Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/XlHBKhlpGIlMjW6br7a99DF-9Aw.roa
File:                     XlHBKhlpGIlMjW6br7a99DF-9Aw.roa (raw, json)
Hash identifier:          6i+FkVy4r2VzDmpyKBDuji+lnGAQtb0vIYnp/8af2gc=
Subject key identifier:   5E:51:C1:2A:19:69:18:89:4C:8D:6E:9B:AF:B6:BD:F4:31:7E:F4:0C
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01935DDD62A739AFE3D7E095B699C2B89BB2
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/XlHBKhlpGIlMjW6br7a99DF-9Aw.roa
Signing time:             Sun 24 Nov 2024 11:10:09 +0000
ROA not before:           Sun 24 Nov 2024 11:10:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3263
IP address blocks:        109.125.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5d:dd:62:a7:39:af:e3:d7:e0:95:b6:99:c2:b8:9b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Nov 24 11:10:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e51c12a196918894c8d6e9bafb6bdf4317ef40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cf:b6:3b:25:30:c0:7c:6e:c9:30:7f:67:cd:
                    4e:dc:13:ef:3f:c6:3e:a3:0f:c4:a8:57:1b:56:1e:
                    66:d0:8f:2c:b4:a5:cf:13:98:22:bb:bc:f5:74:9a:
                    b4:6b:e8:62:80:a8:5a:c4:72:e0:4c:85:ca:e0:9b:
                    75:3d:ae:b1:63:9c:37:a0:36:93:64:27:ce:3b:85:
                    b3:de:e4:6d:f7:99:0b:f2:3c:59:8a:a1:6d:7b:57:
                    75:d5:49:1c:19:5e:23:72:36:1d:7d:0a:4d:52:16:
                    9f:93:26:1e:48:bd:42:c9:b6:ec:94:86:2b:c0:5f:
                    98:22:c4:5c:34:92:f3:98:7d:37:f0:7b:a9:fd:55:
                    2d:06:37:e1:ba:f0:90:e3:bc:03:78:fe:7b:de:68:
                    bd:0c:ca:27:0c:77:67:2f:ac:16:22:83:f4:0f:d2:
                    ba:bc:d1:b3:85:d4:2c:7e:96:b4:20:7a:76:5a:2a:
                    25:27:9a:2e:0c:b5:38:99:00:48:ee:ab:9f:91:e0:
                    db:66:56:2c:92:b4:a7:ec:ca:3c:34:5d:2c:e5:a5:
                    e5:76:90:50:af:92:11:dd:91:c2:c7:f6:ff:dc:73:
                    d5:7a:55:8b:80:58:6c:e8:45:01:5f:53:18:a5:d4:
                    10:67:d4:4e:dd:12:06:8b:5d:fe:e9:45:91:f4:58:
                    15:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:51:C1:2A:19:69:18:89:4C:8D:6E:9B:AF:B6:BD:F4:31:7E:F4:0C
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/XlHBKhlpGIlMjW6br7a99DF-9Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.125.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:76:29:c1:c0:51:c4:35:a4:23:01:55:88:a5:e6:92:90:1c:
         b3:7b:f6:11:21:ee:b1:a5:4a:d7:65:09:0d:e0:46:78:46:71:
         0b:ea:47:55:22:91:aa:dc:03:b7:a1:bc:8d:d8:ee:0d:40:3e:
         fa:5f:e3:f6:b3:8a:8f:e4:81:22:fe:b8:79:d3:63:f4:5f:6b:
         2d:91:eb:3f:fc:55:14:66:4c:4d:c3:11:17:cb:d6:43:2a:dd:
         1d:9b:ed:35:04:36:01:be:66:d7:12:32:00:bd:9a:3c:4b:1d:
         53:fa:58:41:1b:cd:9d:84:4d:14:d4:8f:26:a2:9f:95:eb:56:
         5a:ad:21:5d:af:f2:c1:10:11:25:3d:f7:3d:82:58:8a:2b:4d:
         85:31:30:cf:d5:8d:0e:48:d4:94:89:8d:96:d3:95:57:fc:6f:
         17:a6:14:23:d4:82:8a:d1:43:b3:aa:b1:5d:dc:61:5f:5b:fb:
         d2:8f:24:0f:73:aa:0a:21:28:03:49:df:76:a5:cd:91:01:f4:
         9f:17:b7:39:4f:1f:b3:f5:e3:55:b1:78:9e:8a:8f:8a:b3:f0:
         40:2a:c9:c2:81:dd:71:eb:b5:4c:a7:72:cf:9d:3d:6d:1a:b5:
         08:e4:d2:3f:31:80:66:0e:18:c4:8e:d8:9b:53:b3:86:29:dd:
         ea:bc:08:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNd3WKnOa/j1+CVtpnCuJuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQxMTI0MTExMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUxYzEyYTE5NjkxODg5NGM4ZDZlOWJhZmI2YmRmNDMxN2VmNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc+2OyUwwHxuyTB/Z81O3BPvP8Y+
ow/EqFcbVh5m0I8stKXPE5giu7z1dJq0a+higKhaxHLgTIXK4Jt1Pa6xY5w3oDaT
ZCfOO4Wz3uRt95kL8jxZiqFte1d11UkcGV4jcjYdfQpNUhafkyYeSL1CybbslIYr
wF+YIsRcNJLzmH038Hup/VUtBjfhuvCQ47wDeP573mi9DMonDHdnL6wWIoP0D9K6
vNGzhdQsfpa0IHp2WiolJ5ouDLU4mQBI7qufkeDbZlYskrSn7Mo8NF0s5aXldpBQ
r5IR3ZHCx/b/3HPVelWLgFhs6EUBX1MYpdQQZ9RO3RIGi13+6UWR9FgVLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5RwSoZaRiJTI1um6+2vfQxfvQMMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvWGxIQktobHBHSWxNalc2YnI3YTk5REYtOUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbX2/MA0G
CSqGSIb3DQEBCwUAA4IBAQBtdinBwFHENaQjAVWIpeaSkByze/YRIe6xpUrXZQkN
4EZ4RnEL6kdVIpGq3AO3obyN2O4NQD76X+P2s4qP5IEi/rh502P0X2stkes//FUU
ZkxNwxEXy9ZDKt0dm+01BDYBvmbXEjIAvZo8Sx1T+lhBG82dhE0U1I8mop+V61Za
rSFdr/LBEBElPfc9gliKK02FMTDP1Y0OSNSUiY2W05VX/G8XphQj1IKK0UOzqrFd
3GFfW/vSjyQPc6oKISgDSd92pc2RAfSfF7c5Tx+z9eNVsXieio+Ks/BAKsnCgd1x
67VMp3LPnT1tGrUI5NI/MYBmDhjEjtibU7OGKd3qvAiG
-----END CERTIFICATE-----