Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/xCaXV2N4DJW6O3HXPjZKGE0buZg.roa
File:                     xCaXV2N4DJW6O3HXPjZKGE0buZg.roa (raw, json)
Hash identifier:          68HQY/LQ4hWAscmkjzWGMqteco+uqxZ4uzyIhwG/Fa4=
Subject key identifier:   C4:26:97:57:63:78:0C:95:BA:3B:71:D7:3E:36:4A:18:4D:1B:B9:98
Certificate issuer:       /CN=a7d78de0234e6f99701592f536e45f5f5594eec3
Certificate serial:       0197304A729D08E06F8FCFFF8B2F733DD12D
Authority key identifier: A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/xCaXV2N4DJW6O3HXPjZKGE0buZg.roa
Signing time:             Mon 02 Jun 2025 10:57:54 +0000
ROA not before:           Mon 02 Jun 2025 10:57:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213405
IP address blocks:        85.222.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:30:4a:72:9d:08:e0:6f:8f:cf:ff:8b:2f:73:3d:d1:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7d78de0234e6f99701592f536e45f5f5594eec3
        Validity
            Not Before: Jun  2 10:57:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c426975763780c95ba3b71d73e364a184d1bb998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:21:62:dc:d6:c2:95:ca:13:c6:29:f7:a9:87:
                    06:e6:ff:10:22:22:3d:67:d0:f5:8e:15:4b:2c:26:
                    25:2d:22:6e:16:34:53:22:c4:11:eb:85:76:d2:b3:
                    6a:3a:7e:6d:15:0a:87:c2:30:b3:a0:00:3f:b6:2d:
                    01:33:fd:55:ae:e8:ff:be:13:01:3a:ae:cb:fa:5f:
                    e2:bf:1f:28:dd:da:f2:06:f7:14:32:13:24:f6:9b:
                    07:13:71:7a:5e:7d:27:f6:3f:14:41:c9:80:35:1d:
                    20:74:5c:26:73:62:5f:fd:dd:16:74:e6:fd:f6:da:
                    41:a8:ca:91:5f:c0:05:8e:ac:20:79:f8:cf:f2:eb:
                    c7:c5:40:99:b6:9f:d6:39:97:9e:02:53:fe:cb:ac:
                    2a:c9:b7:c0:37:4b:86:9e:9a:88:6e:64:c7:cb:31:
                    2d:27:73:08:fc:e4:12:ca:46:73:fa:3f:e9:d7:67:
                    64:c5:0f:8d:c1:03:f3:6b:f4:54:cc:01:6b:a2:f4:
                    40:80:4b:53:03:3c:07:65:3c:bb:1e:51:a8:f9:78:
                    4f:82:55:e4:ce:c8:7d:00:82:fa:e5:78:04:69:6c:
                    d5:7c:97:f0:61:9c:29:d1:38:e1:79:1a:6b:ea:79:
                    ed:95:7f:e1:2d:24:7f:26:63:f9:62:d5:f7:13:40:
                    9e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:26:97:57:63:78:0C:95:BA:3B:71:D7:3E:36:4A:18:4D:1B:B9:98
            X509v3 Authority Key Identifier:
                keyid:A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/xCaXV2N4DJW6O3HXPjZKGE0buZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.222.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:50:e4:56:69:b4:a3:62:ed:a7:3c:90:e7:e3:9d:82:9f:aa:
         5d:39:d4:ab:38:f4:24:3a:73:e2:27:40:f6:71:af:cd:85:17:
         7d:b7:76:2b:97:e1:e3:03:5b:5f:e2:e3:0b:b0:26:c3:f5:a1:
         a0:12:24:24:b3:5d:bc:64:26:34:2c:90:d0:e1:24:e8:98:31:
         a9:10:85:87:c3:2c:33:e0:3a:e9:31:16:d6:62:c3:ac:30:c1:
         5f:d8:23:ad:14:e7:55:8c:74:6a:ab:4f:50:ef:50:39:7e:55:
         c7:db:c9:67:3e:4d:c5:b3:91:56:5d:02:46:2f:d0:fc:2d:ac:
         bd:d0:06:97:16:da:30:07:86:d1:85:3d:d5:90:24:3e:fb:d3:
         c0:0f:5f:57:4e:cf:07:2a:17:6b:2e:4f:a5:0d:c7:2a:fa:2b:
         7b:1f:6b:e4:91:b2:41:b6:1b:ea:9f:20:32:18:32:ec:83:77:
         b0:1a:e9:cf:0c:26:92:e7:40:53:d9:12:4c:ce:4a:0c:3d:0b:
         82:b9:d5:51:2a:bd:b7:b0:97:1a:e1:ca:54:62:de:f6:cc:0b:
         51:8a:0a:2c:e3:08:7e:9b:61:d3:2e:39:5e:6f:73:79:3a:49:
         21:66:53:9a:78:68:38:ba:f7:d3:d2:6a:10:38:65:08:36:ba:
         a7:ad:6a:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcwSnKdCOBvj8//iy9zPdEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZDc4ZGUwMjM0ZTZmOTk3MDE1OTJmNTM2ZTQ1ZjVmNTU5
NGVlYzMwHhcNMjUwNjAyMTA1NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDI2OTc1NzYzNzgwYzk1YmEzYjcxZDczZTM2NGExODRkMWJiOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSFi3NbClcoTxin3qYcG5v8QIiI9
Z9D1jhVLLCYlLSJuFjRTIsQR64V20rNqOn5tFQqHwjCzoAA/ti0BM/1Vruj/vhMB
Oq7L+l/ivx8o3dryBvcUMhMk9psHE3F6Xn0n9j8UQcmANR0gdFwmc2Jf/d0WdOb9
9tpBqMqRX8AFjqwgefjP8uvHxUCZtp/WOZeeAlP+y6wqybfAN0uGnpqIbmTHyzEt
J3MI/OQSykZz+j/p12dkxQ+NwQPza/RUzAFrovRAgEtTAzwHZTy7HlGo+XhPglXk
zsh9AIL65XgEaWzVfJfwYZwp0TjheRpr6nntlX/hLSR/JmP5YtX3E0CeHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQml1djeAyVujtx1z42ShhNG7mYMB8GA1UdIwQY
MBaAFKfXjeAjTm+ZcBWS9TbkX19VlO7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2Mt
MjhkNWI2MDdhNDdmLzEveENhWFYyTjRESlc2TzNIWFBqWktHRTBidVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2MtMjhkNWI2MDdhNDdm
LzEvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVd6gMA0G
CSqGSIb3DQEBCwUAA4IBAQAjUORWabSjYu2nPJDn452Cn6pdOdSrOPQkOnPiJ0D2
ca/NhRd9t3Yrl+HjA1tf4uMLsCbD9aGgEiQks128ZCY0LJDQ4STomDGpEIWHwywz
4DrpMRbWYsOsMMFf2COtFOdVjHRqq09Q71A5flXH28lnPk3Fs5FWXQJGL9D8Lay9
0AaXFtowB4bRhT3VkCQ++9PAD19XTs8HKhdrLk+lDccq+it7H2vkkbJBthvqnyAy
GDLsg3ewGunPDCaS50BT2RJMzkoMPQuCudVRKr23sJca4cpUYt72zAtRigos4wh+
m2HTLjleb3N5OkkhZlOaeGg4uvfT0moQOGUINrqnrWpp
-----END CERTIFICATE-----