Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/xFHz4_XjwzN0pPKWaqRmrbsppf4.roa
File:                     xFHz4_XjwzN0pPKWaqRmrbsppf4.roa (raw, json)
Hash identifier:          RMJsZt2RIHwd0V36eKXMJsELKCwZUihxIvWX1Ne3Nog=
Subject key identifier:   C4:51:F3:E3:F5:E3:C3:33:74:A4:F2:96:6A:A4:66:AD:BB:29:A5:FE
Certificate issuer:       /CN=82b136e6820d94f03b1c5d71eee3d4b22191528f
Certificate serial:       0197F95332E312D61EA13771CC6360AC432C
Authority key identifier: 82:B1:36:E6:82:0D:94:F0:3B:1C:5D:71:EE:E3:D4:B2:21:91:52:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/xFHz4_XjwzN0pPKWaqRmrbsppf4.roa
Signing time:             Fri 11 Jul 2025 11:51:08 +0000
ROA not before:           Fri 11 Jul 2025 11:51:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215514
IP address blocks:        193.56.62.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:53:32:e3:12:d6:1e:a1:37:71:cc:63:60:ac:43:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82b136e6820d94f03b1c5d71eee3d4b22191528f
        Validity
            Not Before: Jul 11 11:51:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c451f3e3f5e3c33374a4f2966aa466adbb29a5fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cd:40:5a:6b:f3:49:c6:5c:d6:c1:d8:da:27:
                    55:e0:1d:a3:6c:b0:03:b5:e0:4d:8c:86:4b:dd:70:
                    7a:06:aa:48:0c:1f:fe:78:29:6a:9d:da:ec:dc:8d:
                    1b:3b:15:5c:d4:92:3b:e9:99:2f:e3:2b:19:29:ca:
                    4f:ae:47:77:77:c0:43:74:7b:b7:59:43:0d:f5:a1:
                    40:a1:16:24:98:2a:2a:46:d9:a1:51:ee:cc:32:ac:
                    63:e1:c2:0d:ba:70:ec:9f:96:9f:31:a0:cf:86:8b:
                    2e:9a:df:7d:5c:44:ca:94:8a:64:82:f1:88:b8:4c:
                    a6:24:bd:a7:92:4e:58:d0:a2:bf:76:5f:73:9f:dc:
                    22:25:1f:57:cc:60:47:54:59:02:4d:46:a4:f3:1c:
                    63:e3:60:80:1b:c2:cf:6d:49:0e:34:4c:92:7f:f6:
                    de:d8:9d:30:c8:c2:c5:03:dd:fe:2e:bc:44:be:7b:
                    93:ca:99:a5:ac:6b:20:e7:af:e1:09:4f:af:dd:f6:
                    ef:57:59:a2:01:19:8c:78:06:b0:a0:a1:6f:dd:bf:
                    ac:fc:2e:da:0f:ca:27:e8:25:9f:f0:b5:ed:25:e8:
                    bf:cf:05:23:88:62:82:a6:0d:4a:52:ae:43:4b:61:
                    e9:44:9d:f1:54:88:2a:96:f5:c3:a4:48:b4:0e:11:
                    79:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:51:F3:E3:F5:E3:C3:33:74:A4:F2:96:6A:A4:66:AD:BB:29:A5:FE
            X509v3 Authority Key Identifier:
                keyid:82:B1:36:E6:82:0D:94:F0:3B:1C:5D:71:EE:E3:D4:B2:21:91:52:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/xFHz4_XjwzN0pPKWaqRmrbsppf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:fd:d0:32:2d:be:a8:d5:ff:a2:80:c6:37:9c:dc:ea:96:b9:
         57:ee:bb:12:ac:05:91:f8:18:b4:96:bf:13:b7:0a:1e:25:32:
         02:bb:15:72:cc:43:0a:2e:1a:ce:73:17:7f:c7:06:f3:7d:23:
         60:69:d0:ce:3f:b4:02:9a:f7:ff:4f:e4:14:08:7d:e3:e9:0a:
         36:d4:21:27:1d:de:b1:f9:13:99:dc:9d:f0:a1:fd:f7:e9:d4:
         0a:98:54:80:df:1e:0b:0f:36:04:2e:42:97:ec:6e:ce:30:06:
         8b:8a:e0:43:76:c6:40:23:77:62:98:66:5b:4c:0d:0c:07:8d:
         4c:83:a6:4c:45:c5:4f:2e:80:08:d3:01:92:81:0f:39:4c:05:
         d1:6a:91:91:fe:f2:52:4e:00:3c:27:49:c7:3c:66:de:a3:dd:
         e0:ef:37:c4:00:a7:fc:64:ca:43:97:48:c4:ab:d8:3d:21:a0:
         43:80:b9:17:87:ff:07:b3:96:3a:5d:9f:10:fe:f9:d7:6e:a2:
         fa:7b:fe:3c:ae:2f:1d:87:63:a1:64:9f:22:c5:36:a6:56:87:
         83:37:f7:e5:01:5c:c9:d6:b2:a2:f5:56:5d:67:b6:c0:f2:9f:
         aa:e3:ae:29:38:bc:f6:ea:7c:00:c0:95:92:70:b7:b9:da:9a:
         d5:87:51:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf5UzLjEtYeoTdxzGNgrEMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYjEzNmU2ODIwZDk0ZjAzYjFjNWQ3MWVlZTNkNGIyMjE5
MTUyOGYwHhcNMjUwNzExMTE1MTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDUxZjNlM2Y1ZTNjMzMzNzRhNGYyOTY2YWE0NjZhZGJiMjlhNWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx81AWmvzScZc1sHY2idV4B2jbLAD
teBNjIZL3XB6BqpIDB/+eClqndrs3I0bOxVc1JI76Zkv4ysZKcpPrkd3d8BDdHu3
WUMN9aFAoRYkmCoqRtmhUe7MMqxj4cINunDsn5afMaDPhosumt99XETKlIpkgvGI
uEymJL2nkk5Y0KK/dl9zn9wiJR9XzGBHVFkCTUak8xxj42CAG8LPbUkONEySf/be
2J0wyMLFA93+LrxEvnuTypmlrGsg56/hCU+v3fbvV1miARmMeAawoKFv3b+s/C7a
D8on6CWf8LXtJei/zwUjiGKCpg1KUq5DS2HpRJ3xVIgqlvXDpEi0DhF5pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRR8+P148MzdKTylmqkZq27KaX+MB8GA1UdIwQY
MBaAFIKxNuaCDZTwOxxdce7j1LIhkVKPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3JFMjVvSU5sUEE3SEYxeDd1UFVzaUdSVW84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMjExMmUtNGUxMy00M2QwLTllYjEt
MGRhM2NhYTkxNDI5LzEveEZIejRfWGp3ek4wcFBLV2FxUm1yYnNwcGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMjExMmUtNGUxMy00M2QwLTllYjEtMGRhM2NhYTkxNDI5
LzEvZ3JFMjVvSU5sUEE3SEYxeDd1UFVzaUdSVW84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTg+MA0G
CSqGSIb3DQEBCwUAA4IBAQBO/dAyLb6o1f+igMY3nNzqlrlX7rsSrAWR+Bi0lr8T
twoeJTICuxVyzEMKLhrOcxd/xwbzfSNgadDOP7QCmvf/T+QUCH3j6Qo21CEnHd6x
+ROZ3J3wof336dQKmFSA3x4LDzYELkKX7G7OMAaLiuBDdsZAI3dimGZbTA0MB41M
g6ZMRcVPLoAI0wGSgQ85TAXRapGR/vJSTgA8J0nHPGbeo93g7zfEAKf8ZMpDl0jE
q9g9IaBDgLkXh/8Hs5Y6XZ8Q/vnXbqL6e/48ri8dh2OhZJ8ixTamVoeDN/flAVzJ
1rKi9VZdZ7bA8p+q464pOLz26nwAwJWScLe52prVh1HC
-----END CERTIFICATE-----