Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/XwKYap5jNBJehvBt_PZv_P5Q7FY.roa
File:                     XwKYap5jNBJehvBt_PZv_P5Q7FY.roa (raw, json)
Hash identifier:          Guo/I3hUnNbaucWlg2L7YFtrRgJs6QJFF72/AVGdX/E=
Subject key identifier:   5F:02:98:6A:9E:63:34:12:5E:86:F0:6D:FC:F6:6F:FC:FE:50:EC:56
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0197452D7A6F228AC4E668FF64EC63AA8521
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/XwKYap5jNBJehvBt_PZv_P5Q7FY.roa
Signing time:             Fri 06 Jun 2025 12:18:17 +0000
ROA not before:           Fri 06 Jun 2025 12:18:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     274122
IP address blocks:        124.198.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:2d:7a:6f:22:8a:c4:e6:68:ff:64:ec:63:aa:85:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  6 12:18:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f02986a9e6334125e86f06dfcf66ffcfe50ec56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:40:27:71:1e:bb:10:ce:42:41:d4:8c:66:f8:
                    0b:fa:03:2a:60:73:d9:66:18:c2:39:c1:b2:5f:f2:
                    c3:62:1e:7d:f1:17:a7:19:7e:8b:34:62:73:5d:bb:
                    9e:90:0d:59:61:27:ed:cd:b1:e5:f1:68:49:81:c5:
                    57:1b:64:cc:8e:03:40:0e:37:89:90:e8:98:13:15:
                    75:43:3e:fe:5a:b4:6c:3a:18:b2:73:18:93:bf:23:
                    b5:1d:60:3f:a4:80:7b:3f:58:e1:3e:92:bf:3c:81:
                    24:7b:66:3e:37:5c:e3:7d:33:81:ae:81:fd:d1:d5:
                    3d:cd:fb:d6:e0:fb:87:5f:4a:15:7a:db:c5:a2:c6:
                    9d:2e:fd:fb:00:71:3c:73:86:e7:0a:11:bb:64:12:
                    c5:7f:eb:48:5c:d9:98:7b:44:72:4c:6e:a9:40:38:
                    5b:24:f6:2e:bf:8f:b6:03:4a:71:eb:52:c6:69:19:
                    2c:c8:be:cd:23:c4:3a:17:d6:ac:1a:4d:bc:1e:72:
                    41:41:0e:4e:23:e6:64:ab:09:52:99:e5:ad:e9:6f:
                    b9:f3:10:50:af:f1:3c:02:8c:fd:c8:22:d1:3e:ba:
                    af:74:64:d9:71:5c:8d:63:f1:8d:f7:94:e4:9d:6f:
                    cc:93:ae:74:e0:17:29:fb:b9:cd:43:c7:0d:42:f5:
                    cc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:02:98:6A:9E:63:34:12:5E:86:F0:6D:FC:F6:6F:FC:FE:50:EC:56
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/XwKYap5jNBJehvBt_PZv_P5Q7FY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:f6:25:73:1c:6b:11:1a:97:58:45:46:26:11:5c:7c:f7:7f:
         20:e3:ec:be:4e:5e:dd:bc:06:08:08:f2:8a:32:4e:71:72:b0:
         fd:e2:02:08:e6:5a:c6:09:cb:c3:ac:06:73:9d:cf:79:90:c9:
         85:a1:52:a8:29:61:5e:ff:fc:9c:69:f6:b5:66:ba:c3:5f:e2:
         7a:c3:a0:89:f2:92:38:1b:c3:21:cf:55:02:a5:ee:a7:ef:c4:
         b3:2d:9d:46:e0:9a:54:b2:9f:13:0b:1b:8e:15:46:ab:dd:7f:
         7e:c5:5f:51:44:eb:aa:56:37:d1:96:3d:9a:ee:27:04:02:3b:
         71:bb:a6:4c:90:2c:f2:cb:7b:d4:7a:97:15:d9:3d:8b:a0:04:
         cf:0e:89:29:bc:d5:b2:d2:d8:dc:5a:12:dc:d6:d6:8c:1d:0b:
         2e:09:08:06:98:34:25:f1:f2:62:83:7a:04:f1:e9:5b:61:23:
         97:01:3a:3b:dc:82:41:22:1c:c6:5e:bc:de:2d:59:95:a9:94:
         ae:ff:1d:d4:24:6b:bf:3c:e3:66:00:54:5b:c0:61:07:9d:c6:
         11:8b:f3:12:66:6b:d6:e2:fb:f5:8e:1a:07:27:f4:cc:35:f9:
         54:bb:6d:61:5f:05:c3:24:85:ef:b1:db:c6:fc:af:e0:d5:59:
         a4:6d:da:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdFLXpvIorE5mj/ZOxjqoUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNjA2MTIxODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjAyOTg2YTllNjMzNDEyNWU4NmYwNmRmY2Y2NmZmY2ZlNTBlYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUAncR67EM5CQdSMZvgL+gMqYHPZ
ZhjCOcGyX/LDYh598RenGX6LNGJzXbuekA1ZYSftzbHl8WhJgcVXG2TMjgNADjeJ
kOiYExV1Qz7+WrRsOhiycxiTvyO1HWA/pIB7P1jhPpK/PIEke2Y+N1zjfTOBroH9
0dU9zfvW4PuHX0oVetvFosadLv37AHE8c4bnChG7ZBLFf+tIXNmYe0RyTG6pQDhb
JPYuv4+2A0px61LGaRksyL7NI8Q6F9asGk28HnJBQQ5OI+ZkqwlSmeWt6W+58xBQ
r/E8Aoz9yCLRPrqvdGTZcVyNY/GN95TknW/Mk6504Bcp+7nNQ8cNQvXM2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8CmGqeYzQSXobwbfz2b/z+UOxWMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWHdLWWFwNWpOQkplaHZCdF9QWnZfUDVRN0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCfMaIMA0G
CSqGSIb3DQEBCwUAA4IBAQDH9iVzHGsRGpdYRUYmEVx8938g4+y+Tl7dvAYICPKK
Mk5xcrD94gII5lrGCcvDrAZznc95kMmFoVKoKWFe//ycafa1ZrrDX+J6w6CJ8pI4
G8Mhz1UCpe6n78SzLZ1G4JpUsp8TCxuOFUar3X9+xV9RROuqVjfRlj2a7icEAjtx
u6ZMkCzyy3vUepcV2T2LoATPDokpvNWy0tjcWhLc1taMHQsuCQgGmDQl8fJig3oE
8elbYSOXATo73IJBIhzGXrzeLVmVqZSu/x3UJGu/PONmAFRbwGEHncYRi/MSZmvW
4vv1jhoHJ/TMNflUu21hXwXDJIXvsdvG/K/g1VmkbdrT
-----END CERTIFICATE-----