Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XbA0nc1tZrYU69diuo1gj9QhP6Y.roa
File:                     XbA0nc1tZrYU69diuo1gj9QhP6Y.roa (raw, json)
Hash identifier:          KYLJmTU9Jw64EfQB+zVPcPnobDo4KExuPWdjKVDfo6U=
Subject key identifier:   5D:B0:34:9D:CD:6D:66:B6:14:EB:D7:62:BA:8D:60:8F:D4:21:3F:A6
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01971727355CB03E2F168CF65464BDEB03F8
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XbA0nc1tZrYU69diuo1gj9QhP6Y.roa
Signing time:             Wed 28 May 2025 13:48:54 +0000
ROA not before:           Wed 28 May 2025 13:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213893
IP address blocks:        147.45.210.0/24 maxlen: 24
                          147.45.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 19:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:27:35:5c:b0:3e:2f:16:8c:f6:54:64:bd:eb:03:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 28 13:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5db0349dcd6d66b614ebd762ba8d608fd4213fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:03:47:05:e7:95:4b:3d:eb:e9:df:4e:ad:56:
                    e2:1e:93:7d:66:f9:82:05:c6:42:14:1e:1a:d4:b0:
                    b2:e2:df:1a:e0:6b:68:c4:ce:34:dd:a9:95:74:12:
                    f8:83:22:a4:ce:ac:77:e8:5b:e0:43:05:b8:66:d9:
                    df:cd:09:dc:09:3d:06:d7:82:b7:dc:11:3d:7d:df:
                    51:ac:79:d6:a4:43:15:eb:4a:57:64:da:e7:ba:51:
                    ca:38:b0:c7:fc:f6:b7:44:4b:ad:b9:59:f6:e9:11:
                    29:ef:5f:0b:b5:60:1b:95:ca:f1:64:ce:4d:c8:e2:
                    62:a3:de:2e:27:ba:6d:e9:2a:f7:55:8c:6c:5b:5b:
                    81:10:73:a2:3b:dc:41:18:87:27:36:64:e4:2a:cd:
                    d5:ae:d4:6d:7f:fc:a6:9a:87:f6:88:c6:2d:df:cd:
                    5b:5f:ad:85:8a:03:b1:23:58:6c:ef:23:81:fe:b7:
                    c2:28:5e:4f:e4:bb:e1:c7:86:98:5c:64:6b:77:64:
                    4d:41:47:41:63:9c:41:2c:35:45:9b:19:85:25:8c:
                    f3:ed:86:47:20:aa:22:5a:de:0c:c1:f3:cf:02:d1:
                    0c:36:05:0a:6b:dc:3e:da:9e:4f:e7:24:4b:df:4d:
                    cb:8b:a4:87:71:b0:10:eb:a9:f1:18:33:28:92:d7:
                    7a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B0:34:9D:CD:6D:66:B6:14:EB:D7:62:BA:8D:60:8F:D4:21:3F:A6
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/XbA0nc1tZrYU69diuo1gj9QhP6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.210.0/24
                  147.45.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3a:c8:5f:d1:66:47:44:a6:4a:b3:fd:6a:6d:4d:f2:b7:c8:
         92:59:c9:65:42:9e:4d:e2:f7:2f:b9:6f:d8:c5:df:b2:e2:03:
         75:36:78:2f:6b:02:22:32:e9:88:a3:0f:75:20:e3:ca:4d:e2:
         06:17:f3:49:df:ee:08:db:61:60:4e:08:96:49:45:64:cf:63:
         15:f3:f3:d1:48:8a:59:e9:90:3b:88:91:99:d5:3d:ca:bc:1b:
         29:5c:c0:30:66:db:70:1a:90:45:25:e3:6a:34:8b:19:ec:27:
         70:c8:4b:64:16:80:ee:5e:b6:3e:0a:97:b3:35:c3:21:23:41:
         91:a4:ba:a4:69:44:e3:75:6a:47:d8:25:c3:3e:0a:83:e0:aa:
         de:92:ff:df:f8:70:07:fe:b4:f7:a4:68:6c:d6:e6:be:b8:b5:
         60:6f:69:4b:2d:d3:d5:8e:68:19:39:c5:e9:a9:f1:50:d1:f7:
         4a:8d:69:c3:53:64:fe:62:ca:5a:04:b8:5c:fe:4d:39:c0:4e:
         e3:29:eb:ae:33:0c:20:b2:25:0c:ef:a6:10:72:00:c1:ad:23:
         09:4f:ae:d0:22:ea:ed:a5:2b:7c:97:21:79:4d:3c:e3:7b:64:
         1c:af:88:29:eb:cf:ad:1b:50:cd:6a:97:51:65:88:61:90:3b:
         57:7f:ee:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcXJzVcsD4vFoz2VGS96wP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNTI4MTM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGIwMzQ5ZGNkNmQ2NmI2MTRlYmQ3NjJiYThkNjA4ZmQ0MjEzZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnANHBeeVSz3r6d9OrVbiHpN9ZvmC
BcZCFB4a1LCy4t8a4GtoxM403amVdBL4gyKkzqx36FvgQwW4ZtnfzQncCT0G14K3
3BE9fd9RrHnWpEMV60pXZNrnulHKOLDH/Pa3REutuVn26REp718LtWAblcrxZM5N
yOJio94uJ7pt6Sr3VYxsW1uBEHOiO9xBGIcnNmTkKs3VrtRtf/ymmof2iMYt381b
X62FigOxI1hs7yOB/rfCKF5P5Lvhx4aYXGRrd2RNQUdBY5xBLDVFmxmFJYzz7YZH
IKoiWt4MwfPPAtEMNgUKa9w+2p5P5yRL303Li6SHcbAQ66nxGDMoktd6oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF2wNJ3NbWa2FOvXYrqNYI/UIT+mMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvWGJBMG5jMXRacllVNjlkaXVvMWdqOVFoUDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky3SAwQA
ky3fMA0GCSqGSIb3DQEBCwUAA4IBAQBxOshf0WZHRKZKs/1qbU3yt8iSWcllQp5N
4vcvuW/Yxd+y4gN1NngvawIiMumIow91IOPKTeIGF/NJ3+4I22FgTgiWSUVkz2MV
8/PRSIpZ6ZA7iJGZ1T3KvBspXMAwZttwGpBFJeNqNIsZ7CdwyEtkFoDuXrY+Cpez
NcMhI0GRpLqkaUTjdWpH2CXDPgqD4Krekv/f+HAH/rT3pGhs1ua+uLVgb2lLLdPV
jmgZOcXpqfFQ0fdKjWnDU2T+YspaBLhc/k05wE7jKeuuMwwgsiUM76YQcgDBrSMJ
T67QIurtpSt8lyF5TTzje2Qcr4gp68+tG1DNapdRZYhhkDtXf+6Z
-----END CERTIFICATE-----