Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/XIJrTPpnmF2-ViYOBfj76lEa_QU.roa
File:                     XIJrTPpnmF2-ViYOBfj76lEa_QU.roa (raw, json)
Hash identifier:          QtAX0+z5uKZ3qypme9PzaVh3ewzNYn7wiC5WOpTnLoc=
Subject key identifier:   5C:82:6B:4C:FA:67:98:5D:BE:56:26:0E:05:F8:FB:EA:51:1A:FD:05
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0194C7F3BAB17A8E1626F22A276F0161D878
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/XIJrTPpnmF2-ViYOBfj76lEa_QU.roa
Signing time:             Sun 02 Feb 2025 18:37:06 +0000
ROA not before:           Sun 02 Feb 2025 18:37:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401418
IP address blocks:        178.253.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c7:f3:ba:b1:7a:8e:16:26:f2:2a:27:6f:01:61:d8:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Feb  2 18:37:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c826b4cfa67985dbe56260e05f8fbea511afd05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d5:49:43:7c:fc:58:6b:33:bf:85:21:ba:41:
                    60:89:61:c7:1a:33:c2:c5:89:d2:1a:18:55:db:a2:
                    5a:65:31:3e:b3:cc:64:8f:d6:9c:04:ea:06:11:a6:
                    ca:d2:85:2a:39:e6:b2:a8:95:0a:cd:ed:48:61:f4:
                    39:ca:96:22:e0:48:f9:2d:bb:a4:b6:0b:52:01:02:
                    9b:b1:91:81:35:ea:7c:fb:d5:1a:fd:0c:55:46:3b:
                    53:6b:21:37:a6:f8:12:ce:00:43:62:53:c8:ea:28:
                    37:0e:2f:55:72:9e:ea:97:db:8e:7e:0e:a1:cc:74:
                    26:09:57:f8:03:36:6c:53:72:18:27:52:65:7d:ec:
                    e4:96:ef:e8:65:3e:d3:e0:4b:c5:f2:61:24:dd:56:
                    d9:99:d4:e5:38:8f:0e:fb:40:df:5f:44:cf:1f:09:
                    94:15:c3:fd:ac:99:96:a3:a7:16:20:5f:02:10:91:
                    50:a6:37:50:6e:9b:b6:84:ff:9e:33:bd:e1:c2:60:
                    f7:38:c7:04:1e:34:70:24:fe:01:8d:ac:a6:90:8d:
                    43:7e:d5:2a:dc:55:71:1c:ed:0b:47:65:fd:12:15:
                    dc:5f:84:08:7a:17:a4:a5:8e:bf:8c:a0:b1:df:6c:
                    c5:cf:b3:fb:19:b9:29:b8:cc:d2:5b:a5:66:1b:59:
                    fb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:82:6B:4C:FA:67:98:5D:BE:56:26:0E:05:F8:FB:EA:51:1A:FD:05
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/XIJrTPpnmF2-ViYOBfj76lEa_QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:6c:f0:c2:39:63:35:df:e4:1a:62:ea:53:26:33:6c:38:3d:
         9a:6b:e7:1b:8e:d9:7e:c8:d1:e0:69:a7:69:4c:05:9c:56:9e:
         a6:72:7f:79:e8:04:b9:30:c0:ad:e5:af:25:b5:c6:53:7e:24:
         88:67:1d:10:0a:c6:83:3e:aa:bf:da:1d:9c:b2:82:30:f6:30:
         16:8c:b5:5c:04:22:1b:a6:ad:50:65:09:01:73:1a:51:19:77:
         a8:b8:40:56:d6:9b:58:d4:8e:1f:98:d9:e4:d2:4f:b3:93:bf:
         42:71:47:b9:1b:60:05:a4:0c:c2:d9:bd:99:5a:9d:a2:32:ce:
         ce:f6:97:ac:b4:8c:6d:55:fa:74:b0:38:83:ce:98:a8:8c:1c:
         68:e8:5c:8d:d7:ae:62:b9:5a:2c:4f:ab:b2:9e:48:7c:0d:1a:
         0a:7f:ef:a1:03:53:3b:9c:a5:40:43:d1:d4:19:30:ca:7b:51:
         35:25:72:1c:66:9e:65:1c:60:02:2c:ce:8f:8e:70:76:18:77:
         e9:4a:ec:a3:64:b2:8f:89:69:3a:a2:72:c8:72:67:0e:a5:77:
         d5:14:64:a3:80:4f:c6:79:aa:9a:4e:44:8c:de:79:12:f4:ec:
         cb:b4:95:55:8d:78:34:8b:a5:b5:b8:cf:3c:98:b5:8e:19:e9:
         80:93:cf:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTH87qxeo4WJvIqJ28BYdh4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwMjAyMTgzNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzgyNmI0Y2ZhNjc5ODVkYmU1NjI2MGUwNWY4ZmJlYTUxMWFmZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9VJQ3z8WGszv4UhukFgiWHHGjPC
xYnSGhhV26JaZTE+s8xkj9acBOoGEabK0oUqOeayqJUKze1IYfQ5ypYi4Ej5Lbuk
tgtSAQKbsZGBNep8+9Ua/QxVRjtTayE3pvgSzgBDYlPI6ig3Di9Vcp7ql9uOfg6h
zHQmCVf4AzZsU3IYJ1Jlfezklu/oZT7T4EvF8mEk3VbZmdTlOI8O+0DfX0TPHwmU
FcP9rJmWo6cWIF8CEJFQpjdQbpu2hP+eM73hwmD3OMcEHjRwJP4BjaymkI1DftUq
3FVxHO0LR2X9EhXcX4QIehekpY6/jKCx32zFz7P7GbkpuMzSW6VmG1n7BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyCa0z6Z5hdvlYmDgX4++pRGv0FMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvWElKclRQcG5tRjItVmlZT0Jmajc2bEVhX1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0QMA0G
CSqGSIb3DQEBCwUAA4IBAQDGbPDCOWM13+QaYupTJjNsOD2aa+cbjtl+yNHgaadp
TAWcVp6mcn956AS5MMCt5a8ltcZTfiSIZx0QCsaDPqq/2h2csoIw9jAWjLVcBCIb
pq1QZQkBcxpRGXeouEBW1ptY1I4fmNnk0k+zk79CcUe5G2AFpAzC2b2ZWp2iMs7O
9pestIxtVfp0sDiDzpiojBxo6FyN165iuVosT6uynkh8DRoKf++hA1M7nKVAQ9HU
GTDKe1E1JXIcZp5lHGACLM6PjnB2GHfpSuyjZLKPiWk6onLIcmcOpXfVFGSjgE/G
eaqaTkSM3nkS9OzLtJVVjXg0i6W1uM88mLWOGemAk88l
-----END CERTIFICATE-----