Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/XPkwDLJHT478MATdbgeUa5gcEiA.roa
File:                     XPkwDLJHT478MATdbgeUa5gcEiA.roa (raw, json)
Hash identifier:          DoMDYSGNMC9OU+9UBRPPXJnhTtSu9q09Id+HJ989GvU=
Subject key identifier:   5C:F9:30:0C:B2:47:4F:8E:FC:30:04:DD:6E:07:94:6B:98:1C:12:20
Certificate issuer:       /CN=f6a0ffcab44a6ab76285fd8b15fba9ae0472c00a
Certificate serial:       019420D5D252E2D89F8C5A657D93B48FCBD9
Authority key identifier: F6:A0:FF:CA:B4:4A:6A:B7:62:85:FD:8B:15:FB:A9:AE:04:72:C0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9qD_yrRKardihf2LFfuprgRywAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/XPkwDLJHT478MATdbgeUa5gcEiA.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61145
IP address blocks:        185.8.112.0/22 maxlen: 24
                          194.38.12.0/22 maxlen: 22
                          2a03:38c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/9qD_yrRKardihf2LFfuprgRywAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/9qD_yrRKardihf2LFfuprgRywAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9qD_yrRKardihf2LFfuprgRywAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d2:52:e2:d8:9f:8c:5a:65:7d:93:b4:8f:cb:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6a0ffcab44a6ab76285fd8b15fba9ae0472c00a
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cf9300cb2474f8efc3004dd6e07946b981c1220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2e:0b:16:77:35:05:ee:d9:99:6d:ec:a0:3d:
                    ee:70:5b:5f:2a:b3:b1:71:48:d7:c8:44:ac:56:bc:
                    bd:4c:19:4e:95:c3:9c:14:95:90:9d:fd:4e:34:30:
                    62:d7:7d:72:fa:6b:1d:4d:a9:2a:aa:23:d9:4a:d2:
                    69:7e:34:e5:0e:a1:7f:ac:67:cc:bd:ba:cc:3d:1c:
                    19:8e:9d:01:1f:30:ab:8e:d4:4e:13:9c:82:4b:ee:
                    73:1d:ea:92:d2:64:53:d5:90:21:45:26:3e:c1:ba:
                    7b:9a:38:9a:6d:4c:2a:e4:2f:be:fe:e2:d3:da:43:
                    cf:a2:cb:e8:f3:7f:40:c1:16:a4:3b:2f:42:7c:e7:
                    73:65:9f:0b:b5:a4:f2:5a:e1:41:65:5e:f3:bd:b2:
                    82:ac:34:b6:28:f7:2a:3c:e5:2c:03:c9:49:67:fa:
                    47:a7:c6:df:fb:d7:58:44:06:5e:20:5b:0a:ba:d2:
                    17:68:dd:d5:67:bc:85:e5:f4:f9:70:27:9d:8e:c8:
                    06:f4:41:16:5a:e9:68:9e:9d:a5:53:63:6c:bd:e4:
                    b2:cb:e1:80:76:71:ed:2b:61:6f:ed:b5:79:98:00:
                    3d:c9:ba:25:27:de:4a:6d:94:f9:e1:c6:28:c2:54:
                    3e:4c:1f:c1:14:5e:6f:ee:2b:4e:3b:08:cb:7c:35:
                    c5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F9:30:0C:B2:47:4F:8E:FC:30:04:DD:6E:07:94:6B:98:1C:12:20
            X509v3 Authority Key Identifier:
                keyid:F6:A0:FF:CA:B4:4A:6A:B7:62:85:FD:8B:15:FB:A9:AE:04:72:C0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9qD_yrRKardihf2LFfuprgRywAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/XPkwDLJHT478MATdbgeUa5gcEiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a5e058-f475-47cc-b9ec-ae46094389ba/1/9qD_yrRKardihf2LFfuprgRywAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.112.0/22
                  194.38.12.0/22
                IPv6:
                  2a03:38c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:1e:97:9c:9b:b2:9d:5f:53:51:d3:67:c8:d4:67:b8:16:21:
         e4:5a:6a:a3:17:83:ad:95:8d:ef:3c:66:a8:31:c3:33:3d:c7:
         48:60:c2:61:07:8f:9b:09:c3:ca:57:32:70:28:e5:b2:1b:0a:
         a6:c2:8b:c9:34:e6:b6:b4:3a:85:d0:42:e9:a2:86:da:7b:f9:
         a7:6e:bf:76:62:46:1d:33:97:f7:eb:13:4d:7c:8e:d2:8a:f6:
         24:68:31:97:62:0b:c0:2e:85:12:1d:cd:e0:23:41:0e:8f:cb:
         67:2e:09:e9:3d:98:bf:46:54:51:a8:db:4d:c2:84:67:04:3f:
         c4:a3:91:cb:77:20:b4:78:01:e1:eb:04:bf:01:58:da:51:6c:
         d7:b8:df:b8:8b:56:b6:11:5f:7b:ee:ec:98:5f:d5:7b:f4:59:
         ec:f7:27:eb:6a:7d:37:60:47:f8:7b:f0:78:67:1e:ba:ab:e0:
         be:af:55:6f:70:ef:0f:d5:75:d6:78:9b:ab:e7:f3:44:b6:19:
         1d:8f:69:2b:7b:bf:28:ca:95:3d:43:a1:50:d5:b5:f0:57:8a:
         ab:59:f0:7d:ec:70:86:ed:98:22:f6:73:c1:88:0f:6d:1f:a3:
         f2:f6:dd:eb:84:78:f2:d8:77:9e:da:e4:17:2d:7e:7f:aa:f0:
         c9:49:b3:2c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1dJS4tifjFplfZO0j8vZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YTBmZmNhYjQ0YTZhYjc2Mjg1ZmQ4YjE1ZmJhOWFlMDQ3
MmMwMGEwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Y5MzAwY2IyNDc0ZjhlZmMzMDA0ZGQ2ZTA3OTQ2Yjk4MWMxMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoy4LFnc1Be7ZmW3soD3ucFtfKrOx
cUjXyESsVry9TBlOlcOcFJWQnf1ONDBi131y+msdTakqqiPZStJpfjTlDqF/rGfM
vbrMPRwZjp0BHzCrjtROE5yCS+5zHeqS0mRT1ZAhRSY+wbp7mjiabUwq5C++/uLT
2kPPosvo839AwRakOy9CfOdzZZ8LtaTyWuFBZV7zvbKCrDS2KPcqPOUsA8lJZ/pH
p8bf+9dYRAZeIFsKutIXaN3VZ7yF5fT5cCedjsgG9EEWWulonp2lU2NsveSyy+GA
dnHtK2Fv7bV5mAA9ybolJ95KbZT54cYowlQ+TB/BFF5v7itOOwjLfDXFswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFz5MAyyR0+O/DAE3W4HlGuYHBIgMB8GA1UdIwQY
MBaAFPag/8q0Smq3YoX9ixX7qa4EcsAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXFEX3lyUkthcmRpaGYyTEZmdXByZ1J5d0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9hNWUwNTgtZjQ3NS00N2NjLWI5ZWMt
YWU0NjA5NDM4OWJhLzEvWFBrd0RMSkhUNDc4TUFUZGJnZVVhNWdjRWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9hNWUwNTgtZjQ3NS00N2NjLWI5ZWMtYWU0NjA5NDM4OWJh
LzEvOXFEX3lyUkthcmRpaGYyTEZmdXByZ1J5d0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQhwAwQC
wiYMMA0EAgACMAcDBQAqAzjAMA0GCSqGSIb3DQEBCwUAA4IBAQAbHpecm7KdX1NR
02fI1Ge4FiHkWmqjF4OtlY3vPGaoMcMzPcdIYMJhB4+bCcPKVzJwKOWyGwqmwovJ
NOa2tDqF0ELpoobae/mnbr92YkYdM5f36xNNfI7SivYkaDGXYgvALoUSHc3gI0EO
j8tnLgnpPZi/RlRRqNtNwoRnBD/Eo5HLdyC0eAHh6wS/AVjaUWzXuN+4i1a2EV97
7uyYX9V79Fns9yfran03YEf4e/B4Zx66q+C+r1VvcO8P1XXWeJur5/NEthkdj2kr
e78oypU9Q6FQ1bXwV4qrWfB97HCG7Zgi9nPBiA9tH6Py9t3rhHjy2Hee2uQXLX5/
qvDJSbMs
-----END CERTIFICATE-----