Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/X5HnPJKUURLcEiYTongdyhhxlgs.roa
File:                     X5HnPJKUURLcEiYTongdyhhxlgs.roa (raw, json)
Hash identifier:          s3n7fgVZRU++z+FwpSxhqdkj7Vp9nrR6OjoH4KI7ygc=
Subject key identifier:   5F:91:E7:3C:92:94:51:12:DC:12:26:13:A2:78:1D:CA:18:71:96:0B
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       018EBEF5536BB31A9F669AA9FF0CC9BAF8CF
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/X5HnPJKUURLcEiYTongdyhhxlgs.roa
Signing time:             Mon 08 Apr 2024 18:25:32 +0000
ROA not before:           Mon 08 Apr 2024 18:25:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        213.232.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:be:f5:53:6b:b3:1a:9f:66:9a:a9:ff:0c:c9:ba:f8:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Apr  8 18:25:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f91e73c92945112dc122613a2781dca1871960b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:42:bd:35:30:78:76:63:ee:81:f5:a2:5c:c5:
                    98:a1:f8:9c:79:75:26:66:07:93:3f:67:01:90:de:
                    c5:d7:30:a0:7d:e7:a0:dd:90:ff:9c:2f:a3:43:b4:
                    11:29:eb:85:a2:a0:0b:8a:4a:fe:4a:eb:4a:65:5a:
                    2e:4b:ee:5b:37:30:cc:7e:fc:ee:59:01:90:a7:1c:
                    e7:99:56:98:50:c5:f4:31:1d:d0:6b:b7:53:6d:25:
                    80:e5:e4:85:72:e1:40:e7:d9:44:80:80:ac:5a:60:
                    95:aa:f6:3d:5c:a4:79:59:46:0d:3d:f6:a6:be:f1:
                    9f:af:b8:98:85:c0:98:65:31:dd:79:0e:94:e6:4f:
                    66:1d:5f:b0:3b:fc:ec:1d:d7:ff:8d:ae:44:2a:cc:
                    fa:09:9f:ea:4e:f8:a2:80:11:b7:78:61:65:30:20:
                    03:c1:2b:26:cc:17:61:41:b0:99:b9:13:fd:13:da:
                    dd:b5:56:c3:f4:55:ec:70:35:fc:a6:cd:9e:96:02:
                    7b:3a:ea:7c:ea:8c:88:1f:74:86:cd:95:38:d0:f1:
                    4f:63:a2:42:50:fa:43:91:98:a1:7b:ae:35:b5:95:
                    dd:08:3d:10:6c:a2:a3:39:ab:f7:4d:bf:1d:be:91:
                    98:11:a2:b0:3c:42:29:1b:3f:3d:44:52:cf:9e:0f:
                    93:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:91:E7:3C:92:94:51:12:DC:12:26:13:A2:78:1D:CA:18:71:96:0B
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/X5HnPJKUURLcEiYTongdyhhxlgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:5d:f4:ec:e0:b1:c5:47:14:e4:bd:f3:aa:a1:67:94:a1:b2:
         85:31:ea:67:44:9a:7e:fe:28:67:5a:65:f5:d3:06:4d:f0:03:
         e5:4d:b8:a6:7f:2d:99:a0:8c:32:7d:64:dd:72:a7:71:1a:eb:
         a9:5b:d6:1f:b2:f4:a9:0e:c3:37:22:ec:89:16:8b:77:75:ac:
         c6:e7:9e:61:10:ec:ce:8d:c8:6a:c0:c9:1e:fc:bb:5c:12:f7:
         fb:83:0c:ed:2b:03:01:03:dd:57:ad:2b:ce:a4:8e:96:03:37:
         fe:47:59:33:8a:5d:e7:06:b8:40:91:bc:63:b5:34:d6:9b:3e:
         af:1e:05:5b:48:49:af:37:b0:e6:da:5b:e2:89:7d:2f:0a:3a:
         90:ec:80:fc:f4:4e:5f:3c:8b:ef:54:a5:3b:23:f8:6e:b1:26:
         2a:2e:8c:8e:03:b2:c6:fc:a9:49:a6:c0:8b:c0:b3:79:9b:7a:
         e0:39:3d:b2:70:1b:0f:fd:e8:4e:87:02:ec:38:8f:2c:ac:89:
         fc:12:41:ce:c1:c5:cb:08:6b:89:a5:a3:07:31:39:2c:5a:e0:
         b4:ac:6e:64:a8:e4:0b:7e:b5:4b:57:e5:3b:4e:12:e3:a3:84:
         e9:7e:c6:50:35:d9:fb:aa:3c:b3:1f:7d:02:36:1f:0c:09:62:
         1a:e3:21:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6+9VNrsxqfZpqp/wzJuvjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQwNDA4MTgyNTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkxZTczYzkyOTQ1MTEyZGMxMjI2MTNhMjc4MWRjYTE4NzE5NjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUK9NTB4dmPugfWiXMWYoficeXUm
ZgeTP2cBkN7F1zCgfeeg3ZD/nC+jQ7QRKeuFoqALikr+SutKZVouS+5bNzDMfvzu
WQGQpxznmVaYUMX0MR3Qa7dTbSWA5eSFcuFA59lEgICsWmCVqvY9XKR5WUYNPfam
vvGfr7iYhcCYZTHdeQ6U5k9mHV+wO/zsHdf/ja5EKsz6CZ/qTviigBG3eGFlMCAD
wSsmzBdhQbCZuRP9E9rdtVbD9FXscDX8ps2elgJ7Oup86oyIH3SGzZU40PFPY6JC
UPpDkZihe641tZXdCD0QbKKjOav3Tb8dvpGYEaKwPEIpGz89RFLPng+TrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+R5zySlFES3BImE6J4HcoYcZYLMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvWDVIblBKS1VVUkxjRWlZVG9uZ2R5aGh4bGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ejsMA0G
CSqGSIb3DQEBCwUAA4IBAQAhXfTs4LHFRxTkvfOqoWeUobKFMepnRJp+/ihnWmX1
0wZN8APlTbimfy2ZoIwyfWTdcqdxGuupW9YfsvSpDsM3IuyJFot3dazG555hEOzO
jchqwMke/LtcEvf7gwztKwMBA91XrSvOpI6WAzf+R1kzil3nBrhAkbxjtTTWmz6v
HgVbSEmvN7Dm2lviiX0vCjqQ7ID89E5fPIvvVKU7I/husSYqLoyOA7LG/KlJpsCL
wLN5m3rgOT2ycBsP/ehOhwLsOI8srIn8EkHOwcXLCGuJpaMHMTksWuC0rG5kqOQL
frVLV+U7ThLjo4TpfsZQNdn7qjyzH30CNh8MCWIa4yEl
-----END CERTIFICATE-----