Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xBYDCO-0yxWDUdutQ2k4CeAx304.roa
File:                     xBYDCO-0yxWDUdutQ2k4CeAx304.roa (raw, json)
Hash identifier:          KwzeKh2LiSyRLmgHIFjRi0bpingX7uWg2/lJdaGmlF8=
Subject key identifier:   C4:16:03:08:EF:B4:CB:15:83:51:DB:AD:43:69:38:09:E0:31:DF:4E
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B28320AEE33A3E70A65BFF9A52FDEF
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xBYDCO-0yxWDUdutQ2k4CeAx304.roa
Signing time:             Mon 14 Jul 2025 16:09:10 +0000
ROA not before:           Mon 14 Jul 2025 16:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51200
IP address blocks:        185.102.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b2:83:20:ae:e3:3a:3e:70:a6:5b:ff:9a:52:fd:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4160308efb4cb158351dbad43693809e031df4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f2:fb:36:42:09:e2:7e:74:d6:35:67:cb:5a:
                    a7:07:02:23:22:da:c3:be:13:9e:94:41:8b:06:99:
                    38:8e:a3:56:e2:fb:6f:8c:76:4e:cf:db:e5:8b:17:
                    9c:1e:e6:98:5a:a2:80:4d:ac:0d:75:b2:51:90:3d:
                    6a:cc:fc:66:e6:ba:da:a3:95:35:65:11:cf:d5:14:
                    49:a7:38:96:63:50:34:52:0b:a9:91:cf:b4:b4:4b:
                    92:3c:01:ec:1a:32:71:94:b3:74:22:92:b9:a0:89:
                    71:bc:4d:f0:6a:16:5b:b8:0b:37:bf:25:a0:6e:c4:
                    95:0b:d1:24:32:5b:af:84:6a:2a:5b:a8:db:af:54:
                    8f:b5:f1:09:3b:ba:6d:90:a0:e7:a9:75:de:da:e9:
                    6a:fa:d0:f6:e4:bc:9b:3e:50:7e:e2:45:6b:6b:ce:
                    23:7a:83:d6:41:9e:55:94:91:6a:06:b4:2d:a5:26:
                    d3:39:6d:c1:0b:49:d5:3f:4c:d5:12:b8:20:81:d5:
                    b4:1c:95:2d:57:e1:ed:fd:87:af:4a:29:96:b8:0b:
                    0e:b4:37:fd:49:2f:8b:fc:71:ad:3b:5d:43:2e:39:
                    ec:67:6f:66:a0:f2:f4:5d:e8:96:5b:80:e0:e2:02:
                    a1:45:ac:b1:8c:06:17:05:b1:53:1a:ce:c0:ed:e7:
                    2e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:16:03:08:EF:B4:CB:15:83:51:DB:AD:43:69:38:09:E0:31:DF:4E
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xBYDCO-0yxWDUdutQ2k4CeAx304.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:80:14:bb:e8:c7:e8:82:a6:34:6e:7b:68:4b:de:1c:41:a0:
         72:42:fd:3a:bf:f0:db:f3:34:15:4a:66:df:ad:5a:f4:18:61:
         42:c4:0f:ad:34:5d:1f:eb:2f:a6:1f:75:02:46:4f:8e:f3:64:
         7d:c5:59:db:3d:63:48:31:e1:ea:1f:a7:6f:71:52:0e:26:2e:
         48:3b:a3:9d:fc:24:5a:a9:28:07:04:50:0c:ee:6c:74:9a:ed:
         d7:52:19:54:49:91:29:ac:b1:9c:28:74:c2:8b:fe:78:7b:fc:
         f3:63:e2:e0:b7:bf:0d:d0:67:52:77:76:da:ad:fd:c1:41:ef:
         68:a0:c9:6e:21:75:dc:5d:17:c5:ed:87:8e:06:f5:b9:f4:f9:
         19:95:c9:87:54:cb:e4:e6:be:2b:6e:ee:31:d6:47:cb:2e:e9:
         78:9a:ab:53:37:33:65:14:b5:42:ff:f0:24:ca:c9:60:f7:0c:
         cc:2a:db:b5:af:6a:aa:fd:13:7c:ef:22:dc:63:94:1e:db:d3:
         80:25:52:de:2e:5b:f4:77:e2:69:c0:68:b0:81:4a:95:ed:56:
         5d:bd:3c:36:fe:17:fd:3e:b8:d1:73:87:30:63:be:59:0c:b4:
         6e:3f:d4:07:5d:72:7f:f6:0e:0f:54:8f:81:f7:83:02:06:50:
         af:c2:02:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJsoMgruM6PnCmW/+aUv3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDE2MDMwOGVmYjRjYjE1ODM1MWRiYWQ0MzY5MzgwOWUwMzFkZjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvL7NkIJ4n501jVny1qnBwIjItrD
vhOelEGLBpk4jqNW4vtvjHZOz9vlixecHuaYWqKATawNdbJRkD1qzPxm5rrao5U1
ZRHP1RRJpziWY1A0Ugupkc+0tEuSPAHsGjJxlLN0IpK5oIlxvE3wahZbuAs3vyWg
bsSVC9EkMluvhGoqW6jbr1SPtfEJO7ptkKDnqXXe2ulq+tD25LybPlB+4kVra84j
eoPWQZ5VlJFqBrQtpSbTOW3BC0nVP0zVErgggdW0HJUtV+Ht/YevSimWuAsOtDf9
SS+L/HGtO11DLjnsZ29moPL0XeiWW4Dg4gKhRayxjAYXBbFTGs7A7ecuHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQWAwjvtMsVg1HbrUNpOAngMd9OMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEveEJZRENPLTB5eFdEVWR1dFEyazRDZUF4MzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWaKMA0G
CSqGSIb3DQEBCwUAA4IBAQAAgBS76MfogqY0bntoS94cQaByQv06v/Db8zQVSmbf
rVr0GGFCxA+tNF0f6y+mH3UCRk+O82R9xVnbPWNIMeHqH6dvcVIOJi5IO6Od/CRa
qSgHBFAM7mx0mu3XUhlUSZEprLGcKHTCi/54e/zzY+Lgt78N0GdSd3barf3BQe9o
oMluIXXcXRfF7YeOBvW59PkZlcmHVMvk5r4rbu4x1kfLLul4mqtTNzNlFLVC//Ak
yslg9wzMKtu1r2qq/RN87yLcY5Qe29OAJVLeLlv0d+JpwGiwgUqV7VZdvTw2/hf9
PrjRc4cwY75ZDLRuP9QHXXJ/9g4PVI+B94MCBlCvwgKf
-----END CERTIFICATE-----