Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/XTmTO_VR8CGsSQUzXR_b6tRItaI.roa
File:                     XTmTO_VR8CGsSQUzXR_b6tRItaI.roa (raw, json)
Hash identifier:          aAGwY6esmLFV33DfmVoSFcKKP+O5AjtzbaZ16JWoRuA=
Subject key identifier:   5D:39:93:3B:F5:51:F0:21:AC:49:05:33:5D:1F:DB:EA:D4:48:B5:A2
Certificate issuer:       /CN=220f413fb0af0bd8fe130820d3049d0e71ed4bb0
Certificate serial:       01956D759F3973E1A4E73DB6D7C5D74BEC65
Authority key identifier: 22:0F:41:3F:B0:AF:0B:D8:FE:13:08:20:D3:04:9D:0E:71:ED:4B:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/XTmTO_VR8CGsSQUzXR_b6tRItaI.roa
Signing time:             Thu 06 Mar 2025 21:56:19 +0000
ROA not before:           Thu 06 Mar 2025 21:56:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        217.169.200.0/24 maxlen: 24
                          217.169.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6d:75:9f:39:73:e1:a4:e7:3d:b6:d7:c5:d7:4b:ec:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=220f413fb0af0bd8fe130820d3049d0e71ed4bb0
        Validity
            Not Before: Mar  6 21:56:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d39933bf551f021ac4905335d1fdbead448b5a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b5:bb:94:18:1c:f0:d0:0b:3e:35:a0:ab:2f:
                    26:73:a8:ce:28:94:e4:bd:ba:39:8d:af:68:72:c0:
                    08:6c:79:e9:3c:37:ca:4a:91:f5:49:55:1c:0b:6f:
                    f4:b5:7b:19:18:f0:4a:0c:78:6c:64:f5:40:cc:48:
                    09:57:0d:d7:75:da:5e:11:3f:eb:e1:bf:79:cf:75:
                    87:1f:06:f6:68:7a:88:e5:4a:1c:86:1f:19:c0:c8:
                    ac:66:7c:05:d6:d0:01:f4:99:56:c9:f7:81:5c:8f:
                    b2:17:07:16:d0:7f:56:80:87:b4:9c:90:72:f8:fc:
                    cc:e7:e7:6f:c5:15:10:10:54:c8:ca:64:76:8b:8e:
                    f8:b9:d2:34:55:93:a6:cc:e2:a4:1d:34:3c:66:bb:
                    ba:d8:7a:b4:27:51:73:95:43:8f:96:85:fb:0f:e1:
                    63:f2:79:d8:1a:af:fa:c3:4c:38:51:d2:49:68:58:
                    58:d2:96:6d:16:e0:0b:4b:98:28:f5:93:53:b1:d7:
                    25:55:a6:38:43:94:b5:09:c5:64:26:7c:ed:30:0c:
                    6e:98:7f:28:0e:b0:09:d6:51:75:12:6b:f1:34:e7:
                    bb:13:74:e3:dc:34:08:c3:2d:fe:22:2c:09:30:81:
                    2b:d9:9f:26:93:44:bc:a6:2c:3c:5c:d8:44:10:4a:
                    e3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:39:93:3B:F5:51:F0:21:AC:49:05:33:5D:1F:DB:EA:D4:48:B5:A2
            X509v3 Authority Key Identifier:
                keyid:22:0F:41:3F:B0:AF:0B:D8:FE:13:08:20:D3:04:9D:0E:71:ED:4B:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/XTmTO_VR8CGsSQUzXR_b6tRItaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db357d-b170-40a5-a669-82eba0cb3b0d/1/Ig9BP7CvC9j-Ewgg0wSdDnHtS7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.169.200.0/24
                  217.169.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b6:ba:34:5f:f8:c3:6e:89:31:0d:a4:0f:c6:62:4b:d5:12:
         36:94:88:1b:d1:9f:f9:3c:13:2c:b0:90:44:80:38:a9:37:e3:
         4d:01:dc:4f:e3:cf:16:5a:30:48:27:f0:d1:9a:e1:30:1f:a9:
         25:cb:78:d1:f0:3f:61:d8:7f:24:97:b0:a0:13:17:57:4e:48:
         14:15:a0:91:e1:c3:73:82:fa:bb:de:90:94:91:76:38:bd:34:
         9c:bc:9c:2c:47:38:45:ea:73:85:a3:ad:4a:11:1d:59:cb:22:
         d7:5b:69:6b:d8:c3:6e:9a:16:31:85:e0:a2:c1:ec:90:1f:ce:
         ec:a7:4a:b6:e4:ca:70:97:21:33:5d:8b:7c:39:9a:89:57:87:
         f6:5e:af:6e:e1:e7:ff:02:bb:43:fc:2b:ab:70:42:06:86:ff:
         d4:9a:4a:ac:71:65:cf:d1:15:16:cf:e8:7b:f0:0f:5c:7f:b6:
         b5:9b:16:c4:6f:b5:17:1c:28:29:7f:5b:07:ec:4d:74:e2:3f:
         71:de:d4:83:da:e1:38:f1:fe:43:d4:c0:9b:e6:fe:f6:e8:e9:
         39:c7:22:88:a8:5e:3f:a6:c2:02:4e:3f:9b:5c:b6:7b:93:08:
         4d:26:05:9e:96:15:f2:bb:fa:88:1f:40:6b:05:c3:16:3b:e7:
         26:db:da:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVtdZ85c+Gk5z2218XXS+xlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGY0MTNmYjBhZjBiZDhmZTEzMDgyMGQzMDQ5ZDBlNzFl
ZDRiYjAwHhcNMjUwMzA2MjE1NjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM5OTMzYmY1NTFmMDIxYWM0OTA1MzM1ZDFmZGJlYWQ0NDhiNWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLW7lBgc8NALPjWgqy8mc6jOKJTk
vbo5ja9ocsAIbHnpPDfKSpH1SVUcC2/0tXsZGPBKDHhsZPVAzEgJVw3XddpeET/r
4b95z3WHHwb2aHqI5Uochh8ZwMisZnwF1tAB9JlWyfeBXI+yFwcW0H9WgIe0nJBy
+PzM5+dvxRUQEFTIymR2i474udI0VZOmzOKkHTQ8Zru62Hq0J1FzlUOPloX7D+Fj
8nnYGq/6w0w4UdJJaFhY0pZtFuALS5go9ZNTsdclVaY4Q5S1CcVkJnztMAxumH8o
DrAJ1lF1EmvxNOe7E3Tj3DQIwy3+IiwJMIEr2Z8mk0S8piw8XNhEEErjSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF05kzv1UfAhrEkFM10f2+rUSLWiMB8GA1UdIwQY
MBaAFCIPQT+wrwvY/hMIINMEnQ5x7UuwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWc5QlA3Q3ZDOWotRXdnZzB3U2REbkh0UzdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjM1N2QtYjE3MC00MGE1LWE2Njkt
ODJlYmEwY2IzYjBkLzEvWFRtVE9fVlI4Q0dzU1FVelhSX2I2dFJJdGFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjM1N2QtYjE3MC00MGE1LWE2NjktODJlYmEwY2IzYjBk
LzEvSWc5QlA3Q3ZDOWotRXdnZzB3U2REbkh0UzdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2anIAwQA
2anMMA0GCSqGSIb3DQEBCwUAA4IBAQBHtro0X/jDbokxDaQPxmJL1RI2lIgb0Z/5
PBMssJBEgDipN+NNAdxP488WWjBIJ/DRmuEwH6kly3jR8D9h2H8kl7CgExdXTkgU
FaCR4cNzgvq73pCUkXY4vTScvJwsRzhF6nOFo61KER1ZyyLXW2lr2MNumhYxheCi
weyQH87sp0q25MpwlyEzXYt8OZqJV4f2Xq9u4ef/ArtD/CurcEIGhv/UmkqscWXP
0RUWz+h78A9cf7a1mxbEb7UXHCgpf1sH7E104j9x3tSD2uE48f5D1MCb5v726Ok5
xyKIqF4/psICTj+bXLZ7kwhNJgWelhXyu/qIH0BrBcMWO+cm29pX
-----END CERTIFICATE-----