Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/bf580b-e912-4c1d-9e50-57b91e815330/1/X3uPBxzPVXv3n_QN1aGdKbmuIRY.roa
File:                     X3uPBxzPVXv3n_QN1aGdKbmuIRY.roa (raw, json)
Hash identifier:          hUPc8yRkBzbeF7M/RRJW79E+lPzVmxoaNEB54waojEo=
Subject key identifier:   5F:7B:8F:07:1C:CF:55:7B:F7:9F:F4:0D:D5:A1:9D:29:B9:AE:21:16
Certificate issuer:       /CN=19d960058a553b3f5df9fe727219037c48ab50e1
Certificate serial:       019424B3C00435F7F54E317D1098BCDE04B2
Authority key identifier: 19:D9:60:05:8A:55:3B:3F:5D:F9:FE:72:72:19:03:7C:48:AB:50:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GdlgBYpVOz9d-f5ychkDfEirUOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/bf580b-e912-4c1d-9e50-57b91e815330/1/X3uPBxzPVXv3n_QN1aGdKbmuIRY.roa
Signing time:             Thu 02 Jan 2025 01:49:07 +0000
ROA not before:           Thu 02 Jan 2025 01:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39383
IP address blocks:        193.84.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/bf580b-e912-4c1d-9e50-57b91e815330/1/GdlgBYpVOz9d-f5ychkDfEirUOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/bf580b-e912-4c1d-9e50-57b91e815330/1/GdlgBYpVOz9d-f5ychkDfEirUOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GdlgBYpVOz9d-f5ychkDfEirUOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c0:04:35:f7:f5:4e:31:7d:10:98:bc:de:04:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19d960058a553b3f5df9fe727219037c48ab50e1
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f7b8f071ccf557bf79ff40dd5a19d29b9ae2116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b4:33:24:f4:e2:00:c8:26:58:1d:84:68:04:
                    f2:63:32:66:91:33:a7:9b:b9:e0:7f:9d:17:01:0f:
                    98:7c:a8:2e:fb:61:3d:02:9b:f1:6e:7b:5d:44:36:
                    9d:b9:9b:ef:24:4f:70:95:ef:d5:0e:5b:73:17:e8:
                    c3:8f:24:8e:60:90:c2:86:a9:7b:2c:e4:f5:09:8b:
                    bc:bb:1d:d5:53:4c:4b:9b:c2:66:fa:7d:e1:87:55:
                    b6:3a:fa:55:bb:fc:15:40:1c:cd:95:09:28:48:f9:
                    c7:ec:c1:1f:c3:e2:ab:fc:db:9d:97:4c:c3:62:34:
                    f0:70:97:db:81:27:94:9c:71:c8:2b:88:e6:2a:67:
                    ef:9e:9a:b4:54:c5:f1:92:33:6b:98:b3:e7:a1:1c:
                    69:18:e8:d4:f0:49:89:36:b9:5b:d2:f2:63:01:87:
                    c1:ce:62:8d:0e:50:cd:24:2a:57:dd:2c:6b:ad:b6:
                    ba:58:6e:73:3d:ec:ea:6c:5a:2f:39:db:f0:ce:77:
                    e0:3e:e3:a4:4c:99:7f:c5:9e:84:2d:0a:f3:0d:38:
                    8a:76:18:3d:02:e3:ff:c9:bb:a8:04:0f:54:e6:2f:
                    4e:96:93:81:2b:66:73:de:e6:bc:2d:1d:ed:2c:30:
                    d9:ca:c7:ea:f9:f6:0f:e5:56:bb:ea:d3:ca:64:05:
                    2b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7B:8F:07:1C:CF:55:7B:F7:9F:F4:0D:D5:A1:9D:29:B9:AE:21:16
            X509v3 Authority Key Identifier:
                keyid:19:D9:60:05:8A:55:3B:3F:5D:F9:FE:72:72:19:03:7C:48:AB:50:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GdlgBYpVOz9d-f5ychkDfEirUOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/bf580b-e912-4c1d-9e50-57b91e815330/1/X3uPBxzPVXv3n_QN1aGdKbmuIRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/bf580b-e912-4c1d-9e50-57b91e815330/1/GdlgBYpVOz9d-f5ychkDfEirUOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:f7:b0:08:31:87:f0:2c:d4:a9:92:f4:58:98:fb:d8:3b:28:
         ca:03:35:7e:6b:f8:31:28:f2:75:82:23:ce:35:9c:a4:be:c2:
         4f:d3:de:21:80:1d:fc:8e:52:de:49:13:01:2e:2f:59:ce:7f:
         8a:6c:09:8f:10:4e:c4:07:7a:9d:9c:0b:17:2a:62:b3:d3:ae:
         45:28:7c:01:6b:a0:d5:41:dd:a9:f1:ed:8d:00:29:c8:29:ef:
         c2:26:7b:79:95:00:43:88:5f:dc:2f:38:af:6f:05:8f:67:7a:
         bb:61:7d:d5:d0:e4:df:a3:99:72:5f:67:07:14:97:e8:8d:cd:
         71:aa:8f:8f:bf:4a:43:96:dc:fb:92:b3:9e:a0:69:2f:c2:62:
         d9:72:b6:51:83:32:13:e1:73:92:b4:aa:d5:59:7e:5e:3b:7b:
         24:ab:73:cd:cc:52:d5:fe:a1:f3:d6:b1:8c:a1:a4:e1:34:34:
         e9:87:49:83:97:bd:5a:70:22:2f:ef:7c:bd:48:5b:a2:01:a2:
         35:53:e6:56:fe:3b:b7:e0:22:0e:db:3e:7d:16:d4:cd:d9:ab:
         1a:1e:61:c3:e7:81:17:ad:dc:9c:88:c4:f7:e6:c3:2b:4f:40:
         41:1a:81:57:4e:f5:92:c3:3a:08:e1:1b:bd:6e:9e:ec:ca:96:
         d1:9d:54:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8AENff1TjF9EJi83gSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZDk2MDA1OGE1NTNiM2Y1ZGY5ZmU3MjcyMTkwMzdjNDhh
YjUwZTEwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjdiOGYwNzFjY2Y1NTdiZjc5ZmY0MGRkNWExOWQyOWI5YWUyMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLQzJPTiAMgmWB2EaATyYzJmkTOn
m7ngf50XAQ+YfKgu+2E9ApvxbntdRDaduZvvJE9wle/VDltzF+jDjySOYJDChql7
LOT1CYu8ux3VU0xLm8Jm+n3hh1W2OvpVu/wVQBzNlQkoSPnH7MEfw+Kr/Nudl0zD
YjTwcJfbgSeUnHHIK4jmKmfvnpq0VMXxkjNrmLPnoRxpGOjU8EmJNrlb0vJjAYfB
zmKNDlDNJCpX3Sxrrba6WG5zPezqbFovOdvwznfgPuOkTJl/xZ6ELQrzDTiKdhg9
AuP/ybuoBA9U5i9OlpOBK2Zz3ua8LR3tLDDZysfq+fYP5Va76tPKZAUrdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF97jwccz1V795/0DdWhnSm5riEWMB8GA1UdIwQY
MBaAFBnZYAWKVTs/Xfn+cnIZA3xIq1DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2RsZ0JZcFZPejlkLWY1eWNoa0RmRWlyVU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9iZjU4MGItZTkxMi00YzFkLTllNTAt
NTdiOTFlODE1MzMwLzEvWDN1UEJ4elBWWHYzbl9RTjFhR2RLYm11SVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9iZjU4MGItZTkxMi00YzFkLTllNTAtNTdiOTFlODE1MzMw
LzEvR2RsZ0JZcFZPejlkLWY1eWNoa0RmRWlyVU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBc97AIMYfwLNSpkvRYmPvYOyjKAzV+a/gxKPJ1giPO
NZykvsJP094hgB38jlLeSRMBLi9Zzn+KbAmPEE7EB3qdnAsXKmKz065FKHwBa6DV
Qd2p8e2NACnIKe/CJnt5lQBDiF/cLzivbwWPZ3q7YX3V0OTfo5lyX2cHFJfojc1x
qo+Pv0pDltz7krOeoGkvwmLZcrZRgzIT4XOStKrVWX5eO3skq3PNzFLV/qHz1rGM
oaThNDTph0mDl71acCIv73y9SFuiAaI1U+ZW/ju34CIO2z59FtTN2asaHmHD54EX
rdyciMT35sMrT0BBGoFXTvWSwzoI4Ru9bp7sypbRnVTY
-----END CERTIFICATE-----