Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XSFsRez--8TYmF8vjcHL8KVTyTE.roa
File:                     XSFsRez--8TYmF8vjcHL8KVTyTE.roa (raw, json)
Hash identifier:          HNnqU69SzqO7NGSbC979f0tlGCkWvy8pdGkT+wCcXSk=
Subject key identifier:   5D:21:6C:45:EC:FE:FB:C4:D8:98:5F:2F:8D:C1:CB:F0:A5:53:C9:31
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0196882383A4B48200EC8E4092E1CD260760
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XSFsRez--8TYmF8vjcHL8KVTyTE.roa
Signing time:             Wed 30 Apr 2025 19:19:10 +0000
ROA not before:           Wed 30 Apr 2025 19:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210241
IP address blocks:        93.171.248.0/23 maxlen: 24
                          2a02:128:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:88:23:83:a4:b4:82:00:ec:8e:40:92:e1:cd:26:07:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Apr 30 19:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d216c45ecfefbc4d8985f2f8dc1cbf0a553c931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d3:39:e5:14:af:eb:5e:3a:f2:36:0f:ec:40:
                    3e:d6:5f:d4:75:9f:99:17:98:6b:71:a9:84:b4:3c:
                    a7:56:3f:47:29:82:66:57:e0:e5:36:a4:7e:98:6d:
                    24:5e:50:fd:e7:8f:d9:b1:e1:a1:18:37:8f:e5:68:
                    f6:7a:a5:fe:40:3e:90:2b:6b:39:6d:f0:47:4b:7f:
                    3b:57:45:f9:55:5b:82:76:00:8f:f0:e2:e6:91:8d:
                    81:d5:4b:38:75:20:e9:a7:25:53:74:08:30:4d:2c:
                    98:4f:99:d1:d5:fe:9a:ce:5e:36:a7:ea:5b:24:9d:
                    f3:00:62:78:e3:58:3c:ac:14:77:1e:b5:89:fe:34:
                    02:ec:a1:9b:ad:3c:81:af:b3:34:af:3b:c2:18:49:
                    bc:69:ff:8b:25:88:bb:a1:b6:f8:a0:3d:05:17:97:
                    ee:4b:7f:1f:76:99:fa:f2:6a:fa:3e:22:f0:0c:b7:
                    c2:03:0b:5b:ec:4e:fb:46:35:8e:00:0e:03:ed:a5:
                    62:a0:a6:dc:8f:5d:89:27:e3:25:31:9e:2d:cb:4d:
                    3f:4d:70:cf:52:12:66:9f:fe:27:e5:9e:3d:ad:8c:
                    5c:bf:5b:84:6b:1f:e3:ec:80:77:71:0c:a6:9c:1a:
                    ee:70:93:b6:d9:ab:79:d4:b9:50:82:8d:d5:58:f4:
                    38:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:21:6C:45:EC:FE:FB:C4:D8:98:5F:2F:8D:C1:CB:F0:A5:53:C9:31
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XSFsRez--8TYmF8vjcHL8KVTyTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.248.0/23
                IPv6:
                  2a02:128:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:3d:61:4f:4b:1c:94:23:52:63:49:3f:39:4f:a6:f6:06:68:
         6b:f1:c8:c1:a3:ca:81:97:da:73:93:37:2b:f1:3a:80:d5:9a:
         fa:61:e8:25:d0:57:38:b9:9a:97:c2:14:6f:4c:86:a2:59:3e:
         e0:79:b1:64:b0:81:d1:f2:3c:4a:08:8e:42:a5:86:2c:d0:91:
         3a:c1:10:a2:9e:bd:80:a3:c0:3a:40:74:57:3c:54:11:a0:07:
         af:85:c4:0f:e6:06:02:d7:19:d1:fa:d6:07:c4:83:73:38:29:
         31:97:51:38:59:ec:8b:3e:68:7e:09:37:b1:c3:7d:6b:4f:9d:
         8a:17:3b:72:5f:62:2c:c5:20:1f:50:79:86:0f:56:89:e6:4b:
         49:c9:71:fd:aa:e3:3c:fe:87:1b:b5:85:ae:0a:e7:7e:cf:03:
         c1:26:32:b7:e2:63:a3:1f:84:39:2d:d3:ef:c9:3b:a9:52:26:
         b9:85:29:a3:87:1b:d4:9c:97:3c:b8:ce:4a:01:34:cf:4e:2b:
         3f:7f:a5:5d:2e:17:87:c0:5d:b3:84:eb:50:cc:f0:93:6a:43:
         e4:fe:35:e0:df:04:cd:5f:1b:76:47:e2:a7:b7:1d:6c:76:c3:
         cc:7f:61:2d:6a:93:e9:71:dc:40:c0:2b:d9:e7:98:e1:80:cd:
         e9:e1:fd:24
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZaII4OktIIA7I5AkuHNJgdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNDMwMTkxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDIxNmM0NWVjZmVmYmM0ZDg5ODVmMmY4ZGMxY2JmMGE1NTNjOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09M55RSv61468jYP7EA+1l/UdZ+Z
F5hrcamEtDynVj9HKYJmV+DlNqR+mG0kXlD954/ZseGhGDeP5Wj2eqX+QD6QK2s5
bfBHS387V0X5VVuCdgCP8OLmkY2B1Us4dSDppyVTdAgwTSyYT5nR1f6azl42p+pb
JJ3zAGJ441g8rBR3HrWJ/jQC7KGbrTyBr7M0rzvCGEm8af+LJYi7obb4oD0FF5fu
S38fdpn68mr6PiLwDLfCAwtb7E77RjWOAA4D7aVioKbcj12JJ+MlMZ4ty00/TXDP
UhJmn/4n5Z49rYxcv1uEax/j7IB3cQymnBrucJO22at51LlQgo3VWPQ4gQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF0hbEXs/vvE2JhfL43By/ClU8kxMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWFNGc1Jlei0tOFRZbUY4dmpjSEw4S1ZUeVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBXav4MA8E
AgACMAkDBwAqAgEoAAMwDQYJKoZIhvcNAQELBQADggEBAB49YU9LHJQjUmNJPzlP
pvYGaGvxyMGjyoGX2nOTNyvxOoDVmvph6CXQVzi5mpfCFG9MhqJZPuB5sWSwgdHy
PEoIjkKlhizQkTrBEKKevYCjwDpAdFc8VBGgB6+FxA/mBgLXGdH61gfEg3M4KTGX
UThZ7Is+aH4JN7HDfWtPnYoXO3JfYizFIB9QeYYPVonmS0nJcf2q4zz+hxu1ha4K
537PA8EmMrfiY6MfhDkt0+/JO6lSJrmFKaOHG9Sclzy4zkoBNM9OKz9/pV0uF4fA
XbOE61DM8JNqQ+T+NeDfBM1fG3ZH4qe3HWx2w8x/YS1qk+lx3EDAK9nnmOGAzenh
/SQ=
-----END CERTIFICATE-----