Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/XbqqIgUuiPQ7s4i6gwADBbMAwT4.roa
File:                     XbqqIgUuiPQ7s4i6gwADBbMAwT4.roa (raw, json)
Hash identifier:          cRp4FxnA8UimLs+QIeRi/nTr91UWmFZBwZVHNphDdoA=
Subject key identifier:   5D:BA:AA:22:05:2E:88:F4:3B:B3:88:BA:83:00:03:05:B3:00:C1:3E
Certificate issuer:       /CN=d94bddafb5df098419020a8fbc7a90b16e341d63
Certificate serial:       01970DE13EAD9620E41C7D3D19B3B539E11C
Authority key identifier: D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/XbqqIgUuiPQ7s4i6gwADBbMAwT4.roa
Signing time:             Mon 26 May 2025 18:35:54 +0000
ROA not before:           Mon 26 May 2025 18:35:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     939
IP address blocks:        45.152.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0d:e1:3e:ad:96:20:e4:1c:7d:3d:19:b3:b5:39:e1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d94bddafb5df098419020a8fbc7a90b16e341d63
        Validity
            Not Before: May 26 18:35:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dbaaa22052e88f43bb388ba83000305b300c13e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a1:79:cb:bc:73:70:8f:95:e2:de:55:10:59:
                    d8:e4:eb:86:99:f4:d3:d8:43:d6:9f:2f:59:b1:50:
                    96:fd:74:af:13:a4:8f:d9:42:c8:f5:d0:46:29:e8:
                    e3:da:08:b0:90:2f:6d:d0:e3:bf:20:ec:37:86:1e:
                    c4:94:e8:1d:e2:d7:f9:03:29:91:80:1d:60:2d:77:
                    85:d0:ed:46:c5:5f:56:f5:c5:9e:06:60:38:ab:c5:
                    59:86:78:f5:f5:25:00:94:d1:13:72:4e:f1:eb:13:
                    5c:5c:8b:f5:54:c7:fa:a2:e5:07:64:3e:24:75:ef:
                    72:52:35:fe:fa:6f:3a:5f:b1:a0:7f:40:81:d1:d2:
                    d1:6e:b6:b2:ba:b9:f1:e0:ab:1a:dd:81:ce:6a:1b:
                    5d:60:bb:ef:ea:b4:f3:e5:59:9c:f3:76:9b:6c:c1:
                    47:97:a3:63:43:66:ae:f9:57:48:37:3f:f4:bc:55:
                    3d:d8:bd:2a:e0:e0:cb:8f:25:64:76:42:01:13:16:
                    b1:9e:bb:a9:ac:a3:f7:f0:57:ee:27:12:d9:c0:28:
                    6a:09:9d:7e:bb:0b:00:19:32:e5:6e:df:1c:b2:3c:
                    a6:33:e2:c8:c6:53:a0:2d:f9:22:cf:5a:fe:1a:a3:
                    54:7e:88:01:9d:c2:a0:59:76:d9:93:ba:29:61:95:
                    2e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:BA:AA:22:05:2E:88:F4:3B:B3:88:BA:83:00:03:05:B3:00:C1:3E
            X509v3 Authority Key Identifier:
                keyid:D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/XbqqIgUuiPQ7s4i6gwADBbMAwT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:da:67:30:56:90:17:69:9d:e7:7d:db:08:1b:e1:56:89:87:
         a2:fd:b6:e9:b6:97:ac:52:1c:80:c0:b8:97:54:9d:4a:1a:3e:
         d2:50:39:d0:b0:77:b9:56:75:bd:90:61:b4:ed:5d:e3:02:49:
         58:7a:f0:c3:7b:20:c9:53:c1:d0:35:5b:bb:fa:66:5d:0f:f4:
         8c:7a:65:8b:b6:5c:b7:d6:ad:65:d4:b8:b6:61:42:87:51:8a:
         46:b5:9c:94:e6:37:68:f5:96:96:5b:9b:65:67:ba:aa:19:da:
         50:b5:cd:94:f5:07:f4:43:f2:9a:c2:13:d3:7f:a7:28:6d:86:
         f0:18:3d:dd:4f:30:44:04:71:3c:20:91:25:3b:ad:8c:58:77:
         6e:23:cc:07:7f:0f:0e:e4:e8:80:d2:fe:40:e5:cd:60:c3:80:
         7d:c6:84:a6:ee:e2:ce:08:17:21:b7:56:96:59:2b:ca:4c:5c:
         90:a0:f8:a0:c2:53:8b:d4:fd:76:de:0a:f5:a8:4d:fa:61:a7:
         c7:94:d3:fd:a1:f1:19:e2:a5:32:d9:1a:2e:1b:4d:81:b2:e2:
         01:d9:fa:cb:de:a0:48:74:4e:57:8c:86:39:3e:0d:03:43:0e:
         cd:e8:f0:ea:09:6b:44:81:fc:e3:2a:fd:ce:f9:71:ae:7d:34:
         23:b4:34:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcN4T6tliDkHH09GbO1OeEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NGJkZGFmYjVkZjA5ODQxOTAyMGE4ZmJjN2E5MGIxNmUz
NDFkNjMwHhcNMjUwNTI2MTgzNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGJhYWEyMjA1MmU4OGY0M2JiMzg4YmE4MzAwMDMwNWIzMDBjMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqF5y7xzcI+V4t5VEFnY5OuGmfTT
2EPWny9ZsVCW/XSvE6SP2ULI9dBGKejj2giwkC9t0OO/IOw3hh7ElOgd4tf5AymR
gB1gLXeF0O1GxV9W9cWeBmA4q8VZhnj19SUAlNETck7x6xNcXIv1VMf6ouUHZD4k
de9yUjX++m86X7Ggf0CB0dLRbrayurnx4Ksa3YHOahtdYLvv6rTz5Vmc83abbMFH
l6NjQ2au+VdINz/0vFU92L0q4ODLjyVkdkIBExaxnruprKP38FfuJxLZwChqCZ1+
uwsAGTLlbt8csjymM+LIxlOgLfkiz1r+GqNUfogBncKgWXbZk7opYZUuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF26qiIFLoj0O7OIuoMAAwWzAME+MB8GA1UdIwQY
MBaAFNlL3a+13wmEGQIKj7x6kLFuNB1jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEt
NmUyNmI5MWY2OTEwLzEvWGJxcUlnVXVpUFE3czRpNmd3QURCYk1Bd1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEtNmUyNmI5MWY2OTEw
LzEvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZjAMA0G
CSqGSIb3DQEBCwUAA4IBAQA42mcwVpAXaZ3nfdsIG+FWiYei/bbptpesUhyAwLiX
VJ1KGj7SUDnQsHe5VnW9kGG07V3jAklYevDDeyDJU8HQNVu7+mZdD/SMemWLtly3
1q1l1Li2YUKHUYpGtZyU5jdo9ZaWW5tlZ7qqGdpQtc2U9Qf0Q/KawhPTf6cobYbw
GD3dTzBEBHE8IJElO62MWHduI8wHfw8O5OiA0v5A5c1gw4B9xoSm7uLOCBcht1aW
WSvKTFyQoPigwlOL1P123gr1qE36YafHlNP9ofEZ4qUy2RouG02BsuIB2frL3qBI
dE5XjIY5Pg0DQw7N6PDqCWtEgfzjKv3O+XGufTQjtDT6
-----END CERTIFICATE-----