Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/XBjHbo-JikUirnDC9mDO-NUnYF0.roa
File:                     XBjHbo-JikUirnDC9mDO-NUnYF0.roa (raw, json)
Hash identifier:          Kq6nw7oAp8kgVGJWvOFausntjkcQVXP1uvqCb3Bz6XI=
Subject key identifier:   5C:18:C7:6E:8F:89:8A:45:22:AE:70:C2:F6:60:CE:F8:D5:27:60:5D
Certificate issuer:       /CN=aa5212958d8e1baa144a82a821f93a890dcba49a
Certificate serial:       0197F8FD233DE9F52C3053B4DB5941F32CCD
Authority key identifier: AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/XBjHbo-JikUirnDC9mDO-NUnYF0.roa
Signing time:             Fri 11 Jul 2025 10:17:08 +0000
ROA not before:           Fri 11 Jul 2025 10:17:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9387
IP address blocks:        43.226.224.0/22 maxlen: 24
                          43.226.224.0/24 maxlen: 24
                          43.226.225.0/24 maxlen: 24
                          43.226.226.0/24 maxlen: 24
                          43.226.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:fd:23:3d:e9:f5:2c:30:53:b4:db:59:41:f3:2c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5212958d8e1baa144a82a821f93a890dcba49a
        Validity
            Not Before: Jul 11 10:17:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c18c76e8f898a4522ae70c2f660cef8d527605d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d2:b3:e9:68:88:34:5a:bc:af:1f:f1:83:3f:
                    0b:65:3e:10:ba:87:28:88:cd:9d:33:51:e6:0f:50:
                    6b:ff:f9:44:3a:f6:cd:e1:6f:da:f7:3a:70:2c:0a:
                    ec:c4:7a:18:8c:8b:3f:3b:38:4a:ad:3c:15:c0:11:
                    5c:a6:2a:db:ae:54:a9:b0:bc:06:0f:3e:5c:22:d8:
                    db:d4:fa:82:23:17:b2:96:dd:d2:96:bf:14:74:97:
                    bf:bb:7d:86:a4:81:ec:ce:7f:6c:a7:f6:d6:31:3f:
                    87:b2:c8:ba:be:e5:e1:47:a7:a9:54:98:78:d9:f5:
                    7e:69:d7:7e:c4:38:89:07:f0:61:ae:86:21:38:3a:
                    c0:59:4a:d4:bf:71:52:61:b3:19:dd:ce:4e:d7:d1:
                    b1:77:76:0e:0a:7e:3f:04:72:13:20:92:a1:33:c1:
                    a2:d6:14:25:eb:63:28:1f:bd:86:01:d5:91:93:e6:
                    72:f8:72:41:d3:73:4e:11:a8:3a:a8:35:a6:65:2b:
                    eb:de:c1:40:9d:70:44:a8:3f:54:e1:7e:88:b8:56:
                    9b:7c:df:08:07:4b:91:db:59:17:d4:73:9a:dc:cc:
                    9d:3d:41:00:88:7b:19:dd:8c:d2:1a:ab:34:d0:9e:
                    1a:ed:39:97:ef:1d:07:e4:28:bb:d5:5a:c0:a0:d1:
                    a5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:18:C7:6E:8F:89:8A:45:22:AE:70:C2:F6:60:CE:F8:D5:27:60:5D
            X509v3 Authority Key Identifier:
                keyid:AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/XBjHbo-JikUirnDC9mDO-NUnYF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:a3:2a:25:c8:5b:48:df:fa:fe:e9:59:18:62:ca:3d:2b:ad:
         29:00:42:af:d6:ea:f0:8d:43:e7:17:d3:e5:ef:e3:6c:d5:78:
         4e:e8:03:45:62:36:39:0d:fc:5a:64:bf:76:b7:da:fb:42:07:
         a3:8d:65:15:ea:a7:a3:7c:88:2e:8b:b9:7e:2c:76:87:93:d6:
         85:0b:6e:9f:1f:4c:22:29:d9:e5:e0:07:03:3d:bd:f7:92:93:
         cd:00:e3:c3:29:f2:a7:e7:09:28:87:2c:a2:9e:65:26:ca:75:
         24:6f:b4:ec:40:c3:a1:43:bc:47:5a:8a:87:a0:8f:2e:5e:69:
         9d:06:26:82:92:37:de:27:2f:cc:3d:98:0b:58:e3:16:83:5e:
         7c:75:b0:15:2e:76:1c:2d:b7:a1:91:fa:76:f7:49:f2:2a:fb:
         9d:27:c1:48:27:99:b5:8a:e7:0c:20:77:5c:5c:60:82:2a:4c:
         1e:6b:2e:7e:11:87:2b:23:b1:39:c9:df:98:c6:fc:90:35:ba:
         8f:02:e3:e8:1b:12:69:71:e5:18:5e:13:da:41:c1:65:24:8b:
         3b:8c:28:39:bd:62:9c:40:9c:33:c9:31:59:c4:8b:0d:4a:71:
         c8:4a:34:10:9d:ba:96:69:b8:e1:2a:4d:3c:c5:8d:9a:26:51:
         a0:8f:d1:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf4/SM96fUsMFO021lB8yzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTIxMjk1OGQ4ZTFiYWExNDRhODJhODIxZjkzYTg5MGRj
YmE0OWEwHhcNMjUwNzExMTAxNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzE4Yzc2ZThmODk4YTQ1MjJhZTcwYzJmNjYwY2VmOGQ1Mjc2MDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NKz6WiINFq8rx/xgz8LZT4Quoco
iM2dM1HmD1Br//lEOvbN4W/a9zpwLArsxHoYjIs/OzhKrTwVwBFcpirbrlSpsLwG
Dz5cItjb1PqCIxeylt3Slr8UdJe/u32GpIHszn9sp/bWMT+Hssi6vuXhR6epVJh4
2fV+add+xDiJB/BhroYhODrAWUrUv3FSYbMZ3c5O19Gxd3YOCn4/BHITIJKhM8Gi
1hQl62MoH72GAdWRk+Zy+HJB03NOEag6qDWmZSvr3sFAnXBEqD9U4X6IuFabfN8I
B0uR21kX1HOa3MydPUEAiHsZ3YzSGqs00J4a7TmX7x0H5Ci71VrAoNGlDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwYx26PiYpFIq5wwvZgzvjVJ2BdMB8GA1UdIwQY
MBaAFKpSEpWNjhuqFEqCqCH5OokNy6SaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYt
YjQwMWE0YTA0NDkyLzEvWEJqSGJvLUppa1Vpcm5EQzltRE8tTlVuWUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYtYjQwMWE0YTA0NDky
LzEvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCK+LgMA0G
CSqGSIb3DQEBCwUAA4IBAQBaoyolyFtI3/r+6VkYYso9K60pAEKv1urwjUPnF9Pl
7+Ns1XhO6ANFYjY5DfxaZL92t9r7QgejjWUV6qejfIgui7l+LHaHk9aFC26fH0wi
Kdnl4AcDPb33kpPNAOPDKfKn5wkohyyinmUmynUkb7TsQMOhQ7xHWoqHoI8uXmmd
BiaCkjfeJy/MPZgLWOMWg158dbAVLnYcLbehkfp290nyKvudJ8FIJ5m1iucMIHdc
XGCCKkweay5+EYcrI7E5yd+YxvyQNbqPAuPoGxJpceUYXhPaQcFlJIs7jCg5vWKc
QJwzyTFZxIsNSnHISjQQnbqWabjhKk08xY2aJlGgj9FH
-----END CERTIFICATE-----