Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/5PlgxSo8NYhaiwbB8WaanD9hxMA.roa
File:                     5PlgxSo8NYhaiwbB8WaanD9hxMA.roa (raw, json)
Hash identifier:          x/fB/X21dq4x417vEWa5WCn0QB5F67TSatkt7+cyXZI=
Subject key identifier:   E4:F9:60:C5:2A:3C:35:88:5A:8B:06:C1:F1:66:9A:9C:3F:61:C4:C0
Certificate issuer:       /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial:       01928B8575B1F25A09991E254264F24D5427
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/5PlgxSo8NYhaiwbB8WaanD9hxMA.roa
Signing time:             Mon 14 Oct 2024 14:53:52 +0000
ROA not before:           Mon 14 Oct 2024 14:53:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31083
IP address blocks:        89.187.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8b:85:75:b1:f2:5a:09:99:1e:25:42:64:f2:4d:54:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
        Validity
            Not Before: Oct 14 14:53:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4f960c52a3c35885a8b06c1f1669a9c3f61c4c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:b0:b6:bd:3a:f0:23:0f:85:1e:73:55:fb:
                    cd:fc:aa:24:69:9b:3b:b9:e7:fb:4a:68:e5:3b:4c:
                    fe:3a:fd:9b:a3:35:06:ba:24:79:68:36:2d:e9:fe:
                    50:67:2c:31:ec:c4:53:d6:f1:1a:4c:45:b9:cd:5f:
                    d2:8a:88:b3:09:1b:a2:85:2c:3f:2a:eb:19:ec:54:
                    b6:b4:dd:50:86:f0:c1:2a:51:14:2a:98:23:a4:fd:
                    fb:2d:b3:ad:02:59:b8:10:b3:db:a2:8c:5c:94:ae:
                    2d:53:f4:cd:c0:55:96:e1:b6:e9:3f:00:f4:6e:c9:
                    84:98:76:1e:20:64:f9:93:37:de:3e:78:a9:3d:09:
                    ea:50:4b:1a:af:f8:40:ca:36:74:12:57:32:e1:5a:
                    ce:1c:4b:66:c9:0c:53:c4:74:41:fc:6a:a0:d8:b7:
                    a8:9d:54:1b:dc:14:4a:15:88:37:8f:3f:29:b2:f6:
                    37:0a:48:74:2e:f2:01:0b:c4:a0:67:4f:bf:c7:ab:
                    7a:31:66:1a:cd:4a:68:11:8b:da:90:3e:5a:8b:4c:
                    9f:8b:42:ba:07:6e:bd:65:2c:2d:63:89:f0:59:5d:
                    10:8c:67:a7:34:71:51:0c:7f:5e:97:13:60:bc:44:
                    44:a9:b6:a9:ea:76:3a:0d:2f:e4:62:3b:f0:8e:55:
                    c1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F9:60:C5:2A:3C:35:88:5A:8B:06:C1:F1:66:9A:9C:3F:61:C4:C0
            X509v3 Authority Key Identifier:
                keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/5PlgxSo8NYhaiwbB8WaanD9hxMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:94:f1:c1:63:2d:56:fc:00:e1:8c:4f:b8:ed:d4:83:2e:c1:
         34:5e:ae:76:e2:71:da:5b:62:65:7f:dc:7b:2f:f8:3d:ff:13:
         80:08:cb:ba:b4:df:10:cd:77:2a:eb:85:58:de:89:8e:58:b4:
         da:a2:3e:81:77:d7:71:ac:e8:47:f5:af:3d:32:a1:d4:2f:ab:
         bf:90:9b:a3:13:8f:77:94:d6:8b:95:09:1d:25:1c:13:67:76:
         c8:5b:7d:e5:14:52:08:49:71:09:7b:00:a0:d4:b2:af:72:50:
         8c:7b:16:c9:f7:de:30:7c:e6:a0:52:43:6b:c3:d1:ee:60:d5:
         21:2f:2f:7a:94:34:19:04:e5:ae:d0:89:71:5e:75:0c:d7:12:
         f2:8a:c7:07:ba:e3:f5:e1:70:87:c6:c5:14:8c:b5:77:87:0d:
         9d:cd:79:d9:cd:33:de:22:c4:0a:87:69:34:1e:9f:2b:95:62:
         cf:dc:c8:d4:c2:0e:d8:cd:6f:ba:79:b9:bf:8d:85:4b:19:52:
         eb:68:33:63:42:e6:90:99:fe:b0:2e:7b:52:d3:99:c2:e3:0e:
         42:29:52:c7:2e:d6:c7:09:a3:15:da:c0:23:9b:fa:ad:87:86:
         95:60:7d:79:96:e8:39:9f:15:ca:44:7c:de:e5:de:7a:f4:cc:
         62:48:ac:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKLhXWx8loJmR4lQmTyTVQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjQxMDE0MTQ1MzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGY5NjBjNTJhM2MzNTg4NWE4YjA2YzFmMTY2OWE5YzNmNjFjNGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE2wtr068CMPhR5zVfvN/KokaZs7
uef7SmjlO0z+Ov2bozUGuiR5aDYt6f5QZywx7MRT1vEaTEW5zV/SioizCRuihSw/
KusZ7FS2tN1QhvDBKlEUKpgjpP37LbOtAlm4ELPbooxclK4tU/TNwFWW4bbpPwD0
bsmEmHYeIGT5kzfePnipPQnqUEsar/hAyjZ0Elcy4VrOHEtmyQxTxHRB/Gqg2Leo
nVQb3BRKFYg3jz8psvY3Ckh0LvIBC8SgZ0+/x6t6MWYazUpoEYvakD5ai0yfi0K6
B269ZSwtY4nwWV0QjGenNHFRDH9elxNgvEREqbap6nY6DS/kYjvwjlXBlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOT5YMUqPDWIWosGwfFmmpw/YcTAMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvNVBsZ3hTbzhOWWhhaXdiQjhXYWFuRDloeE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbtTMA0G
CSqGSIb3DQEBCwUAA4IBAQBdlPHBYy1W/ADhjE+47dSDLsE0Xq524nHaW2Jlf9x7
L/g9/xOACMu6tN8QzXcq64VY3omOWLTaoj6Bd9dxrOhH9a89MqHUL6u/kJujE493
lNaLlQkdJRwTZ3bIW33lFFIISXEJewCg1LKvclCMexbJ994wfOagUkNrw9HuYNUh
Ly96lDQZBOWu0IlxXnUM1xLyiscHuuP14XCHxsUUjLV3hw2dzXnZzTPeIsQKh2k0
Hp8rlWLP3MjUwg7YzW+6ebm/jYVLGVLraDNjQuaQmf6wLntS05nC4w5CKVLHLtbH
CaMV2sAjm/qth4aVYH15lug5nxXKRHze5d569MxiSKy5
-----END CERTIFICATE-----