Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/XZCD2ozMadKu5ppRclcjA81adQM.roa
File:                     XZCD2ozMadKu5ppRclcjA81adQM.roa (raw, json)
Hash identifier:          5bgsDhtiRsAZtWQwU54/e6IL5DKPg91iF0EEc9dqPDs=
Subject key identifier:   5D:90:83:DA:8C:CC:69:D2:AE:E6:9A:51:72:57:23:03:CD:5A:75:03
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       01973BEA43C9FFE8EBB09593397D58EA3B2C
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/XZCD2ozMadKu5ppRclcjA81adQM.roa
Signing time:             Wed 04 Jun 2025 17:08:17 +0000
ROA not before:           Wed 04 Jun 2025 17:08:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        195.225.128.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 17:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:ea:43:c9:ff:e8:eb:b0:95:93:39:7d:58:ea:3b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Jun  4 17:08:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d9083da8ccc69d2aee69a5172572303cd5a7503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:fc:c4:e0:7c:8c:c5:d4:82:bb:93:76:70:23:
                    17:15:47:69:f3:c8:62:ca:c2:be:1b:cb:5f:bf:18:
                    3e:a1:ed:af:f7:4a:88:66:e2:78:20:c5:7f:f4:4e:
                    55:54:4e:e1:b2:20:f7:70:b0:76:ed:cf:c0:b8:4a:
                    39:f8:91:5e:5f:4e:0e:b4:55:48:cd:0f:0b:63:78:
                    68:fb:52:47:ad:61:45:6d:a2:4f:b6:a9:c1:12:ba:
                    2c:71:29:27:a3:73:e4:2f:d4:74:b3:8a:3d:fd:dc:
                    eb:fb:af:f7:55:98:cb:e4:46:be:24:fa:3e:ae:e7:
                    50:ef:63:5f:6f:cb:a9:5e:0e:45:57:e4:eb:fa:0f:
                    ab:26:cd:cf:26:4e:a0:71:7e:ff:03:bf:fd:c2:fc:
                    93:cd:f8:12:26:60:4e:d3:04:6c:f3:93:f4:3e:a0:
                    31:81:5a:3e:ca:dd:ea:2e:f3:9e:d9:82:53:ba:27:
                    ae:c8:23:e8:c2:a0:f4:7a:18:4f:b5:3a:f1:f0:3b:
                    63:f3:cc:f6:ef:7e:5f:d8:d1:44:57:44:cb:5c:42:
                    a8:c0:41:37:56:9d:a0:c5:32:04:f9:3a:90:32:f4:
                    2b:79:69:1a:fe:b0:54:72:dd:80:99:19:2a:2b:78:
                    76:47:60:03:07:be:29:c9:f7:dd:43:21:a2:ea:4c:
                    c0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:90:83:DA:8C:CC:69:D2:AE:E6:9A:51:72:57:23:03:CD:5A:75:03
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/XZCD2ozMadKu5ppRclcjA81adQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:58:0f:98:1f:8d:e1:f9:c8:7c:ed:3a:e6:df:b5:50:7d:d4:
         70:23:81:c5:e7:18:b4:8e:96:27:85:9c:31:ba:83:c0:6f:a3:
         92:75:87:c9:a8:37:48:4e:d3:06:8a:9b:05:81:1a:11:96:d0:
         48:e8:07:fb:a1:4c:74:c5:6a:4c:cd:d1:f5:be:8f:a4:d3:d0:
         90:e4:ff:13:19:b2:6e:fd:26:97:d3:fd:08:74:06:00:35:21:
         c0:3b:5c:43:97:48:b1:7b:3d:7a:78:4b:82:43:f3:9b:1e:37:
         62:ca:6a:fd:4e:2a:3c:ca:71:80:27:b5:5d:ff:3d:a9:9c:5e:
         4e:52:4a:93:0a:89:1f:3a:2e:83:a2:bd:cf:21:ef:e5:94:a7:
         64:03:4c:0b:6c:01:3c:63:6b:2f:16:96:07:a8:eb:d5:6f:a1:
         54:95:7d:f0:15:46:cd:44:ef:ec:72:40:e8:a5:be:67:6c:30:
         ff:b6:00:ba:53:bf:40:d2:61:4e:5d:5f:a2:bb:24:d8:a7:22:
         ac:f0:98:89:e0:97:d6:40:fd:dd:46:b6:c2:00:70:22:42:3d:
         ca:4b:7d:f7:ac:ac:0b:fc:09:f5:48:d0:b0:a9:44:b1:69:1e:
         4b:fc:8d:76:c8:bd:80:43:be:24:0b:b0:45:1c:48:b2:32:91:
         1e:55:68:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc76kPJ/+jrsJWTOX1Y6jssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjUwNjA0MTcwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDkwODNkYThjY2M2OWQyYWVlNjlhNTE3MjU3MjMwM2NkNWE3NTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4vzE4HyMxdSCu5N2cCMXFUdp88hi
ysK+G8tfvxg+oe2v90qIZuJ4IMV/9E5VVE7hsiD3cLB27c/AuEo5+JFeX04OtFVI
zQ8LY3ho+1JHrWFFbaJPtqnBEroscSkno3PkL9R0s4o9/dzr+6/3VZjL5Ea+JPo+
rudQ72Nfb8upXg5FV+Tr+g+rJs3PJk6gcX7/A7/9wvyTzfgSJmBO0wRs85P0PqAx
gVo+yt3qLvOe2YJTuieuyCPowqD0ehhPtTrx8Dtj88z2735f2NFEV0TLXEKowEE3
Vp2gxTIE+TqQMvQreWka/rBUct2AmRkqK3h2R2ADB74pyffdQyGi6kzA0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2Qg9qMzGnSruaaUXJXIwPNWnUDMB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvWFpDRDJvek1hZEt1NXBwUmNsY2pBODFhZFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+GAMA0G
CSqGSIb3DQEBCwUAA4IBAQBzWA+YH43h+ch87Trm37VQfdRwI4HF5xi0jpYnhZwx
uoPAb6OSdYfJqDdITtMGipsFgRoRltBI6Af7oUx0xWpMzdH1vo+k09CQ5P8TGbJu
/SaX0/0IdAYANSHAO1xDl0ixez16eEuCQ/ObHjdiymr9Tio8ynGAJ7Vd/z2pnF5O
UkqTCokfOi6Dor3PIe/llKdkA0wLbAE8Y2svFpYHqOvVb6FUlX3wFUbNRO/sckDo
pb5nbDD/tgC6U79A0mFOXV+iuyTYpyKs8JiJ4JfWQP3dRrbCAHAiQj3KS333rKwL
/An1SNCwqUSxaR5L/I12yL2AQ74kC7BFHEiyMpEeVWji
-----END CERTIFICATE-----