Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/inJNm3UnVy1-rgmQr3RH_DS2fp8.roa
File:                     inJNm3UnVy1-rgmQr3RH_DS2fp8.roa (raw, json)
Hash identifier:          +WMNaPL3Bhrr4CaE2Twq2qvKcwgqZyfWcYpVTJB0mhE=
Subject key identifier:   8A:72:4D:9B:75:27:57:2D:7E:AE:09:90:AF:74:47:FC:34:B6:7E:9F
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018E5FBF70289A7F818B0929F32FEE6C4016
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/inJNm3UnVy1-rgmQr3RH_DS2fp8.roa
Signing time:             Thu 21 Mar 2024 06:42:45 +0000
ROA not before:           Thu 21 Mar 2024 06:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5573
IP address blocks:        195.112.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5f:bf:70:28:9a:7f:81:8b:09:29:f3:2f:ee:6c:40:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Mar 21 06:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a724d9b7527572d7eae0990af7447fc34b67e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cd:1d:20:c2:e2:d0:34:b8:83:6b:30:1f:df:
                    9e:dd:69:d6:2b:f0:e4:9e:49:60:ea:79:fa:7c:41:
                    4e:02:a1:c5:ee:21:5e:09:c2:d7:f7:43:cb:45:77:
                    d8:a0:1b:aa:c6:e2:08:19:68:65:ac:14:30:20:2b:
                    32:51:7f:20:ed:ef:39:0b:30:1d:49:2f:81:17:d0:
                    e7:00:45:a5:1b:ce:94:32:14:ca:10:91:d3:91:86:
                    48:52:47:b8:13:22:a1:3b:73:52:bd:7e:28:42:3c:
                    02:bd:09:2f:13:46:86:5e:4c:a1:f0:97:99:c7:70:
                    0e:bb:c9:e6:db:2d:ee:28:c7:0e:0a:95:80:d9:8e:
                    12:e7:23:f9:6c:ae:61:fb:59:eb:3e:56:1f:fc:29:
                    24:0e:c4:27:8d:01:62:ab:49:e0:9a:c0:00:c6:ff:
                    49:20:a3:cd:72:a9:55:c5:29:c6:0e:58:3b:42:cb:
                    24:e6:08:29:8c:b1:c1:d4:06:e0:69:98:e6:c0:1f:
                    7b:45:2d:82:5a:de:47:ef:d3:91:55:38:e3:5f:b3:
                    dc:64:34:86:85:25:8e:0c:52:c0:5e:ba:2a:8c:da:
                    22:53:31:e6:95:f8:8e:c6:18:49:c2:f1:5f:24:8d:
                    1b:c5:87:d0:ed:6a:8f:53:dc:70:09:75:ff:ea:cd:
                    9b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:72:4D:9B:75:27:57:2D:7E:AE:09:90:AF:74:47:FC:34:B6:7E:9F
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/inJNm3UnVy1-rgmQr3RH_DS2fp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.112.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         35:8e:18:2f:46:e2:6a:84:32:d3:93:71:8e:b4:d2:d1:10:b3:
         66:a6:42:82:a3:4c:62:2c:97:34:72:a6:1b:dc:3b:82:c2:08:
         a9:a1:d1:fb:f1:05:5e:5c:e6:ff:b5:c7:8d:16:93:f3:de:06:
         12:27:50:de:ee:81:75:32:ee:ca:e3:29:ce:f6:69:7a:7b:b8:
         9c:4a:2d:e1:94:a5:a3:65:48:7f:80:f5:8c:d9:a3:7c:3a:de:
         b0:af:3c:c7:29:5a:3e:63:49:ae:63:7a:19:5e:10:18:d4:70:
         9d:30:5b:2e:05:da:be:cb:56:c7:4e:cb:98:dc:3c:d3:d7:96:
         ae:b8:5e:0b:5d:60:59:14:a5:51:d4:78:75:2d:a3:2f:77:2d:
         ec:63:b0:35:71:bf:d6:50:7a:6f:6a:87:d9:f9:f6:1c:57:be:
         c4:7f:bd:3c:13:68:56:43:f9:c4:6a:c3:bf:a9:a8:54:29:b6:
         fa:37:8d:64:00:e0:f9:95:5e:6b:af:08:be:12:a8:72:54:25:
         37:de:49:df:c5:b7:50:4c:17:dc:7a:c0:50:26:9d:c4:34:83:
         e1:31:72:6d:ee:8c:50:66:18:3e:d7:a2:ad:e7:1c:a2:e7:19:
         5f:cd:0d:ea:37:20:5a:67:fe:c0:e7:51:7c:d0:f6:77:86:b3:
         4a:39:f4:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5fv3Aomn+Biwkp8y/ubEAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMzIxMDY0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTcyNGQ5Yjc1Mjc1NzJkN2VhZTA5OTBhZjc0NDdmYzM0YjY3ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts0dIMLi0DS4g2swH9+e3WnWK/Dk
nklg6nn6fEFOAqHF7iFeCcLX90PLRXfYoBuqxuIIGWhlrBQwICsyUX8g7e85CzAd
SS+BF9DnAEWlG86UMhTKEJHTkYZIUke4EyKhO3NSvX4oQjwCvQkvE0aGXkyh8JeZ
x3AOu8nm2y3uKMcOCpWA2Y4S5yP5bK5h+1nrPlYf/CkkDsQnjQFiq0ngmsAAxv9J
IKPNcqlVxSnGDlg7Qssk5ggpjLHB1AbgaZjmwB97RS2CWt5H79ORVTjjX7PcZDSG
hSWODFLAXroqjNoiUzHmlfiOxhhJwvFfJI0bxYfQ7WqPU9xwCXX/6s2bqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpyTZt1J1ctfq4JkK90R/w0tn6fMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvaW5KTm0zVW5WeTEtcmdtUXIzUkhfRFMyZnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFw3DgMA0G
CSqGSIb3DQEBCwUAA4IBAQA1jhgvRuJqhDLTk3GOtNLRELNmpkKCo0xiLJc0cqYb
3DuCwgipodH78QVeXOb/tceNFpPz3gYSJ1De7oF1Mu7K4ynO9ml6e7icSi3hlKWj
ZUh/gPWM2aN8Ot6wrzzHKVo+Y0muY3oZXhAY1HCdMFsuBdq+y1bHTsuY3DzT15au
uF4LXWBZFKVR1Hh1LaMvdy3sY7A1cb/WUHpvaofZ+fYcV77Ef708E2hWQ/nEasO/
qahUKbb6N41kAOD5lV5rrwi+EqhyVCU33knfxbdQTBfcesBQJp3ENIPhMXJt7oxQ
Zhg+16Kt5xyi5xlfzQ3qNyBaZ/7A51F80PZ3hrNKOfQ9
-----END CERTIFICATE-----