Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/5XurQZyYL5VJN-wf7V4ha_6I5nM.roa
File:                     5XurQZyYL5VJN-wf7V4ha_6I5nM.roa (raw, json)
Hash identifier:          61ytL/R6USEvpBjE80f24Lc09/crD3/8vJuQ9+DgaEI=
Subject key identifier:   E5:7B:AB:41:9C:98:2F:95:49:37:EC:1F:ED:5E:21:6B:FE:88:E6:73
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F89F860E0B2F096EFB45C116D5C58
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/5XurQZyYL5VJN-wf7V4ha_6I5nM.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6906
IP address blocks:        81.198.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:89:f8:60:e0:b2:f0:96:ef:b4:5c:11:6d:5c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e57bab419c982f954937ec1fed5e216bfe88e673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ca:d3:2a:6a:b2:ba:41:63:c7:4a:1a:c4:51:
                    6b:5b:07:eb:a5:14:05:ef:df:dd:31:cc:ca:da:36:
                    37:20:e0:17:92:92:d2:90:70:95:b8:c7:e0:d5:64:
                    dd:b0:d6:2a:c7:1c:7b:76:f6:8e:81:d4:71:2d:0c:
                    d6:44:21:2b:74:d4:3e:20:96:53:2e:05:29:5b:a0:
                    7b:c8:c4:80:cc:a8:d7:44:1a:23:62:14:37:03:fe:
                    d0:a0:d2:22:2b:3a:15:45:7a:67:61:fb:c0:94:79:
                    bb:2e:8f:88:1b:cf:5e:26:03:7b:0c:d4:e3:2a:f3:
                    67:08:a7:f5:29:7e:26:1b:0f:90:41:59:4d:b2:ea:
                    b3:a7:b7:6c:7a:f5:d0:76:28:4e:35:4e:4a:87:f7:
                    8d:a9:56:f0:49:3e:02:86:3c:8c:af:b2:10:13:e5:
                    d6:50:ba:5b:2b:08:a1:49:8a:51:5d:2b:ac:66:ae:
                    03:1e:36:b5:10:43:b9:c5:fa:39:c4:2a:4e:d0:18:
                    ee:e4:80:4b:9d:2f:3b:f3:66:f4:21:74:59:80:b0:
                    c3:bf:4c:bd:20:1e:cd:b1:47:fb:bb:ab:48:cc:c8:
                    72:86:84:b4:1d:7c:02:e1:2a:cc:0c:e6:54:3b:58:
                    db:de:3f:ac:9d:d1:6d:57:33:fa:08:b9:4a:e8:51:
                    d5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7B:AB:41:9C:98:2F:95:49:37:EC:1F:ED:5E:21:6B:FE:88:E6:73
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/5XurQZyYL5VJN-wf7V4ha_6I5nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.198.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a6:58:4e:c0:44:fc:75:48:51:11:b1:cd:b1:a8:34:18:66:
         0e:57:74:88:bb:3e:cd:51:cc:0d:8d:79:d1:7b:46:e7:db:cd:
         79:02:ea:0e:04:c9:68:56:ea:88:54:8e:92:3a:c8:69:3b:14:
         d3:06:84:99:1c:af:a1:90:e2:74:f8:d3:b0:3e:eb:1f:e6:d5:
         cb:06:d3:d2:d5:4f:b4:3e:f4:98:cc:fc:b8:83:9a:fe:c6:90:
         b4:70:f4:64:aa:c2:ab:ad:22:cb:d3:a3:9e:d8:2f:3a:b7:da:
         9c:d9:84:ad:b7:42:1a:e5:dd:4a:db:f7:51:60:72:93:d3:30:
         73:48:70:e9:a4:41:a0:7d:b8:5c:06:26:21:e8:fd:9f:b5:d6:
         d3:b4:ab:56:5e:fb:ac:ea:26:0c:c2:58:75:1a:d1:3f:d8:8e:
         66:27:e0:91:ba:8f:96:72:f7:08:d4:04:b5:75:e5:4f:f2:9a:
         39:03:a9:19:2e:7c:bb:ef:28:72:85:79:07:7c:27:4f:1d:1c:
         2f:c4:13:3c:26:fb:7a:9d:a2:7e:48:be:3f:6f:24:51:03:fe:
         f7:be:1a:a6:ea:6e:0e:2d:fa:77:a7:4a:2e:82:97:5c:7d:ae:
         3d:09:57:e7:0d:8f:c9:20:7d:74:2a:55:c2:ce:7a:75:ef:4b:
         81:4c:1f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4n4YOCy8JbvtFwRbVxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdiYWI0MTljOTgyZjk1NDkzN2VjMWZlZDVlMjE2YmZlODhlNjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsrTKmqyukFjx0oaxFFrWwfrpRQF
79/dMczK2jY3IOAXkpLSkHCVuMfg1WTdsNYqxxx7dvaOgdRxLQzWRCErdNQ+IJZT
LgUpW6B7yMSAzKjXRBojYhQ3A/7QoNIiKzoVRXpnYfvAlHm7Lo+IG89eJgN7DNTj
KvNnCKf1KX4mGw+QQVlNsuqzp7dsevXQdihONU5Kh/eNqVbwST4ChjyMr7IQE+XW
ULpbKwihSYpRXSusZq4DHja1EEO5xfo5xCpO0Bju5IBLnS8782b0IXRZgLDDv0y9
IB7NsUf7u6tIzMhyhoS0HXwC4SrMDOZUO1jb3j+sndFtVzP6CLlK6FHVqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOV7q0GcmC+VSTfsH+1eIWv+iOZzMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvNVh1clFaeVlMNVZKTi13ZjdWNGhhXzZJNW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcauMA0G
CSqGSIb3DQEBCwUAA4IBAQAbplhOwET8dUhREbHNsag0GGYOV3SIuz7NUcwNjXnR
e0bn2815AuoOBMloVuqIVI6SOshpOxTTBoSZHK+hkOJ0+NOwPusf5tXLBtPS1U+0
PvSYzPy4g5r+xpC0cPRkqsKrrSLL06Oe2C86t9qc2YStt0Ia5d1K2/dRYHKT0zBz
SHDppEGgfbhcBiYh6P2ftdbTtKtWXvus6iYMwlh1GtE/2I5mJ+CRuo+WcvcI1AS1
deVP8po5A6kZLny77yhyhXkHfCdPHRwvxBM8Jvt6naJ+SL4/byRRA/73vhqm6m4O
Lfp3p0ougpdcfa49CVfnDY/JIH10KlXCznp170uBTB9f
-----END CERTIFICATE-----