Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/xi9oGHAZGsjdKybpmWD7Ku8W0ZM.roa
File:                     xi9oGHAZGsjdKybpmWD7Ku8W0ZM.roa (raw, json)
Hash identifier:          5sRqk+0ypVIu7UFoyuyrbtTdv9EciH6vt3GDL2ydd68=
Subject key identifier:   C6:2F:68:18:70:19:1A:C8:DD:2B:26:E9:99:60:FB:2A:EF:16:D1:93
Certificate issuer:       /CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
Certificate serial:       019425FDA366C7B3231F9EB1203F3EB65FF4
Authority key identifier: D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/xi9oGHAZGsjdKybpmWD7Ku8W0ZM.roa
Signing time:             Thu 02 Jan 2025 07:49:26 +0000
ROA not before:           Thu 02 Jan 2025 07:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3352
IP address blocks:        185.193.172.0/23 maxlen: 23
                          185.193.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a3:66:c7:b3:23:1f:9e:b1:20:3f:3e:b6:5f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17bf4fbea894f43eeb3db1b216e57766e01ab81
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c62f681870191ac8dd2b26e99960fb2aef16d193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:dc:e6:52:9b:b4:80:93:2d:a0:4f:c0:fa:bf:
                    e6:2a:8b:40:19:19:6f:d2:7c:30:33:a8:06:d5:47:
                    ff:f0:a2:95:96:50:dd:02:7c:56:d7:d0:e2:52:e9:
                    5f:14:58:37:81:af:ee:52:d2:44:41:22:81:2a:4a:
                    b0:97:14:ae:7a:5e:6d:04:8d:9a:16:e5:f1:9b:36:
                    6c:fc:8c:0b:96:b9:f9:f7:a6:ee:5b:47:73:d7:d8:
                    81:d9:18:ea:42:b1:67:60:bb:a8:65:35:d1:ed:8b:
                    a6:f5:50:4d:dd:75:c3:9f:94:d5:94:91:2f:e6:ea:
                    3f:4a:81:1c:58:d5:1c:17:40:41:75:d9:55:13:f0:
                    ac:86:51:94:b9:15:3f:fb:3e:d2:65:c8:cb:65:f8:
                    b0:44:da:a4:9e:ea:73:87:00:bf:03:71:bc:df:fa:
                    10:e0:cb:1d:0e:57:86:82:6f:7a:8f:51:eb:41:9c:
                    ca:25:5c:a2:94:f8:ba:1d:6b:0a:31:ea:6a:4c:3b:
                    b6:5b:25:1c:62:77:4f:b8:7b:3f:49:9c:db:ff:f9:
                    23:9e:6a:d1:ed:19:05:cb:44:30:b6:2e:50:26:c4:
                    a7:01:00:89:97:84:ef:03:fd:d6:1b:dc:08:ec:50:
                    da:57:82:71:62:27:48:cf:ec:43:c9:8b:22:2b:25:
                    15:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:2F:68:18:70:19:1A:C8:DD:2B:26:E9:99:60:FB:2A:EF:16:D1:93
            X509v3 Authority Key Identifier:
                keyid:D1:7B:F4:FB:EA:89:4F:43:EE:B3:DB:1B:21:6E:57:76:6E:01:AB:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/xi9oGHAZGsjdKybpmWD7Ku8W0ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/421529-73e2-4916-8bd2-2c201d30ae05/1/0Xv0--qJT0Pus9sbIW5Xdm4Bq4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:ae:c5:ea:35:f0:15:a3:3a:d5:d2:b4:29:bc:a6:33:24:01:
         5d:98:a1:72:5d:71:0d:b7:d8:86:36:46:23:1e:da:06:06:19:
         85:4a:b9:6c:46:78:0b:cb:2b:81:d9:b6:ba:a3:cb:33:4e:74:
         11:06:ad:9a:01:1f:17:66:b5:f2:6f:1f:39:3e:08:33:1c:9b:
         b9:62:ca:7b:43:05:40:1e:27:b9:c6:19:81:94:88:08:1f:57:
         50:b4:ec:db:e4:4c:f0:8d:a4:ab:cc:1e:69:85:73:2d:d1:7c:
         ec:00:84:cd:f5:cb:58:6a:02:b6:3b:b4:34:bd:f0:1f:89:59:
         b9:92:3e:d4:34:61:86:06:68:c1:a0:0a:97:81:c5:0d:fd:93:
         2c:ae:fe:a3:a9:7e:e2:42:40:cd:85:f7:49:d4:4d:be:6e:18:
         61:77:16:97:d1:f3:f8:2a:58:ee:fe:d3:ef:42:0f:98:74:a8:
         07:e7:c0:e7:b7:d4:7f:fe:2d:de:18:23:e6:8d:0b:02:5c:04:
         9d:e3:51:93:2c:29:61:82:5f:3e:26:8e:38:65:15:85:d4:fb:
         f5:48:e4:b6:7d:e1:97:7e:8d:03:15:1a:1e:09:16:e1:ba:2c:
         e5:0d:65:ba:9f:78:9b:e4:b8:83:78:f2:3a:92:35:4d:95:d1:
         fb:89:3e:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/aNmx7MjH56xID8+tl/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2JmNGZiZWE4OTRmNDNlZWIzZGIxYjIxNmU1Nzc2NmUw
MWFiODEwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjJmNjgxODcwMTkxYWM4ZGQyYjI2ZTk5OTYwZmIyYWVmMTZkMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9zmUpu0gJMtoE/A+r/mKotAGRlv
0nwwM6gG1Uf/8KKVllDdAnxW19DiUulfFFg3ga/uUtJEQSKBKkqwlxSuel5tBI2a
FuXxmzZs/IwLlrn596buW0dz19iB2RjqQrFnYLuoZTXR7Yum9VBN3XXDn5TVlJEv
5uo/SoEcWNUcF0BBddlVE/CshlGUuRU/+z7SZcjLZfiwRNqknupzhwC/A3G83/oQ
4MsdDleGgm96j1HrQZzKJVyilPi6HWsKMepqTDu2WyUcYndPuHs/SZzb//kjnmrR
7RkFy0Qwti5QJsSnAQCJl4TvA/3WG9wI7FDaV4JxYidIz+xDyYsiKyUVzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYvaBhwGRrI3Ssm6Zlg+yrvFtGTMB8GA1UdIwQY
MBaAFNF79PvqiU9D7rPbGyFuV3ZuAauBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDIt
MmMyMDFkMzBhZTA1LzEveGk5b0dIQVpHc2pkS3licG1XRDdLdThXMFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MjE1MjktNzNlMi00OTE2LThiZDItMmMyMDFkMzBhZTA1
LzEvMFh2MC0tcUpUMFB1czlzYklXNVhkbTRCcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucGsMA0G
CSqGSIb3DQEBCwUAA4IBAQCWrsXqNfAVozrV0rQpvKYzJAFdmKFyXXENt9iGNkYj
HtoGBhmFSrlsRngLyyuB2ba6o8szTnQRBq2aAR8XZrXybx85PggzHJu5Ysp7QwVA
Hie5xhmBlIgIH1dQtOzb5EzwjaSrzB5phXMt0XzsAITN9ctYagK2O7Q0vfAfiVm5
kj7UNGGGBmjBoAqXgcUN/ZMsrv6jqX7iQkDNhfdJ1E2+bhhhdxaX0fP4Klju/tPv
Qg+YdKgH58Dnt9R//i3eGCPmjQsCXASd41GTLClhgl8+Jo44ZRWF1Pv1SOS2feGX
fo0DFRoeCRbhuizlDWW6n3ib5LiDePI6kjVNldH7iT5c
-----END CERTIFICATE-----