Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a53873-9a9e-4bbf-aebc-547405b93023/1/xlDBozj38EYThW56xkLWO4vO35E.roa
File:                     xlDBozj38EYThW56xkLWO4vO35E.roa (raw, json)
Hash identifier:          RGE15QwAJIwE1dlntf4zZ4waXklBSNLwaMZs9PgJ0fY=
Subject key identifier:   C6:50:C1:A3:38:F7:F0:46:13:85:6E:7A:C6:42:D6:3B:8B:CE:DF:91
Certificate issuer:       /CN=b2c5a81d8fb6e633101c8e9fdef4c283c712061a
Certificate serial:       0195F677EFDB5C1A79CF23BC51F4DFE723FE
Authority key identifier: B2:C5:A8:1D:8F:B6:E6:33:10:1C:8E:9F:DE:F4:C2:83:C7:12:06:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ssWoHY-25jMQHI6f3vTCg8cSBho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a53873-9a9e-4bbf-aebc-547405b93023/1/xlDBozj38EYThW56xkLWO4vO35E.roa
Signing time:             Wed 02 Apr 2025 12:26:50 +0000
ROA not before:           Wed 02 Apr 2025 12:26:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16095
IP address blocks:        193.221.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a53873-9a9e-4bbf-aebc-547405b93023/1/ssWoHY-25jMQHI6f3vTCg8cSBho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a53873-9a9e-4bbf-aebc-547405b93023/1/ssWoHY-25jMQHI6f3vTCg8cSBho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ssWoHY-25jMQHI6f3vTCg8cSBho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f6:77:ef:db:5c:1a:79:cf:23:bc:51:f4:df:e7:23:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2c5a81d8fb6e633101c8e9fdef4c283c712061a
        Validity
            Not Before: Apr  2 12:26:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c650c1a338f7f04613856e7ac642d63b8bcedf91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ad:7f:bb:03:64:01:04:d6:47:0b:fd:e6:b0:
                    71:92:35:61:08:04:1e:da:97:89:18:dc:e6:a8:95:
                    ef:72:a3:41:af:b9:ec:f4:ae:f7:f8:9f:f1:6b:44:
                    ae:53:5b:7e:38:bd:84:c1:52:1b:1a:98:da:a5:1d:
                    51:cc:8e:bc:0b:c4:e2:77:61:37:14:82:2c:fd:72:
                    57:f2:22:6e:53:7c:3c:37:ed:b9:16:00:05:c7:41:
                    79:dc:a4:1f:75:02:5d:64:59:7a:98:0b:0a:f9:87:
                    9e:1d:35:ff:65:ba:8e:e4:83:3b:d7:f9:75:f9:fa:
                    98:ab:d5:07:61:54:c2:30:be:cc:a3:10:77:f9:97:
                    78:17:1c:c8:fc:be:b3:6d:0c:31:db:c2:29:f8:bb:
                    75:ed:63:12:ea:09:9c:03:4e:e6:b9:7f:fc:1f:18:
                    c3:39:ca:d4:91:4e:b6:55:95:78:eb:83:94:f6:8a:
                    92:69:97:3e:cb:1a:5d:0d:32:e0:30:d9:e0:46:3b:
                    cb:26:6e:ea:14:2d:76:f0:42:a1:87:30:20:5e:d6:
                    52:be:5f:45:a7:78:36:ee:11:84:18:73:11:73:cf:
                    51:51:a1:1b:43:f8:4b:f7:3f:c5:31:58:aa:c9:15:
                    72:4f:88:fb:48:ee:39:93:1b:74:fd:f6:65:9b:57:
                    80:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:50:C1:A3:38:F7:F0:46:13:85:6E:7A:C6:42:D6:3B:8B:CE:DF:91
            X509v3 Authority Key Identifier:
                keyid:B2:C5:A8:1D:8F:B6:E6:33:10:1C:8E:9F:DE:F4:C2:83:C7:12:06:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ssWoHY-25jMQHI6f3vTCg8cSBho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a53873-9a9e-4bbf-aebc-547405b93023/1/xlDBozj38EYThW56xkLWO4vO35E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a53873-9a9e-4bbf-aebc-547405b93023/1/ssWoHY-25jMQHI6f3vTCg8cSBho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:34:25:56:02:2d:96:aa:ea:c8:c6:e6:65:93:09:a3:04:4a:
         c7:2d:db:83:5b:89:76:14:f4:81:46:df:64:4b:b7:93:02:ce:
         09:41:12:1a:80:35:37:50:e2:37:24:31:a2:e5:80:e4:34:69:
         b6:dd:84:74:61:e2:f9:c5:f3:d1:7f:ad:5b:92:f5:ab:b0:02:
         f8:c4:5b:47:64:b3:f4:12:bd:db:fc:66:af:3c:8d:47:52:3f:
         61:dd:9f:79:cc:58:35:e8:98:55:28:11:c8:ec:23:6f:bf:3c:
         a8:34:ed:87:4b:21:93:e3:3d:5d:42:84:31:c0:84:2a:cf:5a:
         31:2e:1e:45:ff:ca:a3:99:97:13:3e:bb:73:47:32:b1:6c:3b:
         e7:1f:89:2c:58:31:82:4f:73:5c:b5:7f:7d:06:68:f1:24:a0:
         cd:40:8c:d6:05:73:67:88:09:8e:11:6d:ca:5a:19:45:60:f7:
         df:39:11:00:65:c3:93:f0:ea:4c:8c:dd:91:c6:61:b7:25:5f:
         73:ea:d9:8d:64:29:36:2d:8a:da:b3:f2:1f:d1:e5:7c:f5:74:
         6d:d6:51:c0:a9:55:40:6b:3e:94:d0:ee:22:da:be:61:f6:7e:
         bf:36:e6:04:9b:31:81:94:4a:22:2e:e1:12:3b:dd:4e:22:a6:
         26:6d:f3:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX2d+/bXBp5zyO8UfTf5yP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYzVhODFkOGZiNmU2MzMxMDFjOGU5ZmRlZjRjMjgzYzcx
MjA2MWEwHhcNMjUwNDAyMTIyNjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjUwYzFhMzM4ZjdmMDQ2MTM4NTZlN2FjNjQyZDYzYjhiY2VkZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla1/uwNkAQTWRwv95rBxkjVhCAQe
2peJGNzmqJXvcqNBr7ns9K73+J/xa0SuU1t+OL2EwVIbGpjapR1RzI68C8Tid2E3
FIIs/XJX8iJuU3w8N+25FgAFx0F53KQfdQJdZFl6mAsK+YeeHTX/ZbqO5IM71/l1
+fqYq9UHYVTCML7MoxB3+Zd4FxzI/L6zbQwx28Ip+Lt17WMS6gmcA07muX/8HxjD
OcrUkU62VZV464OU9oqSaZc+yxpdDTLgMNngRjvLJm7qFC128EKhhzAgXtZSvl9F
p3g27hGEGHMRc89RUaEbQ/hL9z/FMViqyRVyT4j7SO45kxt0/fZlm1eAzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZQwaM49/BGE4VuesZC1juLzt+RMB8GA1UdIwQY
MBaAFLLFqB2PtuYzEByOn970woPHEgYaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3NXb0hZLTI1ak1RSEk2ZjN2VENnOGNTQmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hNTM4NzMtOWE5ZS00YmJmLWFlYmMt
NTQ3NDA1YjkzMDIzLzEveGxEQm96ajM4RVlUaFc1NnhrTFdPNHZPMzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hNTM4NzMtOWE5ZS00YmJmLWFlYmMtNTQ3NDA1YjkzMDIz
LzEvc3NXb0hZLTI1ak1RSEk2ZjN2VENnOGNTQmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd18MA0G
CSqGSIb3DQEBCwUAA4IBAQACNCVWAi2WqurIxuZlkwmjBErHLduDW4l2FPSBRt9k
S7eTAs4JQRIagDU3UOI3JDGi5YDkNGm23YR0YeL5xfPRf61bkvWrsAL4xFtHZLP0
Er3b/GavPI1HUj9h3Z95zFg16JhVKBHI7CNvvzyoNO2HSyGT4z1dQoQxwIQqz1ox
Lh5F/8qjmZcTPrtzRzKxbDvnH4ksWDGCT3NctX99BmjxJKDNQIzWBXNniAmOEW3K
WhlFYPffOREAZcOT8OpMjN2RxmG3JV9z6tmNZCk2LYras/If0eV89XRt1lHAqVVA
az6U0O4i2r5h9n6/NuYEmzGBlEoiLuESO91OIqYmbfOC
-----END CERTIFICATE-----