Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/ebbd2c-bf5a-46da-86fb-80c3ea4fd000/1/Me5r2Nm9YJCMcMuL7P_zmlrKaDM.roa
File:                     Me5r2Nm9YJCMcMuL7P_zmlrKaDM.roa (raw, json)
Hash identifier:          OPyK3AmzDouuv3s3J7TbAA/anm1D/IXyhrI34EjdiHk=
Subject key identifier:   31:EE:6B:D8:D9:BD:60:90:8C:70:CB:8B:EC:FF:F3:9A:5A:CA:68:33
Certificate issuer:       /CN=5ca053dfe7712ee63dbff640fae07308d66ce748
Certificate serial:       018CC5DC5974C1173C320F7BE01680A05CFF
Authority key identifier: 5C:A0:53:DF:E7:71:2E:E6:3D:BF:F6:40:FA:E0:73:08:D6:6C:E7:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XKBT3-dxLuY9v_ZA-uBzCNZs50g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/ebbd2c-bf5a-46da-86fb-80c3ea4fd000/1/Me5r2Nm9YJCMcMuL7P_zmlrKaDM.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        92.54.34.0/24 maxlen: 24
                          2a02:a0:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/ebbd2c-bf5a-46da-86fb-80c3ea4fd000/1/XKBT3-dxLuY9v_ZA-uBzCNZs50g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/ebbd2c-bf5a-46da-86fb-80c3ea4fd000/1/XKBT3-dxLuY9v_ZA-uBzCNZs50g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XKBT3-dxLuY9v_ZA-uBzCNZs50g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:59:74:c1:17:3c:32:0f:7b:e0:16:80:a0:5c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ca053dfe7712ee63dbff640fae07308d66ce748
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31ee6bd8d9bd60908c70cb8becfff39a5aca6833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9c:ba:bf:d0:81:bd:56:d6:84:8a:25:71:b0:
                    f4:35:9f:0f:e0:2d:7b:26:84:6f:50:d9:e2:8a:26:
                    7d:26:5d:5d:c9:0e:75:38:fd:4d:05:21:7f:dd:d0:
                    5d:f3:95:8f:ac:d9:0f:ea:93:83:e5:c0:5e:ae:40:
                    94:70:9f:81:8e:8b:89:94:45:2b:de:25:97:08:3f:
                    74:f4:b7:fd:6c:e4:1b:5e:18:32:14:93:6f:d5:da:
                    6c:95:1c:20:46:b1:ff:71:7a:01:c9:b3:03:91:d2:
                    72:c0:97:6a:a9:f2:5e:74:66:a2:a8:56:71:4e:a7:
                    38:3d:46:89:e4:4d:9d:d9:6a:ee:86:cd:b8:7c:11:
                    c2:7d:ac:8b:dc:7d:f3:fc:d8:ae:4c:6a:11:88:ca:
                    71:6b:b9:c8:94:1c:43:a4:db:29:ce:0d:e9:34:47:
                    5b:94:9d:05:0c:10:1a:bb:e8:4e:40:91:13:7a:c1:
                    60:33:19:cd:33:f3:ef:0e:18:50:6b:f5:e1:c5:11:
                    86:27:e3:4b:2d:5b:6e:e3:05:f5:c2:98:d0:22:06:
                    a0:ac:ad:a9:2b:95:cb:03:72:2a:f6:e3:5a:b0:dc:
                    28:fb:c7:33:af:09:b0:ca:19:13:53:f9:94:fa:6b:
                    02:ae:10:5e:87:f2:ba:28:25:94:8c:3a:bb:50:63:
                    d8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EE:6B:D8:D9:BD:60:90:8C:70:CB:8B:EC:FF:F3:9A:5A:CA:68:33
            X509v3 Authority Key Identifier:
                keyid:5C:A0:53:DF:E7:71:2E:E6:3D:BF:F6:40:FA:E0:73:08:D6:6C:E7:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XKBT3-dxLuY9v_ZA-uBzCNZs50g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/ebbd2c-bf5a-46da-86fb-80c3ea4fd000/1/Me5r2Nm9YJCMcMuL7P_zmlrKaDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/ebbd2c-bf5a-46da-86fb-80c3ea4fd000/1/XKBT3-dxLuY9v_ZA-uBzCNZs50g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.54.34.0/24
                IPv6:
                  2a02:a0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:79:ad:dc:18:33:18:0d:80:fb:ff:d1:c9:ba:54:76:35:fb:
         ba:ca:6f:8c:40:b8:69:8a:fc:ef:d9:cb:78:a3:b4:79:d5:e3:
         54:f8:3c:40:36:5a:73:05:ca:e5:d2:e8:62:32:09:2f:92:da:
         e1:65:f5:e0:ee:33:f8:bc:46:2b:15:24:a0:73:34:ba:e8:01:
         78:09:04:b5:8a:34:4e:ee:93:97:70:f3:c7:55:ad:42:56:72:
         0f:d8:a6:42:82:74:4b:e5:6d:97:91:f3:16:05:f6:46:8f:99:
         44:85:f4:38:91:09:b5:e2:a8:13:02:2b:8a:b8:4e:cf:9a:5d:
         13:a1:17:21:60:7a:34:89:bc:43:e7:b8:ef:5b:99:07:2f:60:
         ad:c7:7f:4d:9b:6a:ea:71:60:99:5a:28:22:8e:83:3f:3b:92:
         2f:af:fb:4b:a4:12:a0:6a:e8:51:b1:d8:12:d4:39:70:1b:e1:
         6e:1f:73:13:f0:b2:37:7e:d5:05:5d:ae:fc:b7:19:85:c1:26:
         78:18:70:fb:35:8f:40:8a:8a:70:bc:37:37:9e:91:84:fd:1c:
         08:28:b4:3d:90:1e:2b:ab:8b:c4:29:b2:db:ab:49:9b:06:0e:
         98:a8:4c:78:6f:13:cc:25:61:44:ea:3d:3c:cd:c7:ca:50:93:
         36:09:63:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3Fl0wRc8Mg974BaAoFz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjYTA1M2RmZTc3MTJlZTYzZGJmZjY0MGZhZTA3MzA4ZDY2
Y2U3NDgwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWVlNmJkOGQ5YmQ2MDkwOGM3MGNiOGJlY2ZmZjM5YTVhY2E2ODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpy6v9CBvVbWhIolcbD0NZ8P4C17
JoRvUNniiiZ9Jl1dyQ51OP1NBSF/3dBd85WPrNkP6pOD5cBerkCUcJ+BjouJlEUr
3iWXCD909Lf9bOQbXhgyFJNv1dpslRwgRrH/cXoBybMDkdJywJdqqfJedGaiqFZx
Tqc4PUaJ5E2d2Wruhs24fBHCfayL3H3z/NiuTGoRiMpxa7nIlBxDpNspzg3pNEdb
lJ0FDBAau+hOQJETesFgMxnNM/PvDhhQa/XhxRGGJ+NLLVtu4wX1wpjQIgagrK2p
K5XLA3Iq9uNasNwo+8czrwmwyhkTU/mU+msCrhBeh/K6KCWUjDq7UGPYawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDHua9jZvWCQjHDLi+z/85paymgzMB8GA1UdIwQY
MBaAFFygU9/ncS7mPb/2QPrgcwjWbOdIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEtCVDMtZHhMdVk5dl9aQS11QnpDTlpzNTBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9lYmJkMmMtYmY1YS00NmRhLTg2ZmIt
ODBjM2VhNGZkMDAwLzEvTWU1cjJObTlZSkNNY011TDdQX3ptbHJLYURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9lYmJkMmMtYmY1YS00NmRhLTg2ZmItODBjM2VhNGZkMDAw
LzEvWEtCVDMtZHhMdVk5dl9aQS11QnpDTlpzNTBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXDYiMA8E
AgACMAkDBwAqAgCgAAkwDQYJKoZIhvcNAQELBQADggEBAHR5rdwYMxgNgPv/0cm6
VHY1+7rKb4xAuGmK/O/Zy3ijtHnV41T4PEA2WnMFyuXS6GIyCS+S2uFl9eDuM/i8
RisVJKBzNLroAXgJBLWKNE7uk5dw88dVrUJWcg/YpkKCdEvlbZeR8xYF9kaPmUSF
9DiRCbXiqBMCK4q4Ts+aXROhFyFgejSJvEPnuO9bmQcvYK3Hf02baupxYJlaKCKO
gz87ki+v+0ukEqBq6FGx2BLUOXAb4W4fcxPwsjd+1QVdrvy3GYXBJngYcPs1j0CK
inC8NzeekYT9HAgotD2QHiuri8QpsturSZsGDpioTHhvE8wlYUTqPTzNx8pQkzYJ
Y4c=
-----END CERTIFICATE-----