Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/294c4e-5a2b-4bee-bc57-12ad146655ce/1/XBhVypX2lGM6_x0NsP1fksWNFzA.roa
File:                     XBhVypX2lGM6_x0NsP1fksWNFzA.roa (raw, json)
Hash identifier:          Zaq2cSOdsGQcDop6nFC8bWSLTheqL3BkExxlTIu5yQY=
Subject key identifier:   5C:18:55:CA:95:F6:94:63:3A:FF:1D:0D:B0:FD:5F:92:C5:8D:17:30
Certificate issuer:       /CN=5b6fa6690997412e716616c81e4f7c0875ffd976
Certificate serial:       019470D57BDAC85AD657924BFB81EEB8A25A
Authority key identifier: 5B:6F:A6:69:09:97:41:2E:71:66:16:C8:1E:4F:7C:08:75:FF:D9:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2-maQmXQS5xZhbIHk98CHX_2XY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/294c4e-5a2b-4bee-bc57-12ad146655ce/1/XBhVypX2lGM6_x0NsP1fksWNFzA.roa
Signing time:             Thu 16 Jan 2025 20:37:06 +0000
ROA not before:           Thu 16 Jan 2025 20:37:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42638
IP address blocks:        45.133.164.0/22 maxlen: 22
                          78.109.208.0/20 maxlen: 20
                          195.242.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/294c4e-5a2b-4bee-bc57-12ad146655ce/1/W2-maQmXQS5xZhbIHk98CHX_2XY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/294c4e-5a2b-4bee-bc57-12ad146655ce/1/W2-maQmXQS5xZhbIHk98CHX_2XY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2-maQmXQS5xZhbIHk98CHX_2XY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 08:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:70:d5:7b:da:c8:5a:d6:57:92:4b:fb:81:ee:b8:a2:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b6fa6690997412e716616c81e4f7c0875ffd976
        Validity
            Not Before: Jan 16 20:37:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c1855ca95f694633aff1d0db0fd5f92c58d1730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d8:ce:55:32:9a:7b:ab:b2:39:e3:f8:8b:af:
                    a4:a6:64:ba:0c:a7:31:19:07:f4:65:10:5c:f9:68:
                    d1:41:62:4e:55:f9:f8:ab:48:9f:2f:db:fc:a9:d0:
                    dd:1f:3f:ed:e9:90:f8:31:af:00:ce:aa:e9:cf:21:
                    42:7c:43:c5:ed:ae:fe:39:82:16:b0:78:4f:43:33:
                    0e:17:bd:26:74:f0:a7:48:6c:48:6e:d2:b0:68:6a:
                    77:83:15:d0:86:a7:2a:2e:d5:98:db:5b:dc:63:d5:
                    b1:2c:f3:16:76:a4:af:fa:c3:ea:27:87:e2:a3:6a:
                    82:63:16:0c:ad:c0:3c:de:e3:03:7c:d0:fc:56:f8:
                    65:6b:49:8f:9e:96:27:c8:1e:5e:21:c5:e0:b4:9a:
                    ae:b3:e7:c1:93:aa:29:91:15:db:38:da:84:59:6a:
                    f6:1d:46:1c:3e:1f:8f:7a:f5:57:e3:d6:f6:ca:82:
                    30:78:ff:49:9c:b1:be:67:3e:8d:ef:68:84:2d:0c:
                    70:8f:92:ba:63:60:2c:7d:7c:3b:d7:d2:21:5b:4e:
                    9e:86:c6:96:cd:c8:f5:60:d5:90:f5:9d:82:b6:57:
                    cb:16:8c:61:8a:4a:b2:4f:51:94:0a:f0:60:1b:dc:
                    22:da:93:b7:86:4d:67:3f:16:4d:9e:fe:3e:65:ef:
                    2b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:18:55:CA:95:F6:94:63:3A:FF:1D:0D:B0:FD:5F:92:C5:8D:17:30
            X509v3 Authority Key Identifier:
                keyid:5B:6F:A6:69:09:97:41:2E:71:66:16:C8:1E:4F:7C:08:75:FF:D9:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2-maQmXQS5xZhbIHk98CHX_2XY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/294c4e-5a2b-4bee-bc57-12ad146655ce/1/XBhVypX2lGM6_x0NsP1fksWNFzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/294c4e-5a2b-4bee-bc57-12ad146655ce/1/W2-maQmXQS5xZhbIHk98CHX_2XY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.164.0/22
                  78.109.208.0/20
                  195.242.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:63:f0:f5:82:cd:66:fc:a0:4c:8e:8a:8e:44:74:45:9e:ab:
         d0:d3:20:ad:d3:78:3e:97:64:e1:2d:a9:14:b8:15:3f:0c:13:
         a0:86:26:4f:12:89:a2:1d:8f:00:46:ce:86:bd:a6:9c:24:41:
         2e:77:ee:94:e2:c5:90:d2:5c:f7:1f:57:93:d7:9c:1d:26:99:
         87:32:b7:f6:7e:8d:1d:99:b2:bf:3e:5e:1e:e0:a6:01:fa:96:
         3f:e1:e7:1e:3d:f8:5e:79:88:47:b5:8a:88:34:86:e6:de:cc:
         f7:23:c3:89:bd:a6:9d:0e:52:6d:52:37:41:74:db:97:f4:51:
         46:42:56:e2:15:2a:09:f5:42:39:69:47:69:eb:3d:33:46:f8:
         9e:b7:5b:de:58:f3:87:8e:59:37:e6:af:b6:1d:dd:b7:c4:06:
         cb:23:9f:5a:f1:65:60:56:f3:eb:f8:4e:5f:50:72:3f:cf:e2:
         ec:5c:7b:f1:b0:95:01:f8:9e:3c:14:98:85:8c:25:c7:22:72:
         a3:60:70:ac:d9:8f:d3:e1:1b:bd:fa:6b:03:95:76:9a:11:f8:
         5c:20:42:82:c3:2b:6c:b6:d1:ee:d1:c3:93:83:2d:8c:45:5e:
         51:3f:3d:1d:ee:f5:f5:06:c9:39:93:68:0c:0c:b9:4e:59:84:
         94:6b:85:4b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRw1XvayFrWV5JL+4HuuKJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNmZhNjY5MDk5NzQxMmU3MTY2MTZjODFlNGY3YzA4NzVm
ZmQ5NzYwHhcNMjUwMTE2MjAzNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzE4NTVjYTk1ZjY5NDYzM2FmZjFkMGRiMGZkNWY5MmM1OGQxNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0djOVTKae6uyOeP4i6+kpmS6DKcx
GQf0ZRBc+WjRQWJOVfn4q0ifL9v8qdDdHz/t6ZD4Ma8AzqrpzyFCfEPF7a7+OYIW
sHhPQzMOF70mdPCnSGxIbtKwaGp3gxXQhqcqLtWY21vcY9WxLPMWdqSv+sPqJ4fi
o2qCYxYMrcA83uMDfND8Vvhla0mPnpYnyB5eIcXgtJqus+fBk6opkRXbONqEWWr2
HUYcPh+PevVX49b2yoIweP9JnLG+Zz6N72iELQxwj5K6Y2AsfXw719IhW06ehsaW
zcj1YNWQ9Z2CtlfLFoxhikqyT1GUCvBgG9wi2pO3hk1nPxZNnv4+Ze8rdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFwYVcqV9pRjOv8dDbD9X5LFjRcwMB8GA1UdIwQY
MBaAFFtvpmkJl0EucWYWyB5PfAh1/9l2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzItbWFRbVhRUzV4WmhiSUhrOThDSFhfMlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8yOTRjNGUtNWEyYi00YmVlLWJjNTct
MTJhZDE0NjY1NWNlLzEvWEJoVnlwWDJsR002X3gwTnNQMWZrc1dORnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8yOTRjNGUtNWEyYi00YmVlLWJjNTctMTJhZDE0NjY1NWNl
LzEvVzItbWFRbVhRUzV4WmhiSUhrOThDSFhfMlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYWkAwQE
Tm3QAwQCw/LAMA0GCSqGSIb3DQEBCwUAA4IBAQB6Y/D1gs1m/KBMjoqORHRFnqvQ
0yCt03g+l2ThLakUuBU/DBOghiZPEomiHY8ARs6GvaacJEEud+6U4sWQ0lz3H1eT
15wdJpmHMrf2fo0dmbK/Pl4e4KYB+pY/4ecePfheeYhHtYqINIbm3sz3I8OJvaad
DlJtUjdBdNuX9FFGQlbiFSoJ9UI5aUdp6z0zRviet1veWPOHjlk35q+2Hd23xAbL
I59a8WVgVvPr+E5fUHI/z+LsXHvxsJUB+J48FJiFjCXHInKjYHCs2Y/T4Ru9+msD
lXaaEfhcIEKCwytsttHu0cOTgy2MRV5RPz0d7vX1Bsk5k2gMDLlOWYSUa4VL
-----END CERTIFICATE-----