Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/XFEEccbEsmiETxVTXsuQHob0Ig8.roa
File:                     XFEEccbEsmiETxVTXsuQHob0Ig8.roa (raw, json)
Hash identifier:          gNVdhv6luqDbEY/yZdldKTkFqgtu7cFYTeubRvuYlMs=
Subject key identifier:   5C:51:04:71:C6:C4:B2:68:84:4F:15:53:5E:CB:90:1E:86:F4:22:0F
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       019425216B255808762FF734290B4446B747
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/XFEEccbEsmiETxVTXsuQHob0Ig8.roa
Signing time:             Thu 02 Jan 2025 03:48:54 +0000
ROA not before:           Thu 02 Jan 2025 03:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58431
IP address blocks:        5.226.176.0/21 maxlen: 24
                          178.237.166.0/23 maxlen: 24
                          2a03:a860:a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 23:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6b:25:58:08:76:2f:f7:34:29:0b:44:46:b7:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  2 03:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c510471c6c4b268844f15535ecb901e86f4220f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:06:a4:19:a8:bb:72:5a:98:3a:ca:d2:9f:ee:
                    d4:76:4d:54:35:52:49:3d:fb:1f:68:b9:89:a8:22:
                    82:00:8f:18:3a:13:1f:3b:22:60:37:ed:49:e8:f3:
                    3f:03:f3:cb:f4:77:18:72:4f:25:d5:e5:1c:5d:b4:
                    17:18:20:fa:0a:59:0b:79:ec:ec:04:4f:94:82:7f:
                    58:eb:7f:48:5f:be:38:e7:a5:20:08:10:98:e9:9b:
                    71:aa:36:4b:e4:fd:0e:ce:82:7b:18:83:a3:54:4b:
                    cb:b0:57:ea:cc:62:f0:ea:fa:ad:18:22:7f:3c:05:
                    7b:5b:c8:b0:7e:f2:56:95:30:57:4e:94:da:ef:c6:
                    7e:2a:d7:00:b4:58:d1:a6:0e:80:9e:0d:f3:08:c0:
                    f5:59:fd:1d:c1:94:86:fd:73:d2:d4:28:f6:8e:bb:
                    fe:48:74:5e:5e:71:aa:93:75:ce:34:e0:5e:08:1d:
                    f1:b6:79:37:aa:d4:90:c6:a9:76:12:24:52:f4:74:
                    b5:a7:5b:33:c1:e4:14:31:3d:a2:98:d7:69:29:c0:
                    a4:51:83:cf:0e:95:e6:51:13:b5:51:35:d0:d5:2b:
                    54:8b:f6:11:72:28:bd:89:f2:c8:56:46:67:a0:a1:
                    ae:e8:ce:cc:30:a7:e3:85:6f:31:b5:b5:48:a5:6f:
                    3e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:51:04:71:C6:C4:B2:68:84:4F:15:53:5E:CB:90:1E:86:F4:22:0F
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/XFEEccbEsmiETxVTXsuQHob0Ig8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.176.0/21
                  178.237.166.0/23
                IPv6:
                  2a03:a860:a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         5f:00:84:2f:f5:ca:ea:66:54:72:0c:79:1b:4d:b9:5a:01:7c:
         70:e7:29:2d:5a:02:c3:e1:45:d8:f2:99:0c:01:b9:9b:8b:5b:
         b6:92:29:7b:1d:ab:57:1e:47:d3:c4:ae:11:cd:6a:23:be:86:
         83:57:15:70:0d:15:c3:ac:b0:73:cd:2c:ae:03:47:bc:6a:1c:
         33:7a:52:25:63:fb:55:1c:c4:66:83:78:67:97:c6:df:00:95:
         ca:27:12:b5:7b:a3:cf:24:b0:75:a9:9b:14:e7:d7:8e:5b:7a:
         f7:3d:29:4b:50:70:f2:67:72:05:bc:ff:f4:37:ba:9f:ff:30:
         d6:ec:fd:80:08:88:6c:c5:3d:59:01:5d:30:a2:f9:36:a1:36:
         d0:fc:85:9e:24:8a:93:57:f3:3f:cc:e3:3f:3b:2b:f1:7b:de:
         99:43:8c:7c:66:48:42:40:a4:5f:7b:27:a4:2a:64:8d:16:44:
         b7:4d:56:36:a8:98:a3:6d:cf:d9:0d:42:02:62:69:d2:c7:08:
         0a:f2:19:3f:69:15:b1:f5:ec:af:79:d1:eb:05:d1:2a:7d:f3:
         a7:99:f0:ee:d0:8c:fb:7e:c3:3d:ae:4f:f4:12:23:a9:80:93:
         f1:c8:b2:6c:2a:af:17:86:c4:f9:26:f3:84:ba:d7:17:7c:df:
         e1:82:1d:83
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQlIWslWAh2L/c0KQtERrdHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUxMDQ3MWM2YzRiMjY4ODQ0ZjE1NTM1ZWNiOTAxZTg2ZjQyMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwakGai7clqYOsrSn+7Udk1UNVJJ
PfsfaLmJqCKCAI8YOhMfOyJgN+1J6PM/A/PL9HcYck8l1eUcXbQXGCD6ClkLeezs
BE+Ugn9Y639IX74456UgCBCY6ZtxqjZL5P0OzoJ7GIOjVEvLsFfqzGLw6vqtGCJ/
PAV7W8iwfvJWlTBXTpTa78Z+KtcAtFjRpg6Ang3zCMD1Wf0dwZSG/XPS1Cj2jrv+
SHReXnGqk3XONOBeCB3xtnk3qtSQxql2EiRS9HS1p1szweQUMT2imNdpKcCkUYPP
DpXmURO1UTXQ1StUi/YRcii9ifLIVkZnoKGu6M7MMKfjhW8xtbVIpW8+oQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFFxRBHHGxLJohE8VU17LkB6G9CIPMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvWEZFRWNjYkVzbWlFVHhWVFhzdVFIb2IwSWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQDBeKwAwQB
su2mMA4EAgACMAgDBgAqA6hgCjANBgkqhkiG9w0BAQsFAAOCAQEAXwCEL/XK6mZU
cgx5G025WgF8cOcpLVoCw+FF2PKZDAG5m4tbtpIpex2rVx5H08SuEc1qI76Gg1cV
cA0Vw6ywc80srgNHvGocM3pSJWP7VRzEZoN4Z5fG3wCVyicStXujzySwdambFOfX
jlt69z0pS1Bw8mdyBbz/9De6n/8w1uz9gAiIbMU9WQFdMKL5NqE20PyFniSKk1fz
P8zjPzsr8XvemUOMfGZIQkCkX3snpCpkjRZEt01WNqiYo23P2Q1CAmJp0scICvIZ
P2kVsfXsr3nR6wXRKn3zp5nw7tCM+37DPa5P9BIjqYCT8ciybCqvF4bE+SbzhLrX
F3zf4YIdgw==
-----END CERTIFICATE-----