Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/3c8da5-a8e9-4a4f-8168-3ce611cb6799/1/xaz-RCI9-nRuCGX3szsn__1z8Vo.roa
File:                     xaz-RCI9-nRuCGX3szsn__1z8Vo.roa (raw, json)
Hash identifier:          5Ems0TBLY+pDm7C97m9B3xtORqLRHwyf8CR1NhnJpAw=
Subject key identifier:   C5:AC:FE:44:22:3D:FA:74:6E:08:65:F7:B3:3B:27:FF:FD:73:F1:5A
Certificate issuer:       /CN=4f030205fa365e9f49ff4ea7506df912d5ed8360
Certificate serial:       0194221F4C4D72645655991EA91448AF7962
Authority key identifier: 4F:03:02:05:FA:36:5E:9F:49:FF:4E:A7:50:6D:F9:12:D5:ED:83:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TwMCBfo2Xp9J_06nUG35EtXtg2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/3c8da5-a8e9-4a4f-8168-3ce611cb6799/1/xaz-RCI9-nRuCGX3szsn__1z8Vo.roa
Signing time:             Wed 01 Jan 2025 13:47:43 +0000
ROA not before:           Wed 01 Jan 2025 13:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35667
IP address blocks:        94.143.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/3c8da5-a8e9-4a4f-8168-3ce611cb6799/1/TwMCBfo2Xp9J_06nUG35EtXtg2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/3c8da5-a8e9-4a4f-8168-3ce611cb6799/1/TwMCBfo2Xp9J_06nUG35EtXtg2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TwMCBfo2Xp9J_06nUG35EtXtg2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:4c:4d:72:64:56:55:99:1e:a9:14:48:af:79:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f030205fa365e9f49ff4ea7506df912d5ed8360
        Validity
            Not Before: Jan  1 13:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5acfe44223dfa746e0865f7b33b27fffd73f15a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e2:9c:fa:28:01:b2:93:a3:61:81:94:2c:23:
                    fc:8c:35:b9:10:b3:d0:96:69:09:1b:26:de:01:7d:
                    65:e4:6a:b2:ca:07:0c:93:48:35:b9:96:65:a2:9d:
                    2f:41:14:b0:c6:ca:dc:29:a3:b2:61:b7:4d:3d:94:
                    4a:24:08:b8:55:56:6f:45:f0:26:e8:22:41:27:ac:
                    40:e1:bd:49:a3:3b:5d:df:0f:e0:4d:e0:1c:38:b9:
                    72:ab:7f:08:29:71:94:d6:9e:30:e0:3e:aa:a5:2c:
                    8d:84:5f:f8:4d:06:a0:27:58:dc:27:a3:36:dd:e0:
                    9f:1d:49:ac:af:90:0d:53:36:58:de:e2:b6:e3:e1:
                    fa:c0:6b:30:5c:28:a8:5b:ca:ab:c4:9d:4c:0e:28:
                    1c:d2:32:04:57:40:5e:df:93:31:40:88:3a:6d:40:
                    be:fc:54:c0:7f:e6:0a:0f:dc:ef:e3:a3:a7:33:15:
                    6b:b1:e1:3c:18:aa:52:4f:40:a9:a3:d8:f0:ce:e2:
                    39:a3:b9:e2:ab:d1:55:90:31:50:f6:7f:46:be:9d:
                    27:0d:37:96:d2:38:55:90:f1:2e:0d:d6:9f:cb:0f:
                    7e:46:e7:93:28:8d:ff:39:b6:17:8a:67:be:1c:0a:
                    a3:51:a0:01:6d:19:70:da:03:d2:20:63:05:9c:ec:
                    90:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AC:FE:44:22:3D:FA:74:6E:08:65:F7:B3:3B:27:FF:FD:73:F1:5A
            X509v3 Authority Key Identifier:
                keyid:4F:03:02:05:FA:36:5E:9F:49:FF:4E:A7:50:6D:F9:12:D5:ED:83:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TwMCBfo2Xp9J_06nUG35EtXtg2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/3c8da5-a8e9-4a4f-8168-3ce611cb6799/1/xaz-RCI9-nRuCGX3szsn__1z8Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/3c8da5-a8e9-4a4f-8168-3ce611cb6799/1/TwMCBfo2Xp9J_06nUG35EtXtg2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ad:f6:63:76:57:6e:2d:e2:24:9f:3d:b0:c3:6b:a4:22:59:74:
         b4:a4:ad:3a:c9:28:b7:51:fe:78:68:73:08:f1:93:72:2a:ba:
         59:6c:60:88:96:54:6f:e2:d7:57:5d:60:6d:b2:fc:2c:88:39:
         97:41:95:2a:94:4d:52:5a:97:93:eb:3b:c9:56:4e:df:83:76:
         f3:4f:a0:24:db:14:a6:7c:9f:a2:4a:19:17:e0:8d:51:39:6f:
         e9:35:74:a1:d9:b5:c6:81:98:f7:a5:7b:a2:fb:e6:4d:5d:5d:
         f7:9d:cf:50:74:b9:3c:52:8c:5c:1b:25:04:50:69:63:b9:a7:
         6b:c9:02:f0:8f:3e:94:7b:ac:f1:36:da:d9:9c:a9:92:ea:0b:
         72:e0:af:d2:93:79:49:23:45:d2:c9:30:d7:0c:1a:49:32:f0:
         70:81:3c:d1:ce:35:5f:dc:cd:80:d1:e3:e8:4d:36:65:7e:62:
         3a:ce:76:9e:ec:e7:6b:8f:da:55:db:d5:4e:a6:81:83:64:94:
         2b:c4:82:5e:cd:f5:21:fe:96:3b:29:e9:2b:c9:6f:12:5a:e6:
         4e:28:9b:a7:c5:a4:03:34:5c:72:c5:42:89:46:b3:af:9f:e0:
         84:6b:e3:58:96:4a:aa:b4:35:db:af:31:0b:30:fb:c3:de:cd:
         c2:06:63:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH0xNcmRWVZkeqRRIr3liMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMDMwMjA1ZmEzNjVlOWY0OWZmNGVhNzUwNmRmOTEyZDVl
ZDgzNjAwHhcNMjUwMTAxMTM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFjZmU0NDIyM2RmYTc0NmUwODY1ZjdiMzNiMjdmZmZkNzNmMTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquKc+igBspOjYYGULCP8jDW5ELPQ
lmkJGybeAX1l5GqyygcMk0g1uZZlop0vQRSwxsrcKaOyYbdNPZRKJAi4VVZvRfAm
6CJBJ6xA4b1Joztd3w/gTeAcOLlyq38IKXGU1p4w4D6qpSyNhF/4TQagJ1jcJ6M2
3eCfHUmsr5ANUzZY3uK24+H6wGswXCioW8qrxJ1MDigc0jIEV0Be35MxQIg6bUC+
/FTAf+YKD9zv46OnMxVrseE8GKpST0Cpo9jwzuI5o7niq9FVkDFQ9n9Gvp0nDTeW
0jhVkPEuDdafyw9+RueTKI3/ObYXime+HAqjUaABbRlw2gPSIGMFnOyQkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWs/kQiPfp0bghl97M7J//9c/FaMB8GA1UdIwQY
MBaAFE8DAgX6Nl6fSf9Op1Bt+RLV7YNgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHdNQ0JmbzJYcDlKXzA2blVHMzVFdFh0ZzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8zYzhkYTUtYThlOS00YTRmLTgxNjgt
M2NlNjExY2I2Nzk5LzEveGF6LVJDSTktblJ1Q0dYM3N6c25fXzF6OFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8zYzhkYTUtYThlOS00YTRmLTgxNjgtM2NlNjExY2I2Nzk5
LzEvVHdNQ0JmbzJYcDlKXzA2blVHMzVFdFh0ZzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXo/YMA0G
CSqGSIb3DQEBCwUAA4IBAQCt9mN2V24t4iSfPbDDa6QiWXS0pK06ySi3Uf54aHMI
8ZNyKrpZbGCIllRv4tdXXWBtsvwsiDmXQZUqlE1SWpeT6zvJVk7fg3bzT6Ak2xSm
fJ+iShkX4I1ROW/pNXSh2bXGgZj3pXui++ZNXV33nc9QdLk8UoxcGyUEUGljuadr
yQLwjz6Ue6zxNtrZnKmS6gty4K/Sk3lJI0XSyTDXDBpJMvBwgTzRzjVf3M2A0ePo
TTZlfmI6znae7Odrj9pV29VOpoGDZJQrxIJezfUh/pY7KekryW8SWuZOKJunxaQD
NFxyxUKJRrOvn+CEa+NYlkqqtDXbrzELMPvD3s3CBmNI
-----END CERTIFICATE-----