Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/d92557-8c46-482c-91a8-c1e974bed12e/1/X5CVYKU5y3R-c4-8PTCs4TEOV9I.roa
File:                     X5CVYKU5y3R-c4-8PTCs4TEOV9I.roa (raw, json)
Hash identifier:          d9DXL0qRsXrlxAwRRyyrsHDLTBtH9g/jlTkcSake+nc=
Subject key identifier:   5F:90:95:60:A5:39:CB:74:7E:73:8F:BC:3D:30:AC:E1:31:0E:57:D2
Certificate issuer:       /CN=51bfb46353bfcccff9412dcbdd480f19b4c98397
Certificate serial:       01919869494E1A2A6BF91CAFA01D95A7DFDB
Authority key identifier: 51:BF:B4:63:53:BF:CC:CF:F9:41:2D:CB:DD:48:0F:19:B4:C9:83:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ub-0Y1O_zM_5QS3L3UgPGbTJg5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/d92557-8c46-482c-91a8-c1e974bed12e/1/X5CVYKU5y3R-c4-8PTCs4TEOV9I.roa
Signing time:             Wed 28 Aug 2024 09:55:22 +0000
ROA not before:           Wed 28 Aug 2024 09:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25070
IP address blocks:        88.135.188.0/24 maxlen: 24
                          109.197.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/d92557-8c46-482c-91a8-c1e974bed12e/1/Ub-0Y1O_zM_5QS3L3UgPGbTJg5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/d92557-8c46-482c-91a8-c1e974bed12e/1/Ub-0Y1O_zM_5QS3L3UgPGbTJg5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ub-0Y1O_zM_5QS3L3UgPGbTJg5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:98:69:49:4e:1a:2a:6b:f9:1c:af:a0:1d:95:a7:df:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51bfb46353bfcccff9412dcbdd480f19b4c98397
        Validity
            Not Before: Aug 28 09:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f909560a539cb747e738fbc3d30ace1310e57d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:89:b0:92:80:7a:ab:b0:4b:01:6e:e4:90:6c:
                    4b:b1:86:03:ee:52:82:72:77:2b:17:d7:06:ac:c2:
                    57:03:66:7f:4e:f3:0f:45:82:9e:2a:a1:57:69:3b:
                    9c:39:ab:ef:83:24:48:92:3d:ae:57:e0:80:16:af:
                    54:7a:d9:94:2e:b6:fc:8c:d9:3a:48:74:f1:35:e3:
                    db:1a:45:04:8a:b3:f8:41:cf:23:6e:04:39:11:2c:
                    33:7e:71:d7:b1:b5:12:1e:60:99:08:86:d8:73:bc:
                    50:f5:15:c2:7e:8c:51:ad:3e:7e:a5:59:e4:94:e6:
                    6e:fc:84:0a:31:20:47:5b:4b:11:73:f1:ff:32:d4:
                    35:c1:14:0d:b0:60:6c:e1:7c:f7:70:56:e5:8b:22:
                    3d:87:f2:4e:85:32:3a:98:bd:8b:63:65:50:2c:03:
                    4f:ca:e3:0c:3f:a1:77:e0:9b:c2:ff:de:9f:22:61:
                    a2:15:f2:cd:66:f5:a7:d6:02:46:04:d2:f7:3c:eb:
                    4a:f8:7c:65:ad:43:f7:71:96:8c:d8:c4:e1:f0:bd:
                    3e:3e:28:4e:61:8b:78:ed:6c:b8:a3:2d:75:35:1e:
                    e1:9e:10:e6:9e:75:9f:5c:ce:d8:06:1f:8a:06:10:
                    6d:dd:45:87:74:d8:7f:91:9f:24:64:e6:71:d9:5d:
                    d4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:90:95:60:A5:39:CB:74:7E:73:8F:BC:3D:30:AC:E1:31:0E:57:D2
            X509v3 Authority Key Identifier:
                keyid:51:BF:B4:63:53:BF:CC:CF:F9:41:2D:CB:DD:48:0F:19:B4:C9:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ub-0Y1O_zM_5QS3L3UgPGbTJg5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/d92557-8c46-482c-91a8-c1e974bed12e/1/X5CVYKU5y3R-c4-8PTCs4TEOV9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/d92557-8c46-482c-91a8-c1e974bed12e/1/Ub-0Y1O_zM_5QS3L3UgPGbTJg5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.188.0/24
                  109.197.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:f6:5f:74:7b:01:ed:2a:8f:c4:8f:34:f6:12:e9:be:55:6f:
         d0:0a:7d:82:9a:e1:25:da:33:4c:48:07:a0:44:75:86:a1:91:
         39:02:e6:a2:0c:ac:a7:e6:0b:a3:df:31:48:0a:e6:ca:ff:af:
         cd:71:48:b2:8f:e2:95:e9:61:35:1a:f6:68:e1:d2:10:20:45:
         b3:38:58:fc:6e:be:dd:18:32:91:28:e7:5d:7c:f2:cc:8f:e1:
         51:1e:56:f8:ee:01:ca:f2:1d:d7:f0:1c:53:0b:4a:23:b7:93:
         a4:71:fc:fd:9a:44:3a:f7:b1:c0:ba:0f:6a:83:37:a6:03:f1:
         e6:5b:12:f5:5b:98:85:13:a5:81:15:a9:53:c1:b0:29:bc:29:
         d2:ed:94:b4:a0:46:37:7c:7e:91:9f:6c:98:56:bd:82:0e:9e:
         1a:d1:e1:c5:b2:65:6a:bd:e2:f8:d6:40:f4:ce:60:55:d1:b5:
         06:12:02:23:14:e9:62:e9:7f:a6:84:58:78:b5:66:49:c4:75:
         62:9b:11:a6:37:81:ac:45:2c:65:9e:25:a1:27:fd:79:54:d7:
         44:fd:63:40:bd:d1:2b:f0:76:b0:98:1c:80:7a:51:82:18:0b:
         57:87:14:4d:23:4a:6b:48:2f:2f:a6:68:30:87:01:6e:22:99:
         ca:32:2e:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGYaUlOGipr+RyvoB2Vp9/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYmZiNDYzNTNiZmNjY2ZmOTQxMmRjYmRkNDgwZjE5YjRj
OTgzOTcwHhcNMjQwODI4MDk1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkwOTU2MGE1MzljYjc0N2U3MzhmYmMzZDMwYWNlMTMxMGU1N2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04mwkoB6q7BLAW7kkGxLsYYD7lKC
cncrF9cGrMJXA2Z/TvMPRYKeKqFXaTucOavvgyRIkj2uV+CAFq9UetmULrb8jNk6
SHTxNePbGkUEirP4Qc8jbgQ5ESwzfnHXsbUSHmCZCIbYc7xQ9RXCfoxRrT5+pVnk
lOZu/IQKMSBHW0sRc/H/MtQ1wRQNsGBs4Xz3cFbliyI9h/JOhTI6mL2LY2VQLANP
yuMMP6F34JvC/96fImGiFfLNZvWn1gJGBNL3POtK+HxlrUP3cZaM2MTh8L0+PihO
YYt47Wy4oy11NR7hnhDmnnWfXM7YBh+KBhBt3UWHdNh/kZ8kZOZx2V3UdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+QlWClOct0fnOPvD0wrOExDlfSMB8GA1UdIwQY
MBaAFFG/tGNTv8zP+UEty91IDxm0yYOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWItMFkxT196TV81UVMzTDNVZ1BHYlRKZzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kOTI1NTctOGM0Ni00ODJjLTkxYTgt
YzFlOTc0YmVkMTJlLzEvWDVDVllLVTV5M1ItYzQtOFBUQ3M0VEVPVjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kOTI1NTctOGM0Ni00ODJjLTkxYTgtYzFlOTc0YmVkMTJl
LzEvVWItMFkxT196TV81UVMzTDNVZ1BHYlRKZzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWIe8AwQA
bcUiMA0GCSqGSIb3DQEBCwUAA4IBAQCK9l90ewHtKo/EjzT2Eum+VW/QCn2CmuEl
2jNMSAegRHWGoZE5AuaiDKyn5guj3zFICubK/6/NcUiyj+KV6WE1GvZo4dIQIEWz
OFj8br7dGDKRKOddfPLMj+FRHlb47gHK8h3X8BxTC0ojt5Okcfz9mkQ697HAug9q
gzemA/HmWxL1W5iFE6WBFalTwbApvCnS7ZS0oEY3fH6Rn2yYVr2CDp4a0eHFsmVq
veL41kD0zmBV0bUGEgIjFOli6X+mhFh4tWZJxHVimxGmN4GsRSxlniWhJ/15VNdE
/WNAvdEr8HawmByAelGCGAtXhxRNI0prSC8vpmgwhwFuIpnKMi7c
-----END CERTIFICATE-----