Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XipRNN38mPcCkH_UtXhJYdkvBtE.roa
File:                     XipRNN38mPcCkH_UtXhJYdkvBtE.roa (raw, json)
Hash identifier:          g/cUuTvVh3KknivI3bf+o22a8Fk28qU8GTjfB38T50o=
Subject key identifier:   5E:2A:51:34:DD:FC:98:F7:02:90:7F:D4:B5:78:49:61:D9:2F:06:D1
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F5AE5B3345E13B1634183C4B6252
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XipRNN38mPcCkH_UtXhJYdkvBtE.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137235
IP address blocks:        82.163.23.0/24 maxlen: 24
                          213.210.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f5:ae:5b:33:45:e1:3b:16:34:18:3c:4b:62:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e2a5134ddfc98f702907fd4b5784961d92f06d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e0:80:db:5d:83:ed:2c:26:c0:d7:32:17:21:
                    2f:ea:e3:a7:1a:81:f5:bc:6c:09:ef:71:35:3d:e4:
                    35:03:01:1e:91:2c:9c:73:ef:41:ea:c9:ce:2d:0e:
                    eb:e8:ab:60:27:06:07:02:4f:33:2b:b1:65:f8:92:
                    56:a7:3c:76:d6:83:da:3a:49:3d:23:6e:b0:4e:7e:
                    21:b3:ab:ce:15:e3:c6:0c:24:00:e1:62:40:82:b6:
                    31:64:d9:8b:1b:f2:99:fd:57:6f:d6:60:8d:19:de:
                    c3:df:af:fb:a4:a7:b5:96:f1:f9:6e:b9:49:9a:bd:
                    79:ac:da:94:c5:1b:5c:15:cf:24:f6:79:4c:dd:0d:
                    5c:6b:20:84:fa:92:a4:08:bd:50:04:c6:3f:c4:fb:
                    0e:dc:7f:32:25:b6:e1:c7:9b:ac:4b:35:17:a1:92:
                    7b:28:e3:8a:20:40:e1:ab:39:26:e9:88:e0:39:f3:
                    ae:25:09:3e:aa:57:98:28:ab:b8:ac:b9:87:9a:63:
                    43:ea:1a:7b:07:d3:9a:01:ee:6c:6c:7a:a0:52:c6:
                    56:14:8c:ee:ce:c4:f0:a5:6e:90:c4:97:f4:7b:a6:
                    cd:59:2d:0c:cb:16:4a:d1:d2:d8:8d:70:43:46:5b:
                    80:d3:75:65:9d:c2:08:f3:58:bc:66:73:fc:76:41:
                    05:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2A:51:34:DD:FC:98:F7:02:90:7F:D4:B5:78:49:61:D9:2F:06:D1
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XipRNN38mPcCkH_UtXhJYdkvBtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.23.0/24
                  213.210.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:cd:a3:13:47:ef:aa:c1:ad:95:1f:8a:e1:7a:c3:c0:f7:eb:
         80:a0:00:fa:75:56:26:88:af:53:99:9b:ee:56:b9:b9:83:33:
         7d:0f:27:de:83:df:1d:90:a1:f1:89:af:cb:ac:e7:92:d3:82:
         71:19:72:d7:28:85:2a:85:6d:b0:47:1f:7b:00:b6:7a:fa:b4:
         2f:ce:74:fb:b3:6d:ae:58:96:39:f5:9c:3c:54:1c:1f:4d:ee:
         6e:f8:0d:61:c7:c4:8a:1e:c2:89:cf:fb:01:d2:31:ca:66:d3:
         e7:97:3e:8a:0e:5c:75:86:80:0e:89:ea:1f:41:27:b3:52:73:
         75:cd:b8:18:5b:b8:5e:25:40:a7:35:31:eb:e3:b5:e9:3a:14:
         46:67:fd:7d:da:19:7e:a8:5f:cd:35:71:fd:ec:3f:6f:ac:f8:
         ea:8f:25:da:6d:63:ce:03:87:63:ba:dc:84:f1:13:f9:65:aa:
         42:b8:0f:3a:9a:58:c4:19:d8:69:c8:78:20:06:66:d8:61:4f:
         d0:95:3a:a6:43:7c:4e:5c:57:a5:04:62:7e:d6:d5:3e:19:90:
         91:d9:db:80:2e:5f:84:09:24:09:dc:87:3f:a6:b3:3a:55:69:
         06:83:5e:3a:43:8a:6d:d9:82:50:94:54:da:80:51:e4:5a:79:
         dd:d2:77:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ/WuWzNF4TsWNBg8S2JSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJhNTEzNGRkZmM5OGY3MDI5MDdmZDRiNTc4NDk2MWQ5MmYwNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOCA212D7SwmwNcyFyEv6uOnGoH1
vGwJ73E1PeQ1AwEekSycc+9B6snOLQ7r6KtgJwYHAk8zK7Fl+JJWpzx21oPaOkk9
I26wTn4hs6vOFePGDCQA4WJAgrYxZNmLG/KZ/Vdv1mCNGd7D36/7pKe1lvH5brlJ
mr15rNqUxRtcFc8k9nlM3Q1cayCE+pKkCL1QBMY/xPsO3H8yJbbhx5usSzUXoZJ7
KOOKIEDhqzkm6YjgOfOuJQk+qleYKKu4rLmHmmND6hp7B9OaAe5sbHqgUsZWFIzu
zsTwpW6QxJf0e6bNWS0MyxZK0dLYjXBDRluA03VlncII81i8ZnP8dkEF3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF4qUTTd/Jj3ApB/1LV4SWHZLwbRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWGlwUk5OMzhtUGNDa0hfVXRYaEpZZGt2QnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUqMXAwQA
1dI6MA0GCSqGSIb3DQEBCwUAA4IBAQCjzaMTR++qwa2VH4rhesPA9+uAoAD6dVYm
iK9TmZvuVrm5gzN9Dyfeg98dkKHxia/LrOeS04JxGXLXKIUqhW2wRx97ALZ6+rQv
znT7s22uWJY59Zw8VBwfTe5u+A1hx8SKHsKJz/sB0jHKZtPnlz6KDlx1hoAOieof
QSezUnN1zbgYW7heJUCnNTHr47XpOhRGZ/192hl+qF/NNXH97D9vrPjqjyXabWPO
A4djutyE8RP5ZapCuA86mljEGdhpyHggBmbYYU/QlTqmQ3xOXFelBGJ+1tU+GZCR
2duALl+ECSQJ3Ic/prM6VWkGg146Q4pt2YJQlFTagFHkWnnd0nfq
-----END CERTIFICATE-----