Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/9700c8-f9ab-42a7-b1fa-e68a08d9e54f/1/Xe1gxuRIIOL95lwNFDlJJ4LeD98.roa
File:                     Xe1gxuRIIOL95lwNFDlJJ4LeD98.roa (raw, json)
Hash identifier:          E3ThdKoNF/zSVQO/0Rh8O4e1tJqwTsPdKIVV0WmD0l8=
Subject key identifier:   5D:ED:60:C6:E4:48:20:E2:FD:E6:5C:0D:14:39:49:27:82:DE:0F:DF
Certificate issuer:       /CN=48593e40da5a52f322db5a04c20fb486d4e15502
Certificate serial:       019421B1F3847DE55E8A67F6B46A191448D0
Authority key identifier: 48:59:3E:40:DA:5A:52:F3:22:DB:5A:04:C2:0F:B4:86:D4:E1:55:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SFk-QNpaUvMi21oEwg-0htThVQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/9700c8-f9ab-42a7-b1fa-e68a08d9e54f/1/Xe1gxuRIIOL95lwNFDlJJ4LeD98.roa
Signing time:             Wed 01 Jan 2025 11:48:17 +0000
ROA not before:           Wed 01 Jan 2025 11:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44283
IP address blocks:        194.156.4.0/23 maxlen: 23
                          194.156.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/9700c8-f9ab-42a7-b1fa-e68a08d9e54f/1/SFk-QNpaUvMi21oEwg-0htThVQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/9700c8-f9ab-42a7-b1fa-e68a08d9e54f/1/SFk-QNpaUvMi21oEwg-0htThVQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SFk-QNpaUvMi21oEwg-0htThVQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f3:84:7d:e5:5e:8a:67:f6:b4:6a:19:14:48:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48593e40da5a52f322db5a04c20fb486d4e15502
        Validity
            Not Before: Jan  1 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ded60c6e44820e2fde65c0d1439492782de0fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a9:6b:79:df:04:80:50:f2:ad:7a:4f:fc:85:
                    67:5c:c2:12:5a:1e:1b:8d:10:5d:6c:f0:ad:3e:f3:
                    77:66:db:dd:03:9e:3b:da:85:ba:02:56:63:b1:0c:
                    4f:bb:10:37:c4:a4:a1:c3:ac:2e:51:29:46:5e:a9:
                    e6:9f:e5:21:9e:6a:61:06:95:40:a7:78:78:a5:17:
                    a3:b8:b5:c6:69:e6:d0:5c:95:0f:48:fb:33:5e:93:
                    36:a0:f7:2c:4c:aa:89:95:19:2e:28:47:32:46:22:
                    0a:1c:c0:ba:bf:95:ab:09:eb:ed:29:9d:ca:da:5a:
                    11:76:67:fa:cc:6c:b6:df:4c:91:01:9a:c0:4e:a4:
                    e6:ae:4e:6d:93:81:fc:5e:11:43:c6:d1:a2:f1:82:
                    e6:3e:b7:7e:df:4f:7f:dd:fc:68:21:ae:0e:d9:40:
                    e5:7b:78:4d:91:45:a3:87:a3:e7:73:e7:99:b0:51:
                    b8:9e:e3:ef:04:50:18:77:66:e7:96:db:52:49:50:
                    2d:9c:e0:aa:e3:43:b7:32:f0:f6:29:2b:80:82:b4:
                    8d:bc:60:65:f4:dd:88:43:e1:e9:a6:78:32:cd:0b:
                    96:b3:5a:ba:af:85:29:2f:6c:5b:55:da:d0:7f:ed:
                    67:2f:c4:a2:22:78:02:38:f2:44:6e:b1:67:af:0c:
                    38:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:ED:60:C6:E4:48:20:E2:FD:E6:5C:0D:14:39:49:27:82:DE:0F:DF
            X509v3 Authority Key Identifier:
                keyid:48:59:3E:40:DA:5A:52:F3:22:DB:5A:04:C2:0F:B4:86:D4:E1:55:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SFk-QNpaUvMi21oEwg-0htThVQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/9700c8-f9ab-42a7-b1fa-e68a08d9e54f/1/Xe1gxuRIIOL95lwNFDlJJ4LeD98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/9700c8-f9ab-42a7-b1fa-e68a08d9e54f/1/SFk-QNpaUvMi21oEwg-0htThVQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.4.0-194.156.6.255

    Signature Algorithm: sha256WithRSAEncryption
         94:f6:22:55:a8:c9:08:e5:fb:43:31:57:f4:98:67:bc:de:fe:
         7b:d1:ee:c9:6d:b0:e6:b1:03:a7:bb:40:54:52:ae:72:5b:bb:
         6b:91:eb:92:44:55:d3:1f:36:a8:66:ac:ac:1b:5a:44:da:74:
         87:fe:74:df:09:0c:a7:de:15:f9:46:98:83:c8:57:74:62:4e:
         67:d8:f0:3c:3d:9e:46:6d:98:f3:94:77:2a:dc:b7:a3:73:fe:
         2b:31:13:47:21:09:7b:ad:a0:2b:78:eb:66:80:76:ad:63:f7:
         2d:ea:a0:c1:c9:f7:45:a8:06:fc:15:5a:0f:7b:05:6a:79:61:
         a9:ed:fd:e8:2e:00:d5:52:c5:7d:58:46:26:7a:d5:ca:a2:e1:
         d3:29:82:c7:1c:9d:ad:ea:c7:31:ec:3c:b4:b0:5b:c4:aa:1b:
         9a:ab:ca:db:27:84:7b:76:f9:16:7e:12:40:46:ea:30:1e:e4:
         ab:58:8d:c6:26:a5:f5:46:66:60:30:61:a1:aa:33:fa:8d:b2:
         06:b5:c4:5c:1d:10:ca:ea:69:67:fe:c9:79:36:2f:5c:33:b3:
         a1:fa:ab:37:a1:2f:48:4e:bc:e2:26:43:29:e7:d5:7a:43:00:
         ca:3b:a1:b0:c1:04:cb:e5:23:ac:e7:eb:5a:ed:92:d8:78:52:
         44:3e:a1:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsfOEfeVeimf2tGoZFEjQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NTkzZTQwZGE1YTUyZjMyMmRiNWEwNGMyMGZiNDg2ZDRl
MTU1MDIwHhcNMjUwMTAxMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGVkNjBjNmU0NDgyMGUyZmRlNjVjMGQxNDM5NDkyNzgyZGUwZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6lred8EgFDyrXpP/IVnXMISWh4b
jRBdbPCtPvN3ZtvdA5472oW6AlZjsQxPuxA3xKShw6wuUSlGXqnmn+UhnmphBpVA
p3h4pRejuLXGaebQXJUPSPszXpM2oPcsTKqJlRkuKEcyRiIKHMC6v5WrCevtKZ3K
2loRdmf6zGy230yRAZrATqTmrk5tk4H8XhFDxtGi8YLmPrd+309/3fxoIa4O2UDl
e3hNkUWjh6Pnc+eZsFG4nuPvBFAYd2bnlttSSVAtnOCq40O3MvD2KSuAgrSNvGBl
9N2IQ+HppngyzQuWs1q6r4UpL2xbVdrQf+1nL8SiIngCOPJEbrFnrww4NwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF3tYMbkSCDi/eZcDRQ5SSeC3g/fMB8GA1UdIwQY
MBaAFEhZPkDaWlLzIttaBMIPtIbU4VUCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0ZrLVFOcGFVdk1pMjFvRXdnLTBodFRoVlFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NzAwYzgtZjlhYi00MmE3LWIxZmEt
ZTY4YTA4ZDllNTRmLzEvWGUxZ3h1UklJT0w5NWx3TkZEbEpKNExlRDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NzAwYzgtZjlhYi00MmE3LWIxZmEtZTY4YTA4ZDllNTRm
LzEvU0ZrLVFOcGFVdk1pMjFvRXdnLTBodFRoVlFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCnAQD
BADCnAYwDQYJKoZIhvcNAQELBQADggEBAJT2IlWoyQjl+0MxV/SYZ7ze/nvR7slt
sOaxA6e7QFRSrnJbu2uR65JEVdMfNqhmrKwbWkTadIf+dN8JDKfeFflGmIPIV3Ri
TmfY8Dw9nkZtmPOUdyrct6Nz/isxE0chCXutoCt462aAdq1j9y3qoMHJ90WoBvwV
Wg97BWp5Yant/eguANVSxX1YRiZ61cqi4dMpgsccna3qxzHsPLSwW8SqG5qrytsn
hHt2+RZ+EkBG6jAe5KtYjcYmpfVGZmAwYaGqM/qNsga1xFwdEMrqaWf+yXk2L1wz
s6H6qzehL0hOvOImQynn1XpDAMo7obDBBMvlI6zn61rtkth4UkQ+oTo=
-----END CERTIFICATE-----