Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/0xWAixhoJFXuXxWIB-lfUWHyZH8.roa
File:                     0xWAixhoJFXuXxWIB-lfUWHyZH8.roa (raw, json)
Hash identifier:          xHAYffqWFnHp5i40qK9m81Laq4Zntv9Fhxjda+vISBg=
Subject key identifier:   D3:15:80:8B:18:68:24:55:EE:5F:15:88:07:E9:5F:51:61:F2:64:7F
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018F8412F1B91E8F63AA7F42FA27E6750011
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/0xWAixhoJFXuXxWIB-lfUWHyZH8.roa
Signing time:             Fri 17 May 2024 01:03:05 +0000
ROA not before:           Fri 17 May 2024 01:03:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48421
IP address blocks:        2.63.192.0/24 maxlen: 24
                          87.242.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:84:12:f1:b9:1e:8f:63:aa:7f:42:fa:27:e6:75:00:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: May 17 01:03:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d315808b18682455ee5f158807e95f5161f2647f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5d:7d:1a:f4:68:6c:4e:7e:9b:bc:65:d1:0b:
                    57:5b:2b:ca:e8:5b:2f:33:da:3c:07:87:bc:fe:31:
                    78:3d:44:57:f4:58:c4:01:b0:9f:35:35:5b:f4:62:
                    1a:07:9a:04:da:7d:6f:55:ef:f0:e1:83:12:91:f2:
                    48:3f:a9:e7:71:64:e3:84:6a:02:3b:c2:7f:ae:f8:
                    a1:15:c5:30:a7:ce:87:85:06:54:67:dc:d3:d3:92:
                    65:34:b4:d6:a3:35:09:22:bd:2b:27:30:a2:6b:ab:
                    0d:c5:48:c1:9d:c0:28:90:09:6e:bc:38:cc:34:a2:
                    f8:f5:f8:45:b2:6a:d6:08:ce:82:98:20:7c:f0:f6:
                    17:51:4e:8e:cb:63:f5:93:50:8d:c3:86:d2:66:87:
                    e4:32:18:bf:49:e1:e5:0c:43:de:11:91:c0:15:30:
                    cd:a0:fe:d4:f3:6e:81:f0:9b:bc:14:46:28:ca:ba:
                    23:f6:2d:73:4d:6f:7e:ba:ee:72:a2:26:7b:77:35:
                    dd:be:20:92:a6:e3:3d:51:d8:6c:1e:a4:a6:c6:5b:
                    99:89:42:2b:de:84:3d:69:fc:a9:26:c9:a3:e0:69:
                    b9:ce:90:95:ed:20:5b:37:b7:ef:d8:79:91:78:98:
                    81:0d:90:d5:3a:2e:6c:96:08:8f:d9:02:31:e4:6f:
                    44:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:15:80:8B:18:68:24:55:EE:5F:15:88:07:E9:5F:51:61:F2:64:7F
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/0xWAixhoJFXuXxWIB-lfUWHyZH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.63.192.0/24
                  87.242.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:27:e0:19:4f:0c:4c:d0:bd:76:38:30:2d:d9:f3:c6:ed:c0:
         4e:30:6f:14:b7:f3:00:32:4a:d0:ff:0b:52:ea:30:8f:ff:3a:
         54:e1:d5:00:15:ab:4e:5b:68:96:16:67:1c:67:5d:fa:e3:f4:
         08:68:3d:d7:29:39:02:db:69:50:1e:a3:da:29:e4:12:5d:49:
         76:28:f2:2a:f9:b1:2e:9c:94:82:72:2a:df:59:9a:a2:54:e4:
         8f:c8:8e:d6:6f:62:02:4a:45:25:b0:67:c5:87:ec:08:f7:2e:
         14:d4:6c:17:4b:77:08:71:a5:23:1b:1e:8c:e5:d2:1a:88:00:
         57:70:d7:d9:29:11:07:e4:b0:4c:7f:21:67:32:31:e9:ae:1c:
         a5:06:32:42:a1:67:b7:16:ee:be:46:30:30:31:02:a3:35:06:
         77:89:69:8b:6b:6f:90:2f:8c:31:b9:5e:7c:9f:61:c8:a1:71:
         0a:a9:ce:d5:c5:c5:d0:1c:93:41:49:e5:52:e2:d3:fc:d8:2c:
         3a:b5:6a:e5:e4:94:df:04:b8:26:ae:4d:5c:d2:8d:76:65:10:
         0e:b0:45:64:de:53:b4:8a:85:b1:a3:a5:5b:98:08:a6:a0:1f:
         c4:5b:cb:c8:0c:59:7a:3b:48:49:20:19:bd:71:65:f9:5e:3e:
         2f:71:0f:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+EEvG5Ho9jqn9C+ifmdQARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNTE3MDEwMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzE1ODA4YjE4NjgyNDU1ZWU1ZjE1ODgwN2U5NWY1MTYxZjI2NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol19GvRobE5+m7xl0QtXWyvK6Fsv
M9o8B4e8/jF4PURX9FjEAbCfNTVb9GIaB5oE2n1vVe/w4YMSkfJIP6nncWTjhGoC
O8J/rvihFcUwp86HhQZUZ9zT05JlNLTWozUJIr0rJzCia6sNxUjBncAokAluvDjM
NKL49fhFsmrWCM6CmCB88PYXUU6Oy2P1k1CNw4bSZofkMhi/SeHlDEPeEZHAFTDN
oP7U826B8Ju8FEYoyroj9i1zTW9+uu5yoiZ7dzXdviCSpuM9UdhsHqSmxluZiUIr
3oQ9afypJsmj4Gm5zpCV7SBbN7fv2HmReJiBDZDVOi5slgiP2QIx5G9EAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNMVgIsYaCRV7l8ViAfpX1Fh8mR/MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvMHhXQWl4aG9KRlh1WHhXSUItbGZVV0h5Wkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAj/AAwQA
V/JCMA0GCSqGSIb3DQEBCwUAA4IBAQAwJ+AZTwxM0L12ODAt2fPG7cBOMG8Ut/MA
MkrQ/wtS6jCP/zpU4dUAFatOW2iWFmccZ1364/QIaD3XKTkC22lQHqPaKeQSXUl2
KPIq+bEunJSCcirfWZqiVOSPyI7Wb2ICSkUlsGfFh+wI9y4U1GwXS3cIcaUjGx6M
5dIaiABXcNfZKREH5LBMfyFnMjHprhylBjJCoWe3Fu6+RjAwMQKjNQZ3iWmLa2+Q
L4wxuV58n2HIoXEKqc7VxcXQHJNBSeVS4tP82Cw6tWrl5JTfBLgmrk1c0o12ZRAO
sEVk3lO0ioWxo6VbmAimoB/EW8vIDFl6O0hJIBm9cWX5Xj4vcQ+e
-----END CERTIFICATE-----