Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/X2TAPVRa5zRFQfipg_NtqoOplyE.roa
File:                     X2TAPVRa5zRFQfipg_NtqoOplyE.roa (raw, json)
Hash identifier:          GW+bMfeAV+NAjaUSREvTA0obFwk4HvDu+xSJdIhDp94=
Subject key identifier:   5F:64:C0:3D:54:5A:E7:34:45:41:F8:A9:83:F3:6D:AA:83:A9:97:21
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       018CC424B946C96FE9DF961BA665DC043287
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/X2TAPVRa5zRFQfipg_NtqoOplyE.roa
Signing time:             Mon 01 Jan 2024 08:29:50 +0000
ROA not before:           Mon 01 Jan 2024 08:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        87.236.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:b9:46:c9:6f:e9:df:96:1b:a6:65:dc:04:32:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: Jan  1 08:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f64c03d545ae7344541f8a983f36daa83a99721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ca:5a:a9:56:ce:ca:1a:af:85:27:a8:a1:26:
                    71:2c:de:7f:d5:2e:c8:e3:e7:48:1b:54:30:f4:f9:
                    c5:3e:68:15:81:88:a5:63:5d:a9:2f:7d:45:03:b9:
                    b2:3a:42:bd:ec:8f:2d:a4:9b:e5:16:29:f5:c6:02:
                    ca:6e:cc:1d:17:42:52:72:19:72:52:e4:16:89:ca:
                    36:ed:ea:37:76:43:c7:85:d3:5b:45:f7:24:bd:24:
                    e8:ce:b7:c4:f6:44:86:36:2c:50:d3:da:2f:c6:36:
                    41:c7:3a:f0:99:1b:b4:ee:bf:23:f9:ae:6c:73:5c:
                    be:13:23:eb:67:7e:ac:05:f7:46:ea:cf:bb:a3:88:
                    be:5f:6a:b2:37:8c:06:4b:31:ba:39:36:b9:e3:00:
                    24:81:54:ff:76:af:8f:37:8a:c0:a2:fe:a7:c4:cb:
                    67:1a:a3:78:6c:67:dd:86:ce:34:f1:7e:db:82:45:
                    fc:88:a2:4b:b9:9f:51:92:13:8a:44:26:ad:eb:66:
                    fc:78:b9:ee:c9:4f:c7:22:46:42:cf:f3:a1:9a:9b:
                    a4:61:87:dd:e3:6a:5b:22:58:80:c4:aa:ef:94:cf:
                    7a:7b:f0:69:1a:c7:f3:43:08:7b:41:82:ad:ed:fb:
                    6f:53:bb:76:e6:e4:71:a0:a6:53:89:9b:18:fe:cc:
                    5d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:64:C0:3D:54:5A:E7:34:45:41:F8:A9:83:F3:6D:AA:83:A9:97:21
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/X2TAPVRa5zRFQfipg_NtqoOplyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:e6:69:c9:26:ad:c4:53:5c:e3:f0:14:53:6c:e1:9f:6d:13:
         d9:33:56:ea:d1:96:97:b9:15:d7:63:ed:f3:61:69:e7:fa:fe:
         cc:19:b5:d6:98:e4:cc:3c:37:ab:e5:87:f2:c3:a7:62:e1:bc:
         eb:24:46:fb:31:89:f4:00:81:e1:cd:1f:24:00:67:b8:4d:c3:
         b9:9a:a4:05:5c:28:24:b7:bd:50:8d:36:78:1c:07:33:a2:6f:
         1c:4d:4a:d5:f5:ac:25:7d:96:45:5e:ed:65:4b:d9:aa:fe:56:
         18:ee:c9:29:47:27:42:80:a6:cc:08:5a:b7:6e:db:fb:72:47:
         b4:d0:10:4a:14:8c:04:e7:d3:27:d9:b8:2c:12:7c:6e:08:11:
         d8:2f:e0:10:79:65:5a:1b:c6:a3:7b:6e:c0:c6:07:aa:2b:3e:
         27:3c:35:3a:1b:5c:11:f1:e9:8b:4c:e4:17:64:70:2d:e8:2e:
         2f:e9:01:e3:23:5b:a6:37:f8:8e:f0:6c:24:81:ab:0c:f4:01:
         f7:0c:07:70:e5:38:1e:59:7e:02:4e:c0:ab:92:f1:85:d4:98:
         56:78:c7:8b:32:04:6d:f1:44:d0:f7:48:8a:2d:b0:fa:c5:fb:
         5d:e1:f8:46:fc:1a:81:72:7d:72:b6:0a:80:cf:aa:59:c5:13:
         af:00:81:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJLlGyW/p35YbpmXcBDKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjQwMTAxMDgyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjY0YzAzZDU0NWFlNzM0NDU0MWY4YTk4M2YzNmRhYTgzYTk5NzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcpaqVbOyhqvhSeooSZxLN5/1S7I
4+dIG1Qw9PnFPmgVgYilY12pL31FA7myOkK97I8tpJvlFin1xgLKbswdF0JSchly
UuQWico27eo3dkPHhdNbRfckvSTozrfE9kSGNixQ09ovxjZBxzrwmRu07r8j+a5s
c1y+EyPrZ36sBfdG6s+7o4i+X2qyN4wGSzG6OTa54wAkgVT/dq+PN4rAov6nxMtn
GqN4bGfdhs408X7bgkX8iKJLuZ9RkhOKRCat62b8eLnuyU/HIkZCz/OhmpukYYfd
42pbIliAxKrvlM96e/BpGsfzQwh7QYKt7ftvU7t25uRxoKZTiZsY/sxdBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9kwD1UWuc0RUH4qYPzbaqDqZchMB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvWDJUQVBWUmE1elJGUWZpcGdfTnRxb09wbHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+zQMA0G
CSqGSIb3DQEBCwUAA4IBAQCf5mnJJq3EU1zj8BRTbOGfbRPZM1bq0ZaXuRXXY+3z
YWnn+v7MGbXWmOTMPDer5Yfyw6di4bzrJEb7MYn0AIHhzR8kAGe4TcO5mqQFXCgk
t71QjTZ4HAczom8cTUrV9awlfZZFXu1lS9mq/lYY7skpRydCgKbMCFq3btv7cke0
0BBKFIwE59Mn2bgsEnxuCBHYL+AQeWVaG8aje27AxgeqKz4nPDU6G1wR8emLTOQX
ZHAt6C4v6QHjI1umN/iO8GwkgasM9AH3DAdw5TgeWX4CTsCrkvGF1JhWeMeLMgRt
8UTQ90iKLbD6xftd4fhG/BqBcn1ytgqAz6pZxROvAIFP
-----END CERTIFICATE-----