Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/W7n_eLYybMQkUl6gHywhkSk4vBI.roa
File:                     W7n_eLYybMQkUl6gHywhkSk4vBI.roa (raw, json)
Hash identifier:          w0eKll+tqAcAy+X8fMQtymgbjQTNxYe2qAN4dUWBNvE=
Subject key identifier:   5B:B9:FF:78:B6:32:6C:C4:24:52:5E:A0:1F:2C:21:91:29:38:BC:12
Certificate issuer:       /CN=e31722d79bff4384a597cb544d9e7974490d8734
Certificate serial:       018CC80161C775BEDF648D6680CF1E03EADC
Authority key identifier: E3:17:22:D7:9B:FF:43:84:A5:97:CB:54:4D:9E:79:74:49:0D:87:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/W7n_eLYybMQkUl6gHywhkSk4vBI.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198459
IP address blocks:        91.239.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:61:c7:75:be:df:64:8d:66:80:cf:1e:03:ea:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31722d79bff4384a597cb544d9e7974490d8734
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bb9ff78b6326cc424525ea01f2c21912938bc12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:63:95:c0:8f:1c:9b:d2:53:05:f8:cb:1d:63:
                    75:a4:82:38:90:1a:76:80:a3:ae:70:29:7d:0a:ea:
                    72:ef:64:e2:e6:78:8c:7e:c5:ec:de:38:65:65:d6:
                    aa:12:55:ef:a8:61:f5:ea:90:f1:35:4b:5e:e3:b6:
                    c8:b7:10:62:a7:e1:57:ed:6f:2a:fb:85:4d:83:a3:
                    0e:a0:a6:5d:86:02:48:3a:d0:5f:7f:e5:e4:bd:be:
                    b9:66:5d:b8:e1:f6:b9:3b:7f:2e:d8:f5:65:c6:7d:
                    a5:a2:2b:97:39:08:0d:8b:d2:ae:5e:1c:1c:78:c2:
                    43:4b:d3:84:3a:ac:6e:0a:51:91:8e:18:3b:3b:8d:
                    e5:7d:c5:c8:2f:95:a6:66:73:00:2d:fa:b4:ac:f1:
                    83:6e:b4:6e:0b:52:24:bf:97:17:8c:e3:09:0f:2b:
                    10:bd:0a:ed:ef:f2:2d:04:a5:fa:ca:10:07:ee:5d:
                    38:b3:23:e2:58:46:f2:c2:dd:d5:7e:c6:4e:72:41:
                    b3:6f:fb:33:24:7e:96:4a:c3:46:a6:3c:17:16:e2:
                    c7:bb:c3:90:49:bf:03:cd:9b:b4:77:87:8c:ad:b5:
                    33:43:51:50:fa:cc:cc:a2:95:6f:a3:69:37:40:20:
                    3e:c1:fa:92:40:c0:e0:8c:59:43:d4:a9:50:0e:ee:
                    ab:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B9:FF:78:B6:32:6C:C4:24:52:5E:A0:1F:2C:21:91:29:38:BC:12
            X509v3 Authority Key Identifier:
                keyid:E3:17:22:D7:9B:FF:43:84:A5:97:CB:54:4D:9E:79:74:49:0D:87:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xci15v_Q4Sll8tUTZ55dEkNhzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/W7n_eLYybMQkUl6gHywhkSk4vBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/b5559e-950b-48f4-a2ab-b26f1a70af0d/1/4xci15v_Q4Sll8tUTZ55dEkNhzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:30:61:8d:63:b4:01:04:18:ec:3f:b6:eb:b3:a6:ca:35:cb:
         91:ae:e3:50:fc:ef:4a:a4:86:4f:8a:94:4c:1d:9e:5e:51:f6:
         45:2b:fe:f0:30:ec:00:0a:58:03:90:5b:99:9e:3d:6b:b1:65:
         f0:6a:a8:b1:1d:f7:55:b9:67:36:cf:77:f2:e0:e4:09:26:09:
         b0:37:41:48:33:f5:30:a3:f6:7e:0e:ed:b7:72:c0:d0:a2:4b:
         b3:86:5e:20:02:21:a7:76:0d:a5:1c:72:2f:cd:a4:cb:58:b4:
         c1:57:86:bf:96:06:e8:50:f8:e6:4e:84:35:be:3e:80:da:db:
         f3:f7:20:70:c6:f4:6e:13:ea:05:6e:da:d2:23:4d:5d:0c:3a:
         c7:9e:c0:c6:34:18:a9:1e:4c:f8:3e:07:c3:39:1f:25:9c:56:
         c9:5f:6b:e8:f5:fc:11:f2:a8:d1:dd:33:60:80:d8:06:6d:2a:
         bf:87:cf:96:ee:e5:91:ef:43:7d:d9:f0:08:92:77:24:5e:5f:
         67:6b:87:34:57:47:3a:39:ad:c5:33:f9:35:c5:46:29:6f:95:
         69:07:46:2a:a2:c3:fa:25:74:20:f9:07:19:5a:42:90:6c:9c:
         71:12:fe:18:68:8e:0b:de:8d:02:59:11:82:f3:59:fd:8b:74:
         48:b0:32:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWHHdb7fZI1mgM8eA+rcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTcyMmQ3OWJmZjQzODRhNTk3Y2I1NDRkOWU3OTc0NDkw
ZDg3MzQwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmI5ZmY3OGI2MzI2Y2M0MjQ1MjVlYTAxZjJjMjE5MTI5MzhiYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2OVwI8cm9JTBfjLHWN1pII4kBp2
gKOucCl9Cupy72Ti5niMfsXs3jhlZdaqElXvqGH16pDxNUte47bItxBip+FX7W8q
+4VNg6MOoKZdhgJIOtBff+Xkvb65Zl244fa5O38u2PVlxn2loiuXOQgNi9KuXhwc
eMJDS9OEOqxuClGRjhg7O43lfcXIL5WmZnMALfq0rPGDbrRuC1Ikv5cXjOMJDysQ
vQrt7/ItBKX6yhAH7l04syPiWEbywt3VfsZOckGzb/szJH6WSsNGpjwXFuLHu8OQ
Sb8DzZu0d4eMrbUzQ1FQ+szMopVvo2k3QCA+wfqSQMDgjFlD1KlQDu6rUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFu5/3i2MmzEJFJeoB8sIZEpOLwSMB8GA1UdIwQY
MBaAFOMXIteb/0OEpZfLVE2eeXRJDYc0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhjaTE1dl9RNFNsbDh0VVRaNTVkRWtOaHpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9iNTU1OWUtOTUwYi00OGY0LWEyYWIt
YjI2ZjFhNzBhZjBkLzEvVzduX2VMWXliTVFrVWw2Z0h5d2hrU2s0dkJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9iNTU1OWUtOTUwYi00OGY0LWEyYWItYjI2ZjFhNzBhZjBk
LzEvNHhjaTE1dl9RNFNsbDh0VVRaNTVkRWtOaHpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+81MA0G
CSqGSIb3DQEBCwUAA4IBAQAIMGGNY7QBBBjsP7brs6bKNcuRruNQ/O9KpIZPipRM
HZ5eUfZFK/7wMOwAClgDkFuZnj1rsWXwaqixHfdVuWc2z3fy4OQJJgmwN0FIM/Uw
o/Z+Du23csDQokuzhl4gAiGndg2lHHIvzaTLWLTBV4a/lgboUPjmToQ1vj6A2tvz
9yBwxvRuE+oFbtrSI01dDDrHnsDGNBipHkz4PgfDOR8lnFbJX2vo9fwR8qjR3TNg
gNgGbSq/h8+W7uWR70N92fAIknckXl9na4c0V0c6Oa3FM/k1xUYpb5VpB0YqosP6
JXQg+QcZWkKQbJxxEv4YaI4L3o0CWRGC81n9i3RIsDJ6
-----END CERTIFICATE-----