Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/f894a3-8ed7-4d6f-bb03-6ab05568ade2/1/XYDcPLsMJ5XYkYL0PQrHKhNJ9s4.roa
File:                     XYDcPLsMJ5XYkYL0PQrHKhNJ9s4.roa (raw, json)
Hash identifier:          1m7+mEL2iJYkvJfrDXaZzofwFCojsAzxm4zXV5nNyDk=
Subject key identifier:   5D:80:DC:3C:BB:0C:27:95:D8:91:82:F4:3D:0A:C7:2A:13:49:F6:CE
Certificate issuer:       /CN=0ff2bbcd1c2d8d7adf741d704d9dc64b9e614fda
Certificate serial:       01942521838901D1B975D6489F440D69B594
Authority key identifier: 0F:F2:BB:CD:1C:2D:8D:7A:DF:74:1D:70:4D:9D:C6:4B:9E:61:4F:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_K7zRwtjXrfdB1wTZ3GS55hT9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/f894a3-8ed7-4d6f-bb03-6ab05568ade2/1/XYDcPLsMJ5XYkYL0PQrHKhNJ9s4.roa
Signing time:             Thu 02 Jan 2025 03:49:00 +0000
ROA not before:           Thu 02 Jan 2025 03:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57243
IP address blocks:        193.193.166.0/23 maxlen: 32
                          2001:67c:7e4::/48 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/f894a3-8ed7-4d6f-bb03-6ab05568ade2/1/D_K7zRwtjXrfdB1wTZ3GS55hT9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/f894a3-8ed7-4d6f-bb03-6ab05568ade2/1/D_K7zRwtjXrfdB1wTZ3GS55hT9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_K7zRwtjXrfdB1wTZ3GS55hT9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:83:89:01:d1:b9:75:d6:48:9f:44:0d:69:b5:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff2bbcd1c2d8d7adf741d704d9dc64b9e614fda
        Validity
            Not Before: Jan  2 03:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d80dc3cbb0c2795d89182f43d0ac72a1349f6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7d:4a:5f:b3:b5:c6:f0:20:75:15:ad:9c:9f:
                    ff:f5:f8:41:ef:6c:09:28:7d:71:a7:89:53:e3:29:
                    2e:43:80:eb:79:f3:9a:e8:36:d9:a9:12:dd:82:4b:
                    6b:5c:67:e9:69:ca:cd:e8:8c:48:1a:2c:36:25:7b:
                    66:22:d8:b6:05:5a:f7:b8:74:f9:b7:54:ae:32:14:
                    2e:76:4f:be:38:1e:de:0f:c6:40:1c:66:d9:a5:2d:
                    15:66:03:74:04:48:cf:e2:e8:75:f2:21:e0:d3:78:
                    1a:e5:9a:31:33:ef:fc:f5:39:13:d4:65:a0:35:5a:
                    8c:e5:41:41:8b:97:e1:7e:49:48:1d:8a:46:41:1e:
                    cb:0f:12:7f:18:eb:8c:89:90:fb:a8:78:1d:0f:97:
                    9f:98:7b:67:1a:ac:bd:a6:b4:89:46:f6:9f:f4:34:
                    97:e8:b6:51:1e:d4:f8:be:e4:df:79:62:1c:28:85:
                    70:03:56:59:1f:72:73:73:49:ed:36:46:aa:dc:f4:
                    67:02:a2:22:4e:c8:83:37:02:19:f7:94:82:a6:05:
                    c7:9a:01:0b:57:92:53:08:8e:c5:51:6d:0e:2b:b8:
                    37:2e:82:7a:d6:26:4c:8c:2d:3f:f9:7f:e8:a8:a5:
                    21:bb:62:29:3d:c0:9b:36:c6:80:a4:8d:0a:2e:98:
                    46:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:80:DC:3C:BB:0C:27:95:D8:91:82:F4:3D:0A:C7:2A:13:49:F6:CE
            X509v3 Authority Key Identifier:
                keyid:0F:F2:BB:CD:1C:2D:8D:7A:DF:74:1D:70:4D:9D:C6:4B:9E:61:4F:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_K7zRwtjXrfdB1wTZ3GS55hT9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f894a3-8ed7-4d6f-bb03-6ab05568ade2/1/XYDcPLsMJ5XYkYL0PQrHKhNJ9s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f894a3-8ed7-4d6f-bb03-6ab05568ade2/1/D_K7zRwtjXrfdB1wTZ3GS55hT9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.193.166.0/23
                IPv6:
                  2001:67c:7e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:6a:33:3f:24:43:25:54:0c:19:a9:b3:2d:74:d4:d0:00:4d:
         46:b2:52:a5:9c:98:ca:3d:4c:62:1d:0e:e5:b2:80:15:fa:ad:
         01:71:b5:85:b4:09:22:75:05:9c:64:d8:b3:42:67:be:b8:48:
         a0:01:d9:68:d2:f1:f4:0a:ea:83:03:1d:5c:bc:ab:29:41:3c:
         cc:fe:e9:cb:b4:33:ca:be:7b:89:ba:20:24:08:f0:c9:48:cc:
         ec:4b:22:88:16:94:fa:b3:96:e3:41:37:14:13:58:fb:e3:dc:
         1b:41:00:85:3d:aa:d6:5a:67:5f:46:1d:1c:d3:bf:2a:ba:ef:
         d7:54:d2:10:7c:69:f4:40:af:a8:ca:62:1d:95:f0:52:47:84:
         56:26:40:b7:57:c1:9b:8a:40:44:98:6a:1e:a5:49:f7:83:46:
         d1:4e:02:4b:60:4d:f4:5e:e8:bd:40:2e:3e:da:d9:2c:13:ee:
         44:73:95:43:fa:30:ea:4b:4f:d4:f4:78:94:a5:67:df:a0:5a:
         e0:ea:79:b3:90:73:d0:5f:42:ed:62:f9:f0:42:38:04:e8:75:
         44:00:6e:e7:0f:b5:5a:cd:b6:9f:d5:d7:65:2b:87:9b:5f:67:
         31:77:61:fe:96:2f:dc:80:02:8b:65:28:ce:66:9e:d3:21:e6:
         60:f5:e8:ad
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIYOJAdG5ddZIn0QNabWUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjJiYmNkMWMyZDhkN2FkZjc0MWQ3MDRkOWRjNjRiOWU2
MTRmZGEwHhcNMjUwMTAyMDM0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDgwZGMzY2JiMGMyNzk1ZDg5MTgyZjQzZDBhYzcyYTEzNDlmNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH1KX7O1xvAgdRWtnJ//9fhB72wJ
KH1xp4lT4ykuQ4DrefOa6DbZqRLdgktrXGfpacrN6IxIGiw2JXtmIti2BVr3uHT5
t1SuMhQudk++OB7eD8ZAHGbZpS0VZgN0BEjP4uh18iHg03ga5ZoxM+/89TkT1GWg
NVqM5UFBi5fhfklIHYpGQR7LDxJ/GOuMiZD7qHgdD5efmHtnGqy9prSJRvaf9DSX
6LZRHtT4vuTfeWIcKIVwA1ZZH3Jzc0ntNkaq3PRnAqIiTsiDNwIZ95SCpgXHmgEL
V5JTCI7FUW0OK7g3LoJ61iZMjC0/+X/oqKUhu2IpPcCbNsaApI0KLphGbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF2A3Dy7DCeV2JGC9D0KxyoTSfbOMB8GA1UdIwQY
MBaAFA/yu80cLY1633QdcE2dxkueYU/aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9LN3pSd3RqWHJmZEIxd1RaM0dTNTVoVDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mODk0YTMtOGVkNy00ZDZmLWJiMDMt
NmFiMDU1NjhhZGUyLzEvWFlEY1BMc01KNVhZa1lMMFBRckhLaE5KOXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9mODk0YTMtOGVkNy00ZDZmLWJiMDMtNmFiMDU1NjhhZGUy
LzEvRF9LN3pSd3RqWHJmZEIxd1RaM0dTNTVoVDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwcGmMA8E
AgACMAkDBwAgAQZ8B+QwDQYJKoZIhvcNAQELBQADggEBADpqMz8kQyVUDBmpsy10
1NAATUayUqWcmMo9TGIdDuWygBX6rQFxtYW0CSJ1BZxk2LNCZ764SKAB2WjS8fQK
6oMDHVy8qylBPMz+6cu0M8q+e4m6ICQI8MlIzOxLIogWlPqzluNBNxQTWPvj3BtB
AIU9qtZaZ19GHRzTvyq679dU0hB8afRAr6jKYh2V8FJHhFYmQLdXwZuKQESYah6l
SfeDRtFOAktgTfRe6L1ALj7a2SwT7kRzlUP6MOpLT9T0eJSlZ9+gWuDqebOQc9Bf
Qu1i+fBCOATodUQAbucPtVrNtp/V12Urh5tfZzF3Yf6WL9yAAotlKM5mntMh5mD1
6K0=
-----END CERTIFICATE-----