Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/26641a-b4f9-4fba-867d-f7f36457874e/1/XgL8rzAAynEhjnKEGAbrUs2djf8.roa
File:                     XgL8rzAAynEhjnKEGAbrUs2djf8.roa (raw, json)
Hash identifier:          hF5vY8wgOcyMwZVJcWx8Qsqvs6b2+nbYIfGflkT4E3U=
Subject key identifier:   5E:02:FC:AF:30:00:CA:71:21:8E:72:84:18:06:EB:52:CD:9D:8D:FF
Certificate issuer:       /CN=594b79990f616a8344c860148fc922910e154dad
Certificate serial:       018CC794A9FBCDC4C93C735CA76108941552
Authority key identifier: 59:4B:79:99:0F:61:6A:83:44:C8:60:14:8F:C9:22:91:0E:15:4D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WUt5mQ9haoNEyGAUj8kikQ4VTa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/26641a-b4f9-4fba-867d-f7f36457874e/1/XgL8rzAAynEhjnKEGAbrUs2djf8.roa
Signing time:             Tue 02 Jan 2024 00:30:57 +0000
ROA not before:           Tue 02 Jan 2024 00:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        91.213.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/26641a-b4f9-4fba-867d-f7f36457874e/1/WUt5mQ9haoNEyGAUj8kikQ4VTa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/26641a-b4f9-4fba-867d-f7f36457874e/1/WUt5mQ9haoNEyGAUj8kikQ4VTa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WUt5mQ9haoNEyGAUj8kikQ4VTa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a9:fb:cd:c4:c9:3c:73:5c:a7:61:08:94:15:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=594b79990f616a8344c860148fc922910e154dad
        Validity
            Not Before: Jan  2 00:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e02fcaf3000ca71218e72841806eb52cd9d8dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f5:50:55:ce:5e:c0:ca:87:b5:d3:6d:12:49:
                    f3:9b:8a:9f:58:57:80:21:ca:57:87:04:5f:bf:5f:
                    62:f1:e1:e5:6a:ab:12:1d:f2:f5:07:b9:c7:d9:28:
                    20:fd:4a:48:1f:c8:c4:cc:6b:23:f4:75:a4:58:10:
                    75:2e:2c:4b:be:d5:bd:e6:db:48:fe:cd:89:3d:19:
                    a6:84:2c:80:b9:c0:3f:5c:a6:e0:22:2c:01:82:1e:
                    42:ea:84:7f:68:d5:fe:47:2d:12:6d:d9:38:59:78:
                    65:a7:2e:2d:31:7b:ac:b7:68:b0:45:1d:9e:81:ae:
                    bb:f4:74:21:71:dd:ed:ac:44:15:d1:16:6b:b5:7f:
                    dd:e8:06:67:a9:4b:1c:b6:7b:f2:55:b2:11:a6:48:
                    6b:8e:d4:89:45:58:c7:c5:d6:7e:0b:6b:30:b9:9f:
                    4e:d1:cc:29:7b:06:a9:11:55:4b:e0:2d:4a:e8:c8:
                    d4:78:b9:ba:b8:b3:1d:04:a5:0e:83:1c:6a:90:9d:
                    89:df:fd:07:0b:90:01:be:5d:48:74:f5:e0:e5:e5:
                    1e:71:b7:4c:6b:3c:89:30:42:cc:9c:11:1b:3a:b1:
                    f8:b1:57:ca:d7:12:49:38:0b:a4:18:44:7c:4f:7f:
                    fd:32:bc:bb:b0:db:8e:b4:06:f2:2d:53:fb:e4:aa:
                    d9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:02:FC:AF:30:00:CA:71:21:8E:72:84:18:06:EB:52:CD:9D:8D:FF
            X509v3 Authority Key Identifier:
                keyid:59:4B:79:99:0F:61:6A:83:44:C8:60:14:8F:C9:22:91:0E:15:4D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUt5mQ9haoNEyGAUj8kikQ4VTa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/26641a-b4f9-4fba-867d-f7f36457874e/1/XgL8rzAAynEhjnKEGAbrUs2djf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/26641a-b4f9-4fba-867d-f7f36457874e/1/WUt5mQ9haoNEyGAUj8kikQ4VTa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:0a:d2:d9:9c:53:00:56:ba:d2:7e:18:bd:ae:29:d1:8e:59:
         c9:d1:d5:83:5d:f1:d7:2b:20:3f:9b:a4:49:8f:56:bc:21:e9:
         c3:5b:e1:0d:27:f4:8e:fb:7f:2f:f0:b8:b4:ff:a5:22:94:e0:
         03:bc:11:6b:70:50:96:08:38:71:90:38:b1:a0:c0:22:de:b9:
         4d:aa:6d:bd:db:4f:59:48:90:a1:4b:7b:ac:b6:a7:f5:b9:79:
         93:9b:87:1b:24:2b:c2:e5:3d:61:f1:68:1d:ef:d5:05:ae:e2:
         10:a1:7d:56:a7:93:76:e1:cb:36:3c:66:0d:92:cb:d2:b8:a4:
         32:b0:0e:09:86:d1:2b:e4:0b:47:cc:2a:26:fc:b8:0a:50:3e:
         ad:7e:e6:83:9e:45:3a:de:9b:21:6d:c5:f8:79:f8:e2:f8:41:
         1e:28:45:89:e4:a6:42:a1:77:19:df:1d:ce:95:4a:d3:33:06:
         7a:e1:00:f1:5e:c4:7c:c0:2c:b3:88:17:e4:1f:96:8b:40:56:
         c1:25:c1:a0:58:fd:c9:3f:d0:b0:f1:9b:06:07:bb:23:df:bd:
         f9:4a:69:43:23:c5:88:1e:a1:5d:8d:3c:34:8d:bb:fc:a0:1c:
         3c:48:d0:24:76:87:fd:63:21:75:ee:d2:70:39:7f:f6:bd:0d:
         b1:f3:bf:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKn7zcTJPHNcp2EIlBVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NGI3OTk5MGY2MTZhODM0NGM4NjAxNDhmYzkyMjkxMGUx
NTRkYWQwHhcNMjQwMTAyMDAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTAyZmNhZjMwMDBjYTcxMjE4ZTcyODQxODA2ZWI1MmNkOWQ4ZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvVQVc5ewMqHtdNtEknzm4qfWFeA
IcpXhwRfv19i8eHlaqsSHfL1B7nH2Sgg/UpIH8jEzGsj9HWkWBB1LixLvtW95ttI
/s2JPRmmhCyAucA/XKbgIiwBgh5C6oR/aNX+Ry0Sbdk4WXhlpy4tMXust2iwRR2e
ga679HQhcd3trEQV0RZrtX/d6AZnqUsctnvyVbIRpkhrjtSJRVjHxdZ+C2swuZ9O
0cwpewapEVVL4C1K6MjUeLm6uLMdBKUOgxxqkJ2J3/0HC5ABvl1IdPXg5eUecbdM
azyJMELMnBEbOrH4sVfK1xJJOAukGER8T3/9Mry7sNuOtAbyLVP75KrZkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4C/K8wAMpxIY5yhBgG61LNnY3/MB8GA1UdIwQY
MBaAFFlLeZkPYWqDRMhgFI/JIpEOFU2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1V0NW1ROWhhb05FeUdBVWo4a2lrUTRWVGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yNjY0MWEtYjRmOS00ZmJhLTg2N2Qt
ZjdmMzY0NTc4NzRlLzEvWGdMOHJ6QUF5bkVoam5LRUdBYnJVczJkamY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yNjY0MWEtYjRmOS00ZmJhLTg2N2QtZjdmMzY0NTc4NzRl
LzEvV1V0NW1ROWhhb05FeUdBVWo4a2lrUTRWVGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9VBMA0G
CSqGSIb3DQEBCwUAA4IBAQDECtLZnFMAVrrSfhi9rinRjlnJ0dWDXfHXKyA/m6RJ
j1a8IenDW+ENJ/SO+38v8Li0/6UilOADvBFrcFCWCDhxkDixoMAi3rlNqm29209Z
SJChS3ustqf1uXmTm4cbJCvC5T1h8Wgd79UFruIQoX1Wp5N24cs2PGYNksvSuKQy
sA4JhtEr5AtHzCom/LgKUD6tfuaDnkU63pshbcX4efji+EEeKEWJ5KZCoXcZ3x3O
lUrTMwZ64QDxXsR8wCyziBfkH5aLQFbBJcGgWP3JP9Cw8ZsGB7sj3735SmlDI8WI
HqFdjTw0jbv8oBw8SNAkdof9YyF17tJwOX/2vQ2x878j
-----END CERTIFICATE-----