Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/XIss-sQKZAu7QphzLvxdNxCRt9c.roa
File:                     XIss-sQKZAu7QphzLvxdNxCRt9c.roa (raw, json)
Hash identifier:          BMUFla/V5tK5IP2vV5kZZSeAIg5pG24BQIe02Rj55Ts=
Subject key identifier:   5C:8B:2C:FA:C4:0A:64:0B:BB:42:98:73:2E:FC:5D:37:10:91:B7:D7
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       019233A51116DFFFEFCCDF2097E9CE425EC2
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/XIss-sQKZAu7QphzLvxdNxCRt9c.roa
Signing time:             Fri 27 Sep 2024 13:21:48 +0000
ROA not before:           Fri 27 Sep 2024 13:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214271
IP address blocks:        146.247.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:a5:11:16:df:ff:ef:cc:df:20:97:e9:ce:42:5e:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Sep 27 13:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c8b2cfac40a640bbb4298732efc5d371091b7d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a9:ea:27:d4:84:ec:99:e3:29:5c:99:0f:b4:
                    6e:e5:6d:70:17:3d:45:0e:3a:7c:07:72:0f:2e:c8:
                    70:8d:bf:07:c2:16:45:c3:a8:64:bc:6b:31:17:53:
                    06:c7:d8:a7:d2:0d:da:e3:a7:95:17:fd:56:73:6b:
                    fc:68:36:9b:23:4b:b7:61:85:98:95:86:58:69:b5:
                    b1:0f:ed:92:7e:85:0e:c8:e5:7a:c7:c1:05:e4:3b:
                    a9:32:b2:b0:7b:7c:ac:32:f8:31:2b:67:b5:5a:84:
                    1d:55:16:b5:b0:b0:d4:d0:7d:f9:ce:06:fa:52:f2:
                    8d:2c:8d:1b:61:4a:44:e4:ae:52:c4:f6:dd:24:6c:
                    d9:cd:32:ca:d1:f4:62:97:67:ba:ef:d6:69:de:cf:
                    ba:9f:b6:19:51:09:ac:a1:50:00:bf:d8:74:7e:f2:
                    45:3f:17:39:40:86:b8:b8:4e:d7:de:56:74:bc:e2:
                    6e:97:3a:ed:f6:0c:33:57:62:fc:ca:48:c0:7a:1c:
                    03:54:f8:65:37:cb:ec:2d:c2:d5:9f:26:e9:0f:66:
                    cb:33:9f:65:5d:53:72:e4:c3:99:1c:ee:26:95:e7:
                    39:a1:b0:42:b5:06:c4:ed:ca:a4:2a:9c:68:aa:62:
                    44:42:b9:49:0a:54:27:32:a1:07:87:ad:0f:53:c8:
                    5a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8B:2C:FA:C4:0A:64:0B:BB:42:98:73:2E:FC:5D:37:10:91:B7:D7
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/XIss-sQKZAu7QphzLvxdNxCRt9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:f7:99:9e:91:2b:6f:0b:c0:43:c0:9d:c6:73:9c:df:58:f1:
         75:21:b9:c5:b6:0e:0e:d7:99:fd:a5:a0:77:f0:08:9d:41:8b:
         41:68:4f:d8:7f:bb:c7:8f:70:11:87:7a:8f:03:88:00:81:82:
         15:00:40:fe:ab:38:0e:89:f1:e9:a2:2a:07:74:51:c0:2d:aa:
         b0:be:35:59:f9:e2:ac:7e:de:2a:e1:be:94:ad:7d:3a:c5:97:
         17:a2:7b:83:20:57:21:be:58:5b:1a:93:0b:c6:8d:b1:fc:5e:
         fc:9a:32:01:2d:0e:5e:b4:b7:1b:f2:e6:4d:66:54:0d:5c:c2:
         00:0f:a3:2a:59:d9:66:b5:d6:a2:c0:ee:a2:3f:6e:d5:ae:d8:
         7d:cc:06:1a:e6:ad:c0:eb:ae:62:0f:e9:d1:b3:70:4f:ae:fc:
         e2:ce:d7:46:f6:88:cb:32:db:86:e2:3e:80:f7:56:79:96:07:
         5e:7e:57:0e:0c:ab:e7:c7:78:d1:10:60:a3:0a:4d:4f:1c:6e:
         4c:cc:43:6c:bd:32:65:ed:c5:5f:d1:45:51:bf:67:41:60:e2:
         40:b6:25:bb:e3:6f:7b:f5:4c:fa:fa:4f:01:e8:84:11:a0:69:
         d1:99:09:30:fd:a2:a1:c9:11:7e:ad:30:b4:64:74:f9:76:1f:
         16:41:1c:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIzpREW3//vzN8gl+nOQl7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwOTI3MTMyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhiMmNmYWM0MGE2NDBiYmI0Mjk4NzMyZWZjNWQzNzEwOTFiN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6nqJ9SE7JnjKVyZD7Ru5W1wFz1F
Djp8B3IPLshwjb8HwhZFw6hkvGsxF1MGx9in0g3a46eVF/1Wc2v8aDabI0u3YYWY
lYZYabWxD+2SfoUOyOV6x8EF5DupMrKwe3ysMvgxK2e1WoQdVRa1sLDU0H35zgb6
UvKNLI0bYUpE5K5SxPbdJGzZzTLK0fRil2e679Zp3s+6n7YZUQmsoVAAv9h0fvJF
Pxc5QIa4uE7X3lZ0vOJulzrt9gwzV2L8ykjAehwDVPhlN8vsLcLVnybpD2bLM59l
XVNy5MOZHO4mlec5obBCtQbE7cqkKpxoqmJEQrlJClQnMqEHh60PU8haJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyLLPrECmQLu0KYcy78XTcQkbfXMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvWElzcy1zUUtaQXU3UXBoekx2eGROeENSdDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdoMA0G
CSqGSIb3DQEBCwUAA4IBAQBt95mekStvC8BDwJ3Gc5zfWPF1IbnFtg4O15n9paB3
8AidQYtBaE/Yf7vHj3ARh3qPA4gAgYIVAED+qzgOifHpoioHdFHALaqwvjVZ+eKs
ft4q4b6UrX06xZcXonuDIFchvlhbGpMLxo2x/F78mjIBLQ5etLcb8uZNZlQNXMIA
D6MqWdlmtdaiwO6iP27Vrth9zAYa5q3A665iD+nRs3BPrvziztdG9ojLMtuG4j6A
91Z5lgdeflcODKvnx3jREGCjCk1PHG5MzENsvTJl7cVf0UVRv2dBYOJAtiW74297
9Uz6+k8B6IQRoGnRmQkw/aKhyRF+rTC0ZHT5dh8WQRyT
-----END CERTIFICATE-----