:74:33:26:60:20:1c:03:0a:eb:bd:44:c7:e5:f1:87:
         30:e1:74:68:c9:62:0a:17:45:ab:38:5d:40:6f:5b:ca:96:42:
         e2:cb:97:9d:a0:eb:7e:a5:c6:48:f5:e2:47:53:c0:14:89:0d:
         6c:8e:40:df:24:fc:9f:d4:73:99:19:ca:3b:2a:0c:45:82:90:
         d7:48:6f:e6:dc:ce:fe:94:70:3e:4f:1b:ff:e8:61:8b:3b:e1:
         61:24:a6:b7:f8:7a:10:42:76:69:d3:58:74:99:da:61:66:78:
         3d:51:91:fa:11:86:96:7c:37:b9:dd:ae:bb:fa:3b:5d:4f:1e:
         b1:02:80:1a:9b:19:d9:a2:6b:a8:56:f9:3f:82:c8:49:b4:c2:
         7f:fe:79:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjH5+yUcRQjVUtQzenr0zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjYjkwZmQ2MmJjYzBmZTkyOWRhZTUzMDM2ZmM1NWU1MTFj
NTRiNDUwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUxM2JiZTUyZDAwNjZjYzk2NWNkNjVlNmYxZWNlMWJjMGYzMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoo2cA+BGUiQRuYmeWbog8T7zZZn
FOetNhQDcqYvqcxR4CO8dv4n2M37miJydaPUyai8CR9/dToxvBDKPevACQlUFjov
EllKmD7E24u03zwwedOAxPkZy356VXKBPm28j1LEre9dJcux42xdPlZyxMP7e0Ix
jHQyZYc0HBhPNvR1Rl4BC2okOQo80voYryFqcoGJc/B3OGpVloZn5aBMszJZTYuq
FYExXRzA+2Or6NsJP9yAu3joHCF3llL+O7U76KIu49YRJHrcLrE499VEZ9WYIC73
vB087hIxy3fJ+YrInbpReQOcuqzbEcQGi+hiwJluw4Rg95ZEljCLHIjrPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFxRO75S0AZsyWXNZebx7OG8DzKnMB8GA1UdIwQY
MBaAFFy5D9YrzA/pKdrlMDb8VeURxUtFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWExrUDFpdk1ELWtwMnVVd052eFY1UkhGUzBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zZGFjNzMtZDdjNy00MGJiLWFiNTUt
OTUxMzVkYWY1MTQ3LzEvWEZFN3ZsTFFCbXpKWmMxbDV2SHM0YndQTXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zZGFjNzMtZDdjNy00MGJiLWFiNTUtOTUxMzVkYWY1MTQ3
LzEvWExrUDFpdk1ELWtwMnVVd052eFY1UkhGUzBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSMbAwQA
WSQlAwQAWSRIMA0GCSqGSIb3DQEBCwUAA4IBAQBuWEJXiEc4EjdAbAHUxyyYLQ3x
UyHJMunifi42xwP7RpXleG/4tLzOOBbfVQ4VOQjPRyKs3MJpuuPHPU+UG/saQLsJ
jVn7UCAKhoyK0hRdzi888eWO7Okz7OuDu6uVUjI4q+GyfLYsBWtioLbRlxh0MyZg
IBwDCuu9RMfl8Ycw4XRoyWIKF0WrOF1Ab1vKlkLiy5edoOt+pcZI9eJHU8AUiQ1s
jkDfJPyf1HOZGco7KgxFgpDXSG/m3M7+lHA+Txv/6GGLO+FhJKa3+HoQQnZp01h0
mdphZng9UZH6EYaWfDe53a67+jtdTx6xAoAamxnZomuoVvk/gshJtMJ//nka
-----END CERTIFICATE-----