Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Y4FRx37UCH5I9eS955fszGCKiXw.roa
File:                     Y4FRx37UCH5I9eS955fszGCKiXw.roa (raw, json)
Hash identifier:          PlvhNfEIZ032HOqn3A5jm2jo5FOjOilbz3dtBVdG02w=
Subject key identifier:   63:81:51:C7:7E:D4:08:7E:48:F5:E4:BD:E7:97:EC:CC:60:8A:89:7C
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC8020552F1A355AC393F2880A78060BA
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Y4FRx37UCH5I9eS955fszGCKiXw.roa
Signing time:             Tue 02 Jan 2024 02:30:24 +0000
ROA not before:           Tue 02 Jan 2024 02:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38985
IP address blocks:        87.103.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:05:52:f1:a3:55:ac:39:3f:28:80:a7:80:60:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=638151c77ed4087e48f5e4bde797eccc608a897c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:69:6d:b1:ef:a0:9d:a1:ba:17:13:91:89:fc:
                    a8:87:b1:11:3b:1f:e5:54:13:38:b6:42:58:6c:07:
                    89:13:af:a7:f2:01:1b:a1:3b:84:6c:c1:89:67:94:
                    06:a2:83:b0:35:3f:f8:02:76:44:9a:ec:f3:2c:d1:
                    36:29:c5:2d:8c:4d:25:0e:cf:49:9e:ee:74:cb:63:
                    fb:9f:93:17:6f:d8:dc:16:91:13:5b:08:a6:01:04:
                    3d:b6:4d:92:38:71:59:cb:e4:6f:df:06:d4:cf:88:
                    6c:1b:b9:5e:fc:80:41:6f:2e:49:7c:17:a5:a5:ba:
                    bd:07:5a:c2:85:77:df:63:ec:ac:4b:71:9c:ff:71:
                    ac:2f:be:cb:d5:67:7e:fb:ff:43:04:4e:57:97:7b:
                    a9:24:70:37:4f:ca:51:93:82:f4:71:5f:03:8e:95:
                    62:f5:63:6e:ad:43:4d:63:49:72:38:18:81:45:49:
                    12:5a:ab:51:79:61:cc:e9:1d:69:d7:d6:13:f1:bc:
                    69:08:0e:85:29:7f:2b:f2:f2:69:84:fe:92:0e:f4:
                    f6:4b:82:50:33:96:9d:03:75:55:75:91:d3:24:eb:
                    42:39:15:fd:29:64:85:9d:58:4e:f2:78:88:02:75:
                    52:e4:bf:a5:7c:0a:8c:ee:7b:d2:b0:4a:1f:1e:b4:
                    3f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:81:51:C7:7E:D4:08:7E:48:F5:E4:BD:E7:97:EC:CC:60:8A:89:7C
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Y4FRx37UCH5I9eS955fszGCKiXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.103.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:9a:92:aa:89:3e:ba:50:b7:cc:d7:6e:e5:45:38:0f:f6:21:
         8f:6f:b4:fb:f0:bf:bd:62:38:77:50:ff:20:ce:7f:77:c3:07:
         46:22:ca:23:8e:bb:2c:ee:7a:20:f8:31:e2:36:1a:65:0d:2b:
         c2:10:ad:0f:0e:19:e3:90:dc:03:64:8e:de:cc:d5:55:0a:73:
         0b:cc:03:95:13:c8:43:3b:40:a3:76:07:41:ff:5f:92:9c:a7:
         b7:c5:1f:8f:1d:3d:4d:12:e2:69:89:c5:e7:15:f4:87:27:78:
         47:c1:35:a7:ce:09:39:ea:f9:c8:a1:eb:9b:ae:cd:8b:72:07:
         f1:ea:92:b5:a1:df:34:f0:5a:7b:f5:2c:9d:63:8e:d5:fc:81:
         57:06:41:ed:86:a2:4a:c7:c5:30:22:79:99:78:16:8d:82:4c:
         03:8b:6a:52:34:e9:d6:64:6d:dc:f3:1f:16:27:c2:5a:d6:43:
         6c:b2:b7:dd:1a:55:4c:1f:d9:cf:d9:0a:ce:02:48:b5:5d:4f:
         54:f4:23:bf:e5:c0:8f:2f:10:52:8b:6b:20:0e:71:85:32:62:
         0d:38:2a:5e:8a:b6:2d:7e:91:16:a7:01:6f:8d:7f:3a:c7:02:
         7e:e8:a4:16:73:b0:9c:2f:da:e2:e4:d0:e6:4c:e8:aa:52:5a:
         19:98:d4:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAgVS8aNVrDk/KICngGC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzgxNTFjNzdlZDQwODdlNDhmNWU0YmRlNzk3ZWNjYzYwOGE4OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWltse+gnaG6FxORifyoh7EROx/l
VBM4tkJYbAeJE6+n8gEboTuEbMGJZ5QGooOwNT/4AnZEmuzzLNE2KcUtjE0lDs9J
nu50y2P7n5MXb9jcFpETWwimAQQ9tk2SOHFZy+Rv3wbUz4hsG7le/IBBby5JfBel
pbq9B1rChXffY+ysS3Gc/3GsL77L1Wd++/9DBE5Xl3upJHA3T8pRk4L0cV8DjpVi
9WNurUNNY0lyOBiBRUkSWqtReWHM6R1p19YT8bxpCA6FKX8r8vJphP6SDvT2S4JQ
M5adA3VVdZHTJOtCORX9KWSFnVhO8niIAnVS5L+lfAqM7nvSsEofHrQ/7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOBUcd+1Ah+SPXkveeX7Mxgiol8MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvWTRGUngzN1VDSDVJOWVTOTU1ZnN6R0NLaVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV2eoMA0G
CSqGSIb3DQEBCwUAA4IBAQCTmpKqiT66ULfM127lRTgP9iGPb7T78L+9Yjh3UP8g
zn93wwdGIsojjrss7nog+DHiNhplDSvCEK0PDhnjkNwDZI7ezNVVCnMLzAOVE8hD
O0CjdgdB/1+SnKe3xR+PHT1NEuJpicXnFfSHJ3hHwTWnzgk56vnIoeubrs2Lcgfx
6pK1od808Fp79SydY47V/IFXBkHthqJKx8UwInmZeBaNgkwDi2pSNOnWZG3c8x8W
J8Ja1kNssrfdGlVMH9nP2QrOAki1XU9U9CO/5cCPLxBSi2sgDnGFMmINOCpeirYt
fpEWpwFvjX86xwJ+6KQWc7CcL9ri5NDmTOiqUloZmNSC
-----END CERTIFICATE-----