Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/xe9YhB9bmq-xeD6QUT20OdpOKyk.roa
File:                     xe9YhB9bmq-xeD6QUT20OdpOKyk.roa (raw, json)
Hash identifier:          GZYw1eN5w8CZ03wZ+oE/S8QIxnwrThheBDZRlBl+p40=
Subject key identifier:   C5:EF:58:84:1F:5B:9A:AF:B1:78:3E:90:51:3D:B4:39:DA:4E:2B:29
Certificate issuer:       /CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
Certificate serial:       018F170B620952D1DBB9E2DCD89DC16819A8
Authority key identifier: BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/xe9YhB9bmq-xeD6QUT20OdpOKyk.roa
Signing time:             Thu 25 Apr 2024 20:56:13 +0000
ROA not before:           Thu 25 Apr 2024 20:56:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        194.246.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 12:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:17:0b:62:09:52:d1:db:b9:e2:dc:d8:9d:c1:68:19:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
        Validity
            Not Before: Apr 25 20:56:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5ef58841f5b9aafb1783e90513db439da4e2b29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b6:79:e0:b0:9c:e2:f9:1d:cf:bf:f1:ce:86:
                    74:66:1a:6a:a1:87:4f:70:bf:2b:59:10:f2:fb:08:
                    20:09:cc:8f:56:b3:dc:85:91:24:49:a9:ef:89:3f:
                    e9:3d:e5:d3:09:4d:63:f5:33:b7:d3:a1:69:93:fb:
                    80:5e:4f:cb:a7:a7:56:f6:1f:20:30:07:ee:bc:bb:
                    87:d6:34:60:61:31:82:07:a1:3b:fc:15:b0:d3:3a:
                    e2:ca:d2:98:57:c6:64:a4:cd:7c:e6:8f:bc:29:fa:
                    b3:e4:74:58:0e:1d:5e:f3:49:dc:3c:cc:c7:fc:0a:
                    43:0d:ff:5b:36:a4:70:c0:3e:7b:b7:d2:02:8c:60:
                    de:49:af:57:5f:e6:53:69:aa:66:5a:a5:26:25:93:
                    bf:aa:39:13:21:62:20:c7:ec:1c:f7:91:b1:2e:a6:
                    3d:b6:27:24:bb:04:fa:32:91:02:51:c5:ce:c4:28:
                    51:8d:d3:b9:40:86:0d:a2:f4:53:7f:71:4d:69:d1:
                    e5:f7:a8:01:bb:a8:a0:7b:24:4b:d7:12:69:76:d3:
                    94:2d:19:7d:10:49:d6:04:33:3c:3d:70:e8:84:c5:
                    44:4f:fd:59:1a:c5:a6:f0:eb:db:4c:4d:c6:40:66:
                    9e:c5:8d:77:df:80:55:dd:5a:b8:94:e7:c1:42:61:
                    dd:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EF:58:84:1F:5B:9A:AF:B1:78:3E:90:51:3D:B4:39:DA:4E:2B:29
            X509v3 Authority Key Identifier:
                keyid:BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/xe9YhB9bmq-xeD6QUT20OdpOKyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:a3:40:4c:0c:c2:60:ed:5c:8e:78:7c:76:a4:8c:25:39:ef:
         bc:ef:48:b2:b9:9c:6c:0f:df:57:2b:da:23:a8:23:d3:4c:22:
         c7:6c:cc:06:cd:9e:36:32:10:61:5f:d7:1f:aa:a7:c7:ac:07:
         c8:e9:95:e1:37:57:72:9e:e9:5e:40:08:c2:e5:c0:c2:8e:83:
         1d:6d:00:eb:3f:bf:ab:1f:35:b5:e1:23:04:f7:22:53:f6:98:
         b2:c7:41:7b:72:21:3d:d2:6f:f1:3d:81:3c:06:4d:79:87:33:
         a5:4d:62:89:85:ea:c5:95:a6:fa:ea:22:01:3c:4f:83:cf:87:
         49:ad:30:60:da:76:7e:4b:a7:12:59:47:59:2b:fb:4c:c2:85:
         87:53:59:70:3c:3f:45:53:53:4d:74:b4:e5:ce:98:18:07:f7:
         5c:04:db:88:26:e3:ff:14:05:fb:64:de:43:47:36:01:bf:b9:
         71:25:16:31:26:ca:d1:c2:5c:5f:01:9a:ce:1f:86:3a:0f:a9:
         d5:f5:36:d0:be:c0:82:27:63:61:1f:b5:23:ec:92:c7:d0:2a:
         b5:26:b3:a9:34:47:f8:bd:c4:a6:19:b2:c0:3c:c6:68:6a:21:
         47:c4:37:88:cb:26:28:65:89:13:fb:54:db:be:cb:7e:b0:33:
         fc:63:6b:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8XC2IJUtHbueLc2J3BaBmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGQwZTY5YWI3NjlmNjViYjJiMTU1YmRmYTgzYTcxODZl
ZWFjNDQwHhcNMjQwNDI1MjA1NjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWVmNTg4NDFmNWI5YWFmYjE3ODNlOTA1MTNkYjQzOWRhNGUyYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrZ54LCc4vkdz7/xzoZ0ZhpqoYdP
cL8rWRDy+wggCcyPVrPchZEkSanviT/pPeXTCU1j9TO306Fpk/uAXk/Lp6dW9h8g
MAfuvLuH1jRgYTGCB6E7/BWw0zriytKYV8ZkpM185o+8Kfqz5HRYDh1e80ncPMzH
/ApDDf9bNqRwwD57t9ICjGDeSa9XX+ZTaapmWqUmJZO/qjkTIWIgx+wc95GxLqY9
tickuwT6MpECUcXOxChRjdO5QIYNovRTf3FNadHl96gBu6igeyRL1xJpdtOULRl9
EEnWBDM8PXDohMVET/1ZGsWm8OvbTE3GQGaexY1334BV3Vq4lOfBQmHdJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXvWIQfW5qvsXg+kFE9tDnaTispMB8GA1UdIwQY
MBaAFLpNDmmrdp9luysVW9+oOnGG7qxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgt
OGVmZjNmZDNjNDhhLzEveGU5WWhCOWJtcS14ZUQ2UVVUMjBPZHBPS3lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgtOGVmZjNmZDNjNDhh
LzEvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYlMA0G
CSqGSIb3DQEBCwUAA4IBAQBKo0BMDMJg7VyOeHx2pIwlOe+870iyuZxsD99XK9oj
qCPTTCLHbMwGzZ42MhBhX9cfqqfHrAfI6ZXhN1dynuleQAjC5cDCjoMdbQDrP7+r
HzW14SME9yJT9piyx0F7ciE90m/xPYE8Bk15hzOlTWKJherFlab66iIBPE+Dz4dJ
rTBg2nZ+S6cSWUdZK/tMwoWHU1lwPD9FU1NNdLTlzpgYB/dcBNuIJuP/FAX7ZN5D
RzYBv7lxJRYxJsrRwlxfAZrOH4Y6D6nV9TbQvsCCJ2NhH7Uj7JLH0Cq1JrOpNEf4
vcSmGbLAPMZoaiFHxDeIyyYoZYkT+1Tbvst+sDP8Y2vV
-----END CERTIFICATE-----