Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/XMt-aoKNBYw2mRgLlCcfOfS37es.roa
File:                     XMt-aoKNBYw2mRgLlCcfOfS37es.roa (raw, json)
Hash identifier:          G7hUI9W+vjvJqWM1E6n7TXAiBwlaOz/lSk1JZkA8kgc=
Subject key identifier:   5C:CB:7E:6A:82:8D:05:8C:36:99:18:0B:94:27:1F:39:F4:B7:ED:EB
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       0197EEDF1D3395B2BC5CACB9169A47A2ABB6
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/XMt-aoKNBYw2mRgLlCcfOfS37es.roa
Signing time:             Wed 09 Jul 2025 11:08:08 +0000
ROA not before:           Wed 09 Jul 2025 11:08:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138915
IP address blocks:        140.150.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:df:1d:33:95:b2:bc:5c:ac:b9:16:9a:47:a2:ab:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Jul  9 11:08:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ccb7e6a828d058c3699180b94271f39f4b7edeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:73:8a:28:80:fe:ff:68:63:12:3f:2b:97:8e:
                    7c:06:54:0c:af:11:44:89:fe:a8:b5:50:d7:bd:33:
                    43:5e:e9:73:44:b3:97:bc:ef:82:24:44:49:a5:31:
                    cf:b6:2c:c2:7f:cf:3e:4d:35:b3:c1:75:7a:27:3d:
                    96:9c:31:99:21:db:ab:60:1d:e8:88:be:a8:fc:6a:
                    b6:6e:96:1a:ed:f2:dc:c2:95:99:cd:9a:ec:d4:28:
                    a0:0d:95:c5:08:c7:5e:59:af:3b:9f:14:6f:8d:63:
                    47:3e:c4:96:3a:7d:da:5b:db:1d:8d:b4:8e:c3:d7:
                    7a:40:fe:99:c8:78:8b:12:8e:28:dc:57:58:23:9c:
                    a1:31:0b:c1:40:d9:fc:73:63:8a:32:10:46:de:3d:
                    97:c0:d9:d0:fe:6f:ec:18:d0:c0:88:99:88:8c:f2:
                    1e:d7:b9:4a:f7:75:83:57:02:a6:bd:e2:cc:12:80:
                    b6:eb:b8:52:2b:22:30:1d:26:11:3c:11:63:45:a3:
                    e2:df:67:13:01:10:65:11:13:aa:a4:b4:d0:fe:17:
                    b4:1c:d9:ed:e3:88:1c:49:be:b1:d8:22:e3:ee:f9:
                    d2:80:bf:6f:dc:30:b6:8a:d5:bf:0b:6d:4e:9d:9b:
                    12:43:6e:4a:fd:42:e4:cd:6d:0d:cc:e3:f7:98:49:
                    20:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CB:7E:6A:82:8D:05:8C:36:99:18:0B:94:27:1F:39:F4:B7:ED:EB
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/XMt-aoKNBYw2mRgLlCcfOfS37es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:61:e0:5b:c7:5d:37:18:cb:ef:b0:2c:27:41:1a:85:67:8f:
         7a:af:a5:ca:21:29:66:89:b6:24:a8:2b:49:7f:6d:9b:f6:7f:
         d5:ee:e0:72:75:30:ef:2b:c9:c3:35:81:29:21:5f:d0:08:88:
         ec:ef:7e:52:8f:4f:dc:eb:89:94:c3:fa:9f:71:4a:4b:5d:8a:
         29:d9:07:c6:53:d5:6e:67:d7:aa:55:30:78:38:08:4b:ee:4d:
         d6:0d:c1:23:7b:9c:92:ae:d0:59:b3:ca:3e:86:c4:e3:a7:4b:
         d4:d3:50:0c:cc:fb:9c:e2:ea:d9:8f:74:e1:9c:13:8f:01:4d:
         50:cb:e0:c5:a2:c8:d4:12:77:02:ea:79:40:90:c6:00:6d:44:
         7a:b1:71:1b:58:64:59:05:cc:d6:27:94:78:70:77:a4:0d:77:
         59:be:3a:6a:e0:7a:7a:a3:16:2d:f7:24:10:a8:c7:61:4f:b4:
         29:3b:f6:9c:ac:4a:8b:7a:35:c7:ff:79:db:d9:8b:c4:92:97:
         15:fb:f6:36:fa:22:8f:0b:59:3f:15:43:f7:c7:32:2a:28:e1:
         af:ef:8c:70:a9:93:bb:9d:59:bb:33:57:fa:2a:6b:f3:3c:a6:
         28:75:81:22:fb:44:23:49:2e:5d:b4:1f:f2:1e:0e:f6:96:65:
         ce:f6:cb:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfu3x0zlbK8XKy5FppHoqu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwNzA5MTEwODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NiN2U2YTgyOGQwNThjMzY5OTE4MGI5NDI3MWYzOWY0YjdlZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXOKKID+/2hjEj8rl458BlQMrxFE
if6otVDXvTNDXulzRLOXvO+CJERJpTHPtizCf88+TTWzwXV6Jz2WnDGZIdurYB3o
iL6o/Gq2bpYa7fLcwpWZzZrs1CigDZXFCMdeWa87nxRvjWNHPsSWOn3aW9sdjbSO
w9d6QP6ZyHiLEo4o3FdYI5yhMQvBQNn8c2OKMhBG3j2XwNnQ/m/sGNDAiJmIjPIe
17lK93WDVwKmveLMEoC267hSKyIwHSYRPBFjRaPi32cTARBlEROqpLTQ/he0HNnt
44gcSb6x2CLj7vnSgL9v3DC2itW/C21OnZsSQ25K/ULkzW0NzOP3mEkgBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzLfmqCjQWMNpkYC5QnHzn0t+3rMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvWE10LWFvS05CWXcybVJnTGxDY2ZPZlMzN2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJYNMA0G
CSqGSIb3DQEBCwUAA4IBAQBAYeBbx103GMvvsCwnQRqFZ496r6XKISlmibYkqCtJ
f22b9n/V7uBydTDvK8nDNYEpIV/QCIjs735Sj0/c64mUw/qfcUpLXYop2QfGU9Vu
Z9eqVTB4OAhL7k3WDcEje5ySrtBZs8o+hsTjp0vU01AMzPuc4urZj3ThnBOPAU1Q
y+DFosjUEncC6nlAkMYAbUR6sXEbWGRZBczWJ5R4cHekDXdZvjpq4Hp6oxYt9yQQ
qMdhT7QpO/acrEqLejXH/3nb2YvEkpcV+/Y2+iKPC1k/FUP3xzIqKOGv74xwqZO7
nVm7M1f6KmvzPKYodYEi+0QjSS5dtB/yHg72lmXO9svm
-----END CERTIFICATE-----