Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/XfshKmg26J4GeDmQkqYBCAG3kyQ.roa
File:                     XfshKmg26J4GeDmQkqYBCAG3kyQ.roa (raw, json)
Hash identifier:          WmdBSp3tOZptf78Fte4nZRzoao1ErG+KJTfgEnIY6YY=
Subject key identifier:   5D:FB:21:2A:68:36:E8:9E:06:78:39:90:92:A6:01:08:01:B7:93:24
Certificate issuer:       /CN=8f9ed2188da9ecada1149145aefa49726fe01e96
Certificate serial:       019421B1C167D052FCEA1E8191E9E3DF8F89
Authority key identifier: 8F:9E:D2:18:8D:A9:EC:AD:A1:14:91:45:AE:FA:49:72:6F:E0:1E:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j57SGI2p7K2hFJFFrvpJcm_gHpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/XfshKmg26J4GeDmQkqYBCAG3kyQ.roa
Signing time:             Wed 01 Jan 2025 11:48:05 +0000
ROA not before:           Wed 01 Jan 2025 11:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202883
IP address blocks:        185.151.216.0/24 maxlen: 24
                          185.151.217.0/24 maxlen: 24
                          185.151.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/j57SGI2p7K2hFJFFrvpJcm_gHpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/j57SGI2p7K2hFJFFrvpJcm_gHpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j57SGI2p7K2hFJFFrvpJcm_gHpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c1:67:d0:52:fc:ea:1e:81:91:e9:e3:df:8f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f9ed2188da9ecada1149145aefa49726fe01e96
        Validity
            Not Before: Jan  1 11:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dfb212a6836e89e0678399092a6010801b79324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:88:46:a7:7a:10:50:da:ac:e3:91:fc:63:12:
                    e5:b3:e2:28:8a:10:60:26:61:5c:18:cb:83:40:3b:
                    db:00:bb:1a:1b:2e:85:96:29:3c:6f:ec:7c:29:88:
                    dc:a2:06:5a:21:60:70:f8:90:b2:4d:09:0c:9d:fb:
                    f8:2d:d4:23:6b:b5:b9:82:a6:33:81:55:54:88:6d:
                    c7:7b:b2:f6:09:a2:3b:9a:b2:84:3b:5b:4e:9c:0f:
                    ec:70:c3:55:41:fc:a4:ce:ff:72:01:6e:20:b6:cd:
                    b7:35:d9:39:20:e7:7f:36:78:59:9d:bf:c4:ea:53:
                    93:4f:87:c5:9c:03:09:e9:a0:64:d0:11:62:f2:50:
                    09:44:64:73:f0:29:a0:06:b2:4e:d1:b9:63:26:37:
                    a2:0a:c6:bc:ff:03:aa:d2:15:09:fd:1c:3c:a6:0a:
                    2c:af:bf:41:d4:e1:32:c4:3d:44:60:28:63:46:af:
                    98:47:ea:18:f5:8e:de:13:71:fa:79:53:40:a4:64:
                    05:b1:83:f4:ea:b3:67:c7:cb:5f:70:6d:0e:41:0b:
                    52:4e:c3:3d:2d:38:f4:51:d2:b6:d7:7f:ec:54:47:
                    30:df:06:5e:4f:60:9b:52:0c:59:e2:35:8d:73:04:
                    c9:8f:0d:fe:3a:ed:96:a5:96:07:0a:e9:41:61:3d:
                    d0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:FB:21:2A:68:36:E8:9E:06:78:39:90:92:A6:01:08:01:B7:93:24
            X509v3 Authority Key Identifier:
                keyid:8F:9E:D2:18:8D:A9:EC:AD:A1:14:91:45:AE:FA:49:72:6F:E0:1E:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j57SGI2p7K2hFJFFrvpJcm_gHpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/XfshKmg26J4GeDmQkqYBCAG3kyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/j57SGI2p7K2hFJFFrvpJcm_gHpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.216.0-185.151.218.255

    Signature Algorithm: sha256WithRSAEncryption
         51:bf:94:14:65:3c:93:cd:27:3d:51:08:ab:e5:6b:d8:62:0f:
         95:1d:03:8e:54:12:a8:b4:9f:ac:be:93:c4:8a:8a:34:d0:e1:
         4a:8d:fc:0b:10:71:96:c6:6f:8f:2c:0f:6f:a7:0a:b0:5e:da:
         c2:d6:1d:02:d4:9f:b8:1d:ad:3f:66:de:11:91:8c:ab:f2:5f:
         8d:75:c2:b8:39:0c:be:42:47:ca:38:87:0c:c8:89:39:fb:90:
         b4:0a:ad:7d:e6:25:64:31:bf:f4:b8:4a:ff:95:b1:ca:49:5d:
         bd:68:f5:fb:3c:e5:18:72:00:0f:a9:83:a3:a0:da:1c:a2:ae:
         68:04:56:71:eb:fb:63:c0:96:fc:14:ef:90:89:ea:62:0d:a5:
         9c:53:a0:0c:fe:ac:7e:27:1e:6d:94:b1:90:27:9b:4b:4c:e6:
         50:c7:68:df:6f:46:4b:b0:1f:2e:92:e3:cf:de:a7:22:0e:b1:
         0b:2d:7e:d2:9a:78:39:5b:81:10:a0:8b:7e:4b:06:0e:86:51:
         31:41:c8:7b:00:f9:48:9b:3b:c1:c4:9f:39:15:a1:24:58:9a:
         b9:34:7e:ac:b6:1f:1c:dd:bb:ad:fe:6b:a3:71:f4:62:ff:2d:
         0c:f5:b0:c7:e9:15:06:c1:1f:b5:dc:ad:60:ff:3f:25:f7:52:
         03:cb:0b:f0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhscFn0FL86h6Bkenj34+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmOWVkMjE4OGRhOWVjYWRhMTE0OTE0NWFlZmE0OTcyNmZl
MDFlOTYwHhcNMjUwMTAxMTE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGZiMjEyYTY4MzZlODllMDY3ODM5OTA5MmE2MDEwODAxYjc5MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYhGp3oQUNqs45H8YxLls+IoihBg
JmFcGMuDQDvbALsaGy6Flik8b+x8KYjcogZaIWBw+JCyTQkMnfv4LdQja7W5gqYz
gVVUiG3He7L2CaI7mrKEO1tOnA/scMNVQfykzv9yAW4gts23Ndk5IOd/NnhZnb/E
6lOTT4fFnAMJ6aBk0BFi8lAJRGRz8CmgBrJO0bljJjeiCsa8/wOq0hUJ/Rw8pgos
r79B1OEyxD1EYChjRq+YR+oY9Y7eE3H6eVNApGQFsYP06rNnx8tfcG0OQQtSTsM9
LTj0UdK213/sVEcw3wZeT2CbUgxZ4jWNcwTJjw3+Ou2WpZYHCulBYT3QwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF37ISpoNuieBng5kJKmAQgBt5MkMB8GA1UdIwQY
MBaAFI+e0hiNqeytoRSRRa76SXJv4B6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajU3U0dJMnA3SzJoRkpGRnJ2cEpjbV9nSHBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lNGM3YzctNTdlZC00NWU2LTlmY2Yt
ZTcyNDEwNDk3NDVhLzEvWGZzaEttZzI2SjRHZURtUWtxWUJDQUcza3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lNGM3YzctNTdlZC00NWU2LTlmY2YtZTcyNDEwNDk3NDVh
LzEvajU3U0dJMnA3SzJoRkpGRnJ2cEpjbV9nSHBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5l9gD
BAC5l9owDQYJKoZIhvcNAQELBQADggEBAFG/lBRlPJPNJz1RCKvla9hiD5UdA45U
Eqi0n6y+k8SKijTQ4UqN/AsQcZbGb48sD2+nCrBe2sLWHQLUn7gdrT9m3hGRjKvy
X411wrg5DL5CR8o4hwzIiTn7kLQKrX3mJWQxv/S4Sv+VscpJXb1o9fs85RhyAA+p
g6Og2hyirmgEVnHr+2PAlvwU75CJ6mINpZxToAz+rH4nHm2UsZAnm0tM5lDHaN9v
RkuwHy6S48/epyIOsQstftKaeDlbgRCgi35LBg6GUTFByHsA+UibO8HEnzkVoSRY
mrk0fqy2Hxzdu63+a6Nx9GL/LQz1sMfpFQbBH7XcrWD/PyX3UgPLC/A=
-----END CERTIFICATE-----