Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/X3eOCPF0yHYtHD-2AB9CVGJQWMc.roa
File:                     X3eOCPF0yHYtHD-2AB9CVGJQWMc.roa (raw, json)
Hash identifier:          lmBdJ5jKo/vjSOmOVGfYlTRgJU2pHG+J4zTlb31AySw=
Subject key identifier:   5F:77:8E:08:F1:74:C8:76:2D:1C:3F:B6:00:1F:42:54:62:50:58:C7
Certificate issuer:       /CN=845c58752f3336422ff0ee1726474591e7a41e5f
Certificate serial:       018CC7952F172C23795D69C21017E542F63E
Authority key identifier: 84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/X3eOCPF0yHYtHD-2AB9CVGJQWMc.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5539
IP address blocks:        89.35.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2f:17:2c:23:79:5d:69:c2:10:17:e5:42:f6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845c58752f3336422ff0ee1726474591e7a41e5f
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f778e08f174c8762d1c3fb6001f4254625058c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:40:0e:86:9a:ce:84:b8:67:79:c2:6a:35:fc:
                    b6:76:65:62:aa:87:a9:5b:ea:7b:70:ce:4b:e0:d4:
                    a7:71:1f:8c:f6:4c:5f:ab:78:ef:fa:7b:91:b0:f5:
                    ac:b4:93:3e:a6:88:e5:65:ad:2f:f5:87:3a:1c:c5:
                    57:fe:c6:a5:c3:a1:2b:99:f5:e4:92:d7:df:71:4f:
                    3f:79:da:a1:31:75:93:11:b1:1c:83:2c:11:df:97:
                    c9:88:36:c1:72:5a:16:cc:26:a1:00:a4:e8:12:92:
                    0c:8e:1b:1a:43:06:05:d5:7b:82:a4:9d:d2:ff:b7:
                    a4:74:1c:c7:82:5d:23:ad:69:5b:57:4c:a7:cc:be:
                    75:2c:dd:00:11:6f:71:94:c3:0e:d5:04:e2:5b:7f:
                    fa:36:28:b6:f0:f5:1c:4b:30:b7:de:e0:da:07:3c:
                    9b:84:42:03:71:93:7e:6b:28:7c:6b:d2:fe:ff:60:
                    f5:c0:ab:b6:5f:f5:da:e5:28:d9:5c:f2:c5:d9:7b:
                    6d:2d:f4:b4:f0:aa:e5:2f:ea:9d:fc:b6:d6:56:e8:
                    d9:aa:f8:11:3c:03:c4:b3:38:c4:48:df:15:43:f2:
                    d9:9c:bb:d2:c1:86:8e:b0:62:98:84:7e:9d:59:ef:
                    ac:5b:35:a2:07:2d:7b:3d:e8:c5:5d:25:ed:d4:fb:
                    ec:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:77:8E:08:F1:74:C8:76:2D:1C:3F:B6:00:1F:42:54:62:50:58:C7
            X509v3 Authority Key Identifier:
                keyid:84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/X3eOCPF0yHYtHD-2AB9CVGJQWMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:d7:2e:71:e3:db:eb:93:e2:e8:5b:03:60:06:bc:66:4c:1c:
         df:69:96:8a:69:09:50:ee:50:85:bc:b3:6b:62:e5:39:23:2c:
         eb:32:d9:89:80:1a:f8:33:55:61:42:93:ef:f0:47:0d:bd:eb:
         be:61:cc:b7:b0:eb:13:3c:92:49:02:09:1e:9e:b8:35:75:77:
         95:e4:57:07:fd:a8:bb:c6:10:57:a8:10:39:0f:d5:43:ac:dd:
         3c:ff:dc:fa:b2:5d:9a:2d:81:8c:02:51:f2:6f:39:a5:1b:80:
         ff:c7:80:38:06:50:fa:8c:84:06:6b:62:ab:fb:5b:14:2a:07:
         6a:a7:14:df:0e:98:ee:90:09:75:eb:a4:90:a0:8b:a2:9d:7d:
         2c:13:f7:da:d8:1a:e2:b6:00:ce:ea:9c:b7:f1:f5:e8:02:be:
         9a:60:c9:24:ac:88:e1:87:42:a7:a5:c3:93:ee:de:3e:0d:be:
         91:a1:ec:2b:74:c7:a8:88:8f:d1:af:f9:c7:c3:e0:cb:fb:7d:
         27:01:2f:7b:01:b6:84:bf:a4:f8:72:1f:3f:75:9c:23:60:91:
         fd:f8:f9:da:33:98:0d:18:f1:7a:c4:9a:7b:aa:c9:94:3f:ec:
         76:c4:e0:ee:7a:63:55:34:e6:a2:72:69:a1:4f:5d:d0:29:99:
         2c:6f:99:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlS8XLCN5XWnCEBflQvY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWM1ODc1MmYzMzM2NDIyZmYwZWUxNzI2NDc0NTkxZTdh
NDFlNWYwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc3OGUwOGYxNzRjODc2MmQxYzNmYjYwMDFmNDI1NDYyNTA1OGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkAOhprOhLhnecJqNfy2dmViqoep
W+p7cM5L4NSncR+M9kxfq3jv+nuRsPWstJM+pojlZa0v9Yc6HMVX/salw6ErmfXk
ktffcU8/edqhMXWTEbEcgywR35fJiDbBcloWzCahAKToEpIMjhsaQwYF1XuCpJ3S
/7ekdBzHgl0jrWlbV0ynzL51LN0AEW9xlMMO1QTiW3/6Nii28PUcSzC33uDaBzyb
hEIDcZN+ayh8a9L+/2D1wKu2X/Xa5SjZXPLF2XttLfS08KrlL+qd/LbWVujZqvgR
PAPEszjESN8VQ/LZnLvSwYaOsGKYhH6dWe+sWzWiBy17PejFXSXt1PvsFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF93jgjxdMh2LRw/tgAfQlRiUFjHMB8GA1UdIwQY
MBaAFIRcWHUvMzZCL/DuFyZHRZHnpB5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYt
ZjEzNGU1MWNjMDViLzEvWDNlT0NQRjB5SFl0SEQtMkFCOUNWR0pRV01jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYtZjEzNGU1MWNjMDVi
LzEvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSOuMA0G
CSqGSIb3DQEBCwUAA4IBAQCL1y5x49vrk+LoWwNgBrxmTBzfaZaKaQlQ7lCFvLNr
YuU5IyzrMtmJgBr4M1VhQpPv8EcNveu+Ycy3sOsTPJJJAgkenrg1dXeV5FcH/ai7
xhBXqBA5D9VDrN08/9z6sl2aLYGMAlHybzmlG4D/x4A4BlD6jIQGa2Kr+1sUKgdq
pxTfDpjukAl166SQoIuinX0sE/fa2BritgDO6py38fXoAr6aYMkkrIjhh0KnpcOT
7t4+Db6RoewrdMeoiI/Rr/nHw+DL+30nAS97AbaEv6T4ch8/dZwjYJH9+PnaM5gN
GPF6xJp7qsmUP+x2xODuemNVNOaicmmhT13QKZksb5lW
-----END CERTIFICATE-----