Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/XLpZ-BKg0b-YqYFdQUnHT85OOkg.roa
File:                     XLpZ-BKg0b-YqYFdQUnHT85OOkg.roa (raw, json)
Hash identifier:          sYn9aEKPtsgL8VHGrDx8zotYQKupq7SZ6tTvap3sH2U=
Subject key identifier:   5C:BA:59:F8:12:A0:D1:BF:98:A9:81:5D:41:49:C7:4F:CE:4E:3A:48
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       01932C764AE189205D86268DFDA13272584A
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/XLpZ-BKg0b-YqYFdQUnHT85OOkg.roa
Signing time:             Thu 14 Nov 2024 20:56:10 +0000
ROA not before:           Thu 14 Nov 2024 20:56:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        194.59.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2c:76:4a:e1:89:20:5d:86:26:8d:fd:a1:32:72:58:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Nov 14 20:56:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cba59f812a0d1bf98a9815d4149c74fce4e3a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ac:c2:bf:43:73:0a:de:39:cb:d9:99:a9:4a:
                    aa:17:6d:93:b3:6b:04:5d:c1:60:9c:20:6c:77:a0:
                    f6:68:84:e6:60:98:b5:f9:3e:ed:6c:bc:17:20:6f:
                    ca:eb:96:0d:f1:d5:51:00:b9:f4:72:19:0e:ec:69:
                    6f:dd:93:57:2c:b8:b9:f3:58:ca:45:10:05:d2:af:
                    5a:c0:34:a2:7d:0b:12:08:96:ae:2a:cc:fa:b6:ff:
                    a5:c7:70:21:cb:11:ef:d1:82:6c:2a:6b:18:9b:e1:
                    0d:46:3f:84:7a:d5:2b:35:aa:84:13:37:b1:77:c1:
                    ce:ec:32:fb:e1:e9:db:73:14:6b:88:97:b5:0c:24:
                    f0:c7:b6:19:54:f7:60:9e:e0:5d:2f:ee:b8:05:6b:
                    97:08:6b:79:e3:9c:b5:eb:db:4e:6d:81:79:92:15:
                    89:45:04:62:14:46:24:8c:2c:2c:e8:79:82:a9:3d:
                    ef:44:65:24:a0:33:f5:90:7d:cb:30:25:67:c5:ef:
                    b0:47:cb:46:b4:3e:c2:50:b7:8b:48:ea:45:6a:9b:
                    4a:3f:ee:1a:04:2f:3d:5d:05:70:5a:1e:f0:35:76:
                    3d:1c:1f:5c:b8:1f:72:82:0c:ad:22:8d:1d:1b:5c:
                    76:3b:1c:50:9c:23:43:d0:2a:36:b2:23:82:2d:0d:
                    6d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:BA:59:F8:12:A0:D1:BF:98:A9:81:5D:41:49:C7:4F:CE:4E:3A:48
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/XLpZ-BKg0b-YqYFdQUnHT85OOkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2d:8f:3b:40:b6:ba:39:8d:8d:e1:f2:37:b6:69:25:1f:63:
         61:1f:98:89:e3:fb:1b:56:ec:d5:7f:df:c0:ac:21:4f:43:de:
         19:60:df:6a:77:f1:c7:f0:96:26:96:cf:85:c8:35:3a:91:bf:
         9b:90:d7:df:f8:18:c3:61:a1:df:3c:cd:81:a9:71:df:d2:73:
         c2:be:1d:f4:76:ab:c0:a7:bb:11:98:a5:f5:47:aa:12:11:03:
         b5:85:cc:e1:79:15:7c:ae:72:9c:53:db:dd:54:dc:bf:3f:2b:
         65:8e:84:b1:41:fb:52:ae:87:dd:2e:3b:d7:b5:54:bf:b5:5c:
         31:c1:d3:71:69:f1:d5:fe:58:ca:e0:cb:2f:91:67:a3:dc:14:
         a5:2c:a1:bb:7e:53:8d:7c:91:29:3e:84:ce:12:e0:02:fd:2f:
         e2:a4:bf:60:69:76:6a:3f:1a:c0:83:28:6c:9d:26:45:e5:96:
         98:47:46:2d:c9:ee:52:f9:ec:6b:82:3a:db:5f:7c:1b:fd:bd:
         5e:be:a7:e7:4a:97:6a:4c:1e:0f:5a:7e:92:53:2f:b3:6a:5b:
         95:fe:7f:19:c1:9b:61:dd:fe:0e:6c:26:83:60:77:b0:fa:39:
         1c:e2:11:d6:b4:7c:02:ba:2d:78:d2:ca:07:ed:9c:52:b2:74:
         9a:57:d5:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMsdkrhiSBdhiaN/aEyclhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQxMTE0MjA1NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JhNTlmODEyYTBkMWJmOThhOTgxNWQ0MTQ5Yzc0ZmNlNGUzYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqzCv0NzCt45y9mZqUqqF22Ts2sE
XcFgnCBsd6D2aITmYJi1+T7tbLwXIG/K65YN8dVRALn0chkO7Glv3ZNXLLi581jK
RRAF0q9awDSifQsSCJauKsz6tv+lx3AhyxHv0YJsKmsYm+ENRj+EetUrNaqEEzex
d8HO7DL74enbcxRriJe1DCTwx7YZVPdgnuBdL+64BWuXCGt545y169tObYF5khWJ
RQRiFEYkjCws6HmCqT3vRGUkoDP1kH3LMCVnxe+wR8tGtD7CULeLSOpFaptKP+4a
BC89XQVwWh7wNXY9HB9cuB9yggytIo0dG1x2OxxQnCND0Co2siOCLQ1tVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFy6WfgSoNG/mKmBXUFJx0/OTjpIMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvWExwWi1CS2cwYi1ZcVlGZFFVbkhUODVPT2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsIMA0G
CSqGSIb3DQEBCwUAA4IBAQAtLY87QLa6OY2N4fI3tmklH2NhH5iJ4/sbVuzVf9/A
rCFPQ94ZYN9qd/HH8JYmls+FyDU6kb+bkNff+BjDYaHfPM2BqXHf0nPCvh30dqvA
p7sRmKX1R6oSEQO1hczheRV8rnKcU9vdVNy/PytljoSxQftSrofdLjvXtVS/tVwx
wdNxafHV/ljK4MsvkWej3BSlLKG7flONfJEpPoTOEuAC/S/ipL9gaXZqPxrAgyhs
nSZF5ZaYR0Ytye5S+exrgjrbX3wb/b1evqfnSpdqTB4PWn6SUy+zaluV/n8ZwZth
3f4ObCaDYHew+jkc4hHWtHwCui140soH7ZxSsnSaV9WF
-----END CERTIFICATE-----