Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/xJgMAWNecgfcwqhGOLHrgYLuSMI.roa
File:                     xJgMAWNecgfcwqhGOLHrgYLuSMI.roa (raw, json)
Hash identifier:          ITyhMPWiy3ZEG06A7q2lSJ/IaRoPeL9UIB85CHK/PM0=
Subject key identifier:   C4:98:0C:01:63:5E:72:07:DC:C2:A8:46:38:B1:EB:81:82:EE:48:C2
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       0197F9DC875212C8178AA4346B5116310D18
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/xJgMAWNecgfcwqhGOLHrgYLuSMI.roa
Signing time:             Fri 11 Jul 2025 14:21:08 +0000
ROA not before:           Fri 11 Jul 2025 14:21:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57866
IP address blocks:        185.219.6.0/24 maxlen: 24
                          193.37.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 14:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:dc:87:52:12:c8:17:8a:a4:34:6b:51:16:31:0d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Jul 11 14:21:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4980c01635e7207dcc2a84638b1eb8182ee48c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5c:52:09:8b:12:3a:fa:4c:8f:34:48:97:41:
                    40:08:29:97:c0:d1:e8:47:29:27:56:94:15:47:34:
                    fd:2f:15:b8:06:ce:bc:30:31:6c:d7:45:9f:4d:fd:
                    ba:10:36:dc:8a:8f:a4:1a:88:22:97:31:d4:bf:e1:
                    8d:c7:42:a6:36:b9:fb:a4:08:28:06:4c:7b:77:02:
                    81:28:3a:58:9e:40:a6:f4:2c:a5:25:01:0d:31:b9:
                    a1:f8:21:52:6b:af:60:b4:c2:3a:1c:58:23:51:58:
                    43:98:40:12:ae:fb:83:67:8b:82:36:38:57:c8:61:
                    9f:41:ab:27:69:29:4c:9c:55:75:a9:34:13:66:35:
                    0d:97:0a:95:65:08:99:e9:57:7a:37:fd:77:47:3e:
                    10:79:fd:8a:7b:85:37:58:f6:43:2a:16:99:e3:10:
                    9b:b2:d2:97:9a:a7:e3:63:51:5b:2e:a8:22:87:83:
                    1a:e3:1d:17:a9:ea:72:c0:8a:48:61:2b:63:3f:df:
                    34:f1:f7:8d:d4:6b:58:3f:1c:a0:c6:d2:69:a9:f3:
                    35:46:32:3f:ff:5c:22:9f:b2:1a:1b:e4:69:c6:bf:
                    43:4c:b3:c0:76:9b:ad:51:19:73:3b:e7:db:d8:c5:
                    c5:5b:7a:30:f2:ae:fd:7b:78:ca:0e:0c:b7:39:24:
                    bc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:98:0C:01:63:5E:72:07:DC:C2:A8:46:38:B1:EB:81:82:EE:48:C2
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/xJgMAWNecgfcwqhGOLHrgYLuSMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.6.0/24
                  193.37.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:39:88:23:3e:28:75:39:24:9d:89:47:98:01:af:a8:0f:3b:
         7a:ac:3d:63:c9:1c:7f:50:26:ba:ba:b3:ad:1d:25:8b:83:20:
         a1:45:31:43:1f:b2:3e:35:31:53:a9:1a:41:f1:2b:d5:f5:35:
         71:29:d2:65:fe:ae:c4:bd:03:32:2a:17:0b:79:af:12:6d:1c:
         6d:0a:ed:76:e6:dd:03:4c:13:cc:e5:d0:6f:56:af:50:05:06:
         89:4f:5e:3f:9d:e1:ca:2b:2d:ae:c1:4d:8e:11:39:fa:8a:89:
         1d:86:08:1b:d6:f5:3c:87:8a:00:9c:ff:aa:54:ee:20:9b:c0:
         35:90:47:f4:10:ce:c8:bd:41:9a:bd:45:e2:25:8f:da:51:37:
         66:88:24:dc:f5:9c:c9:d3:1e:04:25:3b:b3:7f:f2:06:32:67:
         0a:6a:d9:f5:b6:de:fc:23:ec:19:05:50:81:43:a6:78:23:a5:
         51:78:9e:89:d1:93:bd:1c:5d:ce:2a:f2:ff:a2:e1:0a:d8:ce:
         18:50:9e:30:fa:5e:2e:a1:81:c9:b9:eb:5e:f0:7a:28:ff:e7:
         81:b9:8f:2b:f0:a3:9b:4f:08:2d:74:3c:f4:c4:eb:7a:25:29:
         43:95:b1:79:00:db:f2:62:bd:a2:99:67:3a:cd:74:6c:11:4f:
         08:9b:61:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZf53IdSEsgXiqQ0a1EWMQ0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjUwNzExMTQyMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk4MGMwMTYzNWU3MjA3ZGNjMmE4NDYzOGIxZWI4MTgyZWU0OGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulxSCYsSOvpMjzRIl0FACCmXwNHo
RyknVpQVRzT9LxW4Bs68MDFs10WfTf26EDbcio+kGogilzHUv+GNx0KmNrn7pAgo
Bkx7dwKBKDpYnkCm9CylJQENMbmh+CFSa69gtMI6HFgjUVhDmEASrvuDZ4uCNjhX
yGGfQasnaSlMnFV1qTQTZjUNlwqVZQiZ6Vd6N/13Rz4Qef2Ke4U3WPZDKhaZ4xCb
stKXmqfjY1FbLqgih4Ma4x0XqepywIpIYStjP9808feN1GtYPxygxtJpqfM1RjI/
/1win7IaG+Rpxr9DTLPAdputURlzO+fb2MXFW3ow8q79e3jKDgy3OSS8qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMSYDAFjXnIH3MKoRjix64GC7kjCMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEveEpnTUFXTmVjZ2Zjd3FoR09MSHJnWUx1U01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudsGAwQC
wSXYMA0GCSqGSIb3DQEBCwUAA4IBAQAFOYgjPih1OSSdiUeYAa+oDzt6rD1jyRx/
UCa6urOtHSWLgyChRTFDH7I+NTFTqRpB8SvV9TVxKdJl/q7EvQMyKhcLea8SbRxt
Cu125t0DTBPM5dBvVq9QBQaJT14/neHKKy2uwU2OETn6iokdhggb1vU8h4oAnP+q
VO4gm8A1kEf0EM7IvUGavUXiJY/aUTdmiCTc9ZzJ0x4EJTuzf/IGMmcKatn1tt78
I+wZBVCBQ6Z4I6VReJ6J0ZO9HF3OKvL/ouEK2M4YUJ4w+l4uoYHJuete8Hoo/+eB
uY8r8KObTwgtdDz0xOt6JSlDlbF5ANvyYr2imWc6zXRsEU8Im2Fl
-----END CERTIFICATE-----