Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/XTYDavgtknOlnwhLwE8YM7gzGNo.roa
File:                     XTYDavgtknOlnwhLwE8YM7gzGNo.roa (raw, json)
Hash identifier:          PldFwC0OKAPE16YsYJiSJ7/6hQNZV4y5TLuWK0kyNJ0=
Subject key identifier:   5D:36:03:6A:F8:2D:92:73:A5:9F:08:4B:C0:4F:18:33:B8:33:18:DA
Certificate issuer:       /CN=a5abc43afced72fb92778728bee571c678f53853
Certificate serial:       019422FAFB1835FC5584DF0573305CA896A4
Authority key identifier: A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/XTYDavgtknOlnwhLwE8YM7gzGNo.roa
Signing time:             Wed 01 Jan 2025 17:47:41 +0000
ROA not before:           Wed 01 Jan 2025 17:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        83.97.56.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fb:18:35:fc:55:84:df:05:73:30:5c:a8:96:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5abc43afced72fb92778728bee571c678f53853
        Validity
            Not Before: Jan  1 17:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d36036af82d9273a59f084bc04f1833b83318da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:54:52:b8:56:f6:08:10:a8:c4:b0:ed:e6:28:
                    34:04:05:75:82:ee:07:a6:52:ac:bf:ee:7b:d0:a1:
                    b9:a7:25:08:f0:1e:5e:03:4e:05:2a:19:d4:2a:8a:
                    50:76:e4:59:6f:62:4d:00:f6:ed:f7:bf:74:53:ae:
                    e8:28:14:87:fc:a0:4f:6c:5c:2a:64:76:58:92:49:
                    b9:f7:c4:9f:7b:ad:08:9c:4d:4b:7b:34:67:c4:33:
                    26:33:24:d5:19:66:11:38:0a:61:64:45:d9:a2:d3:
                    ad:04:99:80:38:88:11:aa:8c:b7:d2:f9:0e:b0:86:
                    20:98:a5:0a:70:45:ce:dc:04:40:ee:94:c8:79:0e:
                    2f:98:b0:dd:b6:fe:01:89:47:c4:97:84:ba:79:50:
                    40:d1:62:63:8d:14:d3:6b:4f:50:33:ac:dd:cf:9c:
                    99:00:7e:a5:2d:21:6f:5f:eb:02:70:42:97:61:19:
                    fb:6a:cf:35:c7:94:05:30:58:f2:1b:26:84:ec:9f:
                    aa:e7:57:70:b4:3b:29:8d:9b:85:74:54:f8:d1:da:
                    c0:33:c1:68:40:ff:7b:69:42:50:e0:44:b4:a2:d6:
                    57:09:82:c3:ef:e8:df:61:04:f6:1c:f7:3a:3a:75:
                    c0:c3:f2:a1:9b:b0:4a:b5:c0:14:79:69:2f:bf:a2:
                    b7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:36:03:6A:F8:2D:92:73:A5:9F:08:4B:C0:4F:18:33:B8:33:18:DA
            X509v3 Authority Key Identifier:
                keyid:A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/XTYDavgtknOlnwhLwE8YM7gzGNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:bf:ca:66:87:31:94:ed:00:94:94:79:5e:66:f6:f8:a9:28:
         40:aa:58:9d:cf:e8:3f:cd:48:73:28:2a:e4:39:55:40:0a:6f:
         c1:8a:fb:46:57:a2:39:63:4f:2d:fa:4a:ee:62:ce:db:b6:32:
         12:0d:b6:49:e9:95:50:41:84:75:c4:2b:67:c3:ca:ac:46:ec:
         e5:90:1f:5a:f2:0f:6c:19:71:4e:86:40:bc:63:cc:26:50:dc:
         c4:85:50:c4:85:ac:0d:59:29:fd:81:ad:1a:6d:3f:a0:d8:82:
         61:28:98:45:b9:79:cf:73:76:75:6f:72:82:16:93:31:67:0f:
         e3:67:9d:a7:e0:7e:23:7f:85:ed:c9:47:38:f8:01:b7:53:f0:
         d7:12:8a:6e:82:d1:46:ed:7f:5b:18:d8:5b:7d:53:4c:dd:8d:
         2f:bd:56:f4:f1:98:a6:1f:ca:19:59:26:1e:a3:ef:e9:52:82:
         6e:ff:95:9c:ab:21:d7:18:92:51:e1:a0:f5:56:e1:49:90:3d:
         b0:f2:34:04:c4:c9:f3:71:ba:61:8a:3b:8b:2c:b2:09:78:74:
         fd:ff:d4:50:13:20:76:9d:91:0b:ee:af:b9:fe:f3:eb:56:f4:
         95:65:58:ef:60:88:30:7b:6d:0b:be:78:cf:30:35:c0:fc:4d:
         41:b5:5f:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+vsYNfxVhN8FczBcqJakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWJjNDNhZmNlZDcyZmI5Mjc3ODcyOGJlZTU3MWM2Nzhm
NTM4NTMwHhcNMjUwMTAxMTc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM2MDM2YWY4MmQ5MjczYTU5ZjA4NGJjMDRmMTgzM2I4MzMxOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVRSuFb2CBCoxLDt5ig0BAV1gu4H
plKsv+570KG5pyUI8B5eA04FKhnUKopQduRZb2JNAPbt9790U67oKBSH/KBPbFwq
ZHZYkkm598Sfe60InE1LezRnxDMmMyTVGWYROAphZEXZotOtBJmAOIgRqoy30vkO
sIYgmKUKcEXO3ARA7pTIeQ4vmLDdtv4BiUfEl4S6eVBA0WJjjRTTa09QM6zdz5yZ
AH6lLSFvX+sCcEKXYRn7as81x5QFMFjyGyaE7J+q51dwtDspjZuFdFT40drAM8Fo
QP97aUJQ4ES0otZXCYLD7+jfYQT2HPc6OnXAw/Khm7BKtcAUeWkvv6K34wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF02A2r4LZJzpZ8IS8BPGDO4MxjaMB8GA1UdIwQY
MBaAFKWrxDr87XL7kneHKL7lccZ49ThTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTct
YjVlOTFmYzY1MDUxLzEvWFRZRGF2Z3Rrbk9sbndoTHdFOFlNN2d6R05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTctYjVlOTFmYzY1MDUx
LzEvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU2E4MA0G
CSqGSIb3DQEBCwUAA4IBAQAZv8pmhzGU7QCUlHleZvb4qShAqlidz+g/zUhzKCrk
OVVACm/BivtGV6I5Y08t+kruYs7btjISDbZJ6ZVQQYR1xCtnw8qsRuzlkB9a8g9s
GXFOhkC8Y8wmUNzEhVDEhawNWSn9ga0abT+g2IJhKJhFuXnPc3Z1b3KCFpMxZw/j
Z52n4H4jf4XtyUc4+AG3U/DXEopugtFG7X9bGNhbfVNM3Y0vvVb08ZimH8oZWSYe
o+/pUoJu/5WcqyHXGJJR4aD1VuFJkD2w8jQExMnzcbphijuLLLIJeHT9/9RQEyB2
nZEL7q+5/vPrVvSVZVjvYIgwe20LvnjPMDXA/E1BtV8B
-----END CERTIFICATE-----