Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/X2hy-Lx19xoAl1nykvH3XvA7Ajk.roa
File:                     X2hy-Lx19xoAl1nykvH3XvA7Ajk.roa (raw, json)
Hash identifier:          jguKzhRFPX97FLmdjuRojzcbbsv+7QvOOqAp4cj5JFU=
Subject key identifier:   5F:68:72:F8:BC:75:F7:1A:00:97:59:F2:92:F1:F7:5E:F0:3B:02:39
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018F026C62E880E799A504D6F864BBB1EBF0
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/X2hy-Lx19xoAl1nykvH3XvA7Ajk.roa
Signing time:             Sun 21 Apr 2024 20:50:08 +0000
ROA not before:           Sun 21 Apr 2024 20:50:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        87.254.23.0/24 maxlen: 24
                          185.210.168.0/23 maxlen: 24
                          217.25.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:02:6c:62:e8:80:e7:99:a5:04:d6:f8:64:bb:b1:eb:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Apr 21 20:50:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f6872f8bc75f71a009759f292f1f75ef03b0239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ba:9e:a4:be:1a:8d:0e:42:22:b9:3a:78:76:
                    58:2d:3f:10:eb:c6:c6:83:c8:4d:85:50:69:6a:49:
                    0d:b2:e4:24:4a:f1:bd:19:64:30:1b:2d:4a:6e:85:
                    16:2f:24:d4:5c:93:ab:76:00:4b:b1:3a:b9:bb:92:
                    32:1b:22:13:87:e8:22:59:13:46:45:ca:b3:bb:be:
                    ce:a3:5a:9c:fa:5a:45:32:75:78:fc:32:14:23:6d:
                    86:b2:cc:54:0e:9e:19:b2:60:84:f5:c4:b7:14:81:
                    31:ec:de:51:fc:44:5d:91:ef:e9:08:48:61:6c:94:
                    e0:6a:00:85:7f:e9:ff:ca:25:00:35:c2:0d:3e:4d:
                    ff:73:0a:03:34:e8:c4:b4:78:d3:5a:b7:b3:d2:d4:
                    c4:8e:df:a3:f1:61:32:70:d5:9c:e7:ff:6d:11:2d:
                    19:78:cc:7c:18:6c:e4:05:7b:4a:a1:e2:21:40:da:
                    97:93:91:72:66:11:02:65:0c:37:c0:4e:87:c1:0a:
                    a2:a6:81:c5:7c:47:51:de:10:24:28:67:0d:4c:37:
                    be:9d:17:a5:9f:a6:23:98:37:34:72:43:ff:6c:b9:
                    16:8d:1f:b5:80:f6:a1:4b:2d:83:28:53:06:e2:f9:
                    17:7b:65:e9:78:04:b5:49:e8:19:3f:a9:8a:0d:d4:
                    e3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:68:72:F8:BC:75:F7:1A:00:97:59:F2:92:F1:F7:5E:F0:3B:02:39
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/X2hy-Lx19xoAl1nykvH3XvA7Ajk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.23.0/24
                  185.210.168.0/23
                  217.25.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:d9:f1:81:09:9e:33:5d:ce:ee:9a:dc:15:13:29:c5:83:6a:
         94:4a:96:83:aa:39:7a:70:1f:f9:11:02:1d:08:25:92:b9:9d:
         eb:d3:7f:4b:1a:04:c9:18:7a:58:eb:70:4f:8f:82:45:33:f3:
         52:be:ad:77:5f:76:7c:9c:c4:c7:b8:b2:0e:48:a0:ce:f3:76:
         96:5f:eb:53:7d:ce:be:5b:ad:63:31:b4:45:81:a2:16:de:fb:
         8e:99:4e:b1:7a:e6:0b:c5:43:8b:80:7c:ab:86:40:b1:74:dc:
         25:82:0a:1a:a9:b1:21:a4:90:35:58:51:c1:76:00:a3:73:93:
         c1:57:48:83:b0:dd:0b:fd:cc:b5:bf:1f:6c:fd:c1:d9:c7:90:
         d9:3d:a9:f9:ef:84:b4:a8:f3:50:e9:49:4a:3b:9c:b7:69:e0:
         d9:62:4e:76:bd:49:c3:d3:55:00:bc:89:20:c3:ac:9e:ea:60:
         36:c8:c4:6d:8a:04:09:aa:b7:ba:21:f9:e5:39:2a:50:89:4d:
         bc:42:eb:b8:83:9f:b0:9a:ec:73:59:a7:ef:c3:e1:b3:10:e4:
         02:c4:da:64:07:c8:02:af:a0:95:13:5e:ea:fa:82:60:54:42:
         2a:9c:99:22:9e:e2:d7:75:19:0a:b0:43:69:8c:a0:4c:40:3d:
         8d:4a:0a:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8CbGLogOeZpQTW+GS7sevwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwNDIxMjA1MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjY4NzJmOGJjNzVmNzFhMDA5NzU5ZjI5MmYxZjc1ZWYwM2IwMjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLqepL4ajQ5CIrk6eHZYLT8Q68bG
g8hNhVBpakkNsuQkSvG9GWQwGy1KboUWLyTUXJOrdgBLsTq5u5IyGyITh+giWRNG
Rcqzu77Oo1qc+lpFMnV4/DIUI22GssxUDp4ZsmCE9cS3FIEx7N5R/ERdke/pCEhh
bJTgagCFf+n/yiUANcINPk3/cwoDNOjEtHjTWrez0tTEjt+j8WEycNWc5/9tES0Z
eMx8GGzkBXtKoeIhQNqXk5FyZhECZQw3wE6HwQqipoHFfEdR3hAkKGcNTDe+nRel
n6YjmDc0ckP/bLkWjR+1gPahSy2DKFMG4vkXe2XpeAS1SegZP6mKDdTjiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF9ocvi8dfcaAJdZ8pLx917wOwI5MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvWDJoeS1MeDE5eG9BbDFueWt2SDNYdkE3QWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV/4XAwQB
udKoAwQA2RkEMA0GCSqGSIb3DQEBCwUAA4IBAQAL2fGBCZ4zXc7umtwVEynFg2qU
SpaDqjl6cB/5EQIdCCWSuZ3r039LGgTJGHpY63BPj4JFM/NSvq13X3Z8nMTHuLIO
SKDO83aWX+tTfc6+W61jMbRFgaIW3vuOmU6xeuYLxUOLgHyrhkCxdNwlggoaqbEh
pJA1WFHBdgCjc5PBV0iDsN0L/cy1vx9s/cHZx5DZPan574S0qPNQ6UlKO5y3aeDZ
Yk52vUnD01UAvIkgw6ye6mA2yMRtigQJqre6IfnlOSpQiU28Quu4g5+wmuxzWafv
w+GzEOQCxNpkB8gCr6CVE17q+oJgVEIqnJkinuLXdRkKsENpjKBMQD2NSgp2
-----END CERTIFICATE-----